aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTreehugger Robot <treehugger-gerrit@google.com>2018-04-11 22:20:55 +0000
committerGerrit Code Review <noreply-gerritcodereview@google.com>2018-04-11 22:20:55 +0000
commit6930a80a9ae47f2686acbc17fbd5d18c24918066 (patch)
tree8afafd84cf03b8bbf57a9b0608fe29a98e8c0865
parent08f4f1a3b11912f54ae9bf6c7acd904bfe21de3e (diff)
parent804f3183c40817391c886feab3005bf47f08d29e (diff)
downloadsource.android.com-o-mr1-iot-preview-8.tar.gz
Merge "Docs: Changes to source.android.com"android-o-mr1-iot-preview-8android-n-iot-release-lg-thinq-wk7o-mr1-iot-preview-8
Diffstat
-rw-r--r--OWNERS.android3
-rw-r--r--README.txt50
-rw-r--r--en/_index.yaml22
-rw-r--r--en/compatibility/5.1/android-5.1-cdd.html8
-rw-r--r--en/compatibility/_toc-compatibility.yaml8
-rw-r--r--en/compatibility/vts/images/vts_batch_output_xml.pngbin0 -> 10101 bytes
-rw-r--r--en/compatibility/vts/images/vts_batch_terminal_output.pngbin0 -> 7533 bytes
-rw-r--r--en/compatibility/vts/images/vts_device_serials.pngbin0 -> 16887 bytes
-rw-r--r--en/compatibility/vts/images/vts_hostside_agent.pngbin0 -> 12755 bytes
-rw-r--r--en/compatibility/vts/images/vts_hostside_hal.pngbin0 -> 13507 bytes
-rw-r--r--en/compatibility/vts/images/vts_non_batch.pngbin0 -> 13811 bytes
-rw-r--r--en/compatibility/vts/images/vts_shell_driver.pngbin0 -> 30397 bytes
-rw-r--r--en/compatibility/vts/images/vts_target_hidl.pngbin0 -> 14479 bytes
-rw-r--r--en/compatibility/vts/images/vts_template_arch.pngbin0 -> 13697 bytes
-rw-r--r--en/compatibility/vts/images/vts_template_extension.pngbin0 -> 14421 bytes
-rw-r--r--en/compatibility/vts/multi-device-testing.html212
-rw-r--r--en/compatibility/vts/shell-commands.html166
-rw-r--r--en/compatibility/vts/test-templates.html382
-rw-r--r--en/devices/architecture/dto/multiple.html14
-rw-r--r--en/devices/architecture/hidl-cpp/index.html2
-rw-r--r--en/devices/architecture/hidl-java/index.html2
-rw-r--r--en/devices/architecture/hidl/versioning.html48
-rw-r--r--en/devices/tech/config/filesystem.html3
-rw-r--r--en/devices/tech/config/namespaces_libraries.html20
-rw-r--r--en/devices/tech/config/perms-whitelist.html6
-rw-r--r--en/devices/tech/config/uicc.html2
-rw-r--r--en/devices/tech/ota/ab/index.html3
-rw-r--r--en/devices/tech/ota/index.html4
-rw-r--r--en/devices/tech/perf/boot-times.html22
-rw-r--r--en/security/_toc.yaml4
-rw-r--r--en/security/bulletin/2018-02-01.html17
-rw-r--r--en/security/bulletin/2018-04-01.html2700
-rw-r--r--en/security/bulletin/2018.html15
-rw-r--r--en/security/bulletin/index.html15
-rw-r--r--en/security/bulletin/pixel/2018-02-01.html17
-rw-r--r--en/security/bulletin/pixel/2018-03-01.html9
-rw-r--r--en/security/bulletin/pixel/2018-04-01.html1037
-rw-r--r--en/security/bulletin/pixel/2018.html15
-rw-r--r--en/security/bulletin/pixel/index.html15
-rw-r--r--en/security/overview/acknowledgements.html143
-rw-r--r--en/security/overview/updates-resources.html2
-rw-r--r--en/setup/_toc.yaml60
-rw-r--r--en/setup/build/building-kernels.html (renamed from en/setup/building-kernels.html)46
-rw-r--r--en/setup/build/building.html (renamed from en/setup/building.html)62
-rw-r--r--en/setup/build/devices.html (renamed from en/setup/devices.html)37
-rw-r--r--en/setup/build/downloading.html (renamed from en/setup/downloading.html)15
-rw-r--r--en/setup/build/initializing.html405
-rw-r--r--en/setup/build/jack.html (renamed from en/setup/jack.html)17
-rw-r--r--en/setup/build/known-issues.html (renamed from en/setup/known-issues.html)0
-rw-r--r--en/setup/build/requirements.html198
-rw-r--r--en/setup/build/running.html (renamed from en/setup/running.html)8
-rw-r--r--en/setup/code-lines.html187
-rw-r--r--en/setup/community.html4
-rw-r--r--en/setup/contribute/code-style.html (renamed from en/setup/code-style.html)44
-rw-r--r--en/setup/contribute/index.html (renamed from en/setup/contributing.html)12
-rw-r--r--en/setup/contribute/life-of-a-bug.html (renamed from en/setup/life-of-a-bug.html)2
-rw-r--r--en/setup/contribute/life-of-a-patch.html (renamed from en/setup/life-of-a-patch.html)0
-rw-r--r--en/setup/contribute/read-bug-reports.html (renamed from en/setup/read-bug-reports.html)0
-rw-r--r--en/setup/contribute/report-bugs.html (renamed from en/setup/report-bugs.html)0
-rw-r--r--en/setup/contribute/submit-patches.html (renamed from en/setup/submit-patches.html)14
-rw-r--r--en/setup/contribute/view-patches.html (renamed from en/setup/view-patches.html)4
-rw-r--r--en/setup/develop/64-bit-builds.html (renamed from en/setup/64-bit-builds.html)0
-rw-r--r--en/setup/develop/index.html (renamed from en/setup/developing.html)17
-rw-r--r--en/setup/develop/new-device.html (renamed from en/setup/add-device.html)0
-rw-r--r--en/setup/develop/repo.html (renamed from en/setup/using-repo.html)0
-rw-r--r--en/setup/initializing.html459
-rw-r--r--en/setup/licenses.html110
-rw-r--r--en/setup/requirements.html180
-rw-r--r--en/setup/roles.html102
-rw-r--r--en/setup/site-updates.html777
-rw-r--r--en/setup/start/brands.html (renamed from en/setup/brands.html)14
-rw-r--r--en/setup/start/build-numbers.html (renamed from en/setup/build-numbers.html)166
-rw-r--r--en/setup/start/codelines.html168
-rw-r--r--en/setup/start/faqs.html (renamed from en/setup/faqs.html)208
-rw-r--r--en/setup/start/licenses.html126
-rw-r--r--en/setup/start/roles.html122
-rw-r--r--en/setup/start/site-updates.html803
-rw-r--r--ja/security/bulletin/2015-09-01.html2
-rw-r--r--ja/security/bulletin/2016-01-01.html3
-rw-r--r--ja/security/bulletin/2016-02-01.html2
-rw-r--r--ja/security/bulletin/2016-06-01.html4
-rw-r--r--ja/security/bulletin/2016-07-01.html28
-rw-r--r--ja/security/bulletin/2016-08-01.html24
-rw-r--r--ja/security/bulletin/2016-10-01.html2
-rw-r--r--ja/security/bulletin/2017-01-01.html32
-rw-r--r--ja/security/bulletin/2017-03-01.html8
-rw-r--r--ja/security/bulletin/2017-05-01.html4
-rw-r--r--ja/security/bulletin/2017-11-01.html15
-rw-r--r--ja/security/bulletin/2018-01-01.html295
-rw-r--r--ja/security/bulletin/pixel/2017-10-01.html4
-rw-r--r--ja/security/bulletin/pixel/2018-03-01.html653
-rw-r--r--ja/security/bulletin/pixel/2018.html40
-rw-r--r--ko/security/bulletin/2015-08-01.html62
-rw-r--r--ko/security/bulletin/2015-12-01.html53
-rw-r--r--ko/security/bulletin/2016-06-01.html20
-rw-r--r--ko/security/bulletin/2016-07-01.html62
-rw-r--r--ko/security/bulletin/2016-08-01.html165
-rw-r--r--ko/security/bulletin/2016-10-01.html149
-rw-r--r--ko/security/bulletin/2016.html48
-rw-r--r--ko/security/bulletin/2017-01-01.html93
-rw-r--r--ko/security/bulletin/2017-03-01.html149
-rw-r--r--ko/security/bulletin/2017-05-01.html43
-rw-r--r--ko/security/bulletin/2017-11-01.html15
-rw-r--r--ko/security/bulletin/2018-01-01.html343
-rw-r--r--ko/security/bulletin/pixel/2017-10-01.html19
-rw-r--r--ko/security/bulletin/pixel/2018-03-01.html694
-rw-r--r--ko/security/bulletin/pixel/2018.html40
-rw-r--r--ru/security/bulletin/2015-12-01.html40
-rw-r--r--ru/security/bulletin/2016-07-01.html41
-rw-r--r--ru/security/bulletin/2016-08-01.html116
-rw-r--r--ru/security/bulletin/2016-10-01.html135
-rw-r--r--ru/security/bulletin/2017-01-01.html5
-rw-r--r--ru/security/bulletin/2017-03-01.html8
-rw-r--r--ru/security/bulletin/2017-05-01.html21
-rw-r--r--ru/security/bulletin/2017-11-01.html8
-rw-r--r--ru/security/bulletin/2018-01-01.html272
-rw-r--r--ru/security/bulletin/pixel/2017-10-01.html4
-rw-r--r--ru/security/bulletin/pixel/2018-03-01.html651
-rw-r--r--ru/security/bulletin/pixel/2018.html40
-rw-r--r--zh-cn/_book.yaml92
-rw-r--r--zh-cn/_index.yaml12
-rw-r--r--zh-cn/compatibility/cts/audio-framework.html5
-rw-r--r--zh-cn/compatibility/cts/setup.html4
-rw-r--r--zh-cn/compatibility/vts/database.html118
-rw-r--r--zh-cn/compatibility/vts/index.html37
-rw-r--r--zh-cn/compatibility/vts/performance.html363
-rw-r--r--zh-cn/compatibility/vts/setup.html126
-rw-r--r--zh-cn/compatibility/vts/systems.html96
-rw-r--r--zh-cn/compatibility/vts/ui.html113
-rw-r--r--zh-cn/devices/architecture/dto/multiple.html9
-rw-r--r--zh-cn/devices/architecture/hidl-cpp/functions.html2
-rw-r--r--zh-cn/devices/architecture/hidl-java/index.html4
-rw-r--r--zh-cn/devices/architecture/hidl/hashing.html2
-rw-r--r--zh-cn/devices/architecture/hidl/services.html2
-rw-r--r--zh-cn/devices/architecture/hidl/versioning.html10
-rw-r--r--zh-cn/devices/architecture/kernel/modular-kernels.html6
-rw-r--r--zh-cn/devices/audio/latency_measurements.html8
-rw-r--r--zh-cn/devices/audio/terminology.html2
-rw-r--r--zh-cn/devices/camera/index.html3
-rw-r--r--zh-cn/devices/camera/versioning.html4
-rw-r--r--zh-cn/devices/media/oem.html3
-rw-r--r--zh-cn/devices/sensors/batching.html2
-rw-r--r--zh-cn/devices/sensors/hal-interface.html6
-rw-r--r--zh-cn/devices/sensors/index.html4
-rw-r--r--zh-cn/devices/sensors/sensor-types.html14
-rw-r--r--zh-cn/devices/tech/admin/multiuser-apps.html2
-rw-r--r--zh-cn/devices/tech/admin/testing-provision.html4
-rw-r--r--zh-cn/devices/tech/config/filesystem.html6
-rw-r--r--zh-cn/devices/tech/dalvik/improvements.html2
-rw-r--r--zh-cn/devices/tech/datausage/tags-explained.html2
-rw-r--r--zh-cn/devices/tech/debug/ftrace.html6
-rw-r--r--zh-cn/devices/tech/debug/gdb.html2
-rw-r--r--zh-cn/devices/tech/ota/ab/index.html10
-rw-r--r--zh-cn/devices/tech/ota/index.html10
-rw-r--r--zh-cn/devices/tech/ota/reduce_size.html2
-rw-r--r--zh-cn/devices/tech/perf/boot-times.html18
-rw-r--r--zh-cn/legal.html4
-rw-r--r--zh-cn/license.html7
-rw-r--r--zh-cn/security/advisory/index.html7
-rw-r--r--zh-cn/security/apksigning/v2.html2
-rw-r--r--zh-cn/security/bulletin/2016-07-01.html143
-rw-r--r--zh-cn/security/bulletin/2016-12-01.html215
-rw-r--r--zh-cn/security/encryption/file-based.html11
-rw-r--r--zh-cn/security/overview/acknowledgements.html96
-rw-r--r--zh-cn/security/overview/updates-resources.html1
-rw-r--r--zh-tw/security/bulletin/2015-08-01.html66
-rw-r--r--zh-tw/security/bulletin/2015-12-01.html33
-rw-r--r--zh-tw/security/bulletin/2016-06-01.html20
-rw-r--r--zh-tw/security/bulletin/2016-07-01.html72
-rw-r--r--zh-tw/security/bulletin/2016-08-01.html24
-rw-r--r--zh-tw/security/bulletin/2016-10-01.html160
-rw-r--r--zh-tw/security/bulletin/2017-01-01.html52
-rw-r--r--zh-tw/security/bulletin/2017-03-01.html70
-rw-r--r--zh-tw/security/bulletin/2017-05-01.html14
-rw-r--r--zh-tw/security/bulletin/2017-11-01.html17
-rw-r--r--zh-tw/security/bulletin/2018-01-01.html295
-rw-r--r--zh-tw/security/bulletin/pixel/2017-10-01.html21
-rw-r--r--zh-tw/security/bulletin/pixel/2018-03-01.html651
-rw-r--r--zh-tw/security/bulletin/pixel/2018.html40
179 files changed, 12831 insertions, 4046 deletions
diff --git a/OWNERS.android b/OWNERS.android
index 0b6d9eff..b5392488 100644
--- a/OWNERS.android
+++ b/OWNERS.android
@@ -1,8 +1,9 @@
# Used by the Gerrit find-owners plugin to find reviewers
-blamb@google.com
claym@google.com
cqn@google.com
daroberts@google.com
gdimino@google.com
hvm@google.com
+kennethlau@google.com
mheco@google.com
+stayres@google.com
diff --git a/README.txt b/README.txt
index 31d1226b..aaa8a2a4 100644
--- a/README.txt
+++ b/README.txt
@@ -2,7 +2,51 @@
Googlers, please see: go/sac-guide
-External users, the source.android.com site contains tutorials, references, and
-other information related to the Android Open Source Project (AOSP). To report
-an issue with the documentation on source.android.com, please file a bug at:
+The source.android.com site contains tutorials, references, and other
+information related to the Android Open Source Project (AOSP). To report an
+issue with the documentation on source.android.com, please file a bug at:
https://issuetracker.google.com/issues/new?component=191476
+
+To make updates to the source files themselves, follow the instructions below.
+
+### File Location ###
+
+The source.android.com source files are stored in the platform/docs/source.android.com/
+Android project:
+https://android.googlesource.com/platform/docs/source.android.com/
+
+The files to be edited are located in: <projroot>/docs/source.android.com/<language-code>/
+
+Subdirectories exist for the tabs of source.android.com with their structure
+roughly (but not identically) mirroring navigation of the site. For exceptions,
+the contents of the Porting tab can be found in the devices/ subdirectory,
+while the contents of the Tuning tab reside in the devices/tech subdirectory.
+(This is temporary while navigational changes are underway.)
+
+## Edit Instructions ##
+
+1. Initialize and sync the repository and download the Android source per:
+https://source.android.com/source/downloading.html
+
+2. Navigate to the docs/source.android.com project.
+
+3. Start a temporary branch for your changes with a command resembling:
+$ repo start <topic-branch-name> .
+
+See the Repo command reference for more details:
+http://source.android.com/source/using-repo.html#start
+
+4. Add or edit the file(s) and save your changes:
+$ git add <file>
+$ git commit
+$ repo upload .
+
+5. Iteratively improve the change and amend the commit:
+$ git commit -a --amend
+$ repo upload .
+
+6. Once satisfied, include the changelist in a bug filed at:
+https://issuetracker.google.com/issues/new?component=191476
+
+Your change will be routed to the source.android.com team for evaluation and
+inclusion.
diff --git a/en/_index.yaml b/en/_index.yaml
index db5f4429..796a08ac 100644
--- a/en/_index.yaml
+++ b/en/_index.yaml
@@ -59,12 +59,8 @@ landing_page:
porting. And now this site is available in China at <a
href="https://source.android.google.cn/">source.android.google.cn</a>.<br><br>
- As the AOSP documentation site, we seek your contributions. With an
- ever-changing ecosystem, we need your help to stay fresh. You may make
- your own fixes directly to the source files by following the
- instructions in our <a
- href="https://android.googlesource.com/platform/docs/source.android.com/+/master/README.txt">README</a>.
- You may also use the <a
+ As the AOSP documentation site, we seek your input. With an
+ ever-changing ecosystem, we need your help to stay fresh. Please use the <a
href="https://issuetracker.google.com/issues/new?component=191476">Site
Feedback</a> link at the bottom of any page to report bugs and offer
suggestions for enhancement. See the site’s <a
@@ -73,6 +69,13 @@ landing_page:
image_path: /images/android_stack.png
- heading: News
items:
+ - heading: April Security Bulletins
+ description: >
+ The April 2018 Android and Pixel/Nexus Security Bulletins have been
+ published to support the April security release.
+ buttons:
+ - label: April 4th, 2018
+ path: /security/bulletin/2018-04-01
- heading: Android 2017 Year in Review
description: >
The Android Security 2017 Year in Review covers everything that happened
@@ -80,13 +83,6 @@ landing_page:
buttons:
- label: March 15th, 2018
path: /security/overview/reports
- - heading: March Security Bulletins
- description: >
- The March 2018 Android and Pixel/Nexus Security Bulletins have been
- published to support the March security release.
