Merge "Docs: FB: updating tradefed example, 80 char column, sentence casing Updating listener.testFailed parameters"
diff --git a/src-intl/ja_ALL/security/bulletin/2015-10-01.jd b/src-intl/ja_ALL/security/bulletin/2015-10-01.jd
index 974b8a6..5628fc9 100644
--- a/src-intl/ja_ALL/security/bulletin/2015-10-01.jd
+++ b/src-intl/ja_ALL/security/bulletin/2015-10-01.jd
@@ -107,7 +107,7 @@
<br/>
CVE-2015-6600
<br/>
- CVE-2015-3870
+ CVE-2015-6603
<br/>
CVE-2015-6601
<br/>
@@ -159,7 +159,7 @@
libFLAC でのリモートコード実行の脆弱性
</td>
<td>
- CVE-2014-9082
+ CVE-2014-9028
</td>
<td>
重大
@@ -1575,7 +1575,7 @@
2015 年 10 月 5 日: 情報公開
</li>
<li>
- 2015 年 10 月 7 日: AOSP への参照を含めて更新、CVE-2014-9082 のバグの参照を明記
+ 2015 年 10 月 7 日: AOSP への参照を含めて更新、CVE-2014-9028 のバグの参照を明記
</li>
<li>
2015 年 10 月 12 日: CVE-2015-3868、CVE-2015-3869、CVE-2015-3865、CVE-2015-3862 の謝辞を更新
diff --git a/src-intl/ja_ALL/security/bulletin/2016-01-01.jd b/src-intl/ja_ALL/security/bulletin/2016-01-01.jd
index c6888c4..46ec412 100644
--- a/src-intl/ja_ALL/security/bulletin/2016-01-01.jd
+++ b/src-intl/ja_ALL/security/bulletin/2016-01-01.jd
@@ -113,7 +113,8 @@
TrustZone での権限昇格の脆弱性
</td>
<td>
- CVE-2015-6639
+ CVE-2015-6639<br />
+ CVE-2015-6647
</td>
<td>
重大
@@ -240,7 +241,7 @@
</p>
<ul>
<li>
- Google Chrome セキュリティ チームの Abhishek Arya、Oliver Chang、Martin Barbella: CVE-2015-6636、CVE-2015-6617
+ Google Chrome セキュリティ チームの Abhishek Arya、Oliver Chang、Martin Barbella: CVE-2015-6636
</li>
<li>
Tencent KEEN lab(
diff --git a/src-intl/ja_ALL/security/bulletin/2016-02-01.jd b/src-intl/ja_ALL/security/bulletin/2016-02-01.jd
index 44a46dd..3485967 100644
--- a/src-intl/ja_ALL/security/bulletin/2016-02-01.jd
+++ b/src-intl/ja_ALL/security/bulletin/2016-02-01.jd
@@ -142,10 +142,8 @@
<li> <a href="http://www.360safe.com/">Qihoo 360</a> <a href="http://c0reteam.org">C0RE チーム</a>の Chiachih Wu(<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>)、Mingjian Zhou
(<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>)、Xuxian Jiang: CVE-2016-0804
<li> Google Pixel C チームの David Riley: CVE-2016-0812
- <li> KAIST System Security Lab の Dongkwan Kim(<a href="mailto:dkay@kaist.ac.kr">dkay@kaist.ac.kr</a>): CVE-2015-6614
<li> Qihoo 360 Lab IceSword の
Gengjia Chen(<a href="https://twitter.com/@chengjia4574">@chengjia4574</a>): CVE-2016-0805
- <li> KAIST System Security Lab の Hongil Kim(<a href="mailto:hongilk@kaist.ac.kr">hongilk@kaist.ac.kr</a>): CVE-2015-6614
<li> Tencent KeenLab(<a href="https://twitter.com/keen_lab">@keen_lab</a>)の
Qidan He(<a href="https://twitter.com/@Flanker_hqd">@Flanker_hqd</a>): CVE-2016-0811
<li> Trend Micro(<a href="http://www.trendmicro.com">www.trendmicro.com</a>)の
diff --git a/src-intl/ko_ALL/security/bulletin/2015-10-01.jd b/src-intl/ko_ALL/security/bulletin/2015-10-01.jd
index f55b6e0..567eee9 100644
--- a/src-intl/ko_ALL/security/bulletin/2015-10-01.jd
+++ b/src-intl/ko_ALL/security/bulletin/2015-10-01.jd
@@ -119,7 +119,7 @@
<br/>
CVE-2015-6600
<br/>
- CVE-2015-3870
+ CVE-2015-6603
<br/>
CVE-2015-6601
<br/>
@@ -171,7 +171,7 @@
libFLAC의 원격 코드 실행 취약성
</td>
<td>
- CVE-2014-9082
+ CVE-2014-9028
</td>
<td>
심각
@@ -1672,7 +1672,7 @@
2015년 10월 5일: 게시판이 게시되었습니다.
</li>
<li>
- 2015년 10월 7일: AOSP 참조로 게시판이 업데이트되고, CVE-2014-9082
+ 2015년 10월 7일: AOSP 참조로 게시판이 업데이트되고, CVE-2014-9028
버그 참조가 명확해 졌습니다.
</li>
<li>
diff --git a/src-intl/ko_ALL/security/bulletin/2016-01-01.jd b/src-intl/ko_ALL/security/bulletin/2016-01-01.jd
index 07574ab..667fdf5 100644
--- a/src-intl/ko_ALL/security/bulletin/2016-01-01.jd
+++ b/src-intl/ko_ALL/security/bulletin/2016-01-01.jd
@@ -125,7 +125,8 @@
Trustzone의 권한 승격 취약성
</td>
<td>
- CVE-2015-6639
+ CVE-2015-6639<br />
+ CVE-2015-6647
</td>
<td>
심각
@@ -265,7 +266,7 @@
</p>
<ul>
<li>
- Chrome 보안팀의 Abhishek Arya, Oliver Chang, Martin Barbella: CVE-2015-6636, CVE-2015-6617
+ Chrome 보안팀의 Abhishek Arya, Oliver Chang, Martin Barbella: CVE-2015-6636
</li>
<li>
KEEN lab, Tencent(
diff --git a/src-intl/ko_ALL/security/bulletin/2016-02-01.jd b/src-intl/ko_ALL/security/bulletin/2016-02-01.jd
index 78b0895..8bf99ec 100644
--- a/src-intl/ko_ALL/security/bulletin/2016-02-01.jd
+++ b/src-intl/ko_ALL/security/bulletin/2016-02-01.jd
@@ -151,10 +151,8 @@
<li> <a href="http://www.360safe.com/">Qihoo 360</a> <a href="http://c0reteam.org">C0RE팀</a>의 Chiachih Wu(<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), Mingjian Zhou(<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), Xuxian Jiang
: CVE-2016-0804
<li> Google Pixel C팀의 David Riley: CVE-2016-0812
- <li> KAIST 시스템 보안 연구실의 김동관(<a href="mailto:dkay@kaist.ac.kr">dkay@kaist.ac.kr</a>): CVE-2015-6614
<li> Qihoo 360 Lab IceSword의
Gengjia Chen(<a href="https://twitter.com/@chengjia4574">@chengjia4574</a>): CVE-2016-0805
- <li> KAIST 시스템 보안 연구실의 김홍길(<a href="mailto:hongilk@kaist.ac.kr">hongilk@kaist.ac.kr</a>): CVE-2015-6614
<li> Tencent KeenLab(<a href="https://twitter.com/keen_lab">@keen_lab</a>)의
Qidan He(<a href="https://twitter.com/@Flanker_hqd">@Flanker_hqd</a>): CVE-2016-0811
<li> Trend Micro(<a href="http://www.trendmicro.com">www.trendmicro.com</a>)의
diff --git a/src-intl/ru_ALL/security/bulletin/2015-10-01.jd b/src-intl/ru_ALL/security/bulletin/2015-10-01.jd
index 601affe..79f8248 100644
--- a/src-intl/ru_ALL/security/bulletin/2015-10-01.jd
+++ b/src-intl/ru_ALL/security/bulletin/2015-10-01.jd
@@ -125,7 +125,7 @@
<br/>
CVE-2015-6600
<br/>
- CVE-2015-3870
+ CVE-2015-6603
<br/>
CVE-2015-6601
<br/>
@@ -177,7 +177,7 @@
Удаленное выполнение кода в libFLAC
</td>
<td>
- CVE-2014-9082
+ CVE-2014-9028
</td>
<td>
Критический
@@ -1682,7 +1682,7 @@
</li>
<li>
7 октября 2015 года: в бюллетень добавлены ссылки на AOSP
- и уточненные сведения об уязвимости CVE-2014-9082.
+ и уточненные сведения об уязвимости CVE-2014-9028.
</li>
<li>
12 октября 2015 года: обновлены благодарности обнаружившим
diff --git a/src-intl/ru_ALL/security/bulletin/2016-01-01.jd b/src-intl/ru_ALL/security/bulletin/2016-01-01.jd
index 8df5320..a2e039a 100644
--- a/src-intl/ru_ALL/security/bulletin/2016-01-01.jd
+++ b/src-intl/ru_ALL/security/bulletin/2016-01-01.jd
@@ -128,7 +128,8 @@
Повышение привилегий через Trustzone
</td>
<td>
- CVE-2015-6639
+ CVE-2015-6639<br />
+ CVE-2015-6647
</td>
<td>
Критический
@@ -268,7 +269,7 @@
<ul>
<li>
Абхишек Арья, Оливер Чен и Мартин Барбелла из команды
-безопасности Google Chrome: CVE-2015-6636, CVE-2015-6617.
+безопасности Google Chrome: CVE-2015-6636.