- buttons:
- - label: March 7th, 2018
- path: /security/bulletin/2018-03-01
- heading: ART DEX bytecode improvements
description: >
Android runtime (ART) now includes bytecode documentation for
diff --git a/en/compatibility/5.1/android-5.1-cdd.html b/en/compatibility/5.1/android-5.1-cdd.html
index 377d9f9d..d579ead3 100644
--- a/en/compatibility/5.1/android-5.1-cdd.html
+++ b/en/compatibility/5.1/android-5.1-cdd.html
@@ -4508,6 +4508,14 @@ Definition in this release. </p>
<td>7.6.2. Application Shared Storage</td>
<td>Apps can use ACTION_OPEN_DOCUMENT_TREE to write to secondary ext. storage</td>
</tr>
+ <tr>
+ <td>7.6.2. Application Shared Storage</td>
+ <td>Clarify that /sdcard can share storage with /data</td>
+ </tr>
+ <tr>
+ <td>7.7 USB</td>
+ <td>Remove redundant requirement on UMS/MTP from 7.7</td>
+ </tr>
<tr>
<td>7.8.1. Microphone</td>
<td>Added Android Automotive requirements.</td>
diff --git a/en/compatibility/_toc-compatibility.yaml b/en/compatibility/_toc-compatibility.yaml
index e10be874..d45a8653 100644
--- a/en/compatibility/_toc-compatibility.yaml
+++ b/en/compatibility/_toc-compatibility.yaml
@@ -53,6 +53,14 @@ toc:
path: /compatibility/vts/
- title: Systems Testing with VTS
path: /compatibility/vts/systems
+ - title: Test Framework
+ section:
+ - title: Device Shell Commands
+ path: /compatibility/vts/shell-commands
+ - title: Test Templates
+ path: /compatibility/vts/test-templates
+ - title: Multi-Device Testing
+ path: /compatibility/vts/multi-device-testing
- title: VTS Dashboard Setup
path: /compatibility/vts/setup
- title: VTS Dashboard Database
diff --git a/en/compatibility/vts/images/vts_batch_output_xml.png b/en/compatibility/vts/images/vts_batch_output_xml.png
new file mode 100644
index 00000000..de95eb1d
--- /dev/null
+++ b/en/compatibility/vts/images/vts_batch_output_xml.png
Binary files differ
diff --git a/en/compatibility/vts/images/vts_batch_terminal_output.png b/en/compatibility/vts/images/vts_batch_terminal_output.png
new file mode 100644
index 00000000..58a81da7
--- /dev/null
+++ b/en/compatibility/vts/images/vts_batch_terminal_output.png
Binary files differ
diff --git a/en/compatibility/vts/images/vts_device_serials.png b/en/compatibility/vts/images/vts_device_serials.png
new file mode 100644
index 00000000..22ae9525
--- /dev/null
+++ b/en/compatibility/vts/images/vts_device_serials.png
Binary files differ
diff --git a/en/compatibility/vts/images/vts_hostside_agent.png b/en/compatibility/vts/images/vts_hostside_agent.png
new file mode 100644
index 00000000..09761066
--- /dev/null
+++ b/en/compatibility/vts/images/vts_hostside_agent.png
Binary files differ
diff --git a/en/compatibility/vts/images/vts_hostside_hal.png b/en/compatibility/vts/images/vts_hostside_hal.png
new file mode 100644
index 00000000..829df99b
--- /dev/null
+++ b/en/compatibility/vts/images/vts_hostside_hal.png
Binary files differ
diff --git a/en/compatibility/vts/images/vts_non_batch.png b/en/compatibility/vts/images/vts_non_batch.png
new file mode 100644
index 00000000..86df0981
--- /dev/null
+++ b/en/compatibility/vts/images/vts_non_batch.png
Binary files differ
diff --git a/en/compatibility/vts/images/vts_shell_driver.png b/en/compatibility/vts/images/vts_shell_driver.png
new file mode 100644
index 00000000..f7538db7
--- /dev/null
+++ b/en/compatibility/vts/images/vts_shell_driver.png
Binary files differ
diff --git a/en/compatibility/vts/images/vts_target_hidl.png b/en/compatibility/vts/images/vts_target_hidl.png
new file mode 100644
index 00000000..79684098
--- /dev/null
+++ b/en/compatibility/vts/images/vts_target_hidl.png
Binary files differ
diff --git a/en/compatibility/vts/images/vts_template_arch.png b/en/compatibility/vts/images/vts_template_arch.png
new file mode 100644
index 00000000..d7a19636
--- /dev/null
+++ b/en/compatibility/vts/images/vts_template_arch.png
Binary files differ
diff --git a/en/compatibility/vts/images/vts_template_extension.png b/en/compatibility/vts/images/vts_template_extension.png
new file mode 100644
index 00000000..1a36b723
--- /dev/null
+++ b/en/compatibility/vts/images/vts_template_extension.png
Binary files differ
diff --git a/en/compatibility/vts/multi-device-testing.html b/en/compatibility/vts/multi-device-testing.html
new file mode 100644
index 00000000..039baf77
--- /dev/null
+++ b/en/compatibility/vts/multi-device-testing.html
@@ -0,0 +1,212 @@
+<html devsite>
+ <head>
+ <title>Multi-Device Testing</title>
+ <meta name="project_path" value="/_project.yaml" />
+ <meta name="book_path" value="/_book.yaml" />
+ </head>
+ <body>
+ <!--
+ Copyright 2018 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+
+<p>VTS supports tests that require interaction between multiple Android
+devices.</p>
+
+<h2 id="architecture">Architecture</h2>
+<p>VTS uses the TradeFed framework to get and pass device serials to test
+modules.</p>
+
+<p><img src="images/vts_device_serials.png"></p>
+<figcaption><strong>Figure 1.</strong> VTS passing device serials.</figcaption>
+
+<p>Device requirements, such as number of devices and device types, are
+specified in test plan configuration. For example, you can specify a test plan
+that requires two Android devices with Sailfish build targets.</p>
+
+<h3 id="device-allocation">Device allocation</h3>
+<p>The test infrastructure (usually the test scheduler) allocates available
+devices that satisfy the requirements specified in test plan configuration to
+the VTS framework. Allocated devices are reserved for the test plan even if the
+test module is not using them. VTS agent binaries are then pushed to and run on
+all allocated devices (unless specifically instructed not to run). This ensures
+that TCP connections for shell commands and HAL RPCs are available for all
+devices in a test script.</p>
+
+<h3 id="test-preparers">Test preparers</h3>
+<p>The framework runs test preparers for all devices for which it received
+serial numbers. Target preparers can be single or multi-device:</p>
+<ul>
+<li>Single-device target preparers (example at
+<a href="https://android.googlesource.com/platform/test/vts/+/master/harnesses/tradefed/src/com/android/tradefed/targetprep/VtsDeviceInfoCollector.java" class="external">VtsDeviceInfoCollector</a>):
+<ul>
+<li>Can be specified only in test plan configuration with the required
+device list (future versions will allow module level configuration).</li>
+<li>Receive only one device serial.</li>
+<li>Run preparing and cleanup tasks against a specific device.</li>
+</ul>
+</li>
+<li>Multi-device target preparers (example at
+<a href="https://android.googlesource.com/platform/test/vts/+/master/harnesses/tradefed/src/com/android/tradefed/targetprep/VtsPythonVirtualenvPreparer.java" class="external">VtsPythonVirtualenvPreparer</a>):
+<ul>
+<li>Can be specified in test plan configuration or test module
+configuration</li>
+<li>Receive all device serials</li>
+<li>Run preparing and cleanup tasks for each device or all devices.</li>
+</ul>
+</li>
+</ul>
+
+<h3 id="test-modules">Test modules</h3>
+<p>Test modules get a list of devices after the test preparers finish setting up
+the host/devices. One host-side Python test module runs for each multi-device
+test module. Allocated Android devices are accessible from Python test modules
+as a list of
+<a href="https://android.googlesource.com/platform/test/vts/+/master/utils/python/controllers/android_device.py#322" class="external">AndroidDevice</a>
+objects:</p>
+<pre class="devsite-click-to-copy">
+devices = self.android_devices
+device1 = devices[0]
+device1_serial = device1.serial
+</pre>
+
+<p>All allocated devices are reserved for the test plan, even though a test
+module in the plan is only using one device.</p>
+
+<h2 id="device-communication">Device communication during testing</h1>
+<p>Effective multi-Android tests involve communication between allocated
+devices. When developing such tests, you must determine how to establish
+communication between the allocated devices. The following sections provide
+three communication examples (however, test developers are free to design other
+models).</p>
+
+<h3 id="type1">Type 1: Host-side HAL tests</h3>
+<p>Host-side HAL tests can use VTS HAL drivers that are pushed to devices by
+default:</p>
+
+<p><img src="images/vts_hostside_hal.png"></p>
+<figcaption><strong>Figure 2.</strong> Host-side HAL test.</figcaption>
+
+<p>In this scenario:</p>
+<ul>
+<li>Test logic executes on the host.</li>
+<li>Host-side test script issues RPC calls to the drivers on each device.</li>
+<li>Host side coordinates device interactions.</li>
+</ul>
+
+<h3 id="type2">Type 2: Host-side agent-based tests</h3>
+<p>Instead of using VTS agents on device, a host-side test can also push its own
+agent (app or binary) to each device:</p>
+
+<p><img src="images/vts_hostside_agent.png"></p>
+<figcaption><strong>Figure 3.</strong> Host-side, agent-based test.</figcaption>
+
+<p>In this scenario:</p>
+<ul>
+<li>Test logic executes on the host.</li>
+<li>Agent app (or binary) installs on each device.</li>
+<li>Host-side test script issues commands to apps on each device.</li>
+<li>Host side coordinates device interactions.</li>
+</ul>
+
+<p>For example, the
+<a href="https://android.googlesource.com/platform/test/vts-testcase/nbu/+/master" class="external">Next
+Billion User tests</a> in current VTS repo are host-side, app-based,
+multi-device tests.</p>
+
+<h3 id="type3">Type 3: Target-side HIDL tests</h2>
+<p>Target-side, multi-device HIDL tests put all test logic on device-side test
+binaries, which requires the tests to synchronize devices during test
+execution:</p>
+
+<p><img src="images/vts_target_hidl.png"></p>
+<figcaption><strong>Figure 4. </strong>Target-based HIDL test.</figcaption>
+
+<p>In this scenario:</p>
+<ul>
+<li>Test logic executes on devices.</li>
+<li>Host-side framework provides initial device identification.</li>
+<li>Target-side test binary requires synchronization:<ul>
+<li>Same test binary for all devices.</li>
+<li>Different test binaries for each role.</li>
+</ul>
+</li>
+</ul>
+
+<h2 id="example-multi-device">Example: Multi-device test plan</h2>
+<p>This example specifies the config for two devices:</p>
+<ul>
+<li>Device 1 includes a build provider and
+<code>VtsDeviceInfoCollector</code> target preparer.</li>
+<li>Device 2 includes an additional <code>FilePusher</code> preparer that pushes
+a group of host-driven related files to the device.</li>
+</ul>
+
+<pre class="devsite-click-to-copy">
+&lt;configuration description="VTS Codelab Plan"&gt;
+ ...
+&lt;device name="device1"&gt;
+&lt;build_provider class="com.android.compatibility.common.tradefed.build.CompatibilityBuildProvider" /&gt;
+&lt;target_preparer class="com.android.tradefed.targetprep.VtsDeviceInfoCollector" /&gt;
+&lt;/device&gt;
+&lt;device name="device2" &gt;
+&lt;build_provider class="com.android.compatibility.common.tradefed.build.CompatibilityBuildProvider" /&gt;
+&lt;target_preparer class="com.android.tradefed.targetprep.VtsDeviceInfoCollector" /&gt;
+&lt;target_preparer class="com.android.compatibility.common.tradefed.targetprep.VtsFilePusher"&gt;
+&lt;option name="push-group" value="HostDrivenTest.push" /&gt;
+&lt;/target_preparer&gt;
+&lt;/device&gt;
+&lt;option name="compatibility:include-filter" value="VtsCodelabHelloWorldMultiDeviceTest" /&gt;
+&lt;/configuration&gt;
+</pre>
+
+<h2 id="example-hostside">Example: Host-side Python test script</h2>
+<p>For details and examples on test preparers, see
+<a href="#Test-preparers">Test Preparers</a>. For a complete host-side
+multi-device example, refer to the
+<a href="https://android.googlesource.com/platform/test/vts/+/master/testcases/codelab/hello_world_multi" class="external">hello_world_multi
+codelab</a>.
+</p>
+
+<pre class="devsite-click-to-copy">
+def setUpClass(self):
+logging.info('number of device: %s', self.android_devices)
+asserts.assertEqual(len(self.android_devices), 2, 'number of device is wrong.')
+self.dut1 = self.android_devices[0]
+self.dut2 = self.android_devices[1]
+self.shell1 = self.dut1.shell
+self.shell2 = self.dut2.shell
+
+def testSerialNotEqual(self):
+'''Checks serial number from two device not being equal.'''
+command = 'getprop | grep ro.serial'
+res1 = self.shell1.Execute(command)
+res2 = self.shell2.Execute(command)
+
+def getSerialFromShellOutput(output):
+'''Get serial from getprop query'''
+return output[const.STDOUT][0].strip().split(' ')[-1][1:-1]
+serial1 = getSerialFromShellOutput(res1)
+serial2 = getSerialFromShellOutput(res2)
+
+logging.info('Serial number of device 1 shell output: %s', serial1)
+logging.info('Serial number of device 2 shell output: %s', serial2)
+asserts.assertNotEqual(serial1, serial2, 'serials from two devices should not be the same')
+asserts.assertEqual(serial1, self.dut1.serial, 'serial got from device system property is different from allocated serial')
+asserts.assertEqual(serial2, self.dut2.serial, 'serial got from device system property is different from allocated serial')
+</pre>
+
+</body>
+</html> \ No newline at end of file
diff --git a/en/compatibility/vts/shell-commands.html b/en/compatibility/vts/shell-commands.html
new file mode 100644
index 00000000..149226d2
--- /dev/null
+++ b/en/compatibility/vts/shell-commands.html
@@ -0,0 +1,166 @@
+<html devsite>
+ <head>
+ <title>Device Shell Commands</title>
+ <meta name="project_path" value="/_project.yaml" />
+ <meta name="book_path" value="/_book.yaml" />
+ </head>
+ <body>
+ <!--
+ Copyright 2018 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+
+<p>During VTS testing, shell commands are used to execute a target-side test
+binary, to get/set properties, environment variables, and system information,
+and to start/stop the Android framework. You can execute VTS device shell
+commands using the <code>adb shell</code> command or the VTS shell driver
+running on the device (recommended).</p>
+
+<h2 id="adb-shell">Using ADB shell</h2>
+<p>Tests that require shutting down the USB port or rebooting the device during
+testing must use ADB shell as the VTS shell driver is unavailable without a
+persistent USB connection. You can invoke ADB shell from the
+<code>AndroidDevice</code> object in the Python test script. Examples:</p>
+<ul>
+<li>Get an Android device object:
+<pre class="devsite-click-to-copy">
+self.device = self.android_devices[0]
+</pre>
+</li>
+<li>Issue a single shell command:
+<pre class="devsite-click-to-copy">
+result = self.device.adb.shell(‘ls')
+</pre>
+</li>
+</ul>
+
+<h2 id="vts-shell-driver">Using the VTS shell driver</h2>
+<p>The VTS shell driver is an agent binary that runs on the device and executes
+shell commands. By default, VTS uses the shell driver if the driver is running
+on device because this method has less latency than using the <code>adb
+shell</code> command.</p>
+
+<p><img src="images/vts_shell_driver.png"></p>
+<figcaption><strong>Figure 1.</strong> VTS shell driver.</figcaption>
+
+<p>The VTS framework supports multi-device testing where each Android device
+is represented as an AndroidDevice object in base runner. By default, VTS
+framework pushes VTS agent and VTS shell driver binaries to each Android device
+and establishes TCP connections to the VTS agents on those devices.</p>
+
+<p>To execute a shell command, the host-side Python script makes a function
+call to the ShellMirror object inside AndroidDevice object. The ShellMirror
+object packs the shell command texts into a
+<a href="https://developers.google.com/protocol-buffers/" class="external">protobuf</a>
+message and sends it (via the TCP channel) to the VTS agent on the Android
+device. The agent running on device then forwards the shell command to VTS shell
+driver via the Unix socket.</p>
+
+<p>When the VTS shell driver receives a shell command, it executes the command
+via <a href="https://en.wikipedia.org/wiki/Nohup" class="external">nohup</a> on
+the device shell to prevent hanging. Stdout, stderr, and return code are then
+retrieved from <code>nohup</code> and sent back to VTS agent. Finally, the agent
+replies to the host by wrapping the command result(s) into a
+<code>protobuf</code> message.</p>
+
+<h3 id="advantages">Advantages</h3>
+<p>The advantages of using the VTS shell driver instead of <code>adb
+shell</code> include:</p>
+<ul>
+<li><strong>Reliability.</strong> The VTS shell driver uses
+<code>nohup</code> to execute commands on default setting. As VTS tests are
+mostly lower level HAL and kernel tests, <code>nohup</code> ensures shell
+commands do not hang during execution.</li>
+<li><strong>Performance</strong>. While the <code>adb shell</code> command
+caches some results (such as listing files in a directory) it has a connection
+overhead when performing tasks such as executing a test binary. VTS shell driver
+maintains an active connection throughout the test so the only overhead is USB
+communication. In our testing, using VTS shell driver to execute a command with
+100 calls to an empty gtest binary is about 20 percent faster than using
+<code>adb shell</code>; the actual difference is larger since VTS shell
+communication has extensive logging.</li>
+<li><strong>State-keeping</strong>. The VTS shell driver maintains a terminal
+session for each terminal name (default terminal name is
+<em>default</em>). Environment variables set in one terminal session are
+available only to subsequent commands in the same session.</li>
+<li><strong>Extendable</strong>. Shell command communications between VTS
+framework and device driver are wrapped in protobuf to enable potential
+compression, remoting, encryption, etc. in the future. Other possibilities for
+improving performance are also available, including device-side result parsing
+when the communication overhead becomes larger than result string parsing.</li>
+</ul>
+
+<h3 id="disadvantages">Disadvantages</h3>
+<p>The disadvantages of using the VTS shell driver instead of <code>adb
+shell</code> include:</p>
+<ul>
+<li><strong>Additional binaries</strong>. VTS agent files must be pushed to
+device and cleaned up after test execution.</li>
+<li><strong>Requires active connection</strong>. If the TCP connection between
+host and agent is lost during testing (due to USB disconnection, port shutdown,
+device crash, etc.) either intentionally or unintentionally, a shell command
+cannot be transmitted to the VTS agent. Even with automatic switching to
+<code>adb shell</code>, the result and state of the command before disconnection
+would be unknown.</li>
+</ul>
+
+<h3 id="examples">Examples</h3>
+<p>Examples of using shell commands in a VTS host-side Python test script:</p>
+<ul>
+<li>Get an Android device object:
+<pre class="devsite-click-to-copy">
+self.device = self.android_devices[0]
+</pre>
+</li>
+<li>Get an shell object for the selected device:
+<pre class="devsite-click-to-copy">
+self.shell = self.device.shell
+</pre>
+</li>
+<li>Issue a single shell command:
+<pre class="devsite-click-to-copy">
+results = self.shell.Execute(‘ls')
+</pre>
+</li>
+<li>Issue a list of shell commands:
+<pre class="devsite-click-to-copy">
+results = self.shell.Execute([‘cd /data/local/tmp', ‘ls'])
+</pre>
+</li>
+</ul>
+
+<h3 id="command-result-object">Command result object</h3>
+<p>The return object from shell command execution is a dictionary containing the
+keys <code>stdouts</code>, <code>stderrs</code>, and <code>return_codes</code>.
+Regardless of whether the shell command is provided as a single string or a list
+of command strings, each value of the result dictionary is always a list.</p>
+
+<p>To verify the return code of a list of commands, the test script must check
+the indices. Example:</p>
+
+<pre class="devsite-click-to-copy">
+asserts.assertFalse(any(results[‘return_codes']), ‘some command failed.')
+</pre>
+
+<p>Alternatively, the script can check each command index individually.
+Example:</p>
+
+<pre class="devsite-click-to-copy">
+asserts.assertEqual(results[‘return_codes'][0], 0, ‘first command failed')<br>
+asserts.assertEqual(results[‘return_codes'][1], 0, ‘second command failed')
+</pre>
+
+</body>
+</html> \ No newline at end of file
diff --git a/en/compatibility/vts/test-templates.html b/en/compatibility/vts/test-templates.html
new file mode 100644
index 00000000..27246906
--- /dev/null
+++ b/en/compatibility/vts/test-templates.html
@@ -0,0 +1,382 @@
+<html devsite>
+ <head>
+ <title>Test Templates</title>
+ <meta name="project_path" value="/_project.yaml" />
+ <meta name="book_path" value="/_book.yaml" />
+ </head>
+ <body>
+ <!--
+ Copyright 2018 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<p>AOSP includes test templates for test modules that are not host-side Python
+subclass of VTS runner's BaseTest. </p>
+
+<p><img src="images/vts_template_arch.png"></p>
+<figcaption><strong>Figure 1.</strong> Test template architecture.</figcaption>
+
+<p>Developers can use these templates to minimize the effort involved in
+integrating such tests. This section covers configuring and using the test
+templates (located in the VTS
+<a href="https://android.googlesource.com/platform/test/vts/+/master/testcases/template/">testcases/template</a>
+directory) and provides examples for commonly used templates.</p>
+
+<h2 id="binarytest">BinaryTest template</h2>
+<p>Use the
+<a href="https://android.googlesource.com/platform/test/vts/+/sdk-release/testcases/template/binary_test/binary_test.py" class="external">BinaryTest
+template</a> to integrate tests that execute on target device in VTS.
+Target-side tests include:</p>
+
+<ul>
+<li><strong>C++</strong> based tests compiled and pushed to device</li>
+<li>Target-side <strong>Python</strong> tests compiled as binaries</li>
+<li><strong>Shell scripts</strong> executable on devices</li>
+</ul>
+
+<p>These tests can be integrated into VTS with or without the BinaryTest
+template.</p>
+
+<h3 id="target-side">Integrating target-side tests with
+BinaryTest template</h3>
+<p>The BinaryTest template is designed to help developers easily integrate
+target-side tests. In most cases, you can add a few simple lines of
+configuration in <code>AndroidTest.xml</code>. Example configuration from
+<a href="https://android.googlesource.com/platform/test/vts-testcase/kernel/+/master/api/early_mount/AndroidTest.xml" class="external">VtsDeviceTreeEarlyMountTest</a>:
+</p>
+
+<pre class="devsite-click-to-copy">
+&lt;configuration description="Config for VTS VtsDeviceTreeEarlyMountTest."&gt;
+ ...
+&lt;test class="com.android.tradefed.testtype.VtsMultiDeviceTest"&gt;
+&lt;option name="test-module-name" value="VtsDeviceTreeEarlyMountTest"/&gt;
+&lt;option name="binary-test-source" value="_32bit::DATA/nativetest/dt_early_mount_test/dt_early_mount_test" /&gt;
+&lt;option name="binary-test-source" value="_64bit::DATA/nativetest64/dt_early_mount_test/dt_early_mount_test" /&gt;
+&lt;option name="test-timeout" value="5m"/&gt;
+&lt;/test&gt;
+&lt;/configuration&gt;
+</pre>
+
+<p>In this configuration:</p>
+<ul>
+<li><code>binary-test-source</code> and <code>binary-test-type</code> are
+template-specific.</li>
+<li>Specifying the test binary source's relative host path enables the template
+to handle preparation, file pushing, test execution, result parsing, and
+cleanup.</li>
+<li>The template contains test case creation-related methods for subclasses to
+override.</li>
+<li>The template assumes one test case per test binary module, and the binary
+source file name is used as test case name by default.</li>
+</ul>
+
+<h4>Configuration options</h4>
+<p>The BinaryTest template supports the following configuration options:</p>
+
+<table>
+<thead>
+<tr>
+<th width="25%">Option name</th>
+<th width="12%">Value type</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>binary-test-source</td>
+<td>strings</td>
+<td>Binary test source paths relative to vts test-case directory on
+host.<br>
+Example: <code>DATA/nativetest/test</code></td>
+</tr>
+<tr>
+<td>binary-test-working-directory</td>
+<td>strings</td>
+<td>Working directories (device-side path).<br>
+Example: <code>/data/local/tmp/testing/</code></td>
+</tr>
+<tr>
+<td>binary-test-envp</td>
+<td>strings</td>
+<td>Environment variables for binary.<br>
+Example: <code>PATH=/new:$PATH</code></td>
+</tr>
+<tr>
+<td>binary-test-args</td>
+<td>strings</td>
+<td>Test arguments or flags.<br>
+Example: <code>--gtest_filter=test1</code></td>
+</tr>
+<tr>
+<td>binary-test-ld-library-path</td>
+<td>strings</td>
+<td><code>LD_LIBRARY_PATH</code> environment variable.<br>
+Example: <code>/data/local/tmp/lib</code></td>
+</tr>
+<tr>
+<td>binary-test-disable-framework</td>
+<td>boolean</td>
+<td>Run <code>adb stop</code> to turn off the Android Framework before test.
+Example: <code>true</code></td>
+</tr>
+<tr>
+<td>binary-test-stop-native-servers</td>
+<td>boolean</td>
+<td>Stop all properly configured native servers during the testing. Example:
+<code>true</code></td>
+</tr>
+<tr>
+<td>binary-test-type</td>
+<td>string</td>
+<td>Template type. Other template types extend from this template, but you
+don't have to specify this option for this template because you already
+specified <code>binary-test-source</code>.</td>
+</tr>
+</tbody>
+</table>
+
+<p>For options with value type <code>strings</code>, you can add multiple values
+by repeating the options in the configuration. For example, set
+<code>binary-test-source</code> twice (as shown in the
+<code>VtsDeviceTreeEarlyMountTest</code> example).</p>
+
+<h4>Test tags</h4>
+<p>You can add test tags by prefixing them to options with <code>strings</code>
+values and using <code>::</code> as the delimiter. Test tags are especially
+useful when including binary sources with the same name but with different
+bitness or parent directories. For example, to avoid file push or result name
+collision for sources with the same name but from different source directories,
+you can specify different tags for these sources.</p>
+
+<p>As shown in the <code>VtsDeviceTreeEarlyMountTest</code> example with the
+two <code>dt_early_mount_test</code> sources, the test tags are the
+<code>_32bit::</code> and <code>_64bit::</code> prefixes on
+<code>binary-test-source</code>. Tags ending with <code>32bit</code> or
+<code>64bit</code> automatically mark the tests as available to one ABI bitness;
+i.e. tests with the tag <code>_32bit</code> are not executed on 64-bit ABI. Not
+specifying a tag is equal to using a tag with an empty string.</p>
+
+<p>Options with the same tags are grouped and isolated from other tags. For
+example, <code>binary-test-args</code> with the <code>_32bit</code> tag is
+applied only to <code>binary-test-source</code> with the same tag and executed
+in <code>binary-test-working-directory</code> with the same tag. The
+<code>binary-test-working-directory</code> option is optional for binary tests,
+allowing you to specify a single working directory for a tag. When the
+<code>binary-test-working-directory</code> option is left unspecified, default
+directories are used for each tag.</p>
+
+<p>The tag name is directly appended to test case name in the result report.
+For example, test case <code>testcase1</code> with tag <code>_32bit</code>
+appears as <code>testcase1_32bit</code> in the result report.</p>
+
+<h3 id="no-target-side">Integrating target-side tests without
+BinaryTest template</h2>
+<p>In VTS, the default test format is host-side Python tests extended from
+BaseTest in VTS runner. To integrate target-side tests, you must first push the
+test files to device, execute the tests using shell commands, then parse the
+results using host-side Python scripts.</p>
+
+<h4>Pushing test binaries</h4>
+<p>We recommend pushing files using <code>VtsFilePusher</code> target preparer.
+Example:</p>
+
+<pre class="devsite-click-to-copy">
+&lt;target_preparer class="com.android.compatibility.common.tradefed.targetprep.VtsFilePusher"&gt;
+ &lt;option name="push" value="DATA/test-&gt;/data/local/tmp/test"/&gt;
+ &lt;/target_preparer&gt;
+</pre>
+
+<p>The <code>VtsFilePusher</code> does the following:</p>
+<ol>
+<li>Checks device connectivity.</li>
+<li>Determines the absolute source file path.</li>
+<li>Pushes the files using <code>adb push</code> command.</li>
+<li>Deletes the files after tests complete.</li>
+</ol>
+<p>Alternatively, you can push files manually using a host-side Python test
+script that follows a similar procedure.</p>
+
+<h4>Running tests</h4>
+<p>After pushing files to the device, run the test using shell commands in a
+host-side Python test script. Example:</p>
+
+<pre class="devsite-click-to-copy">
+device = self.android_devices[0]
+res = device.shell.Execute(["chmod a+x /data/local/tmp/test", "/data/local/tmp/test"])
+asserts.AssertFalse(any(res[return_codes]))
+</pre>
+
+<h2 id="gtestbinarytest">GtestBinaryTest template</h2>
+<p>The
+<a href="https://android.googlesource.com/platform/test/vts/+/sdk-release/testcases/template/gtest_binary_test/gtest_binary_test.py" class="external">GtestBinaryTest
+template</a> hosts GTest test binaries, each of which usually contains
+multiple test cases. This template extends the BinaryTest template by overriding
+setup, test case creation, and result parsing methods, so all BinaryTest
+configurations are inherited.</p>
+
+<p>GtestBinaryTest adds the option <code>gtest-batch-mode</code>:</p>
+
+<table>
+<thead>
+<tr>
+<th>Option name</th>
+<th>Value type</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>binary-test-type</td>
+<td>string</td>
+<td>Template type. Uses the value <code>gtest</code>.</td>
+</tr>
+<tr>
+<td>gtest-batch-mode</td>
+<td>boolean</td>
+<td>Run Gtest binaries in batch mode. Example: <code>true</code></td>
+</tr>
+</tbody>
+</table>
+
+<p>In general, setting <code>gtest-batch-mode</code> to <code>true</code>
+increases performance while decreasing reliability slightly. In VTS compliance
+tests, many modules use batch mode to improve performance. For reliability
+however, if the mode is unspecified it defaults to non-batch. </p>
+
+<h3 id=non-batch-mode>Non-batch mode</h3>
+<p>Non-batch mode makes individual calls to GTest binary for each test case. For
+example, if the GTest binary contains 10 test cases (after filtering by host
+side configuration), the binary is called 10 times on device shell each time
+with a different test filter. For each test case, a unique GTest result output
+XML is generated and parsed by the template.</p>
+
+<p><img src="images/vts_non_batch.png"></p>
+<figcaption><strong>Figure 2.</strong> Non-batch mode.</figcaption>
+
+<p>The advantages of using non-batch mode include:</p>
+<ul>
+<li><strong>Test case isolation</strong>. A crash or hang in one test case
+does not affect other test cases.</li>
+<li><strong>Granularity</strong>. Easier to get per-test-case profiling/coverage
+measurement, systrace, bugreport, logcat, etc. Test results and logs are
+retrieved immediately after each test case finishes.</li>
+</ul>
+
+<p>The disadvantages of using non-batch mode include:</p>
+<ul>
+<li><strong>Redundant loading</strong>. Each time GTest binary is called,
+it loads related libraries and performs initial class setups.</li>
+<li><strong>Communication overhead</strong>. After a test completes, the host
+and target device communicate for result parsing and next commands (future
+optimizations possible).</li>
+</ul>
+
+<h3 id="batch-mode">Batch mode</h3>
+<p>In GTest batch mode, the test binary is called only once with a long test
+filter value containing all test cases filtered by host-side configuration (this
+avoids the redundant loading issue in non-batch mode). You can parse test
+results for GTest using output.xml or using terminal output.</p>
+
+<p>When using output.xml (default):</p>
+
+<p><img src="images/vts_batch_output_xml.png"></p>
+<figcaption><strong>Figure 3.</strong> Batch mode, output.xml.</figcaption>
+
+<p>As in non-batch mode, the test result is parsed through GTest output xml
+file. However, because the output xml is generated after all tests are
+completed, if a test case crashed the binary or device no result xml file is
+generated.
+
+<p>When using terminal output:</p>
+
+<p><img src="images/vts_batch_terminal_output.png"></p>
+<figcaption><strong>Figure 4.</strong> Batch mode, terminal output.</figcaption>
+
+<p>While GTest is running, it prints the test log and progress to the terminal
+in a format that can be parsed by the framework for test status, results, and
+logs.</p>
+
+<p>The advantages of using batch mode include:</p>
+<ul>
+<li><strong>Test case isolation</strong>. Provides the same level of test
+case isolation as non-batch mode if the framework restarts the binary/device
+after a crash with a reduced test filter (excluding finished and crashed test
+cases).</li>
+<li><strong>Granularity</strong>. Provides the same test-case granularity as
+non-batch mode.</li>
+</ul>
+
+<p>The disadvantages of using batch mode include:</p>
+<ul>
+<li><strong>Maintenance cost</strong>. If the GTest logging format changes,
+all tests will break.</li>
+<li><strong>Confusion</strong>. A test case can print something similar to GTest
+progress format, which can confuse the format.</li>
+</ul>
+<p>Because of these disadvantages, we have temporarily removed the option to use
+command line output. We will revisit this option in the future to improve the
+reliability of this function.</p>
+
+<h2 id="hostbinarytest">HostBinaryTest template</h2>
+<p>The HostBinaryTest template includes host-side executables that do not exist
+in other directories or in Python scripts. These tests include:</p>
+<ul>
+<li>Compiled test binaries executable on host</li>
+<li>Executable scripts in shell, Python, or other languages</li>
+</ul>
+<p>One example is the
+<a href="https://android.googlesource.com/platform/test/vts-testcase/security/+/master/selinux/policy/AndroidTest.xml" class="external">VTS
+Security SELinux policy host-side test</a>:</p>
+
+<pre class="devsite-click-to-copy">
+&lt;configuration description="Config for VTS Security SELinux policy host-side test cases"&gt;
+ ...
+ &lt;test class="com.android.tradefed.testtype.VtsMultiDeviceTest"&gt;
+ &lt;option name="test-module-name" value="VtsSecuritySelinuxPolicyHost"/&gt;
+ &lt;option name="binary-test-source" value="out/host/linux-x86/bin/VtsSecuritySelinuxPolicyHostTest" /&gt;
+ &lt;option name="binary-test-type" value="host_binary_test"/&gt;
+ &lt;/test&gt;
+&lt;/configuration&gt;
+</pre>
+
+<p>HostBinaryTest does not extend the BinaryTest template but does use similar
+test configurations. In the above example, the <code>binary-test-source</code>
+option specifies a host-side relative path to the test executable, and
+<code>binary-test-type</code> is <code>host_binary_test</code>. Similar to
+BinaryTest template, the binary filename is used as the test case name by
+default.</p>
+
+<h2 id="extending-existing-templates">Extending existing templates</h2>
+<p>You can use templates directly in the test config to include non-Python tests
+or extend them in a subclass to handle specific test requirements. Templates in
+the VTS repo have the following extensions:</p>
+
+<p><img src="images/vts_template_extension.png"></p>
+<figcaption><strong>Figure 5.</strong> Extending existing templates in the VTS
+repo.</figcaption>
+
+<p>Developers are encouraged to extend any existing template for any specific
+test requirements. Common reasons to extend templates include:</p>
+<ul>
+<li>Special test setup procedures, such as preparing a device with special
+commands.</li>
+<li>Generating different test cases and test names.</li>
+<li>Parsing results by reading command output or using other conditions.</li>
+</ul>
+<p>To make it easier to extend existing templates, the templates contain methods
+specialized for each functionality. If you have improved designs for existing
+templates, we encourage you to contribute to the VTS code base.</p>
+
+</body>
+</html> \ No newline at end of file
diff --git a/en/devices/architecture/dto/multiple.html b/en/devices/architecture/dto/multiple.html
index 52f47a46..f431a9d7 100644
--- a/en/devices/architecture/dto/multiple.html
+++ b/en/devices/architecture/dto/multiple.html
@@ -43,12 +43,18 @@ DTs.</figcaption>
<p>The bootloader should be able to:</p>
<ul>
-<li>read the SoC ID and select the main DT correspondingly, and</li>
-<li>read the board ID and select the overlay DT accordingly.</li>
+<li>Read the SoC ID and select the corresponding main device tree, and</li>
+<li>Read the board ID and select the set of overlay device trees accordingly.
+</li>
</ul>
-<p>Only one main DT and one overlay DT are selected for use at runtime, and the
-selected pair must be compatible.</p>
+<p>Only one main DT should be selected for use at runtime. Multiple overlay DTs
+may be selected but they must be compatible with the chosen main DT. Using
+multiple overlays can help avoid storing one overlay per board within the DTBO
+partition and enable the bootloader to determine the subset of required overlays
+based on the board ID (or possibly by probing the peripherals). For
+example, Board A may need the devices added by the overlays 1, 3, and 5 while
+Board B may need the devices added by the overlays 1, 4, and 5.</p>
<h2 id=partition>Partitioning</h2>
<p>To partition, determine a bootloader runtime-accessible and trusted location
diff --git a/en/devices/architecture/hidl-cpp/index.html b/en/devices/architecture/hidl-cpp/index.html
index 7d8466cb..28c4aa0a 100644
--- a/en/devices/architecture/hidl-cpp/index.html
+++ b/en/devices/architecture/hidl-cpp/index.html
@@ -117,7 +117,7 @@ a binderized service. Example daemon code (for pure binderized service):</p>
<pre class="prettyprint">
int main(int /* argc */, char* /* argv */ []) {
- Nfc nfc = new Nfc();
+ sp<INfc> nfc = new Nfc();
const status_t status = nfc-&gt;registerAsService();
if (status != ::android::OK) {
return 1; // or handle error
diff --git a/en/devices/architecture/hidl-java/index.html b/en/devices/architecture/hidl-java/index.html
index 3b94247e..c4218160 100644
--- a/en/devices/architecture/hidl-java/index.html
+++ b/en/devices/architecture/hidl-java/index.html
@@ -136,7 +136,7 @@ to run the service is:</p>
import android.hardware.foo.V1_0.IFoo;
import android.hardware.foo.V1_0.IFooCallback.Stub;
....
-class FooCallback extends IFoo.Stub {
+class FooCallback extends IFooCallback.Stub {
// implement methods
}
....
diff --git a/en/devices/architecture/hidl/versioning.html b/en/devices/architecture/hidl/versioning.html
index 13bce259..52552f0c 100644
--- a/en/devices/architecture/hidl/versioning.html
+++ b/en/devices/architecture/hidl/versioning.html
@@ -112,6 +112,54 @@ types from the older version of the package, and inheritance of a subset of
old-package interfaces.</li>
</ul>
+<h2 id=structuring>Structuring interfaces</h2>
+
+<p>For a well structured interface, adding new types of functionality that
+are not part of the original design should require a modification to the HIDL
+interface. Conversely, if you can or expect to make a change on both sides of
+the interface that introduces new functionality without changing the interface
+itself, then the interface is not structured.</p>
+
+<p>Treble supports separately-compiled vendor and system components in which the
+<code>vendor.img</code> on a device and the <code>system.img</code> can be
+compiled separately. All interactions between <code>vendor.img</code> and
+<code>system.img</code> must be explicitly and thoroughly defined so they can
+continue to work for many years. This includes many API surfaces, but a major
+surface is the IPC mechanism HIDL uses for interprocess communication on the
+<code>system.img</code>/<code>vendor.img</code> boundary.</p>
+
+<h3 id="structuring-requirements">Requirements</h3>
+<p>All data passed through HIDL must be explicitly defined. To ensure an
+implementation and client can continue to work together even when compiled
+separately or developed on independently, data must adhere to the following
+requirements:</p>
+
+<ul>
+<li>Can be described in HIDL directly (using structs enums, etc.) with
+semantic names and meaning.</li>
+<li>Can be described by a public standard such as ISO/IEC 7816.</li>
+<li>Can be described by a hardware standard or physical layout of hardware.</li>
+<li>Can be opaque data (such as public keys, ids, etc.) if necessary.</li>
+</ul>
+
+<p>If opague data is used, it must be read only by one side of the HIDL
+interface. For example, if <code>vendor.img</code> code gives a component on the
+<code>system.img</code> a string message or <code>vec&lt;uint8_t&gt;</code>
+data, that data cannot be parsed by the <code>system.img</code> itself; it can
+only be passed back to <code>vendor.img</code> to interpret. <strong>When
+passing a value from <code>vendor.img</code> to vendor code on
+<code>system.img</code> or to another device, the format of the data and how it
+is to be interpreted must be exactly described and is still part of the
+interface</strong>.</p>
+
+<h3 id="structuring-guidelines">Guidelines</h3>
+
+<p>You should be able to write an implementation or client of a HAL using only
+the .hal files (i.e. you should not need to look at the Android source or public
+standards). We recommend specifying the exact required behavior. Statements such
+as "an implementation may do A or B" encourage implementations to become
+intertwined with the clients they are developed with.</p>
+
<h2 id=code-layout>HIDL code layout</h2>
<p>HIDL includes core and vendor packages.</p>
diff --git a/en/devices/tech/config/filesystem.html b/en/devices/tech/config/filesystem.html
index 10b7f0b4..73633943 100644
--- a/en/devices/tech/config/filesystem.html
+++ b/en/devices/tech/config/filesystem.html
@@ -244,7 +244,8 @@ the autogenerated header file by adding to your module's <code>Android.mk</code>
and including the empty faux library. For example, in <code>Android.mk</code>,
add the following:</p>
-<pre class="prettyprint"> LOCAL_STATIC_LIBRARIES := liboemaids</pre>
+<pre class="prettyprint">LOCAL_HEADER_LIBRARIES := oemaids_headers</pre>
+
<p>In your C code, <code>#include "generated_oem_aid.h"</code> and start using
the declared identifiers. For example, in <code>my_file.c</code>, add the
following: </p>
diff --git a/en/devices/tech/config/namespaces_libraries.html b/en/devices/tech/config/namespaces_libraries.html
index b91cbe23..1e94bf1b 100644
--- a/en/devices/tech/config/namespaces_libraries.html
+++ b/en/devices/tech/config/namespaces_libraries.html
@@ -61,6 +61,26 @@ additional native libraries accessible to apps by putting them under the
<code>/vendor/etc/public.libraries.txt</code>
</p>
+<p>
+Starting from Android 8.0, vendor public libraries have the following additional
+restrictions and required setups:
+</p>
+
+<ol>
+ <li>The native library in vendor must be properly labeled so it can be
+ accessible to apps. If access is required by any apps (including third
+ party apps), the library must be labeled as <code>same_process_hal_file</code>
+ in a vendor-specific <code>file_contexts</code> file as follows:
+ <pre class="devsite-click-to-copy">/vendor/lib(64)?/libnative.so u:object_r:same_process_hal_file:s0</pre>
+ where <code>libnative.so</code> is the name of the native library.
+ </li>
+ <li>The library, either directly or transitively via its dependencies, must not
+ depend on system libraries other than VNDK-SP and LLNDK libraries. The list of
+ VNDK-SP and LLNDK libraries can be found at
+ <code>development/vndk/tools/definition/tool/datasets/eligible-list-&lt;version&gt;-release.csv</code>.
+ </li>
+</ol>
+
<h2 id="updating-app-non-public">Updating apps to not use non-public native libraries</h2>
<p>
diff --git a/en/devices/tech/config/perms-whitelist.html b/en/devices/tech/config/perms-whitelist.html
index c3de0de0..918f89eb 100644
--- a/en/devices/tech/config/perms-whitelist.html
+++ b/en/devices/tech/config/perms-whitelist.html
@@ -135,7 +135,7 @@
transitional log-mode:
</p>
-<pre class="devsite-click-to-copy">ro.control_privapp_permission=log</pre>
+<pre class="devsite-click-to-copy">ro.control_privapp_permissions=log</pre>
<p>
Violations are reported in the log file, but permissions are still granted.
@@ -158,11 +158,11 @@ PackageManager: Privileged permission {PERMISSION_NAME} for package {PACKAGE_NAM
<p>
After whitelists are in place, enable runtime enforcement by setting the build
- property <code>ro.control_privapp_permission=enforce</code>.
+ property <code>ro.control_privapp_permissions=enforce</code>.
</p>
<aside class="note"><strong>Note:</strong> The
- <code>ro.control_privapp_permission</code> property state must adhere to
+ <code>ro.control_privapp_permissions</code> property state must adhere to
<a href="/compatibility/android-cdd#9_1_permissions">CDD section 9.1
requirements</a>.</aside>
diff --git a/en/devices/tech/config/uicc.html b/en/devices/tech/config/uicc.html
index 1fa6952c..96c1d360 100644
--- a/en/devices/tech/config/uicc.html
+++ b/en/devices/tech/config/uicc.html
@@ -29,7 +29,7 @@ Android platform loads certificates stored on a UICC and grants permission to
apps signed by these certificates to make calls to a handful of special APIs.
</p>
<p>Android 7.0 extends this feature to support other storage sources, such as
-Access File Rule (ARF), for UICC carrier privilege rules, dramatically
+Access Rule File (ARF), for UICC carrier privilege rules, dramatically
increasing the number of carriers that can use the APIs. For an API reference,
see <a href="#carrierconfigmanager">CarrierConfigManager</a>; for instructions,
see <a href="/devices/tech/config/carrier.html">Carrier
diff --git a/en/devices/tech/ota/ab/index.html b/en/devices/tech/ota/ab/index.html
index 48a9fea5..c2a9c447 100644
--- a/en/devices/tech/ota/ab/index.html
+++ b/en/devices/tech/ota/ab/index.html
@@ -31,6 +31,9 @@
updates successfully.
</p>
+ <p>For more information about A/B system updates and how they work, see
+ <a href="#slots">Partition selection (slots)</a>.
+
<p>A/B system updates provide the following benefits:</p>
<ul>
diff --git a/en/devices/tech/ota/index.html b/en/devices/tech/ota/index.html
index 1565e3b2..7b2f0dd0 100644
--- a/en/devices/tech/ota/index.html
+++ b/en/devices/tech/ota/index.html
@@ -35,7 +35,7 @@
applications installed by the user from Google Play.
</p>
- <h2 id="ab_updates">A/B updates</h2>
+ <h2 id="ab_updates">A/B (seamless) system updates</h2>
<p>
Modern A/B devices have two copies of each partition, A and B. Devices
@@ -50,7 +50,7 @@
</a>.
</p>
- <h2 id="nonab_updates">Non-A/B updates</h2>
+ <h2 id="nonab_updates">Non-A/B system updates</h2>
<p>
Older devices have a special recovery partition containing the software
diff --git a/en/devices/tech/perf/boot-times.html b/en/devices/tech/perf/boot-times.html
index a7588301..fb6ad441 100644
--- a/en/devices/tech/perf/boot-times.html
+++ b/en/devices/tech/perf/boot-times.html
@@ -255,17 +255,27 @@ us uncover many meaningful bugs in some Android device drivers).
Many processes launch during boot, but only components in critical path
(bootloader > kernel > init > file system mount > zygote > system server)
directly affect boot time. Profile <strong>initcall</strong> during kernel
-booting to identify peripheral/components that are not critical to the
-start init process, then delay those peripherals/components until later
-in the boot process.
+booting to identify peripheral/components that are slow and not critical
+to start init process, then delay those peripherals/components until later
+in the boot process by moving into loadable kernel modules. Moving to
+asynchronous device/driver probe can also help to parallel slow components
+in kernel > init critical path.
</p>
<pre
class="prettyprint">
BoardConfig-common.mk:
BOARD_KERNEL_CMDLINE += initcall_debug ignore_loglevel
+
+driver:
+ .probe_type = PROBE_PREFER_ASYNCHRONOUS,
</pre>
+<p class="note">
+<strong>Note:</strong> Driver dependencies must be resolved carefully by adding
+<code>EPROBEDEFER</code> support.
+</p>
+
<h2 id="optimizing-i-o-efficiency">Optimizing I/O efficiency</h2>
<p>
@@ -422,6 +432,12 @@ early stage init should be deferred to boot completed.</li></ul>
</li>
</ul>
+<p class="note">
+<strong>Note:</strong> Property service is part of init process, so calling
+<code>setproperty</code> during boot can lead a long delay if init is busy in
+builtin commands.