</li>
<li>
Сен Ние (
diff --git a/src-intl/ru_ALL/security/bulletin/2016-02-01.jd b/src-intl/ru_ALL/security/bulletin/2016-02-01.jd
index 9e60f14..ce2abf0 100644
--- a/src-intl/ru_ALL/security/bulletin/2016-02-01.jd
+++ b/src-intl/ru_ALL/security/bulletin/2016-02-01.jd
@@ -156,10 +156,8 @@
<li> Чиачи Ву (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), Миньдзян Чжоу (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>) и Сюсянь Цзянь
из <a href="http://c0reteam.org">команды C0RE</a>, <a href="http://www.360safe.com/">Qihoo 360</a>: CVE-2016-0804
<li> Дэвид Райли из команды Google Pixel C: CVE-2016-0812
- <li> Донкван Ким (<a href="mailto:dkay@kaist.ac.kr">dkay@kaist.ac.kr</a>) из System Security Lab, KAIST: CVE-2015-6614
<li> Гэнцзя Чэнь (<a href="https://twitter.com/@chengjia4574">@chengjia4574</a>)
из Lab IceSword, Qihoo 360: CVE-2016-0805
- <li> Хонгиль Ким (<a href="mailto:hongilk@kaist.ac.kr">hongilk@kaist.ac.kr</a>) из System Security Lab, KAIST: CVE-2015-6614
<li> Цидань Хэ (<a href="https://twitter.com/@Flanker_hqd">@Flanker_hqd</a>) из
KeenLab (<a href="https://twitter.com/keen_lab">@keen_lab</a>), Tencent: CVE-2016-0811
<li> Севен Шень (<a href="https://twitter.com/@lingtongshen">@lingtongshen</a>)
diff --git a/src-intl/zh-CN_ALL/security/bulletin/2015-10-01.jd b/src-intl/zh-CN_ALL/security/bulletin/2015-10-01.jd
index 0e50a77..8d29a2d 100644
--- a/src-intl/zh-CN_ALL/security/bulletin/2015-10-01.jd
+++ b/src-intl/zh-CN_ALL/security/bulletin/2015-10-01.jd
@@ -107,7 +107,7 @@
<br/>
CVE-2015-6600
<br/>
- CVE-2015-3870
+ CVE-2015-6603
<br/>
CVE-2015-6601
<br/>
@@ -159,7 +159,7 @@
libFLAC 中的远程代码执行漏洞
</td>
<td>
- CVE-2014-9082
+ CVE-2014-9028
</td>
<td>
严重
@@ -1576,7 +1576,7 @@
2015 年 10 月 5 日:发布了公告。
</li>
<li>
- 2015 年 10 月 7 日:更新了公告中的 AOSP 参考资料:更正了 CVE-2014-9082 的错误参考资料。
+ 2015 年 10 月 7 日:更新了公告中的 AOSP 参考资料:更正了 CVE-2014-9028 的错误参考资料。
</li>
<li>
2015 年 10 月 12 日:更新了 CVE-2015-3868、CVE-2015-3869、CVE-2015-3865、CVE-2015-3862 的致谢信息。
diff --git a/src-intl/zh-CN_ALL/security/bulletin/2016-01-01.jd b/src-intl/zh-CN_ALL/security/bulletin/2016-01-01.jd
index c00c665..edc0dce 100644
--- a/src-intl/zh-CN_ALL/security/bulletin/2016-01-01.jd
+++ b/src-intl/zh-CN_ALL/security/bulletin/2016-01-01.jd
@@ -114,7 +114,8 @@
TrustZone 中的提权漏洞
</td>
<td>
- CVE-2015-6639
+ CVE-2015-6639<br />
+ CVE-2015-6647
</td>
<td>
严重
@@ -241,7 +242,7 @@
</p>
<ul>
<li>
- Google Chrome 安全团队的 Abhishek Arya、Oliver Chang 和 Martin Barbella:CVE-2015-6636、CVE-2015-6617
+ Google Chrome 安全团队的 Abhishek Arya、Oliver Chang 和 Martin Barbella:CVE-2015-6636
</li>
<li>
腾讯 KEEN 实验室 (
diff --git a/src-intl/zh-CN_ALL/security/bulletin/2016-02-01.jd b/src-intl/zh-CN_ALL/security/bulletin/2016-02-01.jd
index 3d49c9e..a52dbcf 100644
--- a/src-intl/zh-CN_ALL/security/bulletin/2016-02-01.jd
+++ b/src-intl/zh-CN_ALL/security/bulletin/2016-02-01.jd
@@ -115,7 +115,21 @@
<p>非常感谢以下研究人员做出的贡献:</p>
<ul>
- <li>Android 和 Chrome 安全团队:CVE-2016-0809、CVE-2016-0810<li>Broadgate 团队:CVE-2016-0801、CVE-2015-0802<li><a href="http://www.360safe.com/">奇虎 360</a> 的 <a href="http://c0reteam.org">C0RE 团队</a>的 Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>)、Mingjian Zhou (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>) 和 Xuxian Jiang:CVE-2016-0804<li>Google Pixel C 团队的 David Riley:CVE-2016-0812<li>韩国科学技术院系统安全实验室 (System Security Lab, KAIST) 的 Dongkwan Kim (<a href="mailto:dkay@kaist.ac.kr">dkay@kaist.ac.kr</a>):CVE-2015-6614<li>奇虎 360 IceSword 实验室的 Gengjia Chen (<a href="https://twitter.com/@chengjia4574">@chengjia4574</a>):CVE-2016-0805<li>韩国科学技术院系统安全实验室 (System Security Lab, KAIST) 的 Hongil Kim (<a href="mailto:hongilk@kaist.ac.kr">hongilk@kaist.ac.kr</a>):CVE-2015-6614<li>腾讯 KeenLab (<a href="https://twitter.com/keen_lab">@keen_lab</a>) 的 Qidan He (<a href="https://twitter.com/@Flanker_hqd">@Flanker_hqd</a>):CVE-2016-0811<li>趋势科技 (<a href="http://www.trendmicro.com">www.trendmicro.com</a>) 的 Seven Shen (<a href="https://twitter.com/@lingtongshen">@lingtongshen</a>):CVE-2016-0803<li>阿里巴巴的 Weichao Sun (<a href="https://twitter.com/sunblate">@sunblate</a>):CVE-2016-0808<li>Android 安全团队的 Zach Riggle (<a href="https://twitter.com/@ebeip90">@ebeip90</a>):CVE-2016-0807</li></li></li></li></li></li></li></li></li></li></li></ul>
+ <li>Android 和 Chrome 安全团队:CVE-2016-0809、CVE-2016-0810</li>
+ <li>Broadgate 团队:CVE-2016-0801、CVE-2015-0802</li>
+ <li><a href="http://www.360safe.com/">奇虎 360</a> 的
+ <a href="http://c0reteam.org">C0RE 团队</a>的 Chiachih Wu
+ (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>)、Mingjian Zhou
+ (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>) 和 Xuxian Jiang:CVE-2016-0804</li>
+ <li>Google Pixel C 团队的 David Riley:CVE-2016-0812</li>
+ <li>奇虎 360 IceSword 实验室的 Gengjia Chen (<a href="https://twitter.com/@chengjia4574">@chengjia4574</a>):CVE-2016-0805</li>
+ <li>腾讯 KeenLab (<a href="https://twitter.com/keen_lab">@keen_lab</a>) 的 Qidan He
+ (<a href="https://twitter.com/@Flanker_hqd">@Flanker_hqd</a>):CVE-2016-0811</li>
+ <li>趋势科技 (<a href="http://www.trendmicro.com">www.trendmicro.com</a>) 的 Seven Shen
+ (<a href="https://twitter.com/@lingtongshen">@lingtongshen</a>):CVE-2016-0803</li>
+ <li>阿里巴巴的 Weichao Sun (<a href="https://twitter.com/sunblate">@sunblate</a>):CVE-2016-0808</li>
+ <li>Android 安全团队的 Zach Riggle (<a href="https://twitter.com/@ebeip90">@ebeip90</a>):CVE-2016-0807</li>
+</ul>
<h2 id="security_vulnerability_details">安全漏洞详情</h2>
diff --git a/src-intl/zh-TW_ALL/security/bulletin/2015-10-01.jd b/src-intl/zh-TW_ALL/security/bulletin/2015-10-01.jd
index 670483f..272005a 100644
--- a/src-intl/zh-TW_ALL/security/bulletin/2015-10-01.jd
+++ b/src-intl/zh-TW_ALL/security/bulletin/2015-10-01.jd
@@ -115,7 +115,7 @@
<br/>
CVE-2015-6600
<br/>
- CVE-2015-3870
+ CVE-2015-6603
<br/>
CVE-2015-6601
<br/>
@@ -167,7 +167,7 @@
libFLAC 中的遠端程式碼執行漏洞
</td>
<td>
- CVE-2014-9082
+ CVE-2014-9028
</td>
<td>
最高
@@ -1674,7 +1674,7 @@
</li>
<li>
2015 年 10 月 7 日:更新公告,加入 AOSP 參照內容,同時釐清
- CVE-2014-9082 的錯誤參照內容。
+ CVE-2014-9028 的錯誤參照內容。
</li>
<li>
2015 年 10 月 12 日:更新 CVE-2015-3868、CVE-2015-3869、
diff --git a/src-intl/zh-TW_ALL/security/bulletin/2016-01-01.jd b/src-intl/zh-TW_ALL/security/bulletin/2016-01-01.jd
index 9d09d4c..933b764 100644
--- a/src-intl/zh-TW_ALL/security/bulletin/2016-01-01.jd
+++ b/src-intl/zh-TW_ALL/security/bulletin/2016-01-01.jd
@@ -122,7 +122,8 @@
Trustzone 中的權限升級漏洞
</td>
<td>
- CVE-2015-6639
+ CVE-2015-6639<br />
+ CVE-2015-6647
</td>
<td>
最高
@@ -263,7 +264,7 @@
<ul>
<li>
Google Chrome 安全性小組的 Abhishek Arya、Oliver Chang 和 Martin Barbella:
-CVE-2015-6636、CVE-2015-6617
+CVE-2015-6636
</li>
<li>
騰訊 (
diff --git a/src-intl/zh-TW_ALL/security/bulletin/2016-02-01.jd b/src-intl/zh-TW_ALL/security/bulletin/2016-02-01.jd
index a05583b..55df13b 100644
--- a/src-intl/zh-TW_ALL/security/bulletin/2016-02-01.jd
+++ b/src-intl/zh-TW_ALL/security/bulletin/2016-02-01.jd
@@ -156,10 +156,8 @@
<li> <a href="http://www.360safe.com/">奇虎 360</a> 的 <a href="http://c0reteam.org">C0RE 小組</a>成員 Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>)、
Mingjian Zhou (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>) 和 Xuxian Jiang:CVE-2016-0804
<li>Google Pixel C 小組的 David Riley:CVE-2016-0812
- <li> 韓國科學技術學院系統安全性實驗室的 Dongkwan Kim (<a href="mailto:dkay@kaist.ac.kr">dkay@kaist.ac.kr</a>):CVE-2015-6614
<li> 奇虎 360 IceSword 實驗室
的 Gengjia Chen (<a href="https://twitter.com/@chengjia4574">@chengjia4574</a>):CVE-2016-0805
- <li> 韓國科學技術學院系統安全性實驗室的 Hongil Kim (<a href="mailto:hongilk@kaist.ac.kr">hongilk@kaist.ac.kr</a>):CVE-2015-6614
<li>騰訊 KeenLab (<a href="https://twitter.com/keen_lab">@keen_lab</a>)
的 Qidan He (<a href="https://twitter.com/@Flanker_hqd">@Flanker_hqd</a>):CVE-2016-0811
<li> 趨勢科技 (<a href="http://www.trendmicro.com">www.trendmicro.com</a>)
diff --git a/src/compatibility/cdd.jd b/src/compatibility/cdd.jd
index 94ee75e..0773f7c 100644
--- a/src/compatibility/cdd.jd
+++ b/src/compatibility/cdd.jd
@@ -17,14 +17,35 @@
limitations under the License.
-->
-<p>
-Welcome to the Android Compatibility Definition Document (CDD). This document
+<p>Welcome to the Android Compatibility Definition Document (CDD). This document
enumerates the requirements that must be met in order for devices to be
compatible with the latest version of Android. To be considered compatible with
Android, device implementations MUST meet the requirements
presented in this Compatibility Definition, including any documents
-incorporated via reference.
-</p>
+incorporated via reference. For each release of the Android platform, a
+detailed CDD will be provided. The CDD represents the "policy" aspect of
+Android compatibility.</p>
+
+<p>It is important the policy of the Android compatibility program is codified
+explicitly as no test suite, including CTS, can truly be comprehensive. For
+instance, the CTS includes a test that checks for the presence and correct
+behavior of OpenGL graphics APIs, but no software test can verify that the
+graphics actually appear correctly on the screen. More generally, it's
+impossible to test the presence of hardware features such as keyboards, display
+density, Wi-Fi, and Bluetooth.</p>
+
+<p>The CDD's role is to codify and clarify specific requirements, and
+eliminate ambiguity. The CDD does not attempt to be comprehensive. Since
+Android is a single corpus of open-source code, the code itself is the
+comprehensive "specification" of the platform and its APIs. The CDD acts as a
+"hub" referencing other content (such as SDK API documentation) that provides
+a framework in which the Android source code may be used so that the end
+result is a compatible system.</p>
+
+<p>If you want to build a device compatible with a given Android version,
+start by checking out the source code for that version, and then read the
+corresponding CDD and stay within its guidelines. For additional details,
+simply examine <a href="/compatibility/android-cdd.pdf">the latest CDD</a>.</p>
<p>
You may view the latest CDD either as an HTML web page or an easily downloadable PDF:
@@ -45,8 +66,8 @@
</tr>
<tr>
<td>6.0</td>
- <td><a href="6.0/android-6.0-cdd.pdf">android-6.0-cdd.pdf</a> (archived copy of current)</td>
- <td><a href="6.0/android-6.0-cdd.html">android-6.0-cdd.html</a> (archived copy of current)</td>
+ <td><a href="6.0/android-6.0-cdd.pdf">android-6.0-cdd.pdf</a></td>
+ <td><a href="6.0/android-6.0-cdd.html">android-6.0-cdd.html</a></td>
<td><a href="6.0/versions.html">Version 6.0</a></td>
</tr>
<tr>
diff --git a/src/compatibility/compatibility_toc.cs b/src/compatibility/compatibility_toc.cs
index 508b53a..1b8a503 100644
--- a/src/compatibility/compatibility_toc.cs
+++ b/src/compatibility/compatibility_toc.cs
@@ -57,9 +57,9 @@
</li>
<li><a href="<?cs var:toroot ?>compatibility/cts/interpret.html">Interpret Results</a></li>
<li><a href="<?cs var:toroot ?>compatibility/cts/development.html">Develop CTS</a></li>
+ <li><a href="<?cs var:toroot ?>compatibility/cts/downloads.html">Downloads</a></li>
</ul>
</li>
- <li><a href="<?cs var:toroot ?>compatibility/downloads.html">Downloads</a></li>
<li><a href="<?cs var:toroot ?>compatibility/contact-us.html">Contact Us</a></li>
</ul>
<!-- End Compatibility -->
diff --git a/src/compatibility/downloads.jd b/src/compatibility/cts/downloads.jd
similarity index 73%
rename from src/compatibility/downloads.jd
rename to src/compatibility/cts/downloads.jd
index a52bafa..64172dd 100644
--- a/src/compatibility/downloads.jd
+++ b/src/compatibility/cts/downloads.jd
@@ -1,8 +1,8 @@
-page.title=Android Compatibility Downloads
+page.title=Compatibility Test Suite Downloads
@jd:body
<!--
- Copyright 2015 The Android Open Source Project
+ Copyright 2016 The Android Open Source Project
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@@ -30,64 +30,58 @@
<h2 id="android-60">Android 6.0</h2>
<p>Android 6.0 is the release of the development milestone code-named Marshmallow.