+</p>
+
<h3 id="using-scheduler-tuning">Using scheduler tuning</h3>
<p>
diff --git a/en/security/_toc.yaml b/en/security/_toc.yaml
index b24dd01b..ae1f236f 100644
--- a/en/security/_toc.yaml
+++ b/en/security/_toc.yaml
@@ -47,6 +47,8 @@ toc:
section:
- title: 2018 Bulletins
section:
+ - title: April
+ path: /security/bulletin/2018-04-01
- title: March
path: /security/bulletin/2018-03-01
- title: February
@@ -131,6 +133,8 @@ toc:
path: /security/bulletin/pixel/index
- title: 2018 Bulletins
section:
+ - title: April
+ path: /security/bulletin/pixel/2018-04-01
- title: March
path: /security/bulletin/pixel/2018-03-01
- title: February
diff --git a/en/security/bulletin/2018-02-01.html b/en/security/bulletin/2018-02-01.html
index 972ff4d2..8fff7409 100644
--- a/en/security/bulletin/2018-02-01.html
+++ b/en/security/bulletin/2018-02-01.html
@@ -20,7 +20,7 @@
See the License for the specific language governing permissions and
limitations under the License.
-->
- <p><em>Published February 5, 2018 | Updated February 14, 2018</em></p>
+ <p><em>Published February 5, 2018 | Updated April 2, 2018</em></p>
<p>
@@ -352,16 +352,6 @@ a privileged process.</p>
<th>Component</th>
</tr>
<tr>
- <td>CVE-2017-15817</td>
- <td>A-68992394<br />
- <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=8ba78e506e5002cdae525dd544dbf1df0ccce1ef">
-QC-CR#2076603</a>
- [<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=fe43c2b64ac81199de17efc258e95546cb0546f1">2</a>]</td>
- <td>RCE</td>
- <td>Critical</td>
- <td>WLan</td>
- </tr>
- <tr>
<td>CVE-2017-15860</td>
<td>A-68992416<br />
<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=71331327ac389bff7d5af2707c4325e5b7949013">
@@ -650,5 +640,10 @@ security bulletins.
<td>Corrected CVE numbers for CVE-2017-13273, CVE-2017-15860, CVE-2017-15861 and
CVE-2017-15862.</td>
</tr>
+ <tr>
+ <td>1.3</td>
+ <td>April 2, 2018</td>
+ <td>Moved CVE-2017-15817 from the February Android Bulletin to the February Pixel Bulletin.</td>
+ </tr>
</table>
</body></html>
diff --git a/en/security/bulletin/2018-04-01.html b/en/security/bulletin/2018-04-01.html
new file mode 100644
index 00000000..21bb5aa5
--- /dev/null
+++ b/en/security/bulletin/2018-04-01.html
@@ -0,0 +1,2700 @@
+<html devsite>
+ <head>
+ <title>Android Security Bulletin—April 2018</title>
+ <meta name="project_path" value="/_project.yaml" />
+ <meta name="book_path" value="/_book.yaml" />
+ </head>
+ <body>
+ <!--
+ Copyright 2018 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ //www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+<p><em>Published April 2, 2018 | Updated April 4, 2018</em></p>
+
+<p>
+The Android Security Bulletin contains details of security vulnerabilities
+affecting Android devices. Security patch levels of 2018-04-05 or later address
+all of these issues. To learn how to check a device's security patch level, see
+<a href="https://support.google.com/pixelphone/answer/4457705">Check and update
+your Android version</a>.
+</p>
+<p>
+Android partners are notified of all issues at least a month before publication.
+Source code patches for these issues have been released to the Android Open
+Source Project (AOSP) repository and linked from this bulletin. This bulletin
+also includes links to patches outside of AOSP.
+</p>
+<p>
+The most severe of these issues is a critical security vulnerability in Media
+framework that could enable a remote attacker using a specially crafted file to
+execute arbitrary code within the context of a privileged process. The
+<a href="/security/overview/updates-resources.html#severity">severity
+assessment</a> is based on the effect that exploiting the vulnerability would
+possibly have on an affected device, assuming the platform and service
+mitigations are turned off for development purposes or if successfully bypassed.
+</p>
+<p>
+We have had no reports of active customer exploitation or abuse of these newly
+reported issues. Refer to the
+<a href="#mitigations">Android and Google Play Protect mitigations</a>
+section for details on the
+<a href="/security/enhancements/index.html">Android security platform protections</a>
+and Google Play Protect, which improve the security of the Android platform.
+</p>
+<p class="note">
+<strong>Note:</strong> Information on the latest over-the-air update (OTA) and
+firmware images for Google devices is available in the
+<a href="/security/bulletin/pixel/2018-04-01.html">April 2018
+Pixel&hairsp;/&hairsp;Nexus Security Bulletin</a>.
+</p>
+
+<h2 id="announcements">Announcements</h2>
+<p>We would like to thank Qualcomm for their dedicated efforts to improve the
+security of mobile devices. The 2018-04-05 SPL includes a cumulative list of
+addressed security issues taken from Qualcomm’s 2014–2016 partner focused
+bulletins, and is a reflection of their continued effort and commitment.</p>
+
+<h2 id="mitigations">Android and Google service mitigations</h2>
+<p>
+This is a summary of the mitigations provided by the
+<a href="/security/enhancements/index.html">Android security platform</a>
+and service protections such as
+<a href="https://www.android.com/play-protect">Google Play Protect</a>.
+These capabilities reduce the likelihood that security vulnerabilities
+could be successfully exploited on Android.
+</p>
+<ul>
+<li>Exploitation for many issues on Android is made more difficult by
+enhancements in newer versions of the Android platform. We encourage all users
+to update to the latest version of Android where possible.</li>
+<li>The Android security team actively monitors for abuse through
+<a href="https://www.android.com/play-protect">Google Play Protect</a>
+and warns users about
+<a href="/security/reports/Google_Android_Security_PHA_classifications.pdf">Potentially
+Harmful Applications</a>. Google Play Protect is enabled by default on devices
+with <a href="http://www.android.com/gms">Google Mobile Services</a>, and is
+especially important for users who install apps from outside of Google
+Play.</li>
+</ul>
+<h2 id="2018-04-01-details">2018-04-01 security patch level vulnerability details</h2>
+<p>
+In the sections below, we provide details for each of the security
+vulnerabilities that apply to the 2018-04-01 patch level. Vulnerabilities are
+grouped under the component that they affect. There is a description of the
+issue and a table with the CVE, associated references,
+<a href="#type">type of vulnerability</a>,
+<a href="/security/overview/updates-resources.html#severity">severity</a>,
+and updated AOSP versions (where applicable). When available, we link the public
+change that addressed the issue to the bug ID, like the AOSP change list. When
+multiple changes relate to a single bug, additional references are linked to
+numbers following the bug ID.
+</p>
+
+<h3 id="android-runtime">Android runtime</h3>
+<p>The most severe vulnerability in this section could enable a remote attacker
+to bypass user interaction requirements in order to gain access to additional
+permissions.</p>
+
+<table>
+ <col width="17%">
+ <col width="19%">
+ <col width="9%">
+ <col width="14%">
+ <col width="39%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Type</th>
+ <th>Severity</th>
+ <th>Updated AOSP versions</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-13274</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/base/+/0b57631939f5824afef06517df723d2e766e0159">A-71360761</a></td>
+ <td>EoP</td>
+ <td>High</td>
+ <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ </tr>
+</table>
+
+
+<h3 id="framework">Framework</h3>
+<p>The most severe vulnerability in this section could enable a local malicious
+application to bypass operating system protections that isolate application
+data from other applications.</p>
+
+<table>
+ <col width="17%">
+ <col width="19%">
+ <col width="9%">
+ <col width="14%">
+ <col width="39%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Type</th>
+ <th>Severity</th>
+ <th>Updated AOSP versions</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-13275</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/minikin/+/3056f04d293bd16e56cc72e10edd060b8c1ca0f5">A-70808908</a></td>
+ <td>ID</td>
+ <td>High</td>
+ <td>8.0, 8.1</td>
+ </tr>
+</table>
+
+
+<h3 id="media-framework">Media framework</h3>
+<p>The most severe vulnerability in this section could enable a remote attacker
+using a specially crafted file to execute arbitrary code within the context of
+a privileged process.</p>
+
+<table>
+ <col width="17%">
+ <col width="19%">
+ <col width="9%">
+ <col width="14%">
+ <col width="39%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Type</th>
+ <th>Severity</th>
+ <th>Updated AOSP versions</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-13276</td>
+ <td><a href="https://android.googlesource.com/platform/external/aac/+/1b9cbed05b4fd376677d67b6442aa30256834ed4">A-70637599</a></td>
+ <td>RCE</td>
+ <td>Critical</td>
+ <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-13277</td>
+ <td><a href="https://android.googlesource.com/platform/external/libhevc/+/b7d4d588e8fcbe254f7a3d9a247af4b91ccc7285">A-72165027</a></td>
+ <td>RCE</td>
+ <td>Critical</td>
+ <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-13278</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/av/+/8a54af87b632c03ff2ae15a4a088801bb39fdae7">A-70546581</a></td>
+ <td>EoP</td>
+ <td>High</td>
+ <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-13279</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/av/+/d32af5db10f018219e0379f333c7f0452a4f7a31">A-68399439</a></td>
+ <td>DoS</td>
+ <td>High</td>
+ <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-13280</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/ex/+/ebd849ed8aa77c0e1dad7a08df4a55845a067b76">A-71361451</a></td>
+ <td>DoS</td>
+ <td>High</td>
+ <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ </tr>
+</table>
+
+
+<h3 id="system">System</h3>
+<p>The most severe vulnerability in this section could enable a remote attacker
+using a specially crafted file to execute arbitrary code within the context of
+a privileged process.</p>
+
+<table>
+ <col width="17%">
+ <col width="19%">
+ <col width="9%">
+ <col width="14%">
+ <col width="39%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Type</th>
+ <th>Severity</th>
+ <th>Updated AOSP versions</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-13281</td>
+ <td><a href="https://android.googlesource.com/platform/system/bt/+/6f3ddf3f5cf2b3eb52fb0adabd814a45cff07221">A-71603262</a></td>
+ <td>RCE</td>
+ <td>Critical</td>
+ <td>8.0, 8.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-13282</td>
+ <td><a href="https://android.googlesource.com/platform/system/bt/+/6ecbbc093f4383e90cbbf681cd55da1303a8ef94">A-71603315</a></td>
+ <td>RCE</td>
+ <td>Critical</td>
+ <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-13283</td>
+ <td><a href="https://android.googlesource.com/platform/system/bt/+/e4ec79be45304f819c88c8dbf826d58b68f6c8f8">A-71603410</a></td>
+ <td>RCE</td>
+ <td>Critical</td>
+ <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-13267</td>
+ <td><a href="https://android.googlesource.com/platform/system/bt/+/57dc5964428697a104988f0aa0d1fd1d88fec939">A-69479009</a></td>
+ <td>RCE</td>
+ <td>Critical</td>
+ <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-13284</td>
+ <td><a href="https://android.googlesource.com/platform/system/bt/+/7f8bfcc35285ca6e93a4436699bc95c13b920caf">A-70808273</a></td>
+ <td>EoP</td>
+ <td>Critical</td>
+ <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-13285</td>
+ <td><a href="https://android.googlesource.com/platform/external/svox/+/cee78199bbfae81f54a40671db47096f5f32cdad">A-69177126</a></td>
+ <td>RCE</td>
+ <td>High</td>
+ <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-13286</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/base/+/47ebfaa2196aaf4fbeeec34f1a1c5be415cf041b">A-69683251</a></td>
+ <td>EoP</td>
+ <td>High</td>
+ <td>8.0, 8.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-13287</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/base/+/09ba8fdffd9c8d74fdc6bfb51bcebc27fc43884a">A-71714464</a></td>
+ <td>EoP</td>
+ <td>High</td>
+ <td>6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-13288</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/base/+/b796cd32a45bcc0763c50cc1a0cc8236153dcea3">A-69634768</a></td>
+ <td>EoP</td>
+ <td>High</td>
+ <td>8.0, 8.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-13289</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/base/+/5a3d2708cd2289a4882927c0e2cb0d3c21a99c02">A-70398564</a></td>
+ <td>EoP</td>
+ <td>High</td>
+ <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-13290</td>
+ <td><a href="https://android.googlesource.com/platform/system/bt/+/72b1cebaa9cc7ace841d887f0d4a4bf6daccde6e">A-69384124</a></td>
+ <td>ID</td>
+ <td>High</td>
+ <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-13291</td>
+ <td><a href="https://android.googlesource.com/platform/system/bt/+/1696f97011f5f30f1a630f3b24442ca64232b1f5">A-71603553</a></td>
+ <td>DoS</td>
+ <td>High</td>
+ <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ </tr>
+</table>
+
+<h2 id="2018-04-05-details">2018-04-05 security patch level vulnerability details</h2>
+<p>In the sections below, we provide details for each of the security
+vulnerabilities that apply to the 2018-04-05 patch level. Vulnerabilities are
+grouped under the component that they affect and include details such as the
+CVE, associated references, <a href="#type">type of vulnerability</a>, <a
+href="/security/overview/updates-resources.html#severity">severity</a>,
+component (where applicable), and updated AOSP versions (where applicable).
+When available, we link the public change that addressed the issue to the bug
+ID, like the AOSP change list.</p>
+
+<p>When multiple changes relate to a single bug, additional references are
+linked to numbers following the bug ID.</p>
+
+<h3 id="broadcom-components">Broadcom components</h3>
+<p>The most severe vulnerability in this section could enable a proximate
+attacker using a specially crafted file to execute arbitrary code within the
+context of a privileged process.</p>
+
+<table>
+ <col width="17%">
+ <col width="19%">
+ <col width="9%">
+ <col width="14%">
+ <col width="39%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Type</th>
+ <th>Severity</th>
+ <th>Component</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-13292</td>
+ <td>A-70722061<a href="#asterisk">*</a><br />
+ B-V2018010201</td>
+ <td>RCE</td>
+ <td>Critical</td>
+ <td>bcmdhd driver</td>
+ </tr>
+</table>
+
+
+<h3 id="kernel-components">Kernel components</h3>
+<p>The most severe vulnerability in this section could enable a local malicious
+application to execute arbitrary code within the context of a privileged
+process.</p>
+
+<table>
+ <col width="17%">
+ <col width="19%">
+ <col width="9%">
+ <col width="14%">
+ <col width="39%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Type</th>
+ <th>Severity</th>
+ <th>Component</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-13293</td>
+ <td>A-62679701<a href="#asterisk">*</a></td>
+ <td>EoP</td>
+ <td>High</td>
+ <td>NFC driver</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-5754</td>
+ <td>A-69856074<a href="#asterisk">*</a></td>
+ <td>ID</td>
+ <td>High</td>
+ <td>Memory mapping</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-16534</td>
+ <td>A-69052594<br />
+ <a href="https://github.com/torvalds/linux/commit/2e1c42391ff2556387b3cb6308b24f6f65619feb">
+Upstream kernel</a></td>
+ <td>ID</td>
+ <td>High</td>
+ <td>USB</td>
+ </tr>
+</table>
+
+
+<h3 id="qualcomm-components">Qualcomm components</h3>
+<p>The most severe vulnerability in this section could enable a proximate
+attacker using a specially crafted file to execute arbitrary code within the
+context of a privileged process.</p>
+
+<table>
+ <col width="17%">
+ <col width="21%">
+ <col width="9%">
+ <col width="14%">
+ <col width="37%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Type</th>
+ <th>Severity</th>
+ <th>Component</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-15822</td>
+ <td>A-71501534<br />
+ <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=dba4c106922d637ff5965b023b451f6273348eb6">
+QC-CR#2123807</a></td>
+ <td>RCE</td>
+ <td>Critical</td>
+ <td>WiFi</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-17770</td>
+ <td>A-70237684<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=284f963af0accf7f921ec10e23acafd71c3a724b">QC-CR#2103199</a>
+ [<a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=3b0c1463e4a6b37d4413a4ba02f1727eeb8693be">2</a>]</td>
+ <td>EoP</td>
+ <td>High</td>
+ <td>Binder</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-3566</td>
+ <td>A-72957177<br />
+ <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=11868230d4fe79f76eae30c742b4c68c2899caea">
+QC-CR#2143847</a></td>
+ <td>EoP</td>
+ <td>High</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-3563</td>
+ <td>A-72956842<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=c643a15d73b3fb6329b002662e72dfa96acfdb8a">QC-CR#2143207</a>
+ [<a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=0b8320cd49255177f0c0c8589708e983116ac420">2</a>]
+ [<a href="https://source.codeaurora.org/quic/la/platform/vendor/opensource/audio-kernel/commit/?id=d5231fa166521a32621c32fb749b80fc37c13c6a">3</a>]</td>
+ <td>EoP</td>
+ <td>High</td>
+ <td>Audio Driver</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-13077</td>
+ <td>A-72957017<br />
+ <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=776f17c87599fae3202e69bb5718ac9062f14695">
+QC-CR#2129237</a></td>
+ <td>ID</td>
+ <td>High</td>
+ <td>WLAN</td>
+ </tr>
+</table>
+
+
+<h3 id="qualcomm-closed-source-components">Qualcomm closed-source
+components</h3>
+<p>These vulnerabilities affect Qualcomm components and are described in
+further detail in the appropriate Qualcomm AMSS security bulletin or security
+alert. The severity assessment of these issues is provided directly by
+Qualcomm.</p>
+
+<table>
+ <col width="17%">
+ <col width="19%">
+ <col width="9%">
+ <col width="14%">
+ <col width="39%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Type</th>
+ <th>Severity</th>
+ <th>Component</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-18071</td>
+ <td>A-68326813<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>Critical</td>
+ <td>Closed-source component
+</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8274</td>
+ <td>A-68141335<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>Critical</td>
+ <td>Closed-source component
+</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18146</td>
+ <td>A-70221449<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>Critical</td>
+ <td>Closed-source component
+</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18128</td>
+ <td>A-70221448<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>Critical</td>
+ <td>Closed-source component
+</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-3592</td>
+ <td>A-71501105<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>Critical</td>
+ <td>Closed-source component
+</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-3591</td>
+ <td>A-71501103<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>Critical</td>
+ <td>Closed-source component
+</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18074</td>
+ <td>A-68326816<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component
+</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18073</td>
+ <td>A-68326820<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component
+</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18125</td>
+ <td>A-68326821<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component
+</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8275</td>
+ <td>A-68141336<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component
+</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-11011</td>
+ <td>A-68326823<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component
+</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18137</td>
+ <td>A-67712318<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component
+</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18134</td>
+ <td>A-67712320<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component
+</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18136</td>
+ <td>A-68989810<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component
+</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18140</td>
+ <td>A-68989811<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component
+</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18135</td>
+ <td>A-68989813<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component
+</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18142</td>
+ <td>A-68989814<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component
+</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18138</td>
+ <td>A-68989815<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component
+</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18139</td>
+ <td>A-68989819<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component
+</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18129</td>
+ <td>A-68989822<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component
+</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18132</td>
+ <td>A-68989825<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component
+</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18133</td>
+ <td>A-68989826<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component
+</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18072</td>
+ <td>A-68989828<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component
+</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18126</td>
+ <td>A-68989829<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component
+</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18144</td>
+ <td>A-70221450<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component
+</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18145</td>
+ <td>A-70221453<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component
+</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18147</td>
+ <td>A-70221456<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component
+</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18130</td>
+ <td>A-70221460<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component
+</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18143</td>
+ <td>A-70221461<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component
+</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18127</td>
+ <td>A-70221462<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component
+</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-3590</td>
+ <td>A-71501106<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-3593</td>
+ <td>A-71501107<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-3589</td>
+ <td>A-71501108<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-3594</td>
+ <td>A-71501112<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+</table>
+
+<h3 id="qualcomm-closed-source-components-2014-2016-cumulative-update">Qualcomm
+closed-source components 2014-2016 cumulative update</h3>
+<p>These vulnerabilities affect Qualcomm components and were shared by Qualcomm
+with their partners through Qualcomm AMSS security bulletins or security alerts
+between 2014 and 2016. They are included in this Android security bulletin in
+order to associate them with a security patch level (many Android devices may
+have already addressed these issues in prior updates). The severity assessment
+of these issues is provided directly by Qualcomm.</p>
+
+<table>
+ <col width="17%">
+ <col width="19%">
+ <col width="9%">
+ <col width="14%">
+ <col width="39%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Type</th>
+ <th>Severity</th>
+ <th>Component</th>
+ </tr>
+ <tr>
+ <td>CVE-2014-9996</td>
+ <td>A-37535090<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>Critical</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9971</td>
+ <td>A-37546253<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9972</td>
+ <td>A-37546853<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-10063</td>
+ <td>A-37534948<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-10057</td>
+ <td>A-62261099<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-10059</td>
+ <td>A-62260706<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-10053</td>
+ <td>A-37544066<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-10054</td>
+ <td>A-62261100<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-10052</td>
+ <td>A-62258372<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-10050</td>
+ <td>A-37546901<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-10055</td>
+ <td>A-37545605<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-10051</td>
+ <td>A-37546302<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-10048</td>
+ <td>A-62258088<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-10062</td>
+ <td>A-62258373<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-10058</td>
+ <td>A-62260741<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-10047</td>
+ <td>A-37538492<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-10045</td>
+ <td>A-62258536<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-10056</td>
+ <td>A-62261338<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9976</td>
+ <td>A-37534895<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-10043</td>
+ <td>A-62259947<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-10044</td>
+ <td>A-62260777<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-10046</td>
+ <td>A-62261408<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9981</td>
+ <td>A-37534949<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9993</td>
+ <td>A-37540928<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9986</td>
+ <td>A-37534645<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9994</td>
+ <td>A-37538493<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9995</td>
+ <td>A-37546303<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9997</td>
+ <td>A-37546854<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9988</td>
+ <td>A-62258089<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9990</td>
+ <td>A-62261216<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9987</td>
+ <td>A-62261293<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9989</td>
+ <td>A-62261380<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9991</td>
+ <td>A-62261409<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-10039</td>
+ <td>A-62261608<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9985</td>
+ <td>A-62261609<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9204</td>
+ <td>A-37540929<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-0574</td>
+ <td>A-37546304<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9205</td>
+ <td>A-37534696<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9221</td>
+ <td>A-37534796<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9212</td>
+ <td>A-37535795<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9210</td>
+ <td>A-62258538<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9211</td>
+ <td>A-62261217<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9207</td>
+ <td>A-62261410<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9202</td>
+ <td>A-37540473<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9213</td>
+ <td>A-37547700<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9209</td>
+ <td>A-38193247<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9203</td>
+ <td>A-62261218<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9206</td>
+ <td>A-62261294<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9215</td>
+ <td>A-62251854<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9216</td>
+ <td>A-62260780<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9169</td>
+ <td>A-37535098<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9173</td>
+ <td>A-37536244<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9179</td>