The source code for the following tests can be synced with the
-'android-cts-6.0_r5' tag in the open-source tree.</p>
+'android-cts-6.0_r6' tag in the open-source tree.</p>
<ul>
-<li><a href="6.0/android-6.0-cdd.pdf">Android 6.0 Compatibility Definition
-Document (CDD)</a></li>
<li><a
-href="https://dl.google.com/dl/android/cts/android-cts-6.0_r5-linux_x86-arm.zip">Android
-6.0 R5 Compatibility Test Suite (CTS) - ARM</a></li>
+href="https://dl.google.com/dl/android/cts/android-cts-6.0_r6-linux_x86-arm.zip">Android
+6.0 R6 Compatibility Test Suite (CTS) - ARM</a></li>
<li><a
-href="https://dl.google.com/dl/android/cts/android-cts-6.0_r5-linux_x86-x86.zip">Android
-6.0 R5 Compatibility Test Suite (CTS) - x86</a></li>
+href="https://dl.google.com/dl/android/cts/android-cts-6.0_r6-linux_x86-x86.zip">Android
+6.0 R6 Compatibility Test Suite (CTS) - x86</a></li>
<li><a
-href="https://dl.google.com/dl/android/cts/android-cts-verifier-6.0_r5-linux_x86-arm.zip">Android
-6.0 R5 CTS Verifier - ARM</a></li>
+href="https://dl.google.com/dl/android/cts/android-cts-verifier-6.0_r6-linux_x86-arm.zip">Android
+6.0 R6 CTS Verifier - ARM</a></li>
<li><a
-href="https://dl.google.com/dl/android/cts/android-cts-verifier-6.0_r5-linux_x86-x86.zip">Android
-6.0 R5 CTS Verifier - x86</a></li>
+href="https://dl.google.com/dl/android/cts/android-cts-verifier-6.0_r6-linux_x86-x86.zip">Android
+6.0 R6 CTS Verifier - x86</a></li>
</ul>
<h2 id="android-51">Android 5.1</h2>
<p>Android 5.1 is the release of the development milestone code-named Lollipop-MR1.
The source code for the following tests can be synced with the
-'android-cts-5.1_r6' tag in the open source tree.</p>
+'android-cts-5.1_r7' tag in the open source tree.</p>
<ul>
-<li><a href="5.1/android-5.1-cdd.pdf">Android 5.1 Compatibility Definition
-Document (CDD)</a></li>
<li><a
-href="https://dl.google.com/dl/android/cts/android-cts-5.1_r6-linux_x86-arm.zip">Android
-5.1 R6 Compatibility Test Suite (CTS) - ARM</a></li>
+href="https://dl.google.com/dl/android/cts/android-cts-5.1_r7-linux_x86-arm.zip">Android
+5.1 R7 Compatibility Test Suite (CTS) - ARM</a></li>
<li><a
-href="https://dl.google.com/dl/android/cts/android-cts-5.1_r6-linux_x86-x86.zip">Android
-5.1 R6 Compatibility Test Suite (CTS) - x86</a></li>
+href="https://dl.google.com/dl/android/cts/android-cts-5.1_r7-linux_x86-x86.zip">Android
+5.1 R7 Compatibility Test Suite (CTS) - x86</a></li>
<li><a
-href="https://dl.google.com/dl/android/cts/android-cts-verifier-5.1_r6-linux_x86-arm.zip">Android
-5.1 R6 CTS Verifier - ARM</a></li>
+href="https://dl.google.com/dl/android/cts/android-cts-verifier-5.1_r7-linux_x86-arm.zip">Android
+5.1 R7 CTS Verifier - ARM</a></li>
<li><a
-href="https://dl.google.com/dl/android/cts/android-cts-verifier-5.1_r6-linux_x86-x86.zip">Android
-5.1 R6 CTS Verifier - x86</a></li>
+href="https://dl.google.com/dl/android/cts/android-cts-verifier-5.1_r7-linux_x86-x86.zip">Android
+5.1 R7 CTS Verifier - x86</a></li>
</ul>
<h2 id="android-50">Android 5.0</h2>
<p>Android 5.0 is the release of the development milestone code-named Lollipop.
The source code for the following tests can be synced with the
-'android-cts-5.0_r5' tag in the open source tree.</p>
+'android-cts-5.0_r6' tag in the open source tree.</p>
<ul>
-<li><a href="5.0/android-5.0-cdd.pdf">Android 5.0 Compatibility Definition
-Document (CDD)</a></li>
<li><a
-href="https://dl.google.com/dl/android/cts/android-cts-5.0_r5-linux_x86-arm.zip">Android
-5.0 R5 Compatibility Test Suite (CTS) - ARM</a></li>
+href="https://dl.google.com/dl/android/cts/android-cts-5.0_r6-linux_x86-arm.zip">Android
+5.0 R6 Compatibility Test Suite (CTS) - ARM</a></li>
<li><a
-href="https://dl.google.com/dl/android/cts/android-cts-5.0_r5-linux_x86-x86.zip">Android
-5.0 R5 Compatibility Test Suite (CTS) - x86</a></li>
+href="https://dl.google.com/dl/android/cts/android-cts-5.0_r6-linux_x86-x86.zip">Android
+5.0 R6 Compatibility Test Suite (CTS) - x86</a></li>
<li><a
-href="https://dl.google.com/dl/android/cts/android-cts-verifier-5.0_r5-linux_x86-arm.zip">Android
-5.0 R5 CTS Verifier - ARM</a></li>
+href="https://dl.google.com/dl/android/cts/android-cts-verifier-5.0_r6-linux_x86-arm.zip">Android
+5.0 R6 CTS Verifier - ARM</a></li>
<li><a
-href="https://dl.google.com/dl/android/cts/android-cts-verifier-5.0_r5-linux_x86-x86.zip">Android
-5.0 R5 CTS Verifier - x86</a></li>
+href="https://dl.google.com/dl/android/cts/android-cts-verifier-5.0_r6-linux_x86-x86.zip">Android
+5.0 R6 CTS Verifier - x86</a></li>
</ul>
<h2 id="android-44">Android 4.4</h2>
@@ -95,8 +89,6 @@
KitKat. Source code for Android 4.4 is found in the
'android-cts-4.4_r4' branch in the open source tree.</p>
<ul>
-<li><a href="4.4/android-4.4-cdd.pdf">Android 4.4 Compatibility Definition
-Document (CDD)</a></li>
<li><a
href="https://dl.google.com/dl/android/cts/android-cts-4.4_r4-linux_x86-arm.zip">Android
4.4 R4 Compatibility Test Suite (CTS) - ARM</a></li>
@@ -115,7 +107,6 @@
<p>Android 4.3 is the release of the development milestone code-named
Jelly Bean-MR2. Source code for Android 4.3 is found in the 'android-4.3_r2.2-cts' branch in the open source tree.</p>
<ul>
-<li><a href="4.3/android-4.3-cdd.pdf">Android 4.3 Compatibility Definition Document (CDD)</a></li>
<li><a
href="https://dl.google.com/dl/android/cts/android-cts-4.3_r2-linux_x86-arm.zip">Android
4.3 R2 Compatibility Test Suite (CTS)</a></li>
@@ -128,7 +119,6 @@
<p>Android 4.2 is the release of the development milestone code-named
Jelly Bean-MR1. Source code for Android 4.2 is found in the 'android-4.2.2_r1' branch in the open source tree.</p>
<ul>
-<li><a href="4.2/android-4.2-cdd.pdf">Android 4.2 Compatibility Definition Document (CDD)</a></li>
<li><a href="https://dl.google.com/dl/android/cts/android-cts-4.2_r4-linux_x86-arm.zip">Android 4.2 R4 Compatibility Test Suite (CTS)</a></li>
<li><a href="https://dl.google.com/dl/android/cts/android-cts-verifier-4.2_r5-linux_x86-arm.zip">Android 4.2 R5 CTS Verifier</a></li>
</ul>
@@ -137,7 +127,6 @@
Bean. The source code of the Compatibility Test Suite revisions below is
available at the 'android-cts-4.1_r4' tag in the open source tree.</p>
<ul>
-<li><a href="4.1/android-4.1-cdd.pdf">Android 4.1 Compatibility Definition Document (CDD)</a></li>
<li><a href="https://dl.google.com/dl/android/cts/android-cts-4.1_r4-linux_x86-arm.zip">Android 4.1 R4 Compatibility Test Suite (CTS)</a></li>
<li><a href="https://dl.google.com/dl/android/cts/android-cts-verifier-4.1_r7-linux_x86-arm.zip">Android 4.1 R7 CTS Verifier</a></li>
</ul>
@@ -146,7 +135,6 @@
Ice Cream Sandwich. Source code for
Android 4.0.3 is found in the 'android-4.0.3_r1' branch in the open source tree.</p>
<ul>
-<li><a href="4.0/android-4.0-cdd.pdf">Android 4.0 Compatibility Definition Document (CDD)</a></li>
<li><a href="https://dl.google.com/dl/android/cts/android-cts-4.0.3_r3-linux_x86-arm.zip">Android 4.0.3 R3 Compatibility Test Suite (CTS)</a></li>
<li><a href="https://dl.google.com/dl/android/cts/android-cts-verifier-4.0.3_r2-linux_x86-arm.zip">Android 4.0.3 R2 CTS Verifier</a></li>
</ul>
@@ -155,7 +143,6 @@
Gingerbread. Source code for Android 2.3 is found in the 'gingerbread' branch in
the open source tree.</p>
<ul>
-<li><a href="2.3/android-2.3.3-cdd.pdf">Android 2.3 Compatibility Definition Document (CDD)</a></li>
<li><a href="https://dl.google.com/dl/android/cts/android-cts-2.3_r13-linux_x86-arm.zip">Android 2.3 R13 Compatibility Test Suite (CTS)</a></li>
<li><a href="https://dl.google.com/dl/android/cts/android-cts-verifier-2.3_r3-linux_x86-armv5.zip">Android 2.3 R3 CTS Verifier</a></li>
</ul>
@@ -164,7 +151,6 @@
FroYo. Source code for Android 2.2 is found in the 'froyo' branch in the
open source tree.</p>
<ul>
-<li><a href="2.2/android-2.2-cdd.pdf">Android 2.2 Compatibility Definition Document (CDD)</a></li>
<li><a href="https://dl.google.com/dl/android/cts/android-cts-2.2_r8-linux_x86-arm.zip">Android 2.2 R8 Compatibility Test Suite (CTS)</a></li>
</ul>
<h2 id="android-21">Android 2.1</h2>
@@ -173,7 +159,6 @@
open source tree. Note that for technical reasons, there is no compatibility
program for Android 2.0 or 2.0.1, and new devices must use Android 2.1.</p>
<ul>
-<li><a href="2.1/android-2.1-cdd.pdf">Android 2.1 Compatibility Definition Document (CDD)</a></li>
<li><a href="https://dl.google.com/dl/android/cts/android-cts-2.1_r5-x86.zip">Android 2.1 R5 Compatibility Test Suite (CTS)</a></li>
</ul>
<h2 id="android-16">Android 1.6</h2>
@@ -181,12 +166,11 @@
Android 1.6 was obsoleted by Android 2.1. Source code for Android 1.6 is found
in the 'donut' branch in the open source tree.</p>
<ul>
-<li><a href="1.6/android-1.6-cdd.pdf">Android 1.6 Compatibility Definition Document (CDD)</a></li>
<li><a href="https://dl.google.com/dl/android/cts/android-cts-1.6_r1-x86.zip">Android 1.6 R1 Compatibility Test Suite (CTS)</a></li>
</ul>
<h2 id="compatibility-test-suite-manual">Compatibility Test Suite Manual</h2>
<ul>
-<li><a href="cts/index.html">Compatibility Test Suite (CTS) User Manual</a></li>
+<li><a href="index.html">Compatibility Test Suite (CTS) User Manual</a></li>
</ul>
<h2 id="cts-media-files">CTS Media Files</h2>
<p>These media files are required for the CTS media stress tests.</p>
diff --git a/src/compatibility/cts/index.jd b/src/compatibility/cts/index.jd
index 7b154e5..165e8d2 100644
--- a/src/compatibility/cts/index.jd
+++ b/src/compatibility/cts/index.jd
@@ -26,6 +26,18 @@
<h2 id="how-does-the-cts-work">How does the CTS work?</h2>
+<p>The Compatibility Test Suite (CTS) is a free, commercial-grade test suite,
+available for <a href="downloads.html">download</a>. The CTS represents the
+"mechanism" of compatibility.</p>
+
+<p>The CTS runs on a desktop machine and executes test cases directly on
+attached devices or an emulator. The CTS is a set of unit tests designed to be
+integrated into the daily workflow (such as via a continuous build system) of
+the engineers building a device. Its intent is to reveal incompatibilities
+early on, and ensure that the software remains compatible throughout the
+development process.</p>
+
+
<p>The CTS is an automated testing harness that includes two major software components:</p>
<ul>
<li>
@@ -38,6 +50,11 @@
</li>
</ul>
+<p>The Compatibility Test Suite Verifier (CTS Verifier) is a supplement to the
+CTS available for <a href="downloads.html">download</a>. CTS Verifier
+provides tests for APIs and functions that cannot be tested on a stationary
+device without manual input (e.g. audio quality, accelerometer, etc).</p>
+
<p>The CTS Verifier is a tool for manual testing and includes the following software components:</p>
<ul>
<li>
diff --git a/src/compatibility/cts/interpret.jd b/src/compatibility/cts/interpret.jd
index 0014044..19df62e 100644
--- a/src/compatibility/cts/interpret.jd
+++ b/src/compatibility/cts/interpret.jd
@@ -25,7 +25,7 @@
<p>If you have built the CTS yourself, <em>$CTS_ROOT</em> will resemble the
path <em>out/host/linux-x86/cts</em> but differ by platform. This reflects the
path where you have uncompressed the prebuilt official CTS <a
-href="{@docRoot}compatibility/downloads.html">downloaded</a> from this site.</p>
+href="downloads.html">downloaded</a> from this site.</p>
<p>Inside the zip, the testResult.xml file contains the actual results—open
this file in any web browser (HTML5 compatible browser recommended) to view the
diff --git a/src/compatibility/cts/setup.jd b/src/compatibility/cts/setup.jd
index c486b94..fb4d096 100644
--- a/src/compatibility/cts/setup.jd
+++ b/src/compatibility/cts/setup.jd
@@ -82,12 +82,12 @@
<h3 id=CTS_files>CTS files</h3>
-<p><a href="{@docRoot}compatibility/downloads.html">Download</a> and open the CTS
+<p><a href="downloads.html">Download</a> and open the CTS
packages matching your devices' Android version and all the Application Binary
Interfaces (ABIs) your devices support.</p>
<p>Download and open the latest version of the <a
-href="{@docRoot}compatibility/downloads.html#cts-media-files">CTS Media
+href="downloads.html#cts-media-files">CTS Media
Files</a>.</p>
<h3 id=system_detect>Device detection</h3>
diff --git a/src/compatibility/cts/verifier.jd b/src/compatibility/cts/verifier.jd
index 128342d..9a4daed 100644
--- a/src/compatibility/cts/verifier.jd
+++ b/src/compatibility/cts/verifier.jd
@@ -42,7 +42,7 @@
<ul>
<li>Install the <a href="http://developer.android.com/sdk/index.html">Android
SDK</a> on the Linux computer <li>Download the appropriate <a
-href="{@docRoot}compatibility/downloads.html">CTS Verifier.apk</a> for the
+href="downloads.html">CTS Verifier.apk</a> for the
version of Android under test.
<li>Install CTS Verifier.apk to the <em>Device Under Test</em> (DUT). <br>
<code>adb install -r -g CtsVerifier.apk</code>
diff --git a/src/compatibility/overview.jd b/src/compatibility/overview.jd
index 0a1bfca..6519f20 100644
--- a/src/compatibility/overview.jd
+++ b/src/compatibility/overview.jd
@@ -26,7 +26,9 @@
<p>The Android compatibility program makes it easy for mobile device
manufacturers to develop compatible Android devices.</p>
+
<h2 id="program-goals">Program goals</h2>
+
<p>The Android compatibility program works for the benefit of the entire
Android community, including users, developers, and device manufacturers.</p>
<p>Each group depends on the others. Users want a wide selection of devices
@@ -68,7 +70,7 @@
<p><em>Minimize costs and overhead associated with compatibility.</em>
Ensuring compatibility should be easy and inexpensive to
device manufacturers. The testing tool is free, open source, and
-available for <a href="downloads.html">download</a>.
+available for <a href="cts/downloads.html">download</a>.
It is designed to be used for continuous self-testing
during the device development process to eliminate the cost of changing your
workflow or sending your device to a third party for testing. Meanwhile, there
@@ -76,51 +78,17 @@
fees.</p>
</li>
</ul>
+
+<h2 id="program-components">Program components</h2>
+
<p>The Android compatibility program consists of three key components:</p>
<ul>
-<li>The source code to the Android software stack</li>
-<li>The Compatilbility Definition Document (CDD), representing the "policy" aspect of compatibility</li>
-<li>The Compatilbility Test Suite (CTS), representing the "mechanism" of compatibility</li>
+<li>The <a href="https://android.googlesource.com/">Android Open Source Project</a> source code</li>
+<li>The <a href="cdd.html">Compatilbility Definition Document (CDD)<a/>, representing the "policy" aspect of compatibility</li>
+<li>The <a href="cts/index.html">Compatilbility Test Suite (CTS)</a>, representing the "mechanism" of compatibility</li>
</ul>
+
<p>Just as each version of the Android platform exists in a separate branch in
the source code tree, there is a separate CTS and CDD for each version as
well. The CDD, CTS, and source code are -- along with your hardware and your
software customizations -- everything you need to create a compatible device.</p>
-<h2 id="compatibility-definition-document-cdd">Compatibility Definition Document</h2>
-<p>For each release of the Android platform, a detailed CDD will be provided. The CDD represents the "policy"
-aspect of Android compatibility.</p>
-<p>No test suite, including CTS, can truly be comprehensive. For instance, the
-CTS includes a test that checks for the presence and correct behavior of
-OpenGL graphics APIs, but no software test can verify that the graphics
-actually appear correctly on the screen. More generally, it's impossible to
-test the presence of hardware features such as keyboards, display density,
-Wi-Fi, and Bluetooth.</p>
-<p>The CDD's role is to codify and clarify specific requirements, and
-eliminate ambiguity. The CDD does not attempt to be comprehensive. Since
-Android is a single corpus of open-source code, the code itself is the
-comprehensive "specification" of the platform and its APIs. The CDD acts as a
-"hub" referencing other content (such as SDK API documentation) that provides
-a framework in which the Android source code may be used so that the end
-result is a compatible system.</p>
-<p>If you want to build a device compatible with a given Android version,
-start by checking out the source code for that version, and then read the
-corresponding CDD and stay within its guidelines. For additional details,
-simply examine <a href="/compatibility/android-cdd.pdf">the latest CDD</a>.</p>
-<h2 id="compatibility-test-suite-cts">Compatibility Test Suite</h2>
-<p>The <a href="cts/index.html">CTS</a> is a free, commercial-grade test suite,
-available for <a href="downloads.html">download</a>.
-The CTS represents the "mechanism" of compatibility.</p>
-<p>The CTS runs on a desktop machine and executes test cases directly on
-attached devices or an emulator. The CTS is a set of unit tests designed to be
-integrated into the daily workflow (such as via a continuous build system) of
-the engineers building a device. Its intent is to reveal incompatibilities
-early on, and ensure that the software remains compatible throughout the
-development process.</p>
-<h2 id="compatibility-test-suite-verifier-cts-verifier">Compatibility Test Suite Verifier (CTS Verifier)</h2>
-<p>The Compatibility Test Suite Verifier (CTS Verifier) is a supplement to the
-CTS available for <a href="downloads.html">download</a>.
-CTS Verifier provides tests for APIs and functions that cannot be tested on a
-stationary device without manual input (e.g. audio quality, accelerometer, etc).</p>
-<p>For details on the CTS, consult the <a href="cts/index.html">CTS introduction</a>.</p>
-
-
diff --git a/src/devices/graphics/cts-integration.jd b/src/devices/graphics/cts-integration.jd
index c8be6b6..7b04c57 100644
--- a/src/devices/graphics/cts-integration.jd
+++ b/src/devices/graphics/cts-integration.jd
@@ -32,7 +32,7 @@
<p>Android CTS requires a certain subset of tests, called the <code>mustpass</code> list, to pass. The <code>mustpass</code> list includes OpenGL ES 3.0, OpenGL ES 3.1, and the Android Extension Pack tests. If a device doesn't support a target API or extension, tests are skipped and reported as passing.
The <code>mustpass</code> files can be found under the <code>android/cts</code> directory in the deqp source tree.</p>
-<p>Deqp tests are included in the Android CTS release packages, available on the <a href="{@docRoot}compatibility/downloads.html">Android Compatibility Downloads</a> page. </p>
+<p>Deqp tests are included in the Android CTS release packages, available on the <a href="{@docRoot}compatibility/cts/downloads.html">Android Compatibility Downloads</a> page. </p>
<p>You can run deqp tests through the <code>cts-tradefed</code> utility with the following command:</p>
diff --git a/src/index.jd b/src/index.jd
index e4d05e1..c7571ca 100644
--- a/src/index.jd
+++ b/src/index.jd
@@ -41,6 +41,23 @@
<div class="landing-docs">
<div class="col-8">
<h3>What's New</h3>
+<a href="{@docRoot}compatibility/cdd.html">
+ <h4>CDD as Web Page, Older Versions Available</h4></a>
+ <p>The Android Compatibility Definition Document (CDD) is now published
+ as a <strong><a href="{@docRoot}compatibility/android-cdd.html">web
+ page</a></strong> for easy access, and all older versions of the CDD and
+ associated version strings are now listed on a central <strong><a
+ href="{@docRoot}compatibility/cdd.html">Compatibility Definition Document</a>
+ </strong> page.</p>
+
+<a href="{@docRoot}compatibility/cts/camera-hal.html">
+ <h4>Camera HAL Testing Checklist</h4></a>
+ <p>A new <strong><a
+ href="{@docRoot}compatibility/cts/camera-hal.html">Camera HAL Testing
+ Checklist</a></strong> describes all of the tests available for the Camera
+ hardware abstraction layer, including native, the Compatibility Test Suite
+ (CTS), manual tests, and the Image Test Suite (ITS).</p>
+
<a href="{@docRoot}security/overview/updates-resources.html#reports">
<h4>Android Security 2015 Year in Review</h4></a>
<p>The Android Security team has published its <strong><a
@@ -70,25 +87,6 @@
<p>A new version of the media files required for Android Compatibility Test
Suite (CTS) media stress tests is now available for <strong><a
href="{@docRoot}compatibility/downloads.html#cts-media-files">download</a></strong>.</p>
-
-<a href="{@docRoot}security/advisory/index.html">
- <h4>Android Security Advisories</h4></a>
- <p>The Android security team has released its <strong><a
- href="{@docRoot}security/advisory/2016-03-18.html">first advisory</a></strong>,
- a supplement to Nexus Security Bulletins that may not require security patches
- or Nexus device updates but could still affect an Android user's overall
- security.</p>
-
-<a href="{@docRoot}source/requirements.html">
- <h4>Requirements Expanded, Build Environment Simplified</h4></a>
- <p>The Android build <strong><a
- href="{@docRoot}source/requirements.html">Requirements</a></strong>
- have been expanded to include both the operating system and Java version needed for
- each Android version and also broken down into hardware and software
- requirements. Conversely, these same requirements have been removed from
- <strong><a href="{@docRoot}source/initializing.html">Establishing a Build
- Environment</a></strong> to separate those reference materials from the steps
- needed to set up your workstation.</p>
</div>
<div class="col-8">
diff --git a/src/security/bulletin/2015-10-01.jd b/src/security/bulletin/2015-10-01.jd
index a646b61..02d079a 100644
--- a/src/security/bulletin/2015-10-01.jd
+++ b/src/security/bulletin/2015-10-01.jd
@@ -24,7 +24,7 @@
</div>
</div>
-<p><em>Published October 05, 2015 | Updated January 22, 2016</em></p>
+<p><em>Published October 05, 2015 | Updated April 28, 2016</em></p>
<p>We have released a security update to Nexus devices through an over-the-air
(OTA) update as part of our Android Security Bulletin Monthly Release process.
@@ -70,7 +70,7 @@
CVE-2015-6598<br />
CVE-2015-6599<br />
CVE-2015-6600<br />
- CVE-2015-3870<br />
+ CVE-2015-6603<br />
CVE-2015-6601<br />
CVE-2015-3876<br />
CVE-2015-6604</td>
@@ -94,7 +94,7 @@
</tr>
<tr>
<td>Remote Code Execution Vulnerability in libFLAC</td>
- <td>CVE-2014-9082</td>
+ <td>CVE-2014-9028</td>
<td>Critical</td>
</tr>
<tr>
@@ -793,8 +793,9 @@
<ul>
<li> October 05, 2015: Bulletin published.
<li> October 07, 2015: Bulletin updated with AOSP references. Clarified the bug
-references for CVE-2014-9082.
+references for CVE-2014-9028.
<li> October 12, 2015: Updated acknowledgements for CVE-2015-3868, CVE-2015-3869,
CVE-2015-3865, CVE-2015-3862.
<li> January 22, 2016: Updated acknowledgements for CVE-2015-6606.
+ <li> April 28, 2016: Added CVE-2015-6603 and corrected typo with CVE-2014-9028.