+ <td>A-37542567<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9177</td>
+ <td>A-37544075<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9187</td>
+ <td>A-37544109<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9162</td>
+ <td>A-37544110<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9172</td>
+ <td>A-37545607<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9181</td>
+ <td>A-37546754<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9219</td>
+ <td>A-37546859<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9183</td>
+ <td>A-37546860<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9182</td>
+ <td>A-37546904<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9185</td>
+ <td>A-37546952<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9184</td>
+ <td>A-37546953<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9170</td>
+ <td>A-37546954<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9175</td>
+ <td>A-37547404<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9171</td>
+ <td>A-37547405<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9192</td>
+ <td>A-37547750<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9208</td>
+ <td>A-62258540<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9224</td>
+ <td>A-62259949<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9201</td>
+ <td>A-62260711<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9200</td>
+ <td>A-62260779<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9198</td>
+ <td>A-62261219<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9196</td>
+ <td>A-62261339<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9199</td>
+ <td>A-62261411<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9174</td>
+ <td>A-62258090<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9178</td>
+ <td>A-62258541<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9180</td>
+ <td>A-62260712<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9176</td>
+ <td>A-62260713<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9189</td>
+ <td>A-62260820<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9188</td>
+ <td>A-62260821<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-0576</td>
+ <td>A-37543715<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9156</td>
+ <td>A-62260743<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9195</td>
+ <td>A-62251855<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9197</td>
+ <td>A-62260742<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9218</td>
+ <td>A-62260781<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9217</td>
+ <td>A-62261295<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9166</td>
+ <td>A-62251856<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9164</td>
+ <td>A-62258542<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9190</td>
+ <td>A-62259744<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9159</td>
+ <td>A-62259745<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9167</td>
+ <td>A-62259950<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9191</td>
+ <td>A-62260394<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9161</td>
+ <td>A-62260462<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9163</td>
+ <td>A-62260822<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9158</td>
+ <td>A-62261381<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9152</td>
+ <td>A-37546305<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9144</td>
+ <td>A-37540474<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9165</td>
+ <td>A-37539224<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9223</td>
+ <td>A-37543718<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9222</td>
+ <td>A-62258374<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9193</td>
+ <td>A-62259951<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9194</td>
+ <td>A-62261296<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9153</td>
+ <td>A-62260395<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9151</td>
+ <td>A-62260396<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9148</td>
+ <td>A-62260463<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9149</td>
+ <td>A-62260744<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9146</td>
+ <td>A-62260745<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9186</td>
+ <td>A-62261340<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9150</td>
+ <td>A-62261341<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9147</td>
+ <td>A-62261488<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-8593</td>
+ <td>A-37535091<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9160</td>
+ <td>A-37546254<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-8594</td>
+ <td>A-37546855<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9145</td>
+ <td>A-37535099<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9143</td>
+ <td>A-62260900<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9157</td>
+ <td>A-62260934<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9141</td>
+ <td>A-62261297<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9140</td>
+ <td>A-62259746<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9135</td>
+ <td>A-37546950<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9138</td>
+ <td>A-62259952<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9136</td>
+ <td>A-62260823<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9137</td>
+ <td>A-62260975<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9131</td>
+ <td>A-37542272<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9139</td>
+ <td>A-62251857<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9130</td>
+ <td>A-62252820<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9129</td>
+ <td>A-62260397<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9133</td>
+ <td>A-62260464<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9127</td>
+ <td>A-62260824<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9132</td>
+ <td>A-62260976<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9134</td>
+ <td>A-62261382<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9128</td>
+ <td>A-62261610<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9065</td>
+ <td>A-37538494<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9064</td>
+ <td>A-37546801<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9063</td>
+ <td>A-37546802<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9126</td>
+ <td>A-62258375<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9124</td>
+ <td>A-62252821<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9142</td>
+ <td>A-62260901<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9066</td>
+ <td>A-37540467<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9998</td>
+ <td>A-62260398<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9220</td>
+ <td>A-62261299<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9122</td>
+ <td>A-62261611<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9123</td>
+ <td>A-62259953<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9118</td>
+ <td>A-62261220<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9120</td>
+ <td>A-62261298<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9119</td>
+ <td>A-62261489<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9116</td>
+ <td>A-37540934<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9115</td>
+ <td>A-37544076<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9113</td>
+ <td>A-37544077<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9112</td>
+ <td>A-62258091<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9114</td>
+ <td>A-62259954<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9111</td>
+ <td>A-62260465<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9108</td>
+ <td>A-62260714<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9109</td>
+ <td>A-62260977<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9110</td>
+ <td>A-62261383<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10492</td>
+ <td>A-62261300<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10482</td>
+ <td>A-62260978<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10483</td>
+ <td>A-62258092<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10489</td>
+ <td>A-62258093<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10487</td>
+ <td>A-62259955<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10477</td>
+ <td>A-62260399<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10485</td>
+ <td>A-62260902<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10478</td>
+ <td>A-62260979<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10476</td>
+ <td>A-62260980<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10475</td>
+ <td>A-62260981<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10474</td>
+ <td>A-62260982<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10494</td>
+ <td>A-62261102<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10484</td>
+ <td>A-62261342<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10491</td>
+ <td>A-62261490<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10486</td>
+ <td>A-62267788<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10472</td>
+ <td>A-62259956<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10490</td>
+ <td>A-62260468<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10480</td>
+ <td>A-62261301<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10467</td>
+ <td>A-37526814<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10495</td>
+ <td>A-62261103<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10481</td>
+ <td>A-62260401<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10479</td>
+ <td>A-62261412<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10384</td>
+ <td>A-37536238<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10385</td>
+ <td>A-37544067<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10452</td>
+ <td>A-37523164<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10423</td>
+ <td>A-37534896<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10424</td>
+ <td>A-37540034<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10449</td>
+ <td>A-37546861<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10454</td>
+ <td>A-37544078<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10450</td>
+ <td>A-62260825<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10451</td>
+ <td>A-62267789<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10386</td>
+ <td>A-37534646<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10469</td>
+ <td>A-37542273<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10440</td>
+ <td>A-37535092<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10499</td>
+ <td>A-62259957<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10446</td>
+ <td>A-37547406<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10473</td>
+ <td>A-62260746<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10466</td>
+ <td>A-62260783<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10457</td>
+ <td>A-62260826<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10442</td>
+ <td>A-62267790<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10433</td>
+ <td>A-37540468<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10430</td>
+ <td>A-37540930<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10445</td>
+ <td>A-37545608<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10426</td>
+ <td>A-62252822<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10435</td>
+ <td>A-62260402<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10425</td>
+ <td>A-62260983<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10438</td>
+ <td>A-62261302<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10436</td>
+ <td>A-62261494<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10439</td>
+ <td>A-62263656<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10431</td>
+ <td>A-37540931<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10434</td>
+ <td>A-37540932<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10432</td>
+ <td>A-37546902<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10462</td>
+ <td>A-37539225<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10443</td>
+ <td>A-37540475<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10427</td>
+ <td>A-62261495<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10387</td>
+ <td>A-32583751<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10390</td>
+ <td>A-37536239<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10498</td>
+ <td>A-32582870<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10419</td>
+ <td>A-32577129<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10420</td>
+ <td>A-32579916<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10429</td>
+ <td>A-32579411<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10493</td>
+ <td>A-32574787<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10447</td>
+ <td>A-37542968<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10444</td>
+ <td>A-37544163<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-5348</td>
+ <td>A-37546905<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10421</td>
+ <td>A-32579095<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10455</td>
+ <td>A-32580964<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10441</td>
+ <td>A-32582927<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10418</td>
+ <td>A-37547407<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10417</td>
+ <td>A-32576287<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10464</td>
+ <td>A-32580243<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10458</td>
+ <td>A-32583424<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10471</td>
+ <td>A-37539226<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10416</td>
+ <td>A-62259747<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10411</td>
+ <td>A-62260404<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10496</td>
+ <td>A-62260469<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10410</td>
+ <td>A-62260936<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10414</td>
+ <td>A-62260937<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10461</td>
+ <td>A-62263657<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10460</td>
+ <td>A-62271227<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10392</td>
+ <td>A-37544068<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10409</td>
+ <td>A-37544164<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10459</td>
+ <td>A-62260716<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10407</td>
+ <td>A-62261222<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10406</td>
+ <td>A-62267791<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10497</td>
+ <td>A-62271228<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10501</td>
+ <td>A-62261303<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10381</td>
+ <td>A-37539788<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>Moderate</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10380</td>
+ <td>A-37541976<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>Moderate</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10412</td>
+ <td>A-37536245<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>Moderate</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10415</td>
+ <td>A-62260403<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>Moderate</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10422</td>
+ <td>A-37542966<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>Moderate</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10456</td>
+ <td>A-62261413<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>Moderate</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10428</td>
+ <td>A-37534697<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>Moderate</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10448</td>
+ <td>A-62261414<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>Moderate</td>
+ <td>Closed-source component</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10437</td>
+ <td>A-62260715<a href="#asterisk">*</a></td>
+ <td>N/A</td>
+ <td>Moderate</td>
+ <td>Closed-source component</td>
+ </tr>
+</table>
+
+<h2 id="common-questions-and-answers">Common questions and answers</h2>
+<p>
+This section answers common questions that may occur after reading this
+bulletin.</p>
+<p><strong>1. How do I determine if my device is updated to address these issues?
+</strong></p>
+<p>To learn how to check a device's security patch level, see
+<a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Check
+and update your Android version</a>.</p>
+<ul>
+<li>Security patch levels of 2018-04-01 or later address all issues associated
+with the 2018-04-01 security patch level.</li>
+<li>Security patch levels of 2018-04-05 or later address all issues associated
+with the 2018-04-05 security patch level and all previous patch levels.</li>
+</ul>
+<p>
+Device manufacturers that include these updates should set the patch string
+level to:
+</p>
+<ul>
+<li>[ro.build.version.security_patch]:[2018-04-01]</li>
+<li>[ro.build.version.security_patch]:[2018-04-05]</li>
+</ul>
+<p>
+<strong>2. Why does this bulletin have two security patch levels?</strong>
+</p>
+<p>
+This bulletin has two security patch levels so that Android partners have the
+flexibility to fix a subset of vulnerabilities that are similar across all
+Android devices more quickly. Android partners are encouraged to fix all issues
+in this bulletin and use the latest security patch level.
+</p>
+<ul>
+<li>Devices that use the 2018-04-01 security patch level must include all issues
+associated with that security patch level, as well as fixes for all issues
+reported in previous security bulletins.</li>
+<li>Devices that use the security patch level of 2018-04-05 or newer must
+include all applicable patches in this (and previous) security
+bulletins.</li>
+</ul>
+<p>
+Partners are encouraged to bundle the fixes for all issues they are addressing
+in a single update.
+</p>
+<p id="type">
+<strong>3. What do the entries in the <em>Type</em> column mean?</strong>
+</p>
+<p>
+Entries in the <em>Type</em> column of the vulnerability details table reference
+the classification of the security vulnerability.
+</p>
+<table>
+ <col width="25%">
+ <col width="75%">
+ <tr>
+ <th>Abbreviation</th>
+ <th>Definition</th>
+ </tr>
+ <tr>
+ <td>RCE</td>
+ <td>Remote code execution</td>
+ </tr>
+ <tr>
+ <td>EoP</td>
+ <td>Elevation of privilege</td>
+ </tr>
+ <tr>
+ <td>ID</td>
+ <td>Information disclosure</td>
+ </tr>
+ <tr>
+ <td>DoS</td>
+ <td>Denial of service</td>
+ </tr>
+ <tr>
+ <td>N/A</td>
+ <td>Classification not available</td>
+ </tr>
+</table>
+<p>
+<strong>4. What do the entries in the <em>References</em> column mean?</strong>
+</p>
+<p>
+Entries under the <em>References</em> column of the vulnerability details table
+may contain a prefix identifying the organization to which the reference value
+belongs.
+</p>
+<table>
+ <col width="25%">
+ <col width="75%">
+ <tr>
+ <th>Prefix</th>
+ <th>Reference</th>
+ </tr>
+ <tr>
+ <td>A-</td>
+ <td>Android bug ID</td>
+ </tr>
+ <tr>
+ <td>QC-</td>
+ <td>Qualcomm reference number</td>
+ </tr>
+ <tr>
+ <td>M-</td>
+ <td>MediaTek reference number</td>
+ </tr>
+ <tr>
+ <td>N-</td>
+ <td>NVIDIA reference number</td>
+ </tr>
+ <tr>
+ <td>B-</td>
+ <td>Broadcom reference number</td>
+ </tr>
+</table>
+<p id="asterisk">
+<strong>5. What does a * next to the Android bug ID in the <em>References</em>
+column mean?</strong>
+</p>
+<p>
+Issues that are not publicly available have a * next to the Android bug ID in
+the <em>References</em> column. The update for that issue is generally contained
+in the latest binary drivers for Nexus devices available from the <a
+href="https://developers.google.com/android/nexus/drivers">Google Developer
+site</a>.
+</p>
+<p>
+<strong>6. Why are security vulnerabilities split between this bulletin and
+device/partner security bulletins, such as the Pixel / Nexus bulletin?</strong>
+</p>
+<p>
+Security vulnerabilities that are documented in this security bulletin are
+required in order to declare the latest security patch level on Android devices.
+Additional security vulnerabilities that are documented in the device/partner
+security bulletins are not required for declaring a security patch level.
+Android device and chipset manufacturers are encouraged to document the presence
+of other fixes on their devices through their own security websites, such as the
+<a href="https://security.samsungmobile.com/securityUpdate.smsb">Samsung</a>,
+<a href="https://lgsecurity.lge.com/security_updates.html">LGE</a>, or
+<a href="/security/bulletin/pixel/">Pixel&hairsp;/&hairsp;Nexus</a>
+security bulletins.
+</p>
+<h2 id="versions">Versions</h2>
+<table>
+ <col width="25%">
+ <col width="25%">
+ <col width="50%">
+ <tr>
+ <th>Version</th>
+ <th>Date</th>
+ <th>Notes</th>
+ </tr>
+ <tr>
+ <td>1.0</td>
+ <td>April 2, 2018</td>
+ <td>Bulletin published.</td>
+ </tr>
+ <tr>
+ <td>1.1</td>
+ <td>April 4, 2018</td>
+ <td>Bulletin revised to include AOSP links.</td>
+ </tr>
+</table>
+</body></html>
diff --git a/en/security/bulletin/2018.html b/en/security/bulletin/2018.html
index 0df103d8..58c206cc 100644
--- a/en/security/bulletin/2018.html
+++ b/en/security/bulletin/2018.html
@@ -37,6 +37,21 @@ of all bulletins, see the <a href="/security/bulletin/index.html">Android Securi
<th>Security patch level</th>
</tr>
<tr>
+ <td><a href="/security/bulletin/2018-04-01.html">April 2018</a></td>
+ <td>Coming soon
+ <!--
+ <a href="/security/bulletin/2018-04-01.html">English</a>&nbsp;/
+ <a href="/security/bulletin/2018-04-01.html?hl=ja">日本語</a>&nbsp;/
+ <a href="/security/bulletin/2018-04-01.html?hl=ko">한국어</a>&nbsp;/
+ <a href="/security/bulletin/2018-04-01.html?hl=ru">ру́сский</a>&nbsp;/
+ <a href="/security/bulletin/2018-04-01.html?hl=zh-cn">中文&nbsp;(中国)</a>&nbsp;/
+ <a href="/security/bulletin/2018-04-01.html?hl=zh-tw">中文&nbsp;(台灣)</a>
+ -->
+ </td>
+ <td>April 2, 2018</td>
+ <td>2018-04-05</td>
+ </tr>
+ <tr>
<td><a href="/security/bulletin/2018-03-01.html">March 2018</a></td>
<td>Coming soon
<!--
diff --git a/en/security/bulletin/index.html b/en/security/bulletin/index.html
index 4cbf4c3b..b4bac017 100644
--- a/en/security/bulletin/index.html
+++ b/en/security/bulletin/index.html
@@ -68,6 +68,21 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi
<th>Security patch level</th>
</tr>
<tr>
+ <td><a href="/security/bulletin/2018-04-01.html">April 2018</a></td>
+ <td>Coming soon
+ <!--
+ <a href="/security/bulletin/2018-04-01.html">English</a>&nbsp;/
+ <a href="/security/bulletin/2018-04-01.html?hl=ja">日本語</a>&nbsp;/
+ <a href="/security/bulletin/2018-04-01.html?hl=ko">한국어</a>&nbsp;/
+ <a href="/security/bulletin/2018-04-01.html?hl=ru">ру́сский</a>&nbsp;/
+ <a href="/security/bulletin/2018-04-01.html?hl=zh-cn">中文&nbsp;(中国)</a>&nbsp;/
+ <a href="/security/bulletin/2018-04-01.html?hl=zh-tw">中文&nbsp;(台灣)</a>
+ -->
+ </td>
+ <td>April 2, 2018</td>
+ <td>2018-04-05</td>
+ </tr>
+ <tr>
<td><a href="/security/bulletin/2018-03-01.html">March 2018</a></td>
<td>Coming soon
<!--
diff --git a/en/security/bulletin/pixel/2018-02-01.html b/en/security/bulletin/pixel/2018-02-01.html
index 6ebbbb9e..c8bcb259 100644
--- a/en/security/bulletin/pixel/2018-02-01.html
+++ b/en/security/bulletin/pixel/2018-02-01.html
@@ -22,7 +22,7 @@
-->
-<p><em>Published February 5, 2018 | Updated February 7, 2018</em></p>
+<p><em>Published February 5, 2018 | Updated April 2, 2018</em></p>
<p>
The Pixel&hairsp;/&hairsp;Nexus Security Bulletin contains details of security
@@ -249,6 +249,16 @@ Upstream kernel</a></td>
<th>Component</th>
</tr>
<tr>
+ <td>CVE-2017-15817</td>
+ <td>A-68992394<br />
+ <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=8ba78e506e5002cdae525dd544dbf1df0ccce1ef">
+QC-CR#2076603</a>
+ [<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=fe43c2b64ac81199de17efc258e95546cb0546f1">2</a>]</td>
+ <td>RCE</td>
+ <td>Critical</td>
+ <td>WLan</td>
+ </tr>
+ <tr>
<td>CVE-2017-15859</td>
<td>A-65468985<br />
<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=88dcc44ea8fbe158d1dee3ea197e47794bf4449d">
@@ -620,6 +630,11 @@ bulletin, are not required for declaring a security patch level.
<td>February 7, 2018</td>
<td>Bulletin revised to include AOSP links.</td>
</tr>
+ <tr>
+ <td>1.3</td>
+ <td>April 2, 2018</td>
+ <td>Moved CVE-2017-15817 from the February Android Bulletin to the February Pixel Bulletin.</td>
+ </tr>
</table>
</body></html>
diff --git a/en/security/bulletin/pixel/2018-03-01.html b/en/security/bulletin/pixel/2018-03-01.html
index 799216b5..80184531 100644
--- a/en/security/bulletin/pixel/2018-03-01.html
+++ b/en/security/bulletin/pixel/2018-03-01.html
@@ -162,15 +162,6 @@ additional references are linked to numbers following the bug ID.
<td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
</tr>
<tr>
- <td>CVE-2017-13266</td>
- <td><a href="https://android.googlesource.com/platform/system/bt/+/2f2043f18463a5c963c138d24346870b1066e7a6">
- A-69478941</a>
- </td>
- <td>EoP</td>
- <td>Moderate</td>
- <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
- </tr>
- <tr>
<td>CVE-2017-13268</td>
<td><a href="https://android.googlesource.com/platform/system/bt/+/49a57cd2346a716eca07153ac83026787fb9d03a">
A-67058064</a>
diff --git a/en/security/bulletin/pixel/2018-04-01.html b/en/security/bulletin/pixel/2018-04-01.html
new file mode 100644
index 00000000..0322f70a
--- /dev/null
+++ b/en/security/bulletin/pixel/2018-04-01.html
@@ -0,0 +1,1037 @@
+<html devsite>
+ <head>
+ <title>Pixel&hairsp;/&hairsp;Nexus Security Bulletin—April 2018</title>
+ <meta name="project_path" value="/_project.yaml" />
+ <meta name="book_path" value="/_book.yaml" />
+ </head>
+ <body>
+ <!--
+ Copyright 2018 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ //www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+
+<p><em>Published April 2, 2018 | Updated April 4, 2018</em></p>
+
+<p>
+The Pixel&hairsp;/&hairsp;Nexus Security Bulletin contains details of security
+vulnerabilities and functional improvements affecting
+<a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">supported
+Google Pixel and Nexus devices</a> (Google devices). For Google devices,
+security patch levels of 2018-04-05 or later address all issues in this
+bulletin and all issues in the <a href="/security/bulletin/2018-04-01">April
+2018 Android Security Bulletin</a>. To learn how to check a device's security
+patch level, see <a href="https://support.google.com/pixelphone/answer/4457705">Check
+and update your Android version</a>.</p>
+<p>
+All supported Google devices will receive an update to the 2018-04-05 patch
+level. We encourage all customers to accept these updates to their devices.
+</p>
+<p class="note">
+<strong>Note:</strong> The Google device firmware images are available on the
+<a href="https://developers.google.com/android/nexus/images">Google Developer
+site</a>.
+</p>
+
+<h2 id="announcements">Announcements</h2>
+<p>In addition to the security vulnerabilities described in the
+<a href="/security/bulletin/2018-04-01">April 2018 Android Security Bulletin</a>,
+Google devices also contain patches for the security vulnerabilities
+described below. Partners were notified of these issues at least a month ago
+and may choose to incorporate them as part of their device updates.</p>
+
+<h2 id="security-patches">Security patches</h2>
+<p>
+Vulnerabilities are grouped under the component that they affect. There is a
+description of the issue and a table with the CVE, associated references,
+<a href="#type">type of vulnerability</a>,
+<a href="https://source.android.com/security/overview/updates-resources.html#severity">severity</a>,
+and updated Android Open Source Project (AOSP) versions (where applicable). When
+available, we link the public change that addressed the issue to the bug ID,
+like the AOSP change list. When multiple changes relate to a single bug,
+additional references are linked to numbers following the bug ID.