</ul>
diff --git a/src/security/bulletin/2015.jd b/src/security/bulletin/2015.jd
new file mode 100644
index 0000000..726511b
--- /dev/null
+++ b/src/security/bulletin/2015.jd
@@ -0,0 +1,92 @@
+page.title=2015 Nexus Security Bulletins
+@jd:body
+
+<!--
+ Copyright 2016 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<p>This page contains all available 2015 Nexus Security Bulletins. For a list of all bulletins,
+please see the <a href="index.html">Nexus Security Bulletins</a> homepage.</p>
+
+
+<table>
+ <tr>
+ <th>Bulletin</th>
+ <th>Languages</th>
+ <th>Published Date</th>
+ <th>Android Security Patch Level</th>
+ </tr>
+ <tr>
+ <td><a href="2015-12-01.html">December 2015</a></td>
+ <td>
+ <a href="{@docRoot}intl/ja_ALL/security/bulletin/2015-12-01.html">日本語</a> /
+ <a href="{@docRoot}intl/ko_ALL/security/bulletin/2015-12-01.html">한국어</a> /
+ <a href="{@docRoot}intl/ru_ALL/security/bulletin/2015-12-01.html">ru</a> /<br />
+ <a href="{@docRoot}intl/zh-CN_ALL/security/bulletin/2015-12-01.html">中文 (中国)</a> /
+ <a href="{@docRoot}intl/zh-TW_ALL/security/bulletin/2015-12-01.html">中文 (台灣)</a>
+ </td>
+ <td>December 7, 2015</td>
+ <td>December 1, 2015: [2015-12-01]</td>
+</tr>
+<tr>
+ <td><a href="2015-11-01.html">November 2015</a></td>
+ <td>
+ <a href="{@docRoot}intl/ja_ALL/security/bulletin/2015-11-01.html">日本語</a> /
+ <a href="{@docRoot}intl/ko_ALL/security/bulletin/2015-11-01.html">한국어</a> /
+ <a href="{@docRoot}intl/ru_ALL/security/bulletin/2015-11-01.html">ru</a> /<br />
+ <a href="{@docRoot}intl/zh-CN_ALL/security/bulletin/2015-11-01.html">中文 (中国)</a> /
+ <a href="{@docRoot}intl/zh-TW_ALL/security/bulletin/2015-11-01.html">中文 (台灣)</a>
+ </td>
+ <td>November 2, 2015</td>
+ <td>November 1, 2015: [2015-11-01]</td>
+ </tr>
+ <tr>
+ <td><a href="2015-10-01.html">October 2015</a></td>
+ <td>
+ <a href="{@docRoot}intl/ja_ALL/security/bulletin/2015-10-01.html">日本語</a> /
+ <a href="{@docRoot}intl/ko_ALL/security/bulletin/2015-10-01.html">한국어</a> /
+ <a href="{@docRoot}intl/ru_ALL/security/bulletin/2015-10-01.html">ru</a> /<br />
+ <a href="{@docRoot}intl/zh-CN_ALL/security/bulletin/2015-10-01.html">中文 (中国)</a> /
+ <a href="{@docRoot}intl/zh-TW_ALL/security/bulletin/2015-10-01.html">中文 (台灣)</a>
+ </td>
+ <td>October 5, 2015</td>
+ <td>October 1, 2015: [2015-10-01]</td>
+ </tr>
+ <tr>
+ <td><a href="2015-09-01.html">September 2015</a></td>
+ <td>
+ <a href="{@docRoot}intl/ja_ALL/security/bulletin/2015-09-01.html">日本語</a> /
+ <a href="{@docRoot}intl/ko_ALL/security/bulletin/2015-09-01.html">한국어</a> /
+ <a href="{@docRoot}intl/ru_ALL/security/bulletin/2015-09-01.html">ru</a> /<br />
+ <a href="{@docRoot}intl/zh-CN_ALL/security/bulletin/2015-09-01.html">中文 (中国)</a> /
+ <a href="{@docRoot}intl/zh-TW_ALL/security/bulletin/2015-09-01.html">中文 (台灣)</a>
+ </td>
+ <td>September 9, 2015</td>
+ <td>N/A</td>
+ </tr>
+ <tr>
+ <td><a href="2015-08-01.html">August 2015</a></td>
+ <td>
+ <a href="{@docRoot}intl/ja_ALL/security/bulletin/2015-08-01.html">日本語</a> /
+ <a href="{@docRoot}intl/ko_ALL/security/bulletin/2015-08-01.html">한국어</a> /
+ <a href="{@docRoot}intl/ru_ALL/security/bulletin/2015-08-01.html">ru</a> /<br />
+ <a href="{@docRoot}intl/zh-CN_ALL/security/bulletin/2015-08-01.html">中文 (中国)</a> /
+ <a href="{@docRoot}intl/zh-TW_ALL/security/bulletin/2015-08-01.html">中文 (台灣)</a>
+ </td>
+ <td>August 13, 2015</td>
+ <td>N/A</td>
+ </tr>
+</table>
+
+
diff --git a/src/security/bulletin/2016-01-01.jd b/src/security/bulletin/2016-01-01.jd
index 9878d74..b153d9e 100644
--- a/src/security/bulletin/2016-01-01.jd
+++ b/src/security/bulletin/2016-01-01.jd
@@ -1,4 +1,4 @@
-page.title=Nexus Security Bulletin - January 2016
+page.title=Nexus Security Bulletin—January 2016
@jd:body
<!--
@@ -24,7 +24,7 @@
</div>
</div>
-<p><em>Published January 04, 2016 | Updated January 06, 2016</em></p>
+<p><em>Published January 04, 2016 | Updated April 28, 2016</em></p>
<p>We have released a security update to Nexus devices through an over-the-air
(OTA) update as part of our Android Security Bulletin Monthly Release process.
@@ -40,7 +40,9 @@
such as email, web browsing, and MMS when processing media files.</p>
<p>We have had no reports of active customer exploitation of these newly reported
-issues. Refer to the <a href="#mitigations">Mitigations</a> section for details on the <a href="https://source.android.com/security/enhancements/">Android security platform protections</a> and service protections such as SafetyNet, which improve the security of the
+issues. Refer to the <a href="#mitigations">Mitigations</a> section for details on the
+<a href="{@docRoot}security/enhancements/index.html">Android security platform protections</a>
+and service protections such as SafetyNet, which improve the security of the
Android platform. We encourage all customers to accept these updates to their
devices.</p>
@@ -48,7 +50,9 @@
<p>The table below contains a list of security vulnerabilities, the Common
-Vulnerability and Exposures ID (CVE), and their assessed severity. The <a href="https://source.android.com/security/overview/updates-resources.html#severity">severity assessment</a> is based on the effect that exploiting the vulnerability would have on an
+Vulnerability and Exposures ID (CVE), and their assessed severity. The
+<a href="{@docRoot}security/overview/updates-resources.html#severity">severity assessment</a>
+is based on the effect that exploiting the vulnerability would have on an
affected device, assuming the platform and service mitigations are disabled for
development purposes or if successfully bypassed.</p>
<table>
@@ -74,7 +78,8 @@
</tr>
<tr>
<td>Elevation of Privilege Vulnerabilities in Trustzone</td>
- <td>CVE-2015-6639</td>
+ <td>CVE-2015-6639<br />
+ CVE-2015-6647</td>
<td>Critical</td>
</tr>
<tr>
@@ -123,7 +128,9 @@
<h2 id=mitigations>Mitigations</h2>
-<p>This is a summary of the mitigations provided by the <a href="https://source.android.com/security/enhancements/index.html">Android security platform</a> and service protections such as SafetyNet. These capabilities reduce the
+<p>This is a summary of the mitigations provided by the
+<a href="{@docRoot}security/enhancements/index.html">Android security platform</a>
+and service protections such as SafetyNet. These capabilities reduce the
likelihood that security vulnerabilities could be successfully exploited on
Android.</p>
@@ -151,14 +158,16 @@
<ul>
<li> Abhishek Arya, Oliver Chang, and Martin Barbella of Google Chrome Security
-Team: CVE-2015-6636, CVE-2015-6617
- <li> Sen Nie (<a href="https://twitter.com/@nforest_">@nforest_</a>) and jfang of KEEN lab, Tencent (<a href="https://twitter.com/k33nteam">@K33nTeam</a>): CVE-2015-6637
+ Team: CVE-2015-6636
+ <li> Sen Nie (<a href="https://twitter.com/@nforest_">@nforest_</a>) and jfang of KEEN lab, Tencent
+ (<a href="https://twitter.com/k33nteam">@K33nTeam</a>): CVE-2015-6637
<li> Yabin Cui from Android Bionic Team: CVE-2015-6640
<li> Tom Craig of Google X: CVE-2015-6641
<li> Jann Horn (<a href="https://thejh.net">https://thejh.net</a>): CVE-2015-6642
<li> Jouni Malinen PGP id EFC895FA: CVE-2015-5310
<li> Quan Nguyen of Google Information Security Engineer Team: CVE-2015-6644
- <li> Gal Beniamini (<a href="https://twitter.com/@laginimaineb">@laginimaineb</a>, <a href="http://bits-please.blogspot.com">http://bits-please.blogspot.com</a>): CVE-2015-6639
+ <li> Gal Beniamini (<a href="https://twitter.com/@laginimaineb">@laginimaineb</a>,
+ <a href="http://bits-please.blogspot.com">http://bits-please.blogspot.com</a>): CVE-2015-6639
</ul>
<h2 id=security_vulnerability_details>Security Vulnerability Details</h2>
@@ -528,3 +537,4 @@
<ul>
<li> January 04, 2016: Bulletin published.
<li> January 06, 2016: Bulletin revised to include AOSP links.
+ <li> April 28, 2016: Removed CVE-2015-6617 from Acknowledgements and added CVE-2015-6647 to summary table
diff --git a/src/security/bulletin/2016-02-01.jd b/src/security/bulletin/2016-02-01.jd
index 1fc5cfd..1efd45b 100644
--- a/src/security/bulletin/2016-02-01.jd
+++ b/src/security/bulletin/2016-02-01.jd
@@ -162,10 +162,8 @@
of <a href="http://c0reteam.org">C0RE Team</a>, <a
href="http://www.360safe.com/">Qihoo 360</a>: CVE-2016-0804
<li> David Riley of the Google Pixel C Team: CVE-2016-0812
- <li> Dongkwan Kim (<a href="mailto:dkay@kaist.ac.kr">dkay@kaist.ac.kr</a>) of System Security Lab, KAIST: CVE-2015-6614
<li> Gengjia Chen (<a href="https://twitter.com/@chengjia4574">@chengjia4574</a>)
of Lab IceSword, Qihoo 360: CVE-2016-0805
- <li> Hongil Kim (<a href="mailto:hongilk@kaist.ac.kr">hongilk@kaist.ac.kr</a>) of System Security Lab, KAIST: CVE-2015-6614
<li> Qidan He (<a href="https://twitter.com/@Flanker_hqd">@Flanker_hqd</a>) of
KeenLab (<a href="https://twitter.com/keen_lab">@keen_lab</a>), Tencent: CVE-2016-0811
<li> Seven Shen (<a href="https://twitter.com/@lingtongshen">@lingtongshen</a>)
diff --git a/src/security/bulletin/2016-05-01.jd b/src/security/bulletin/2016-05-01.jd
new file mode 100644
index 0000000..759d2cf
--- /dev/null
+++ b/src/security/bulletin/2016-05-01.jd
@@ -0,0 +1,1347 @@
+page.title=Android Security Bulletin—May 2016
+@jd:body
+
+<!--
+ Copyright 2016 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<p><em>Published May 02, 2016</em></p>
+
+<p>The Android Security Bulletin contains details of security vulnerabilities
+affecting Android devices. Alongside with the bulletin, we have released a
+security update to Nexus devices through an over-the-air (OTA) update. The
+Nexus firmware images have also been released to the
+<a href="https://developers.google.com/android/nexus/images">Google Developer site</a>.
+Security Patch Levels of May 01, 2016 or later address these issues (refer to
+the <a href="https://support.google.com/nexus/answer/4457705">Nexus documentation</a>
+for instructions on how to check the security patch level).</p>
+
+<p>Partners were notified about the issues described in the bulletin on April 04,
+2016 or earlier. Source code patches for these issues will be released to the
+Android Open Source Project (AOSP) repository over the next 48 hours. We will
+revise this bulletin with the AOSP links when they are available.</p>
+
+<p>The most severe of these issues is a Critical security vulnerability that could
+enable remote code execution on an affected device through multiple methods
+such as email, web browsing, and MMS when processing media files.</p>
+
+<p>We have had no reports of active customer exploitation or abuse of these newly
+reported issues. Refer to the <a href="#mitigations">Android and Google Service Mitigations</a>
+section for details on the <a href="{@docRoot}security/enhancements/index.html">
+Android security platform protections</a> and service protections such as SafetyNet,
+which improve the security of the Android platform.</p>
+
+<p>We encourage all customers to accept these updates to their devices.</p>
+
+<h2 id=announcements>Announcements</h2>
+
+
+<ul>
+ <li> To reflect a broader focus, we renamed this bulletin (and all following in the
+ series) to the Android Security Bulletin. These bulletins encompass a broader
+ range of vulnerabilities that may affect Android devices, even if they do not
+ affect Nexus devices.</li>
+ <li> We updated the Android Security
+ <a href="{@docRoot}security/overview/updates-resources.html#severity">severity ratings</a>.
+ These changes were the result of data collected over the last six months on
+ reported security vulnerabilities and aim to align severities more closely with
+ real world impact to users.</li>
+</ul>
+
+<h2 id=security_vulnerability_summary>Security Vulnerability Summary</h2>
+
+
+<p>The table below contains a list of security vulnerabilities, the Common
+Vulnerability and Exposures ID (CVE), their assessed severity and whether or
+not Nexus devices are affected.
+The <a href="{@docRoot}security/overview/updates-resources.html#severity">severity assessment</a>
+is based on the effect that exploiting the vulnerability would possibly have
+on an affected device, assuming the platform and service mitigations are
+disabled for development purposes or if successfully bypassed.</p>
+<table>
+ <col width="55%">
+ <col width="20%">
+ <col width="13%">
+ <col width="12%">
+ <tr>
+ <th>Issue</th>
+ <th>CVE</th>
+ <th>Severity</th>
+ <th>Affects Nexus?</th>
+ </tr>
+ <tr>
+ <td>Remote Code Execution Vulnerability in Mediaserver</td>
+ <td>CVE-2016-2428<br />
+ CVE-2016-2429</td>
+ <td>Critical</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in Debuggerd</td>
+ <td>CVE-2016-2430</td>
+ <td>Critical</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in Qualcomm TrustZone </td>
+ <td>CVE-2016-2431<br />
+ CVE-2016-2432</td>
+ <td>Critical</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in Qualcomm Wi-Fi Driver</td>
+ <td>CVE-2015-0569<br />
+ CVE-2015-0570</td>
+ <td>Critical</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in NVIDIA Video Driver </td>
+ <td>CVE-2016-2434<br />
+ CVE-2016-2435<br />
+ CVE-2016-2436<br />
+ CVE-2016-2437</td>
+ <td>Critical</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in Kernel</td>
+ <td>CVE-2015-1805</td>
+ <td>Critical</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Remote Code Execution Vulnerability in Kernel</td>
+ <td>CVE-2016-2438</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Information Disclosure Vulnerability in Qualcomm Tethering Controller</td>
+ <td>CVE-2016-2060</td>
+ <td>High</td>
+ <td>No</td>
+ </tr>
+ <tr>
+ <td>Remote Code Execution in Bluetooth</td>
+ <td>CVE-2016-2439</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege in Binder</td>
+ <td>CVE-2016-2440</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in Qualcomm Buspm Driver</td>
+ <td>CVE-2016-2441<br />
+ CVE-2016-2442</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in Qualcomm MDP Driver</td>
+ <td>CVE-2016-2443</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in Qualcomm Wi-Fi Driver</td>
+ <td>CVE-2015-0571</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in NVIDIA Video Driver</td>
+ <td>CVE-2016-2444<br />
+ CVE-2016-2445<br />
+ CVE-2016-2446</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege in Wi-Fi</td>
+ <td>CVE-2016-2447</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in Mediaserver</td>
+ <td>CVE-2016-2448<br />
+ CVE-2016-2449<br />
+ CVE-2016-2450<br />
+ CVE-2016-2451<br />
+ CVE-2016-2452</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in MediaTek Wi-Fi Driver</td>
+ <td>CVE-2016-2453</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Remote Denial of Service Vulnerability in Qualcomm Hardware Codec</td>
+ <td>CVE-2016-2454</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege in Conscrypt</td>
+ <td>CVE-2016-2461<br />
+ CVE-2016-2462</td>
+ <td>Moderate</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in OpenSSL & BoringSSL</td>
+ <td>CVE-2016-0705</td>
+ <td>Moderate</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in MediaTek Wi-Fi Driver</td>
+ <td>CVE-2016-2456</td>
+ <td>Moderate</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege in Wi-Fi</td>
+ <td>CVE-2016-2457</td>
+ <td>Moderate</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Information Disclosure Vulnerability in AOSP Mail </td>
+ <td>CVE-2016-2458</td>
+ <td>Moderate</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Information Disclosure Vulnerability in Mediaserver</td>
+ <td>CVE-2016-2459<br />
+ CVE-2016-2460</td>
+ <td>Moderate</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Denial of Service Vulnerability in Kernel</td>
+ <td>CVE-2016-0774</td>
+ <td>Low</td>
+ <td>Yes</td>
+ </tr>
+</table>
+
+
+<h2 id=android_and_google_service_mitigations>Android and Google Service Mitigations</h2>
+
+
+<p>This is a summary of the mitigations provided by the
+<a href="{@docRoot}security/enhancements/index.html">Android security platform</a>
+and service protections such as SafetyNet. These capabilities reduce the
+likelihood that security vulnerabilities could be successfully exploited on
+Android.</p>
+
+<ul>
+ <li> Exploitation for many issues on Android is made more difficult by enhancements
+ in newer versions of the Android platform. We encourage all users to update to
+ the latest version of Android where possible.</li>
+ <li> The Android Security team actively monitors for abuse with
+ <a href="{@docRoot}security/reports/Google_Android_Security_2015_Report_Final.pdf">
+ Verify Apps and SafetyNet</a>, which are designed to warn users about
+ <a href="{@docRoot}security/reports/Google_Android_Security_PHA_classifications.pdf">
+ Potentially Harmful Applications</a>. Verify Apps is enabled by default on devices with
+ <a href="http://www.android.com/gms">Google Mobile Services</a>, and is especially
+ important for users who install applications from outside
+ of Google Play. Device rooting tools are prohibited within Google Play, but
+ Verify Apps warns users when they attempt to install a detected rooting
+ application—no matter where it comes from. Additionally, Verify Apps attempts
+ to identify and block installation of known malicious applications that exploit
+ a privilege escalation vulnerability. If such an application has already been
+ installed, Verify Apps will notify the user and attempt to remove the detected
+ application.</li>
+ <li> As appropriate, Google Hangouts and Messenger applications do not automatically
+ pass media to processes such as mediaserver.</li>
+</ul>
+
+<h2 id=acknowledgements>Acknowledgements</h2>
+
+
+<p>We would like to thank these researchers for their contributions:</p>
+
+<ul>
+ <li> Abhishek Arya, Oliver Chang, and Martin Barbella of Google Chrome Security
+ Team: CVE-2016-2454
+ <li> Andy Tyler (<a href="https://twitter.com/ticarpi">@ticarpi</a>) of
+ <a href="https://www.e2e-assure.com">e2e-assure</a>: CVE-2016-2457
+ <li> Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>) and
+ Xuxian Jiang of <a href="http://c0reteam.org">C0RE Team</a>: CVE-2016-2441,
+ CVE-2016-2442
+ <li> Dzmitry Lukyanenka (<a href="http://www.linkedin.com/in/dzima">
+ www.linkedin.com/in/dzima</a>): CVE-2016-2458
+ <li> Gal Beniamini: CVE-2016-2431
+ <li> Hao Chen of Vulpecker Team, Qihoo 360 Technology Co. Ltd: CVE-2016-2456
+ <li> Jake Valletta of Mandiant, a FireEye company: CVE-2016-2060
+ <li> Jianqiang Zhao (<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>)
+ and pjf (<a href="http://weibo.com/jfpan">weibo.com/jfpan</a>) of IceSword Lab,
+ Qihoo 360 Technology Co. Ltd: CVE-2016-2434, CVE-2016-2435, CVE-2016-2436,
+ CVE-2016-2441, CVE-2016-2442, CVE-2016-2444, CVE-2016-2445, CVE-2016-2446
+ <li> Imre Rad of <a href="http://www.search-lab.hu">Search-Lab Ltd.</a>: CVE-2016-2447
+ <li> Jeremy C. Joslin of Google: CVE-2016-2461
+ <li> Kenny Root of Google: CVE-2016-2462
+ <li> Marco Grassi (<a href="https://twitter.com/marcograss">@marcograss</a>) of KeenLab
+ (<a href="https://twitter.com/keen_lab">@keen_lab</a>), Tencent: CVE-2016-2443
+ <li> Michał Bednarski (<a href="https://github.com/michalbednarski">
+ https://github.com/michalbednarski</a>): CVE-2016-2440
+ <li> Mingjian Zhou (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>),
+ Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), and Xuxian
+ Jiang of <a href="http://c0reteam.org">C0RE Team</a>: CVE-2016-2450, CVE-2016-2448,
+ CVE-2016-2449, CVE-2016-2451, CVE-2016-2452
+ <li> Peter Pi (<a href="https://twitter.com/heisecode">@heisecode</a>) of Trend Micro:
+ CVE-2016-2459, CVE-2016-2460
+ <li> Weichao Sun (<a href="https://twitter.com/sunblate">@sunblate</a>) of Alibaba Inc.:
+ CVE-2016-2428, CVE-2016-2429
+ <li> <a href="mailto:computernik@gmail.com">Yuan-Tsung Lo</a>, <a href="mailto:zlbzlb815@163.com">
+ Lubo Zhang</a>, Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>),
+ and Xuxian Jiang of <a href="http://c0reteam.org">C0RE Team</a>: CVE-2016-2437
+ <li> Yulong Zhang and Tao (Lenx) Wei of Baidu X-Lab: CVE-2016-2439
+ <li> Zach Riggle (<a href="https://twitter.com/ebeip90">@ebeip90</a>) of the Android
+ Security Team: CVE-2016-2430
+</ul>
+
+<h2 id=security_vulnerability_details>Security Vulnerability Details</h2>
+
+
+<p>In the sections below, we provide details for each of the security
+vulnerabilities listed in the <a href="#security_vulnerability_summary">
+Security Vulnerability Summary</a> above. There is a description of the issue,
+a severity rationale, and a table with the CVE, associated bug, severity,
+updated Nexus devices, updated AOSP versions (where applicable), and date reported.
+When available, we will link the AOSP change that addressed the issue to
+the bug ID. When multiple changes relate to a single bug, additional AOSP
+references are linked to numbers following the bug ID.</p>
+
+<h3 id=remote_code_execution_vulnerability_in_mediaserver>
+Remote Code Execution Vulnerability in Mediaserver</h3>
+
+
+<p>During media file and data processing of a specially crafted file, a
+vulnerability in mediaserver could allow an attacker to cause memory corruption
+and remote code execution as the mediaserver process.</p>
+
+<p>The affected functionality is provided as a core part of the operating system
+and there are multiple applications that allow it to be reached with remote
+content, most notably MMS and browser playback of media.</p>
+
+<p>This issue is rated as Critical severity due to the possibility of remote code
+execution within the context of the mediaserver service. The mediaserver
+service has access to audio and video streams, as well as access to privileges
+that third-party apps could not normally access.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2428</td>
+ <td>26751339</td>
+ <td>Critical</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Jan 22, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2429</td>
+ <td>27211885</td>
+ <td>Critical</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Feb 16, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_debuggerd>
+Elevation of Privilege Vulnerability in Debuggerd</h3>
+
+
+<p>An elevation of privilege vulnerability in the integrated Android debugger
+could enable a local malicious application to execute arbitrary code within the
+context of the Android debugger. This issue is rated as Critical severity due
+to the possibility of a local permanent device compromise, which may require
+reflashing the operating system to repair the device.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2430</td>
+ <td>27299236</td>
+ <td>Critical</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Feb 22, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_qualcomm_trustzone>
+Elevation of Privilege Vulnerability in Qualcomm TrustZone </h3>
+
+
+<p>An elevation of privilege vulnerability in the Qualcomm TrustZone component
+could enable a secure local malicious application to execute arbitrary code
+within the context of the TrustZone kernel. This issue is rated as Critical
+severity due to the possibility of a local permanent device compromise, which
+may require reflashing the operating system to repair the device.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2431</td>
+ <td>24968809</td>
+ <td>Critical</td>
+ <td>Nexus 5, Nexus 6, Nexus 7 (2013), Android One</td>
+ <td>Oct 15, 2015</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2432</td>
+ <td>25913059</td>
+ <td>Critical</td>
+ <td>Nexus 6, Android One</td>
+ <td>Nov 28, 2015</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_qualcomm_wi-fi_driver>
+Elevation of Privilege Vulnerability in Qualcomm Wi-Fi Driver</h3>
+
+
+<p>An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could
+enable a local malicious application to execute arbitrary code within the
+context of the kernel. This issue is rated as Critical severity due to
+possibility of a local privilege escalation and arbitrary code execution
+leading to the possibility of a local permanent device compromise, which may
+require reflashing the operating system to repair the device.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2015-0569</td>
+ <td>26754117</td>
+ <td>Critical</td>
+ <td>Nexus 5X, Nexus 7 (2013)</td>
+ <td>Jan 23, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-0570</td>
+ <td>26764809</td>
+ <td>Critical</td>
+ <td>Nexus 5X, Nexus 7 (2013)</td>
+ <td>Jan 25, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_nvidia_video_driver>
+Elevation of Privilege Vulnerability in NVIDIA Video Driver</h3>
+
+
+<p>An elevation of privilege vulnerability in the NVIDIA video driver could enable
+a local malicious application to execute arbitrary code within the context of
+the kernel. This issue is rated as Critical severity due to the possibility of
+a local permanent device compromise, which may require reflashing the operating
+system to repair the device.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2434</td>
+ <td>27251090</td>
+ <td>Critical</td>
+ <td>Nexus 9</td>
+ <td>Feb 17, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2435</td>
+ <td>27297988</td>
+ <td>Critical</td>
+ <td>Nexus 9</td>
+ <td>Feb 20, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2436</td>
+ <td>27299111</td>
+ <td>Critical</td>
+ <td>Nexus 9</td>
+ <td>Feb 22, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2437</td>
+ <td>27436822</td>
+ <td>Critical</td>
+ <td>Nexus 9</td>
+ <td>Mar 1, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_kernel>
+Elevation of Privilege Vulnerability in Kernel</h3>
+
+
+<p>An elevation of privilege vulnerability in the kernel could enable a local
+malicious application to execute arbitrary code within the context of the
+kernel. This issue is rated as Critical severity due to the possibility of a
+local privilege escalation and arbitrary code execution leading to the
+possibility of a local permanent device compromise, which may require
+reflashing the operating system to repair the device. This issue was described
+in <a href="{@docRoot}security/advisory/2016-03-18.html">Android Security Advisory 2016-03-18</a>.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2015-1805</td>
+ <td>27275324</td>
+ <td>Critical</td>
+ <td>Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus 9</td>
+ <td>Feb 19, 2016</td>
+ </tr>
+</table>
+
+
+<p></p>
+
+<h3 id=remote_code_execution_vulnerability_in_kernel>
+Remote Code Execution Vulnerability in Kernel</h3>
+
+
+<p>A remote code execution vulnerability in the audio subsystem could enable a
+local malicious application to execute arbitrary code within the context of the
+kernel. Normally a kernel code execution bug like this would be rated Critical,
+but because it first requires compromising a privileged service in order to
+call the audio subsystem, it is rated High severity.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2438</td>
+ <td>26636060</td>
+ <td>High</td>
+ <td>Nexus 9 </td>
+ <td>Google Internal</td>
+ </tr>
+</table>
+
+
+<h3 id=information_disclosure_vulnerability_in_qualcomm_tethering_controller>
+Information Disclosure Vulnerability in Qualcomm Tethering Controller</h3>
+
+
+<p>An information disclosure vulnerability in the Qualcomm Tethering controller