+</p>
+
+<h3 id="framework">Framework</h3>
+
+<table>
+ <col width="17%">
+ <col width="19%">
+ <col width="9%">
+ <col width="14%">
+ <col width="39%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Type</th>
+ <th>Severity</th>
+ <th>Updated AOSP versions</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-13294</td>
+ <td><a href="https://android.googlesource.com/platform/packages/apps/Email/+/c3e0aba2a604ce7c3807d65df1e6a2b848287019">A-71814449</a>
+ [<a href="https://android.googlesource.com/platform/packages/apps/UnifiedEmail/+/e00598532bbfc8618b7c051cbf6bd15491f61f27">2</a>]</td>
+ <td>ID</td>
+ <td>Moderate</td>
+ <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-13295</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/base/+/a2a36541f0b3603335e74da0a8d2b6a9d5bcec3f">A-62537081</a></td>
+ <td>DoS</td>
+ <td>Moderate</td>
+ <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ </tr>
+</table>
+
+
+<h3 id="media-framework">Media framework</h3>
+
+<table>
+ <col width="17%">
+ <col width="19%">
+ <col width="9%">
+ <col width="14%">
+ <col width="39%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Type</th>
+ <th>Severity</th>
+ <th>Updated AOSP versions</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-13300</td>
+ <td>A-71567394<a href="#asterisk">*</a></td>
+ <td>DoS</td>
+ <td>High</td>
+ <td>6.0, 6.0.1</td>
+ </tr>
+ <tr>
+ <td rowspan="2">CVE-2017-13296</td>
+ <td rowspan="2"><a href="https://android.googlesource.com/platform/external/libavc/+/3e3e81ede5229c5a9c6b7bf6a63844ecf07ae3ae">A-70897454</a></td>
+ <td>ID</td>
+ <td>Moderate</td>
+ <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ </tr>
+ <tr>
+ <td>DoS</td>
+ <td>High</td>
+ <td>6.0, 6.0.1</td>
+ </tr>
+ <tr>
+ <td rowspan="2">CVE-2017-13297</td>
+ <td rowspan="2"><a href="https://android.googlesource.com/platform/external/libhevc/+/daaece3e79db33f6c473bb54a39933d387a9bf95">A-71766721</a></td>
+ <td>ID</td>
+ <td>Moderate</td>
+ <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ </tr>
+ <tr>
+ <td>DoS</td>
+ <td>High</td>
+ <td>6.0, 6.0.1</td>
+ </tr>
+ <tr>
+ <td rowspan="2">CVE-2017-13298</td>
+ <td rowspan="2"><a href="https://android.googlesource.com/platform/frameworks/av/+/12e25a753f4b6f0aa935e54bae66023bd8321598">A-72117051</a></td>
+ <td>ID</td>
+ <td>Moderate</td>
+ <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ </tr>
+ <tr>
+ <td>DoS</td>
+ <td>High</td>
+ <td>6.0, 6.0.1</td>
+ </tr>
+ <tr>
+ <td rowspan="2">CVE-2017-13299</td>
+ <td rowspan="2"><a href="https://android.googlesource.com/platform/external/libavc/+/d849abf312a365553ce68aec32dea93230036abe">A-70897394</a></td>
+ <td>NSI</td>
+ <td>NSI</td>
+ <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ </tr>
+ <tr>
+ <td>DoS</td>
+ <td>High</td>
+ <td>6.0, 6.0.1</td>
+ </tr>
+</table>
+
+
+<h3 id="system">System</h3>
+
+<table>
+ <col width="17%">
+ <col width="19%">
+ <col width="9%">
+ <col width="14%">
+ <col width="39%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Type</th>
+ <th>Severity</th>
+ <th>Updated AOSP versions</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-13301</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/base/+/384689934d293acf532e3fea3e72ef78df4f2d1e">A-66498711</a>
+ [<a href="https://android.googlesource.com/platform/frameworks/base/+/d52b215f82e464705373d794748325298f0a1f9a">2</a>]</td>
+ <td>DoS</td>
+ <td>Moderate</td>
+ <td>8.0</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-13302</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/base/+/e54ad58aea33860fbb36bf828684e3df6393f602">A-69969749</a></td>
+ <td>DoS</td>
+ <td>Moderate</td>
+ <td>8.0</td>
+ </tr>
+</table>
+
+
+<h3 id="broadcom-components">Broadcom components</h3>
+
+<table>
+ <col width="17%">
+ <col width="19%">
+ <col width="9%">
+ <col width="14%">
+ <col width="39%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Type</th>
+ <th>Severity</th>
+ <th>Component</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-13303</td>
+ <td>A-71359108<a href="#asterisk">*</a><br />
+ B-V2018010501</td>
+ <td>ID</td>
+ <td>Moderate</td>
+ <td>bcmdhd driver</td>
+ </tr>
+</table>
+
+
+<h3 id="kernel-components">Kernel components</h3>
+
+<table>
+ <col width="17%">
+ <col width="19%">
+ <col width="9%">
+ <col width="14%">
+ <col width="39%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Type</th>
+ <th>Severity</th>
+ <th>Component</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-13304</td>
+ <td>A-70576999<a href="#asterisk">*</a></td>
+ <td>ID</td>
+ <td>Moderate</td>
+ <td>mnh_sm driver</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-13305</td>
+ <td>A-70526974<a href="#asterisk">*</a></td>
+ <td>ID</td>
+ <td>Moderate</td>
+ <td>encrypted-keys</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-17449</td>
+ <td>A-70980949<br />
+ <a href="https://lkml.org/lkml/2017/12/5/950">Upstream kernel</a></td>
+ <td>ID</td>
+ <td>Moderate</td>
+ <td>netlink tap</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-13306</td>
+ <td>A-70295063<a href="#asterisk">*</a></td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>mnh driver</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-13307</td>
+ <td>A-69128924<a href="#asterisk">*</a></td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>pci sysfs</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-17712</td>
+ <td>A-71500434<br />
+ <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8f659a03a0ba9289b9aeb9b4470e6fb263d6f483">
+Upstream kernel</a></td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>net ipv4</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-15115</td>
+ <td>A-70217214<br />
+ <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=df80cd9b28b9ebaa284a41df611dbf3a2d05ca74">
+Upstream kernel</a></td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>sctp</td>
+ </tr>
+</table>
+
+
+<h3 id="qualcomm-components">Qualcomm components</h3>
+
+<table>
+ <col width="17%">
+ <col width="25%">
+ <col width="9%">
+ <col width="14%">
+ <col width="33%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Type</th>
+ <th>Severity</th>
+ <th>Component</th>
+ </tr>
+ <tr>
+ <td>CVE-2018-3598</td>
+ <td>A-71501698<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=bfd8ffc65e6e82de2adceba58bd67137fb3b2024">
+QC-CR#1097390</a></td>
+ <td>ID</td>
+ <td>Moderate</td>
+ <td>camera_v2 driver</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-5826</td>
+ <td>A-69128800<a href="#asterisk">*</a><br />
+ QC-CR#2157283</td>
+ <td>ID</td>
+ <td>Moderate</td>
+ <td>qcacld-3.0 hdd driver</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-15853</td>
+ <td>A-65853393<a href="#asterisk">*</a><br />
+ QC-CR#2116517<br />
+ QC-CR#2125577</td>
+ <td>ID</td>
+ <td>Moderate</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-3584</td>
+ <td>A-64610600<a href="#asterisk">*</a><br />
+ QC-CR#2142046</td>
+ <td>ID</td>
+ <td>Moderate</td>
+ <td>rmnet_usb</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8269</td>
+ <td>A-33967002<a href="#asterisk">*</a><br />
+ QC-CR#2013145<br />
+ QC-CR#2114278</td>
+ <td>ID</td>
+ <td>Moderate</td>
+ <td>IPA driver</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-15837</td>
+ <td>A-64403015<a href="#asterisk">*</a><br />
+ QC-CR#2116387</td>
+ <td>ID</td>
+ <td>Moderate</td>
+ <td>NL80211 driver</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-5823</td>
+ <td>A-72957335<br />
+ <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=fc5bbedd4ab9fd5239be8618afe714d39dd8de49">
+QC-CR#2139436</a></td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-5825</td>
+ <td>A-72957269<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=5ae227670444cf8ea7b8a8d98eab41404a03332f">QC-CR#2151146</a>
+ [<a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=cf0f031ffbb6a8e08e517f653045c3f81d7f2663">2</a>]
+ [<a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=09a34b7878a732187f9138900667d8abb2b1c39c">3</a>]</td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>IPA driver</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-5824</td>
+ <td>A-72957235<br />
+ <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=b34f6f3afe229e32a32418f75889279f6e00d157">QC-CR#2149399</a>
+ [<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=d3a92a1656a3ee2fc44d4ff98614a4f5b70f1893">2</a>]</td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-5827</td>
+ <td>A-72956920<br />
+ <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=53e6d889ac29336ba212a0d4a987455a85736fa8">
+QC-CR#2161977</a></td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-5822</td>
+ <td>A-71501692<br />
+ <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=edc42ce371b6831dc55a15bc2624175bd538aa37">
+QC-CR#2115221</a></td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>QC WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-5821</td>
+ <td>A-71501687<br />
+ <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=08ab943766abe845a8fae21689bae18dd74e9b20">
+QC-CR#2114363</a></td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>modem driver</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-5820</td>
+ <td>A-71501686<br />
+ <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=a4a8475ea650c16705a3eaa011524820dc5ffd44">
+QC-CR#2114336</a></td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>Modem driver</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-3599</td>
+ <td>A-71501666<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=cf2702c1a77d2a164a3be03597eff7e6fe5f967e">
+QC-CR#2047235</a></td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>Qualcomm Core Services</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-3596</td>
+ <td>A-35263529<a href="#asterisk">*</a><br />
+ QC-CR#640898</td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-3568</td>
+ <td>A-72957136<br />
+ <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=70cd30a5c1fdd02af19cf0e34c41842cce89a82d">
+QC-CR#2152824</a></td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-3567</td>
+ <td>A-72956997<br />
+ <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=f2627fca43bc4403a445c2b84481383ac0249364">QC-CR#2147119</a>
+ [<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=25c131e8a807894e04f95bdeb1cbd0376eda3bea">2</a>]</td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-15855</td>
+ <td>A-72957336<br />
+ <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=75c0ea8622bb07716d2a82247e6dd1597980f223">
+QC-CR#2149501</a></td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-5828</td>
+ <td>A-71501691<br />
+ <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=6299a6bf166a60a47e9108ae2119027e787432d0">
+QC-CR#2115207</a></td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>QC WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-15836</td>
+ <td>A-71501693<br />
+ <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=058e1eef2b1422bc0dd70f73832f1ac8a3dbe806">
+QC-CR#2119887</a></td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>QC WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-14890</td>
+ <td>A-71501695<br />
+ <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=234e14add09a1ba4a1b1d81d474ac3978dc94fd6">
+QC-CR#2120751</a></td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>QC WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-14894</td>
+ <td>A-71501694<br />
+ <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=dfca3d8173c1548a97e558cb8abd1ffd2483f8b7">
+QC-CR#2120424</a></td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>QC WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-14880</td>
+ <td>A-68992477<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=cbf3702ae1c5e2cacd6f15a5eb7a799e2f1ed96f">
+QC-CR#2078734</a>
+ [<a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=d72e444dce0b9d20fdcdc4daeb6227e3536eebf7">2</a>]</td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>IPA WAN driver</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-11075</td>
+ <td>A-70237705<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=7a07165c62926e899b710e1fed31532f31797dd5">
+QC-CR#2098332</a></td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>Audio DSP driver</td>
+ </tr>
+</table>
+
+<h2 id="functional-updates">Functional updates</h2>
+<p>
+These updates are included for affected Pixel devices to address functionality
+issues not related to the security of Pixel devices. The table includes
+associated references; the affected category, such as Bluetooth or mobile data;
+and a summary of the issue.
+</p>
+
+<table>
+ <tr>
+ <th>References</th>
+ <th>Category</th>
+ <th>Improvements</th>
+ <th>Devices</th>
+ </tr>
+ <tr>
+ <td>A-35963245</td>
+ <td>Performance</td>
+ <td>Enable Assisted Dialing support</td>
+ <td>Pixel 2, Pixel 2 XL</td>
+ </tr>
+ <tr>
+ <td>A-37681923<br>
+ A-68215016</td>
+ <td>Logging</td>
+ <td>Improve anomaly detection metrics</td>
+ <td>All</td>
+ </tr>
+ <tr>
+ <td>A-63908720</td>
+ <td>Logging</td>
+ <td>Improve diskstats logging</td>
+ <td>All</td>
+ </tr>
+ <tr>
+ <td>A-64101451</td>
+ <td>Performance</td>
+ <td>Improve handover from VoLTE to VoWi-Fi during Emergency calls on certain carriers</td>
+ <td>Pixel, Pixel XL, Pixel 2, Pixel 2 XL</td>
+ </tr>
+ <tr>
+ <td>A-64586126</td>
+ <td>Camera</td>
+ <td>Improve microvideo performance in Google Camera</td>
+ <td>Pixel, Pixel XL, Pixel 2, Pixel 2 XL</td>
+ </tr>
+ <tr>
+ <td>A-64610438</td>
+ <td>Performance</td>
+ <td>Reduce delays upon opening specific apps</td>
+ <td>Pixel 2, Pixel 2 XL</td>
+ </tr>
+ <tr>
+ <td>A-65175134</td>
+ <td>Video</td>
+ <td>Improve decoding of certain video streams</td>
+ <td>Pixel, Pixel XL</td>
+ </tr>
+ <tr>
+ <td>A-65347520</td>
+ <td>Performance</td>
+ <td>Improve fingerprint and keyboard latency in certain situations</td>
+ <td>Pixel 2, Pixel 2 XL</td>
+ </tr>
+ <tr>
+ <td>A-65490850</td>
+ <td>UI</td>
+ <td>Adjust notifications when entering or exiting Wi-Fi coverage during a video call</td>
+ <td>Pixel 2, Pixel 2 XL</td>
+ </tr>
+ <tr>
+ <td>A-65509134</td>
+ <td>Connectivity</td>
+ <td>Enable IMS911 on certain networks</td>
+ <td>Pixel 2, Pixel 2 XL, Pixel, Pixel XL</td>
+ </tr>
+ <tr>
+ <td>A-66951771</td>
+ <td>Logging</td>
+ <td>Detect Wi-Fi Passport statistics for developers</td>
+ <td>All</td>
+ </tr>
+ <tr>
+ <td>A-66957450</td>
+ <td>Performance</td>
+ <td>Improve lock screen performance</td>
+ <td>All</td>
+ </tr>
+ <tr>
+ <td>A-67094673</td>
+ <td>Logging</td>
+ <td>Improve start time logging</td>
+ <td>All</td>
+ </tr>
+ <tr>
+ <td>A-67589241</td>
+ <td>Performance</td>
+ <td>Improve magnetic sensor performance on Pixel 2/Pixel 2 XL</td>
+ <td>Pixel 2, Pixel 2 XL</td>
+ </tr>
+ <tr>
+ <td>A-67593274</td>
+ <td>Battery</td>
+ <td>Reduce battery drain after modem issues</td>
+ <td>Pixel 2, Pixel 2 XL</td>
+ </tr>
+ <tr>
+ <td>A-67634615</td>
+ <td>Stability</td>
+ <td>Improve modem stability on Pixel and Pixel 2 phones</td>
+ <td>Pixel, Pixel XL, Pixel 2, Pixel 2 XL</td>
+ </tr>
+ <tr>
+ <td>A-67750231</td>
+ <td>UI</td>
+ <td>Adjust Call Forwarding UI</td>
+ <td>Nexus 5X, Pixel, Pixel XL, Pixel 2, Pixel 2 XL</td>
+ </tr>
+ <tr>
+ <td>A-67774904</td>
+ <td>Connectivity</td>
+ <td>Improve multi-calling performance over Wi-Fi</td>
+ <td>Pixel, Pixel XL</td>
+ </tr>
+ <tr>
+ <td>A-67777512</td>
+ <td>Connectivity</td>
+ <td>Improve data connectivity for T-Mobile users in parts of Australia</td>
+ <td>Pixel, Pixel XL</td>
+ </tr>
+ <tr>
+ <td>A-67882977</td>
+ <td>Certification</td>
+ <td>Update certification</td>
+ <td>Pixel, Pixel XL</td>
+ </tr>
+ <tr>
+ <td>A-68150449<br>
+ A-68059359<br>
+ A-69797741<br>
+ A-69378640<br>
+ A-68824279</td>
+ <td>Stability</td>
+ <td>Improve Wi-Fi stability on Pixel 2 phones</td>
+ <td>Pixel 2, Pixel 2 XL</td>
+ </tr>
+ <tr>
+ <td>A-68217064</td>
+ <td>Performance</td>
+ <td>Improve handover to Wi-Fi Calling in low-coverage areas</td>
+ <td>Pixel 2, Pixel 2 XL</td>
+ </tr>
+ <tr>
+ <td>A-68398312</td>
+ <td>Performance</td>
+ <td>Improve conference call performance over Wifi</td>
+ <td>Pixel 2, Pixel 2 XL</td>
+ </tr>
+ <tr>
+ <td>A-68671462</td>
+ <td>Connectivity</td>
+ <td>Improve VoLTE performance for some carriers</td>
+ <td>Nexus 5X, Pixel, Pixel XL, Pixel 2, Pixel 2 XL</td>
+ </tr>
+ <tr>
+ <td>A-68841424</td>
+ <td>Connectivity</td>
+ <td>Adjust APN updating behavior</td>
+ <td>All</td>
+ </tr>
+ <tr>
+ <td>A-68863351</td>
+ <td>UI</td>
+ <td>Improve settings app icons</td>
+ <td>All</td>
+ </tr>
+ <tr>
+ <td>A-68923696<br>
+ A-68922470<br>
+ A-68940490</td>
+ <td>Certification</td>
+ <td>Upgrade certificates to ensure continued service.</td>
+ <td>Nexus 5X, Pixel, Pixel XL, Pixel 2, Pixel 2 XL</td>
+ </tr>
+ <tr>
+ <td>A-68931709</td>
+ <td>Developer</td>
+ <td>Add methods to PeerHandle API for developers</td>
+ <td>All</td>
+ </tr>
+ <tr>
+ <td>A-68959671</td>
+ <td>Connectivity</td>
+ <td>Update Verizon Service APK for Pixel phones</td>
+ <td>Pixel, Pixel XL, Pixel 2, Pixel 2 XL</td>
+ </tr>
+ <tr>
+ <td>A-69003183</td>
+ <td>Logging</td>
+ <td>Improve Wi-Fi and RPM logging</td>
+ <td>Pixel 2, Pixel 2 XL</td>
+ </tr>
+ <tr>
+ <td>A-69017578<br>
+ A-68138080<br>
+ A-68205105<br>
+ A-70731000<br>
+ A-69574837<br>
+ A-68474108<br>
+ A-70406781</td>
+ <td>Connectivity, Performance</td>
+ <td>Improve connectivity and performance on certain carrier networks</td>
+ <td>Pixel, Pixel XL, Pixel 2, Pixel 2 XL</td>
+ </tr>
+ <tr>
+ <td>A-69064494</td>
+ <td>Performance</td>
+ <td>Improve notification listening apps</td>
+ <td>All</td>
+ </tr>
+ <tr>
+ <td>A-69152057</td>
+ <td>Connectivity</td>
+ <td>Address call forwarding issue.</td>
+ <td>All</td>
+ </tr>
+ <tr>
+ <td>A-69209000</td>
+ <td>Connectivity</td>
+ <td>Improve internet connectivity on Pixel 2 on certain WiFi networks</td>
+ <td>Pixel 2</td>
+ </tr>
+ <tr>
+ <td>A-69238007<br>
+ A-68202289<br>
+ A-69334308</td>
+ <td>Connectivity</td>
+ <td>Adjust APN settings</td>
+ <td>Nexus 5X, Pixel, Pixel XL, Pixel 2, Pixel 2 XL</td>
+ </tr>
+ <tr>
+ <td>A-69261367<br>
+ A-70512352</td>
+ <td>Messaging</td>
+ <td>Improve MMS messaging performance on certain carriers</td>
+ <td>Nexus 5X, Pixel, Pixel XL, Pixel 2, Pixel 2 XL</td>
+ </tr>
+ <tr>
+ <td>A-69275204</td>
+ <td>Battery</td>
+ <td>Adjust battery learned capacity increment and decrement limits</td>
+ <td>Pixel 2, Pixel 2 XL</td>
+ </tr>
+ <tr>
+ <td>A-69334266</td>
+ <td>Connectivity</td>
+ <td>Change voice domain to CS for certain carriers</td>
+ <td>Pixel XL</td>
+ </tr>
+ <tr>
+ <td>A-69475609</td>
+ <td>Performance</td>
+ <td>Adjust timeouts for Phone App</td>
+ <td>All</td>
+ </tr>
+ <tr>
+ <td>A-69672417</td>
+ <td>Stability</td>
+ <td>Improve stability for Pixel 2 devices in certain parts of Canada</td>
+ <td>Pixel 2, Pixel 2 XL</td>
+ </tr>
+ <tr>
+ <td>A-69848394<br>
+ A-68275646</td>
+ <td>Performance</td>
+ <td>Improve instant Apps performance</td>
+ <td>All</td>
+ </tr>
+ <tr>
+ <td>A-69870527</td>
+ <td>UI</td>
+ <td>Improve indicators for emergency call connectivity</td>
+ <td>Pixel 2, Pixel 2 XL</td>
+ </tr>
+ <tr>
+ <td>A-70045970</td>
+ <td>Battery</td>
+ <td>Optimize search logic to improve battery performance.</td>
+ <td>Pixel 2, Pixel 2 XL</td>
+ </tr>
+ <tr>
+ <td>A-70094083<br>
+ A-70094701</td>
+ <td>Battery</td>
+ <td>Improve battery logging for Pixel 2 and Pixel 2 XL</td>
+ <td>Pixel 2, Pixel 2 XL</td>
+ </tr>
+ <tr>
+ <td>A-70214869</td>
+ <td>GPS</td>
+ <td>Improve GPS Time performance on Pixel 2 XL</td>
+ <td>Pixel 2 XL</td>
+ </tr>
+ <tr>
+ <td>A-70338906</td>
+ <td>Audio</td>
+ <td>Improve audio speaker performance during phone calls</td>
+ <td>All</td>
+ </tr>
+ <tr>
+ <td>A-70398372</td>
+ <td>UI</td>
+ <td>Adjust advanced calling settings for Verizon</td>
+ <td>Nexus 5X, Pixel, Pixel XL, Pixel 2, Pixel 2 XL</td>
+ </tr>
+ <tr>
+ <td>A-70576351</td>
+ <td>Connectivity</td>
+ <td>Change to prioritize certain bands</td>
+ <td>Nexus 5X, Pixel, Pixel XL, Pixel 2, Pixel 2 XL</td>
+ </tr>
+ <tr>
+ <td>A-70580873<br>
+ A-70912923<br>
+ A-71497259</td>
+ <td>Connectivity</td>
+ <td>Improve in-call performance for some carriers</td>
+ <td>Pixel, Pixel XL, Pixel 2, Pixel 2 XL</td>
+ </tr>
+ <tr>
+ <td>A-70815434</td>
+ <td>Connectivity</td>
+ <td>Improve network performance on Simyo carrier</td>
+ <td>Nexus 5X</td>
+ </tr>
+ <tr>
+ <td>A-71708302</td>
+ <td>Logging</td>
+ <td>Improve connectivity metrics</td>
+ <td>All</td>
+ </tr>
+ <tr>
+ <td>A-71983424</td>
+ <td>Performance</td>
+ <td>Improve experience switching between LTE and Wifi</td>
+ <td>Pixel 2 XL</td>
+ </tr>
+ <tr>
+ <td>A-72119809</td>
+ <td>Connectivity</td>
+ <td>Improve data performance for devices with certain SIM cards</td>
+ <td>All</td>
+ </tr>
+ <tr>
+ <td>A-72175011</td>
+ <td>Logging</td>
+ <td>Improve autofill logging</td>
+ <td>All</td>
+ </tr>
+ <tr>
+ <td>A-72797728<br>
+ A-71599119</td>
+ <td>Logging</td>
+ <td>Improve internal troubleshooting tools</td>
+ <td>All</td>
+ </tr>
+ <tr>
+ <td>A-72871435</td>
+ <td>Logging</td>
+ <td>Improve network logging</td>
+ <td>All</td>
+ </tr>
+</table>
+
+<h2 id="common-questions-and-answers">Common questions and answers</h2>
+<p>
+This section answers common questions that may occur after reading this
+bulletin.