+could allow a local malicious application to access personal identifiable
+information without the privileges to do so. This issue is rated as High
+severity because it can be used to gain elevated capabilities, such as
+<a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> or
+<a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a>
+permissions privileges, which are not accessible to a third-party application.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2060</td>
+ <td>27942588</td>
+ <td>High</td>
+ <td>None</td>
+ <td>Mar 23, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id=remote_code_execution_vulnerability_in_bluetooth>
+Remote Code Execution Vulnerability in Bluetooth</h3>
+
+
+<p>During pairing of a Bluetooth device, a vulnerability in Bluetooth could allow
+a proximal attacker to execute arbitrary code during the pairing process. This
+issue is rated as High severity due to the possibility of remote code execution
+during the initialization of a Bluetooth device.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2439</td>
+ <td>27411268</td>
+ <td>High</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Feb 28, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_binder>
+Elevation of Privilege Vulnerability in Binder</h3>
+
+
+<p>An elevation of privilege vulnerability in Binder could allow a local malicious
+application to execute arbitrary code within the context of another app’s
+process. While freeing memory, a vulnerability in the Binder could allow an
+attacker to cause local code execution. This issue is rated as High severity
+due to the possibility of local code execution during free memory process in
+the Binder.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2440</td>
+ <td>27252896</td>
+ <td>High</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Feb 18, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_qualcomm_buspm_driver>
+Elevation of Privilege Vulnerability in Qualcomm Buspm Driver</h3>
+
+
+<p>An elevation of privilege vulnerability in the Qualcomm buspm driver could
+enable a local malicious application to execute arbitrary code within the
+context of the kernel. Normally a kernel code execution bug like this would be
+rated Critical, but because it first requires compromising a service that can
+call the driver, it is rated as High severity.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2441</td>
+ <td>26354602</td>
+ <td>High</td>
+ <td>Nexus 5X, Nexus 6, Nexus 6P</td>
+ <td>Dec 30, 2015</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2442</td>
+ <td>26494907</td>
+ <td>High</td>
+ <td>Nexus 5X, Nexus 6, Nexus 6P</td>
+ <td>Dec 30, 2015</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_qualcomm_mdp_driver>
+Elevation of Privilege Vulnerability in Qualcomm MDP Driver</h3>
+
+
+<p>An elevation of privilege vulnerability in the Qualcomm MDP driver could enable
+a local malicious application to execute arbitrary code within the context of
+the kernel. Normally a kernel code execution bug like this would be rated
+Critical, but because it first requires compromising a service that can call
+the driver, it is rated as High severity.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2443</td>
+ <td>26404525</td>
+ <td>High</td>
+ <td>Nexus 5, Nexus 7 (2013)</td>
+ <td>Jan 5, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_qualcomm_wi-fi_driver>
+Elevation of Privilege Vulnerability in Qualcomm Wi-Fi Driver</h3>
+
+
+<p>An elevation of privilege vulnerability in the Qualcomm Wi-Fi component could
+enable a local malicious application to invoke system calls changing the device
+settings and behavior without the privileges to do so. This issue is rated as
+High severity because it could be used to gain local access to elevated
+capabilities, such as
+<a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> or
+<a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a>
+permissions privileges, which are not accessible to a third-party application.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2015-0571</td>
+ <td>26763920</td>
+ <td>High</td>
+ <td>Nexus 5X, Nexus 7 (2013)</td>
+ <td>Jan 25, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_nvidia_video_driver>
+Elevation of Privilege Vulnerability in NVIDIA Video Driver</h3>
+
+
+<p>An elevation of privilege vulnerability in the NVIDIA media driver could enable
+a local malicious application to execute arbitrary code within the context of
+the kernel. Normally a kernel code execution bug like this would be rated
+Critical, but because it first requires compromising a high privilege service
+to call the driver, it is rated High severity.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2444</td>
+ <td>27208332</td>
+ <td>High</td>
+ <td>Nexus 9</td>
+ <td>Feb 16, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2445</td>
+ <td>27253079</td>
+ <td>High</td>
+ <td>Nexus 9</td>
+ <td>Feb 17, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2446</td>
+ <td>27441354</td>
+ <td>High</td>
+ <td>Nexus 9</td>
+ <td>Mar 1, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_wi-fi>
+Elevation of Privilege Vulnerability in Wi-Fi</h3>
+
+
+<p>An elevation of privilege vulnerability in Wi-Fi could enable a local malicious
+application to execute arbitrary code within the context of an elevated system
+application. This issue is rated as High severity because it could also be used
+to gain elevated capabilities, such as
+<a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> or
+<a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a>
+permissions privileges, which are not accessible to third-party applications.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2447</td>
+ <td>27371366</td>
+ <td>High</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Feb 24, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_mediaserver>
+Elevation of Privilege Vulnerability in Mediaserver</h3>
+
+
+<p>An elevation of privilege vulnerability in mediaserver could enable a local
+malicious application to execute arbitrary code within the context of an
+elevated system application. This issue is rated as High severity because it
+could be used to gain elevated capabilities, such as
+<a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> or
+<a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a>
+permissions privileges, which are not accessible to a third-party application.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2448</td>
+ <td>27533704</td>
+ <td>High</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Mar 7, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2449</td>
+ <td>27568958</td>
+ <td>High</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Mar 9, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2450</td>
+ <td>27569635</td>
+ <td>High</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Mar 9, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2451</td>
+ <td>27597103</td>
+ <td>High</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Mar 10, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2452</td>
+ <td>27662364</td>
+ <td>High</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Mar 14, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_mediatek_wi-fi_driver>
+Elevation of Privilege Vulnerability in MediaTek Wi-Fi Driver</h3>
+
+
+<p>An elevation of privilege vulnerability in the MediaTek Wi-Fi driver could
+enable a local malicious application to execute arbitrary code within the
+context of the kernel. Normally a kernel code execution bug like this would be
+rated Critical, but because it first requires compromising a service that can
+call the driver, it is rated as High severity.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2453</td>
+ <td>27549705</td>
+ <td>High</td>
+ <td>Android One</td>
+ <td>Mar 8, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id=remote_denial_of_service_vulnerability_in_qualcomm_hardware_codec>
+Remote Denial of Service Vulnerability in Qualcomm Hardware Codec</h3>
+
+
+<p>During media file and data processing of a specially crafted file, a remote
+denial of service vulnerability in the Qualcomm hardware video codec could
+allow a remote attacker to block access to an affected device by causing a
+device reboot. This is rated as High severity due to the possibility of remote
+denial of service.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2454</td>
+ <td>26221024</td>
+ <td>High</td>
+ <td>Nexus 5</td>
+ <td>Dec 16, 2015</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_conscrypt>
+Elevation of Privilege Vulnerability in Conscrypt</h3>
+
+
+<p>An elevation of privilege vulnerability in Conscrypt could allow an local
+application to believe a message was authenticated when it was not. This issue
+is rated as Moderate severity because it requires coordinated steps across
+multiple devices.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2461</td>
+ <td>27324690</td>
+ <td>Moderate</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>6.0, 6.0.1</td>
+ <td>Google Internal</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2462</td>
+ <td>27371173</td>
+ <td>Moderate</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>6.0, 6.0.1</td>
+ <td>Google Internal</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_openssl_&_boringssl>
+Elevation of Privilege Vulnerability in OpenSSL & BoringSSL</h3>
+
+
+<p>An elevation of privilege vulnerability in OpenSSL and BoringSSL could enable a
+local malicious application to access data outside of its permission levels.
+Normally this would be rated High, but because it requires an uncommon manual
+configuration, it is rated as Moderate severity.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-0705</td>
+ <td>27449871</td>
+ <td>Moderate</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Feb 7, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_mediatek_wi-fi_driver>
+Elevation of Privilege Vulnerability in MediaTek Wi-Fi Driver</h3>
+
+
+<p>An elevation of privilege vulnerability in MediaTek Wi-Fi driver could enable a
+local malicious application to cause a denial of service. Normally an elevation
+of privilege bug like this would be rated High, but because it requires first
+compromising a system service, it is rated as Moderate severity.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2456</td>
+ <td>27275187</td>
+ <td>Moderate</td>
+ <td>Android One</td>
+ <td>Feb 19, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_wi-fi>
+Elevation of Privilege Vulnerability in Wi-Fi</h3>
+
+
+<p>An elevation of privilege vulnerability in Wi-Fi could enable a guest account
+to modify the Wi-Fi settings that persist for the primary user. This issue is
+rated as Moderate severity because it enables local access to "
+<a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">
+dangerous</a>" capabilities without permission.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2457</td>
+ <td>27411179</td>
+ <td>Moderate</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Feb 29, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id=information_disclosure_vulnerability_in_aosp_mail>
+Information Disclosure Vulnerability in AOSP Mail</h3>
+
+
+<p>An information disclosure vulnerability in AOSP Mail could enable a local
+malicious application to gain access to user’s private information. This issue
+is rated Moderate severity because it could be used to improperly access data
+without permission.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2458</td>
+ <td>27335139</td>
+ <td>Moderate</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Feb 23, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id=information_disclosure_vulnerability_in_mediaserver>
+Information Disclosure Vulnerability in Mediaserver</h3>
+
+
+<p>An information disclosure vulnerability in Mediaserver could allow an
+application to access sensitive information. This issue is rated as Moderate
+severity because it could be used to improperly access data without permission.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2459</td>
+ <td>27556038</td>
+ <td>Moderate</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Mar 7, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2460</td>
+ <td>27555981</td>
+ <td>Moderate</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Mar 7, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id=denial_of_service_vulnerability_in_kernel>
+Denial of Service Vulnerability in Kernel</h3>
+
+
+<p>A denial of service vulnerability in the kernel could allow a local malicious
+application to cause a device reboot. This issue is rated as Low severity
+because the effect is a temporary denial of service.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-0774</td>
+ <td>27721803 </td>
+ <td>Low</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>Mar 17, 2016</td>
+ </tr>
+</table>
+
+
+<h2 id=common_questions_and_answers>Common Questions and Answers</h2>
+
+
+<p>This section reviews answers to common questions that may occur after reading
+this bulletin.</p>
+
+<p><strong>1. How do I determine if my device is updated to address these issues?</strong></p>
+
+<p>Security Patch Levels of May 01, 2016 or later address these issues (refer to
+the <a href="https://support.google.com/nexus/answer/4457705">Nexus documentation</a>
+for instructions on how to check the security patch level). Device
+manufacturers that include these updates should set the patch string level to:
+[ro.build.version.security_patch]:[2016-05-01]</p>
+
+<p id="nexus_devices"><strong>2. How do I determine which Nexus devices are affected
+by each issue?</strong></p>
+
+<p>In the <a href="security_vulnerability_details">Security Vulnerability Details</a>
+section, each table has an Updated Nexus devices column that covers the range
+of affected Nexus devices updated for each issue. This column has a few
+options:</p>
+
+<ul>
+ <li> <strong>All Nexus devices</strong>: If an issue affects all Nexus devices,
+ the table will have All Nexus in the <em>Updated Nexus devices</em> column.
+ All Nexus encapsulates the following
+ <a href="https://support.google.com/nexus/answer/4457705#nexus_devices">
+ supported devices</a>: Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 7 (2013),
+ Nexus 9, and Android One.
+ <li> <strong>Some Nexus devices</strong>: If an issue doesn’t affect all Nexus
+ devices, the affected Nexus devices are listed in the <em>Updated Nexus
+ devices</em> column.</li>
+ <li> <strong>No Nexus devices</strong>: If no Nexus devices are affected by the
+ issue, the table will have “None” in the <em>Updated Nexus devices</em> column.</li>
+</ul>
+
+<p><strong>3. Why is CVE-2015-1805 included in this bulletin?</strong></p>
+<p>CVE-2015-1805 is included in this bulletin because the <a href="{@docRoot}security/advisory/2016-03-18.html">
+Android Security Advisory—2016-03-18</a> was published very close to the release of
+the April bulletin. Due to the tight timeline, device manufacturers were given the
+option to ship fixes from the <a href="2016-04-02.html">Nexus Security Bulletin-April 2016</a>
+, without the fix for CVE-2015-1805, if they used the April 01, 2016 Security Patch Level.
+It is included again in this bulletin as it must be fixed in order to use the the
+May 01, 2016 Security Patch Level.</p>
+<h2 id=revisions>Revisions</h2>
+
+
+<ul>
+ <li> May 02, 2016: Bulletin published.</li>
+</ul>
diff --git a/src/security/bulletin/index.jd b/src/security/bulletin/index.jd
index 9a88fc4..926b897 100644
--- a/src/security/bulletin/index.jd
+++ b/src/security/bulletin/index.jd
@@ -1,4 +1,4 @@
-page.title=Nexus Security Bulletins
+page.title=Android Security Bulletins
@jd:body
<!--
@@ -19,8 +19,8 @@
<p>Security has always been a major focus for Android and Google Play: Android was
built from day one with security in mind. Monthly device updates are an
important tool to make and keep Android users safe. This page contains the
-available Nexus Security Bulletins. These security bulletins include
-information users can follow to ensure their device has the latest security
+available Android Security Bulletins. These security bulletins also include
+information users can follow to ensure their Nexus device has the latest security
updates.</p>
<p>To get notifications when we publish a new bulletin, join the
<a href="https://groups.google.com/forum/#!forum/android-security-updates">Android Security Updates group</a>,
@@ -40,6 +40,13 @@
<th>Android Security Patch Level</th>
</tr>
<tr>
+ <td><a href="2016-05-01.html">May 2016</a></td>
+ <td>Coming soon
+ </td>
+ <td>May 2, 2016</td>
+ <td>May 1, 2016: [2016-05-01]</td>
+ </tr>
+ <tr>
<td><a href="2016-04-02.html">April 2016</a></td>
<td>
<a href="{@docRoot}intl/ja_ALL/security/bulletin/2016-04-02.html">日本語</a> /
diff --git a/src/security/overview/acknowledgements.jd b/src/security/overview/acknowledgements.jd
index 22e80b7..85d9d86 100644
--- a/src/security/overview/acknowledgements.jd
+++ b/src/security/overview/acknowledgements.jd
@@ -40,6 +40,9 @@
<p>Abhishek Arya of Google Chrome Security Team</p>
+<p> Andy Tyler (<a href="https://twitter.com/ticarpi">@ticarpi</a>) of
+ <a href="https://www.e2e-assure.com">e2e-assure</a></p>
+
<p>Anestis Bechtsoudis (<a href="https://twitter.com/anestisb">@anestisb</a>) of CENSUS S.A.</p>
<p>Brad Ebinger of Google Telecom Team</p>
@@ -53,6 +56,9 @@
<p>David Riley of the Google Pixel C Team</p>
+<p> Dzmitry Lukyanenka (<a href="http://www.linkedin.com/in/dzima">
+ www.linkedin.com/in/dzima</a>)</p>
+
<p>Dominik Schürmann of <a href="https://www.ibr.cs.tu-bs.de">Institute for
Operating Systems and Computer Networks</a>, TU Braunschweig</p>
@@ -66,22 +72,35 @@
<p>Guang Gong (龚广) (<a href="https://twitter.com/oldfresher">@oldfresher</a>) of <a href="http://www.360.com/">Qihoo 360 Technology Co.Ltd</a></p>
+<p>Hao Chen of Vulpecker Team, Qihoo 360 Technology Co. Ltd.</p>
+
<p>Hongil Kim (<a href="mailto:hongilk@kaist.ac.kr">hongilk@kaist.ac.kr</a>) of System Security Lab, KAIST</p>
+<p>Jake Valletta of Mandiant, a FireEye company</p>
+
<p>James Forshaw of Google Project Zero</p>
<p>Jann Horn (<a href="https://thejh.net/">https://thejh.net</a>)</p>
+<p>Jeremy C. Joslin of Google</p>
+
<p>jfang of KEEN lab, Tencent (<a href="https://twitter.com/k33nteam">@K33nTeam</a>)</p>
-<p> Jianqiang Zhao (<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>) of IceSword Lab, Qihoo 360</p>
+<p>Jianqiang Zhao (<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>) of IceSword Lab, Qihoo 360</p>
<p>Jouni Malinen PGP id EFC895FA</p>
+<p>Kenny Root of Google</p>
+
+<p>Marco Grassi (<a href="https://twitter.com/marcograss">@marcograss</a>) of KeenLab
+ (<a href="https://twitter.com/keen_lab">@keen_lab</a>), Tencent</p>
+
<p>Mark Brand of Google Project Zero</p>
<p>Martin Barbella of Google Chrome Security Team</p>
+<p>Michał Bednarski (<a href="https://github.com/michalbednarski">https://github.com/michalbednarski</a>)</p>
+
<p>Mingjian Zhou (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>) of <a href="http://c0reteam.org">C0RE Team</a> from <a href="http://www.360safe.com/">Qihoo 360</a></p>
<p>Nancy Wang of Vertu Corporation LTD</p>
@@ -116,6 +135,8 @@
<p>Su Mon Kywe of Singapore Management University</p>
+<p>Tao (Lenx) Wei of Baidu X-Lab</p>
+
<p>Tieyan Li of Huawei</p>
<p>Tom Craig of Google X</p>
@@ -126,6 +147,8 @@
<p>Weichao Sun (<a href="https://twitter.com/sunblate">@sunblate</a>) of Alibaba Inc</p>
+<p>William Roberts (<a href="mailto:william.c.roberts@intel.com">william.c.roberts@intel.com</a>)</p>
+
<p>Wish Wu (<a href="https://twitter.com/@wish_wu">@wish_wu</a>) of Trend Micro Inc.</p>
<p><a href="mailto:xw7@indiana.edu">Xiaofeng Wang</a> of Indiana University Bloomington</p>
@@ -142,6 +165,8 @@
<p>Yongzheng Wu of Huawei</p>
+<p>Yulong Zhang of Baidu X-Lab</p>
+
<p>Zach Riggle (<a href="https://twitter.com/@ebeip90">@ebeip90</a>) of the Android Security Team</p>
</div>
@@ -236,6 +261,8 @@
<p>Wen Xu (@antlr7) from KeenTeam (@K33nTeam, <a href="http://k33nteam.org/">http://k33nteam.org/</a>)</p>
+<p>William Roberts (<a href="mailto:william.c.roberts@intel.com">william.c.roberts@intel.com</a>)</p>
+
<p>Wish Wu of Trend Micro Inc. (@wish_wu)</p>
<p>Xuxian Jiang of C0RE Team from Qihoo 360</p>
diff --git a/src/security/security_toc.cs b/src/security/security_toc.cs
index 9b71a4d..d512045 100644
--- a/src/security/security_toc.cs
+++ b/src/security/security_toc.cs
@@ -61,15 +61,25 @@
<li><a href="<?cs var:toroot ?>security/advisory/2016-03-18.html">2016-03-18</a></li>
</ul>
</li>
+ <li><a href="<?cs var:toroot ?>security/bulletin/2016-05-01.html">May 2016</a></li>
<li><a href="<?cs var:toroot ?>security/bulletin/2016-04-02.html">April 2016</a></li>
<li><a href="<?cs var:toroot ?>security/bulletin/2016-03-01.html">March 2016</a></li>
<li><a href="<?cs var:toroot ?>security/bulletin/2016-02-01.html">February 2016</a></li>
<li><a href="<?cs var:toroot ?>security/bulletin/2016-01-01.html">January 2016</a></li>
- <li><a href="<?cs var:toroot ?>security/bulletin/2015-12-01.html">December 2015</a></li>
- <li><a href="<?cs var:toroot ?>security/bulletin/2015-11-01.html">November 2015</a></li>
- <li><a href="<?cs var:toroot ?>security/bulletin/2015-10-01.html">October 2015</a></li>
- <li><a href="<?cs var:toroot ?>security/bulletin/2015-09-01.html">September 2015</a></li>
- <li><a href="<?cs var:toroot ?>security/bulletin/2015-08-01.html">August 2015</a></li>
+ <li class="nav-section">
+ <div class="nav-section-header">
+ <a href="<?cs var:toroot ?>security/bulletin/2015.html">
+ <span class="en">2015 Bulletins</span>
+ </a>
+ </div>
+ <ul>
+ <li><a href="<?cs var:toroot ?>security/bulletin/2015-12-01.html">December 2015</a></li>
+ <li><a href="<?cs var:toroot ?>security/bulletin/2015-11-01.html">November 2015</a></li>
+ <li><a href="<?cs var:toroot ?>security/bulletin/2015-10-01.html">October 2015</a></li>
+ <li><a href="<?cs var:toroot ?>security/bulletin/2015-09-01.html">September 2015</a></li>
+ <li><a href="<?cs var:toroot ?>security/bulletin/2015-08-01.html">August 2015</a></li>
+ </ul>
+ </li>
</ul>
</li>
<li class="nav-section">
diff --git a/src/source/brands.jd b/src/source/brands.jd
index 7802991..853b22b 100644
--- a/src/source/brands.jd
+++ b/src/source/brands.jd
@@ -88,7 +88,7 @@
<h3 id="logo-android">Android logo</h3>
<p>Unless expressly authorized by Google through written agreement, the Android
-logo and custom typeface may not be used (with or with the Android robot).</p>
+logo and custom typeface may not be used (with or without the Android robot).</p>
<img alt="No Logo" src="images/android_logo_new_crossed_out.png">
<img alt="No Logo" src="http://developer.android.com/images/brand/android_logo_no.png">
diff --git a/src/source/building.jd b/src/source/building.jd
index fbfb427..4189d17 100644
--- a/src/source/building.jd
+++ b/src/source/building.jd
@@ -136,7 +136,7 @@
<p>This may be caused by:</p>
<ul>
<li>
-<p>Failing to install the correct JDK as specified in <a href="initializing.html">Initializing the Build Environment</a>.</p>
+<p>Failing to install the correct JDK as specified in <a href="requirements.html#jdk">JDK Requirements</a>.</p>
</li>
<li>
<p>Another JDK previously installed appearing in your path. Prepend the correct JDK to the beginning of your PATH or remove the problematic JDK.</p>
diff --git a/src/source/initializing.jd b/src/source/initializing.jd
index f3356f5..af7a2fb 100644
--- a/src/source/initializing.jd
+++ b/src/source/initializing.jd
@@ -55,8 +55,10 @@
<h3 id="installing-the-jdk">Installing the JDK</h3>
<p>The <code>master</code> branch of Android in the <a
href="https://android.googlesource.com/">Android Open Source Project (AOSP)</a>
-requires Java 8. On Ubuntu, use <a href="http://openjdk.java.net/install/">OpenJDK</a>.</p>
-<p>Java 8: For the latest version of Android</p>
+requires Java 8. On Ubuntu, use <a
+href="http://openjdk.java.net/install/">OpenJDK</a>.</p>
+<p>See <a href="requirements.html#jdk">JDK Requirements</a> for older
+versions.</p>
<h4 id="for-ubuntu-15-04">For Ubuntu >= 15.04</h4>
<p>Run the following:</p>
@@ -113,12 +115,6 @@
path as described in the <a href="building.html#wrong-java-version">Wrong
Java Version</a> section.</p>
-<p>To develop older versions of Android, download and install the corresponding version of the <a
-href="http://www.oracle.com/technetwork/java/javase/archive-139210.html">Java JDK</a>:<br/>
-Java 7: for Lollipop through Marshmallow<br/>
-Java 6: for Gingerbread through KitKat<br/>
-Java 5: for Cupcake through Froyo</p>
-
<h3 id="installing-required-packages-ubuntu-1404">Installing required packages (Ubuntu 14.04)</h3>
<p>You will need a 64-bit version of Ubuntu. Ubuntu 14.04 is recommended.</p>
<pre><code>$ sudo apt-get install git-core gnupg flex bison gperf build-essential \
diff --git a/src/source/requirements.jd b/src/source/requirements.jd
index 20dbb89..3360868 100644
--- a/src/source/requirements.jd
+++ b/src/source/requirements.jd
@@ -101,8 +101,7 @@
href="http://www.oracle.com/technetwork/java/javase/downloads/java-archive-javase8-2177648.html#jdk-8u45-oth-JPR">jdk
8u45 or newer</a></li>
<li>Android 5.x (Lollipop) - Android 6.0 (Marshmallow): Ubuntu - <a
- href="http://www.oracle.com/technetwork/java/javase/archive-139210.html">Java
- JDK 7</a>, Mac OS - <a
+ href="http://openjdk.java.net/install/">OpenJDK 7</a>, Mac OS - <a
href="https://www.oracle.com/technetwork/java/javase/downloads/java-archive-downloads-javase7-521261.html#jdk-7u71-oth-JPR">jdk-7u71-macosx-x64.dmg</a></li>
<li>Android 2.3.x (Gingerbread) - Android 4.4.x (KitKat): Ubuntu - <a
href="http://www.oracle.com/technetwork/java/javase/archive-139210.html">Java JDK 6</a>, Mac OS - <a