+</p>
+<p>
+<strong>1. How do I determine if my device is updated to address these issues?
+</strong>
+</p>
+<p>
+Security patch levels of 2018-04-05 or later address all issues associated with
+the 2018-04-05 security patch level and all previous patch levels. To learn how
+to check a device's security patch level, read the instructions on the
+<a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel
+and Nexus update schedule</a>.
+</p>
+<p id="type">
+<strong>2. What do the entries in the <em>Type</em> column mean?</strong>
+</p>
+<p>
+Entries in the <em>Type</em> column of the vulnerability details table reference
+the classification of the security vulnerability.
+</p>
+<table>
+ <col width="25%">
+ <col width="75%">
+ <tr>
+ <th>Abbreviation</th>
+ <th>Definition</th>
+ </tr>
+ <tr>
+ <td>RCE</td>
+ <td>Remote code execution</td>
+ </tr>
+ <tr>
+ <td>EoP</td>
+ <td>Elevation of privilege</td>
+ </tr>
+ <tr>
+ <td>ID</td>
+ <td>Information disclosure</td>
+ </tr>
+ <tr>
+ <td>DoS</td>
+ <td>Denial of service</td>
+ </tr>
+ <tr>
+ <td>N/A</td>
+ <td>Classification not available</td>
+ </tr>
+</table>
+<p>
+<strong>3. What do the entries in the <em>References</em> column mean?</strong>
+</p>
+<p>
+Entries under the <em>References</em> column of the vulnerability details table
+may contain a prefix identifying the organization to which the reference value
+belongs.
+</p>
+<table>
+ <col width="25%">
+ <col width="75%">
+ <tr>
+ <th>Prefix</th>
+ <th>Reference</th>
+ </tr>
+ <tr>
+ <td>A-</td>
+ <td>Android bug ID</td>
+ </tr>
+ <tr>
+ <td>QC-</td>
+ <td>Qualcomm reference number</td>
+ </tr>
+ <tr>
+ <td>M-</td>
+ <td>MediaTek reference number</td>
+ </tr>
+ <tr>
+ <td>N-</td>
+ <td>NVIDIA reference number</td>
+ </tr>
+ <tr>
+ <td>B-</td>
+ <td>Broadcom reference number</td>
+ </tr>
+</table>
+<p id="asterisk">
+<strong>4. What does a * next to the Android bug ID in the <em>References</em>
+column mean?</strong>
+</p>
+<p>
+Issues that are not publicly available have a * next to the Android bug ID in
+the <em>References</em> column. The update for that issue is generally contained
+in the latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">Google Developer
+site</a>.
+</p>
+<p>
+<strong>5. Why are security vulnerabilities split between this bulletin and the
+Android Security Bulletins?</strong>
+</p>
+<p>
+Security vulnerabilities that are documented in the Android Security Bulletins
+are required in order to declare the latest security patch level on Android
+devices. Additional security vulnerabilities, such as those documented in this
+bulletin, are not required for declaring a security patch level.
+</p>
+<h2 id="versions">Versions</h2>
+<table>
+ <col width="25%">
+ <col width="25%">
+ <col width="50%">
+ <tr>
+ <th>Version</th>
+ <th>Date</th>
+ <th>Notes</th>
+ </tr>
+ <tr>
+ <td>1.0</td>
+ <td>April 2, 2018</td>
+ <td>Bulletin published.</td>
+ </tr>
+ <tr>
+ <td>1.1</td>
+ <td>April 4, 2018</td>
+ <td>Bulletin revised to include AOSP links.</td>
+ </tr>
+</table>
+</body></html>
diff --git a/en/security/bulletin/pixel/2018.html b/en/security/bulletin/pixel/2018.html
index a7dfa4b4..f4a08522 100644
--- a/en/security/bulletin/pixel/2018.html
+++ b/en/security/bulletin/pixel/2018.html
@@ -39,6 +39,21 @@ Bulletins</a> homepage.</p>
<th>Security patch level</th>
</tr>
<tr>
+ <td><a href="/security/bulletin/pixel/2018-04-01.html">April 2018</a></td>
+ <td>Coming soon
+ <!--
+ <a href="/security/bulletin/pixel/2018-04-01.html">English</a>&nbsp;/
+ <a href="/security/bulletin/pixel/2018-04-01.html?hl=ja">日本語</a>&nbsp;/
+ <a href="/security/bulletin/pixel/2018-04-01.html?hl=ko">한국어</a>&nbsp;/
+ <a href="/security/bulletin/pixel/2018-04-01.html?hl=ru">ру́сский</a>&nbsp;/
+ <a href="/security/bulletin/pixel/2018-04-01.html?hl=zh-cn">中文&nbsp;(中国)</a>&nbsp;/
+ <a href="/security/bulletin/pixel/2018-04-01.html?hl=zh-tw">中文&nbsp;(台灣)</a>
+ -->
+ </td>
+ <td>April 2018</td>
+ <td>2018-04-05</td>
+ </tr>
+ <tr>
<td><a href="/security/bulletin/pixel/2018-03-01.html">March 2018</a></td>
<td>Coming soon
<!--
diff --git a/en/security/bulletin/pixel/index.html b/en/security/bulletin/pixel/index.html
index 4a018ab9..95f1eafd 100644
--- a/en/security/bulletin/pixel/index.html
+++ b/en/security/bulletin/pixel/index.html
@@ -59,6 +59,21 @@ AOSP 24&ndash;48 hours after the Pixel&hairsp;/&hairsp;Nexus bulletin is release
<th>Security patch level</th>
</tr>
<tr>
+ <td><a href="/security/bulletin/pixel/2018-04-01.html">April 2018</a></td>
+ <td>Coming soon
+ <!--
+ <a href="/security/bulletin/pixel/2018-04-01.html">English</a>&nbsp;/
+ <a href="/security/bulletin/pixel/2018-04-01.html?hl=ja">日本語</a>&nbsp;/
+ <a href="/security/bulletin/pixel/2018-04-01.html?hl=ko">한국어</a>&nbsp;/
+ <a href="/security/bulletin/pixel/2018-04-01.html?hl=ru">ру́сский</a>&nbsp;/
+ <a href="/security/bulletin/pixel/2018-04-01.html?hl=zh-cn">中文&nbsp;(中国)</a>&nbsp;/
+ <a href="/security/bulletin/pixel/2018-04-01.html?hl=zh-tw">中文&nbsp;(台灣)</a>
+ -->
+ </td>
+ <td>April 2018</td>
+ <td>2018-04-05</td>
+ </tr>
+ <tr>
<td><a href="/security/bulletin/pixel/2018-03-01.html">March 2018</a></td>
<td>Coming soon
<!--
diff --git a/en/security/overview/acknowledgements.html b/en/security/overview/acknowledgements.html
index 9d1250fd..74c88b2e 100644
--- a/en/security/overview/acknowledgements.html
+++ b/en/security/overview/acknowledgements.html
@@ -38,6 +38,149 @@ Rewards</a> program.</p>
acknowledgements were listed together.</p>
+<h4 id="apr-2018">April</h4>
+
+<table>
+ <col width="70%">
+ <col width="30%">
+ <tr>
+ <th>Researchers</th>
+ <th>CVEs</th>
+ </tr>
+ <tr>
+ <td>Billy Lau of Google
+ </td>
+ <td>CVE-2017-13305
+ </td>
+ </tr>
+ <tr>
+ <td><a href="http://weibo.com/csddl">Chong Wang</a> and <a href="http://weibo.com/ele7enxxh">Zinuo Han</a> from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd
+ </td>
+ <td>CVE-2017-13289, CVE-2017-13286
+ </td>
+ </tr>
+ <tr>
+ <td>Cusas @ Huawei L.O. Team
+ </td>
+ <td>CVE-2017-13279
+ </td>
+ </tr>
+ <tr>
+ <td>Daxing Guo of Tencent's Xuanwu Lab
+ </td>
+ <td>CVE-2017-13292, CVE-2017-13303
+ </td>
+ </tr>
+ <tr>
+ <td>Dinesh Venkatesan (<a href="https://twitter.com/malwareresearch">@malwareresearch</a>) from Symantec
+ </td>
+ <td>CVE-2017-13295
+ </td>
+ </tr>
+ <tr>
+ <td>Elphet and Gong Guang of Alpha Team, Qihoo 360 Technology Co. Ltd
+ </td>
+ <td>CVE-2017-13276
+ </td>
+ </tr>
+ <tr>
+ <td>En He(<a href="https://twitter.com/heeeeen4x">@heeeeen4x</a>) and Bo Liu of <a href="http://www.ms509.com">MS509Team</a>
+ </td>
+ <td>CVE-2017-13294
+ </td>
+ </tr>
+ <tr>
+ <td>Eric Leong (<a href="https://twitter.com/ericwleong">@ericwleong</a>)
+ </td>
+ <td>CVE-2017-13301
+ </td>
+ </tr>
+ <tr>
+ <td>Hao Chen and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd.
+ </td>
+ <td>CVE-2018-3596
+ </td>
+ </tr>
+ <tr>
+ <td>Haosheng Wang (<a href="https://twitter.com/gnehsoah">@gnehsoah</a>)
+ </td>
+ <td>CVE-2017-13280
+ </td>
+ </tr>
+ <tr>
+ <td>Jean-Baptiste Cayrou (<a href="https://twitter.com/jbcayrou">@jbcayrou</a>)
+ </td>
+ <td>CVE-2017-13284
+ </td>
+ </tr>
+ <tr>
+ <td>Jianjun Dai(<a href="https://twitter.com/Jioun_dai">@Jioun_dai</a>) and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd
+ </td>
+ <td>CVE-2017-13291, CVE-2017-13283, CVE-2017-13282, CVE-2017-13281, CVE-2017-13267
+ </td>
+ </tr>
+ <tr>
+ <td><a href="https://github.com/michalbednarski">Michał Bednarski</a>
+ </td>
+ <td>CVE-2017-13287
+ </td>
+ </tr>
+ <tr>
+ <td>Patrick Delvenne (<a href="https://twitter.com/wintzx">@wintzx</a>) Orange Labs
+ </td>
+ <td>CVE-2018-3584
+ </td>
+ </tr>
+ <tr>
+ <td>Pengfei Ding(丁鹏飞), Chenfu Bao(包沉浮), Lenx Wei(韦韬) of Baidu X-Lab(百度安全实验室)
+ </td>
+ <td>CVE-2017-13306, CVE-2017-13290, CVE-2017-15837
+ </td>
+ </tr>
+ <tr>
+ <td>Tencent Blade Team
+ </td>
+ <td>CVE-2017-15853
+ </td>
+ </tr>
+ <tr>
+ <td>Vasily Vasiliev
+ </td>
+ <td>CVE-2017-13297
+ </td>
+ </tr>
+ <tr>
+ <td>Weichao Sun of Alibaba Inc (<a href="https://twitter.com/sunblate">@sunblate</a>)
+ </td>
+ <td>CVE-2017-13277
+ </td>
+ </tr>
+ <tr>
+ <td><a href="mailto:huahuaisadog@gmail.com">Yang Dai</a> and <a href="http://weibo.com/panyu6325">Yu Pan</a> of Vulpecker Team, Qihoo 360 Technology Co. Ltd
+ </td>
+ <td>CVE-2017-13304
+ </td>
+ </tr>
+ <tr>
+ <td>Yonggang Guo (<a href="https://twitter.com/guoygang">@guoygang</a>) of IceSword Lab, Qihoo 360 Technology Co. Ltd
+ </td>
+ <td>CVE-2017-8269, CVE-2017-13307, CVE-2018-5826
+ </td>
+ </tr>
+ <tr>
+ <td>Zhongwen & Chao Dai @ Huawei L.O. Team
+ </td>
+ <td>CVE-2017-13274
+ </td>
+ </tr>
+ <tr>
+ <td><a href="http://weibo.com/ele7enxxh">Zinuo Han</a> from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd
+ </td>
+ <td>CVE-2017-13288, CVE-2017-13298, CVE-2017-13296, CVE-2017-13299, CVE-2017-13275, CVE-2017-13285
+ </td>
+ </tr>
+</table>
+
<h4 id="mar-2018">March</h4>
diff --git a/en/security/overview/updates-resources.html b/en/security/overview/updates-resources.html
index cebad2f2..508747fe 100644
--- a/en/security/overview/updates-resources.html
+++ b/en/security/overview/updates-resources.html
@@ -324,6 +324,8 @@ sites. Good places to start:<br>
<h3 id="reports">Reports</h3>
<p>Sometimes the Android Security team publishes reports or whitepapers. Here are some of the most recent.</p>
<ul>
+ <li><a href="/security/reports/Google_Android_Security_2017_Report_Final.pdf">
+ Android Security 2017 Year In Review</a></li>
<li><a href="/security/reports/Google_Android_Security_2016_Report_Final.pdf">
Android Security 2016 Year In Review</a></li>
<li><a href="/security/reports/Google_Android_Security_2015_Report_Final.pdf">
diff --git a/en/setup/_toc.yaml b/en/setup/_toc.yaml
index b4648b20..b82fb73e 100644
--- a/en/setup/_toc.yaml
+++ b/en/setup/_toc.yaml
@@ -1,69 +1,69 @@
toc:
+- title: Overview
+ path: /setup/
- title: Getting Started
section:
- - title: Overview
- path: /setup/
- title: Codelines, Branches, and Releases
- path: /setup/code-lines
+ path: /setup/start/codelines
- title: Codenames, Tags, and Build Numbers
- path: /setup/build-numbers
+ path: /setup/start/build-numbers
- title: Project Roles
- path: /setup/roles
+ path: /setup/start/roles
- title: Brand Guidelines
- path: /setup/brands
+ path: /setup/start/brands
- title: Licenses
- path: /setup/licenses
+ path: /setup/start/licenses
- title: FAQ
- path: /setup/faqs
+ path: /setup/start/faqs
- title: Site Updates
- path: /setup/site-updates
+ path: /setup/start/site-updates
- title: Downloading and Building
section:
- title: Requirements
- path: /setup/requirements
+ path: /setup/build/requirements
- title: Establishing a Build Environment
- path: /setup/initializing
+ path: /setup/build/initializing
- title: Downloading the Source
- path: /setup/downloading
+ path: /setup/build/downloading
- title: Preparing to Build
- path: /setup/building
+ path: /setup/build/building
- title: Compiling with Jack
- path: /setup/jack
+ path: /setup/build/jack
- title: Using Reference Boards
- path: /setup/devices
+ path: /setup/build/devices
- title: Running Builds
- path: /setup/running
+ path: /setup/build/running
- title: Building Kernels
- path: /setup/building-kernels
+ path: /setup/build/building-kernels
- title: Known Issues
- path: /setup/known-issues
+ path: /setup/build/known-issues
- title: Developing
section:
- title: Overview
- path: /setup/developing
+ path: /setup/develop/
- title: Using Repo
- path: /setup/using-repo
+ path: /setup/develop/repo
- title: Adding a New Device
- path: /setup/add-device
+ path: /setup/develop/new-device
- title: Understanding 64-bit Builds
- path: /setup/64-bit-builds
+ path: /setup/develop/64-bit-builds
- title: Contributing
section:
- title: Overview
- path: /setup/contributing
+ path: /setup/contribute/
- title: Life of a Patch
- path: /setup/life-of-a-patch
+ path: /setup/contribute/life-of-a-patch
- title: Submitting Patches
- path: /setup/submit-patches
+ path: /setup/contribute/submit-patches
- title: View Patches
- path: /setup/view-patches
+ path: /setup/contribute/view-patches
- title: Life of a Bug
- path: /setup/life-of-a-bug
+ path: /setup/contribute/life-of-a-bug
- title: Reporting Bugs
- path: /setup/report-bugs
+ path: /setup/contribute/report-bugs
- title: Reading Bug Reports
- path: /setup/read-bug-reports
+ path: /setup/contribute/read-bug-reports
- title: Java Code Style Rules
- path: /setup/code-style
+ path: /setup/contribute/code-style
- title: Community
path: /setup/community
diff --git a/en/setup/building-kernels.html b/en/setup/build/building-kernels.html
index cd03c612..28e0708a 100644
--- a/en/setup/building-kernels.html
+++ b/en/setup/build/building-kernels.html
@@ -23,13 +23,16 @@
-<p>This page details how to build only the <a href="/devices/architecture/kernel/">kernel</a>. The following instructions
-assume you have not downloaded all of AOSP; if you have already done so, you can
-skip the <code>git clone</code> steps except the step that downloads the kernel
-sources.</p>
+<p>
+ This page details how to build only the
+ <a href="/devices/architecture/kernel/">kernel</a>. The following instructions
+ assume you have not downloaded all of AOSP; if you have already done so, you
+ can skip the <code>git clone</code> steps except the step that downloads the
+ kernel sources.
+</p>
<p>All examples in this section use the
-<a href="/setup/devices.html#hikey-boards">hikey</a> kernel.</p>
+<a href="devices.html#hikey-boards">hikey</a> kernel.</p>
<h2 id="figuring-out-which-kernel-to-build">Selecting a kernel</h2>
<p>This table lists the name and locations of the kernel sources and binaries:
@@ -224,35 +227,48 @@ dd if=zImage-dtb bs=1 skip=$(LC_ALL=C od -Ad -x -w2 zImage-dtb | grep 8b1f | cut
<h2 id="downloading-sources">Downloading sources</h2>
<p>Download the source for the kernel you want to build using the appropriate
-<code>git clone</code> command. For example, the following command clones the <code>common</code> kernel, a generic, customizable kernel:</p>
+<code>git clone</code> command. For example, the following command clones the
+<code>common</code> kernel, a generic, customizable kernel:</p>
<pre class="devsite-terminal devsite-click-to-copy">
git clone https://android.googlesource.com/kernel/common
</pre>
-<p>A full list of the kernel projects can be found in the <a href="https://android.googlesource.com/kernel">Kernel</a> directory. Below are some of the commonly used kernels and their respective <code>git clone</code> commands.</p>
+<p>A full list of the kernel projects can be found in the
+<a href="https://android.googlesource.com/kernel">Kernel</a> directory. Below
+are some of the commonly used kernels and their respective <code>git clone</code>
+commands.</p>
-<p>The <code>exynos</code> project has the kernel sources for Nexus 10, and can be used as a starting point for work on Samsung Exynos chipsets.</p>
+<p>The <code>exynos</code> project has the kernel sources for Nexus 10, and can
+be used as a starting point for work on Samsung Exynos chipsets.</p>
<pre class="devsite-terminal devsite-click-to-copy">git clone https://android.googlesource.com/kernel/exynos</pre>
-<p>The <code>goldfish</code> project contains the kernel sources for the emulated platforms.</p>
+<p>The <code>goldfish</code> project contains the kernel sources for the
+emulated platforms.</p>
<pre class="devsite-terminal devsite-click-to-copy">git clone https://android.googlesource.com/kernel/goldfish</pre>
-<p>The <code>hikey-linaro</code> project is used for HiKey reference boards, and can be used as a starting point for work on HiSilicon 620 chipsets.</p>
+<p>The <code>hikey-linaro</code> project is used for HiKey reference boards,
+and can be used as a starting point for work on HiSilicon 620 chipsets.</p>
<pre class="devsite-terminal devsite-click-to-copy">git clone https://android.googlesource.com/kernel/hikey-linaro</pre>
-<p>The <code>msm</code> project has the sources for ADP1, ADP2, Nexus One, Nexus 4, Nexus 5, Nexus 6, Nexus 5X, Nexus 6P, Nexus 7 (2013), Pixel, and Pixel XL, and can be used as a starting point for work on Qualcomm MSM chipsets.</p>
+<p>The <code>msm</code> project has the sources for ADP1, ADP2, Nexus One,
+Nexus 4, Nexus 5, Nexus 6, Nexus 5X, Nexus 6P, Nexus 7 (2013), Pixel, and
+Pixel XL, and can be used as a starting point for work on Qualcomm MSM chipsets.</p>
<pre class="devsite-terminal devsite-click-to-copy">git clone https://android.googlesource.com/kernel/msm</pre>
-<p>The <code>omap</code> project is used for PandaBoard and Galaxy Nexus, and can be used as a starting point for work on TI OMAP chipsets.</p>
+<p>The <code>omap</code> project is used for PandaBoard and Galaxy Nexus, and
+can be used as a starting point for work on TI OMAP chipsets.</p>
<pre class="devsite-terminal devsite-click-to-copy">git clone https://android.googlesource.com/kernel/omap</pre>
-<p>The <code>samsung</code> project is used for Nexus S, and can be used as a starting point for work on Samsung Hummingbird chipsets.</p>
+<p>The <code>samsung</code> project is used for Nexus S, and can be used as a
+starting point for work on Samsung Hummingbird chipsets.</p>
<pre class="devsite-terminal devsite-click-to-copy">git clone https://android.googlesource.com/kernel/samsung</pre>
-<p>The <code>tegra</code> project is for Xoom, Nexus 7 (2012), Nexus 9, and can be used as a starting point for work on NVIDIA Tegra chipsets.</p>
+<p>The <code>tegra</code> project is for Xoom, Nexus 7 (2012), Nexus 9, and can
+be used as a starting point for work on NVIDIA Tegra chipsets.</p>
<pre class="devsite-terminal devsite-click-to-copy">git clone https://android.googlesource.com/kernel/tegra</pre>
-<p>The <code>x86_64</code> project has the kernel sources for Nexus Player, and can be used as a starting point for work on Intel x86_64 chipsets.</p>
+<p>The <code>x86_64</code> project has the kernel sources for Nexus Player, and
+can be used as a starting point for work on Intel x86_64 chipsets.</p>
<pre class="devsite-terminal devsite-click-to-copy">git clone https://android.googlesource.com/kernel/x86_64</pre>
<h2 id="building">Building the kernel</h2>
diff --git a/en/setup/building.html b/en/setup/build/building.html
index 246d1460..ab57d087 100644
--- a/en/setup/building.html
+++ b/en/setup/build/building.html
@@ -25,7 +25,7 @@
<p>The following instructions to build the Android source tree apply to all
branches, including <code>master</code>. The basic sequence of build commands
-is as follows:</p>
+is as follows.</p>
<h2 id="obtaining-proprietary-binaries">Obtain proprietary binaries</h2>
@@ -35,28 +35,28 @@ graphics acceleration. See the sections below for download links and <a
href="requirements.html#binaries">Device binaries</a> for additional
resources.</p>
-<p class ="note">Some devices package these proprietary binaries on their
-<code>/vendor</code> partition.</p>
+<aside class ="note">Some devices package these proprietary binaries on their
+<code>/vendor</code> partition.</aside>
<h3 id="downloading-proprietary-binaries">Download proprietary binaries</h3>
<p>You can download official binaries for the supported devices running tagged
AOSP release branches from <a
-href="https://developers.google.com/android/drivers">Google's
+href="https://developers.google.com/android/drivers" class="external">Google's
drivers</a>. These binaries add access to additional hardware capabilities
with non-open source code. To instead build the AOSP master branch, use the
-<a href="https://developers.google.com/android/blobs-preview">Binaries
+<a href="https://developers.google.com/android/blobs-preview" class="external">Binaries
Preview</a>. When building the master branch for a device, use
-the binaries for the <a href="/setup/build-numbers.html">most recent
+the binaries for the <a href="/setup/start/build-numbers.html">most recent
numbered release</a> or with the most recent date.</p>
<h3 id="extracting-proprietary-binaries">Extract proprietary binaries</h3>
<p>Each set of binaries comes as a self-extracting script in a compressed
archive. Uncompress each archive, run the included self-extracting script from
-the root of the source tree, then confirm that you agree to the terms
-of the enclosed license agreement. The binaries and their matching makefiles
-will be installed in the <code>vendor/</code> hierarchy of the source tree.</p>
+the root of the source tree, then confirm you agree to the terms of the enclosed
+license agreement. The binaries and their matching makefiles will be installed
+in the <code>vendor/</code> hierarchy of the source tree.</p>
<h3 id="cleaning-up">Clean up</h3>
@@ -68,8 +68,8 @@ make clobber
<h2 id="initialize">Set up environment</h2>
<p>Initialize the environment with the <code>envsetup.sh</code> script. Note
-that replacing <code>source</code> with <code>.</code> (a single dot) saves a few characters,
-and the short form is more commonly used in documentation.</p>
+that replacing <code>source</code> with <code>.</code> (a single dot) saves a
+few characters, and the short form is more commonly used in documentation.</p>
<pre class="devsite-terminal devsite-click-to-copy">
source build/envsetup.sh
</pre>
@@ -79,18 +79,17 @@ source build/envsetup.sh
</pre>
<h2 id="choose-a-target">Choose a target</h2>
-<p>Choose which target to build with <code>lunch</code>. The exact configuration can be passed as
-an argument. For example, the following command:</p>
+<p>Choose which target to build with <code>lunch</code>. The exact configuration
+can be passed as an argument. For example, the following command refers to a
+complete build for the emulator, with all debugging enabled:</p>
<pre class="devsite-terminal devsite-click-to-copy">
lunch aosp_arm-eng
</pre>
-<p>refers to a complete build for the emulator, with all debugging enabled.</p>
<p>If run with no arguments <code>lunch</code> will prompt you to choose a
target from the menu.</p>
<p>All build targets take the form <code>BUILD-BUILDTYPE</code>, where the
-<code>BUILD</code> is a codename referring to the particular feature combination.</p>
-
-<p>The BUILDTYPE is one of the following:</p>
+<code>BUILD</code> is a codename referring to the particular feature
+combination. The BUILDTYPE is one of the following:</p>
<table>
<thead>
<tr>
@@ -105,7 +104,8 @@ target from the menu.</p>
</tr>
<tr>
<td>userdebug</td>
-<td>like "user" but with root access and debuggability; preferred for debugging</td>
+<td>like user but with root access and debuggability; preferred for
+debugging</td>
</tr>
<tr>
<td>eng</td>
@@ -118,7 +118,7 @@ target from the menu.</p>
<h2 id="build-the-code">Build the code</h2>
-<p>Please note, this section is merely a summary to ensure setup is complete. See
+<p>This section is merely a summary to ensure setup is complete. See
<a href="running.html">Running Builds</a> for detailed instructions on building
Android.</p>
@@ -141,11 +141,11 @@ note that you have already selected your build target with <code>lunch</code>,
and it is unlikely at best to run on a different target than it was built
for.</p>
-<p class="note"><strong>Note:</strong> Remember to <a
+<aside class="note"><strong>Note:</strong> Remember to <a
href="#obtaining-proprietary-binaries">obtain proprietary binaries</a> or your
build will not boot successfully on your target hardware. If you obtain binary
blobs at this point you will need to unpack them, <code>make clobber</code> and
-rebuild.</p>
+rebuild.</aside>
<h3 id="flash-a-device">Flash with fastboot</h3>
@@ -154,7 +154,7 @@ be included in your path after a successful build. See <a
href="running.html#flashing-a-device">Flashing a device</a> for
instructions.</p>
-<h3 id="emulate-an-android-device">Emulate an Android Device</h3>
+<h3 id="emulate-an-android-device">Emulate an Android device</h3>
<p>The emulator is added to your path automatically by the build process. To
run the emulator, type:</p>
@@ -163,9 +163,10 @@ run the emulator, type:</p>
emulator
</pre>
-<h2 id="troubleshooting-common-build-errors">Troubleshooting Common Build Errors</h2>
+<h2 id="troubleshooting-common-build-errors">Troubleshooting common build
+errors</h2>
-<h3 id="wrong-java-version">Wrong Java Version</h3>
+<h3 id="wrong-java-version">Wrong Java version</h3>
<p>If you are attempting to build a version of Android inconsistent with your
version of Java, <code>make</code> will abort with a message such as</p>
@@ -191,7 +192,7 @@ href="requirements.html#jdk">JDK Requirements</a>.</li>
correct JDK to the beginning of your PATH or remove the problematic JDK.</li>
</ul>
-<h3 id="python-version-3">Python Version 3</h3>
+<h3 id="python-version-3">Python version 3</h3>
<p>Repo is built on particular functionality from Python 2.x and is
unfortunately incompatible with Python 3. In order to use repo, please install
@@ -201,19 +202,20 @@ Python 2.x:</p>
apt-get install python
</pre>
-<h3 id="case-insensitive-filesystem">Case Insensitive Filesystem</h3>
+<h3 id="case-insensitive-filesystem">Case insensitive filesystem</h3>
-<p>If you are building on an HFS filesystem on Mac OS, you may encounter an error such as</p>
+<p>If you are building on an HFS filesystem on Mac OS, you may encounter an
+error such as</p>
<pre>
************************************************************
You are building on a case-insensitive filesystem.
Please move your source tree to a case-sensitive filesystem.
************************************************************
</pre>
-<p>Please follow the instructions in <a href="initializing.html">Initializing
-the Build Environment</a> for creating a case-sensitive disk image.</p>
+<p>Please follow the instructions in <a href="initializing.html">Establishing a
+Build Environment</a> for creating a case-sensitive disk image.</p>
-<h3 id="no-usb-permission">No USB Permission</h3>
+<h3 id="no-usb-permission">No USB permission</h3>
<p>On most Linux systems, unprivileged users cannot access USB ports by
default. If you see a permission denied error, follow the instructions
diff --git a/en/setup/devices.html b/en/setup/build/devices.html
index ed4d1e7e..01dee33b 100644
--- a/en/setup/devices.html
+++ b/en/setup/build/devices.html
@@ -25,8 +25,8 @@
<p>You can create builds for Nexus devices using Android Open Source Project
(AOSP) builds and the relevant hardware-specific binaries. For available
Android builds and targeted devices, see
-<a href="/setup/build-numbers.html#source-code-tags-and-builds">Source Code,
-Tags, and Builds</a>.</p>
+<a href="../start/build-numbers.html#source-code-tags-and-builds">Source Code
+Tags and Builds</a>.</p>
<p>You can also create builds for
<a href="https://android.googlesource.com/device/linaro/hikey/" class="external">HiKey</a>
@@ -53,18 +53,20 @@ or HiKey960 development board.</p>
and from <a href="http://www.lenovator.com/product/80.html" class="external">Lenovator<a/>.
</p>
-<img src="images/hikey960.png" alt="HiKey960 board image" />
+<img src="../images/hikey960.png" alt="HiKey960 board image" />
<figcaption><strong>Figure 1.</strong> HiKey960 board by Lenovator</figcaption>
-<p>Additional resources:</p>
+<h3 id="additional-resources">Additional resources</h3>
<ul>
<li>
-<a href="https://github.com/96boards/documentation/blob/master/ConsumerEdition/HiKey960/HardwareDocs/HiKey960_Schematics.pdf" class="external">HiKey960
+<a href="https://github.com/96boards/documentation/blob/master/consumer/hikey960/hardware-docs/HiKey960_Schematics.pdf" class="external">HiKey960
schematics</a></li>
<li>
-<a href="http://www.96boards.org/documentation/ConsumerEdition/HiKey960/HardwareDocs/HardwareUserManual.md/" class="external">HiKey960
+<a href="https://github.com/96boards/documentation/blob/master/consumer/hikey960/hardware-docs/hardware-user-manual.md" class="external">HiKey960
user guide</a></li>
<li>
+<a href="https://github.com/96boards/documentation/tree/master/consumer/hikey960/hardware-docs" class="external">HiKey960 Hardware Docs directory</a></li>
+<li>
<a href="https://github.com/96boards/documentation/wiki/" class="external">96boards wiki</a></li>
</ul>
@@ -79,13 +81,6 @@ HiKey960 board.</p>
<code class="devsite-terminal">repo sync -j24</code>
</pre>
</li>
- <li>Download and extract binaries into the Android source tree:
-<pre class="devsite-click-to-copy">
-<code class="devsite-terminal">wget https://dl.google.com/dl/android/aosp/arm-hikey960-OPR-cf4e0c80.tgz</code>
-<code class="devsite-terminal">tar xzf arm-hikey960-OPR-cf4e0c80.tgz</code>
-<code class="devsite-terimnal">./extract-arm-hikey960.sh</code>
-</pre>
- </li>
<li>Build:
<pre class="devsite-click-to-copy">
<code class="devsite-terminal">. ./build/envsetup.sh</code>
@@ -117,6 +112,7 @@ HiKey960 user guide).</li>
<code class="devsite-terminal">fastboot flash boot out/target/product/hikey960/boot.img</code>
<code class="devsite-terminal">fastboot flash dts out/target/product/hikey960/dt.img</code>
<code class="devsite-terminal">fastboot flash system out/target/product/hikey960/system.img</code>
+<code class="devsite-terminal">fastboot flash vendor out/target/product/hikey960/vendor.img</code>
<code class="devsite-terminal">fastboot flash cache out/target/product/hikey960/cache.img</code>
<code class="devsite-terminal">fastboot flash userdata out/target/product/hikey960/userdata.img</code>
</pre>
@@ -174,7 +170,7 @@ and <a href="http://www.lenovator.com/product/90.html" class="external">2GB
RAM</a> configurations from <a href="http://www.lenovator.com" class="external">Lenovator</a>:
</p>
-<img src="images/hikey620.png" alt="HiKey620 board image"/>
+<img src="../images/hikey620.png" alt="HiKey620 board image"/>
<figcaption><strong>Figure 2.</strong> HiKey board by Lenovator</figcaption>
<p>Additional resources:</p>
@@ -200,13 +196,6 @@ board.</p>
<code class="devsite-terminal">repo sync -j24</code>
</pre>
</li>
- <li>Download and extract HDMI binaries into the Android source tree:
-<pre class="devsite-click-to-copy">
-<code class="devsite-terminal">wget <a href="https://dl.google.com/dl/android/aosp/linaro-hikey-20170523-4b9ebaff.tgz">https://dl.google.com/dl/android/aosp/linaro-hikey-20170523-4b9ebaff.tgz</a></code>
-<code class="devsite-terminal">tar xzf linaro-hikey-20170523-4b9ebaff.tgz</code>
-<code class="devsite-terminal">./extract-linaro-hikey.sh</code>
-</pre>
- </li>
<li>Install mcopy utility:
<pre class="devsite-terminal devsite-click-to-copy">
apt-get install mtools
@@ -267,8 +256,8 @@ user guide</a>).</li>
<ul>
<li>Copy hi6220-hikey.dtb (<code>arch/arm64/boot/dts/hisilicon/hi6220-hikey.dtb</code>) to the
hikey-kernel directory as file hi6220-hikey.dtb-4.9.</li>
- <li>Copy the Image file <code>(arch/arm64/boot/Image-dtb</code>) to the
-hikey-kernel directory as file Image-dtb-4.9.</li>
+ <li>Copy the Image file <code>(arch/arm64/boot/Image.gz-dtb</code>) to the
+hikey-kernel directory as file Image.gz-dtb-4.9.</li>
</ul>
<li>Make the boot image:
<pre class="devsite-terminal devsite-click-to-copy">
@@ -293,7 +282,7 @@ user guide</a>.</p>
<a href="http://www.96boards.org/product/neonkey/" class="external">Neonkey
SensorHub</a> connected to a Hikey or Hikey960 development board.</p>
-<img src="images/neonkey-sensorhub.png" alt="Neonkey Sensorhub image" />
+<img src="../images/neonkey-sensorhub.png" alt="Neonkey Sensorhub image" />
<figcaption><strong>Figure 3.</strong> Neonkey SensorHub</figcaption>
<p>Neonkey is a certified <a href="http://www.96boards.org/" class="external">96Boards</a>
diff --git a/en/setup/downloading.html b/en/setup/build/downloading.html
index 7599338b..0d53f39b 100644
--- a/en/setup/downloading.html
+++ b/en/setup/build/downloading.html
@@ -38,7 +38,7 @@
</h2>
<p>
Repo is a tool that makes it easier to work with Git in the context of Android. For more
- information about Repo, see the <a href="developing.html">Developing</a> section.
+ information about Repo, see the <a href="../develop/repo.html">Repo Command Reference</a>.
</p>
<p>
To install Repo:
@@ -114,7 +114,8 @@
repo init -u https://android.googlesource.com/platform/manifest
</pre>
<p>
- To check out a branch other than "master", specify it with <code>-b</code>. For a list of branches, see <a href="build-numbers.html#source-code-tags-and-builds">Source Code Tags and Builds</a>.
+ To check out a branch other than "master", specify it with <code>-b</code>. For a list of branches, see
+ <a href="../start/build-numbers.html#source-code-tags-and-builds">Source Code Tags and Builds</a>.
</p>
<pre class="devsite-terminal devsite-click-to-copy">
repo init -u https://android.googlesource.com/platform/manifest -b android-4.0.1_r1
@@ -127,7 +128,7 @@ repo init -u https://android.googlesource.com/platform/manifest -b android-4.0.1
where files such as the manifest will be kept.
</p>
<h2 id="getting-the-files">
- Downloading the Android Source Tree
+ Downloading the Android source tree
</h2>
<p>
To pull down the Android source tree to your working directory from the repositories as
@@ -137,7 +138,7 @@ repo init -u https://android.googlesource.com/platform/manifest -b android-4.0.1
<p>
The Android source files will be located in your working directory under their project names.
The initial sync operation will take an hour or more to complete. For more about <code>repo
- sync</code> and other Repo commands, see the <a href="developing.html">Developing</a> section.
+ sync</code> and other Repo commands, see <a href="../develop/index.html">Developing</a>.
</p>
<h2 id="using-authentication">
Using Authentication
@@ -236,7 +237,7 @@ repo init -u https://android.googlesource.com/a/platform/manifest
between machines.
</p>
<h2 id="verifying-git-tags">
- Verifying Git Tags
+ Verifying Git tags
</h2>
<p>
Load the following public key into your GnuPG key database. The key is used to sign annotated
@@ -288,8 +289,8 @@ EXzeoxcdoafxqf6gZlJZlACgkWF7wi2YLW3Oa+jv2QSTlrx4KLM=
git tag -v TAG_NAME
</pre>
<p>
- If you haven't <a href="initializing.html#ccache">set up ccache</a> yet, now would be a good
- time to do it.
+ If you haven't <a href="initializing.html#optimizing-a-build-environment">set
+ up ccache</a> yet, now would be a good time to do it.
</p>
</body>
diff --git a/en/setup/build/initializing.html b/en/setup/build/initializing.html
new file mode 100644
index 00000000..503a14ed
--- /dev/null
+++ b/en/setup/build/initializing.html
@@ -0,0 +1,405 @@
+<html devsite>
+ <head>
+ <title>Establishing a Build Environment</title>
+ <meta name="project_path" value="/_project.yaml" />
+ <meta name="book_path" value="/_book.yaml" />
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<p>
+ This section describes how to set up your local work environment to build
+ the Android source files. You must use Linux or Mac OS; building under
+ Windows is not currently supported.
+</p>
+<p>
+ For an overview of the entire code-review and code-update process, see <a
+ href="../contribute/life-of-a-patch.html">Life of a Patch</a>.
+</p>
+<aside class="note"><strong>Note:</strong> All commands in this site are
+ preceded by a dollar sign ($) to differentiate them from output or entries
+ within files. You may use the <em>Click to copy</em> feature at the top right
+ of each command box to copy all lines without the dollar signs or triple-click
+ each line to copy it individually without the dollar sign.
+</aside>
+
+<h2 id="choosing-a-branch">Choosing a branch</h2>
+<p>
+ Some requirements for the build environment are determined by the version of
+ the source code you plan to compile. For a full list of available branches,
+ see <a href="../start/build-numbers.html">Build Numbers</a>. You can also
+ choose to download and build the latest source code (called
+ <code>master</code>), in which case you will simply omit
+ the branch specification when you initialize the repository.
+</p>
+<p>
+ After you have selected a branch, follow the appropriate instructions below to
+ set up your build environment.
+</p>
+
+<h2 id="setting-up-a-linux-build-environment">Setting up a Linux build
+environment</h2>
+<p>
+ These instructions apply to all branches, including <code>master</code>.
+</p>
+<p>The Android build is routinely tested in house on recent versions of
+ Ubuntu LTS (14.04), but most distributions should have the required
+ build tools available. Reports of successes or failures on other
+ distributions are welcome.
+</p>
+<p>
+ For Gingerbread (2.3.x) and newer versions, including the <code>master</code>
+ branch, a 64-bit environment is required. Older versions can be
+ compiled on 32-bit systems.
+</p>
+<aside class="note"><strong>Note:</strong> See
+ <a href="requirements.html">Requirements</a> for the complete list of hardware
+ and software requirements, then follow the detailed instructions for Ubuntu
+ and Mac OS below.
+</aside>
+
+<h3 id="installing-the-jdk">Installing the JDK</h3>
+<p>
+ The <code>master</code> branch of Android in the
+ <a href="https://android.googlesource.com/" class="external">Android Open
+ Source Project (AOSP)</a> comes with prebuilt versions of OpenJDK below
+ <code>prebuilts/jdk/</code> so no additional installation is required.
+</p>
+<p>
+ Older versions of Android require a separate installation of the JDK. On
+ Ubuntu, use
+ <a href="http://openjdk.java.net/install/" class="external">OpenJDK</a>. See
+ <a href="requirements.html#jdk">JDK Requirements</a> for precise versions and
+ the sections below for instructions.
+</p>
+<h4 id="for-ubuntu-15-04">For Ubuntu &gt;= 15.04</h4>
+<p>
+ Run the following:
+</p>
+<pre class="devsite-click-to-copy">
+<code class="devsite-terminal">sudo apt-get update</code>
+<code class="devsite-terminal">sudo apt-get install openjdk-8-jdk</code>
+</pre>
+
+<h4 id="for-ubuntu-14-04">For Ubuntu LTS 14.04</h4>
+<p>
+ There are no available supported OpenJDK 8 packages for Ubuntu 14.04. The
+ <strong>Ubuntu 15.04 OpenJDK 8</strong> packages have been used successfully
+ with Ubuntu 14.04. <em>Newer package versions (e.g. those for 15.10, 16.04) were
+ found not to work on 14.04 using the instructions below.</em>
+</p>
+<ol>
+ <li>Download the <code>.deb</code> packages for 64-bit architecture from
+ <a href="http://old-releases.ubuntu.com/ubuntu/pool/universe/o/openjdk-8/">old-releases.ubuntu.com</a>:
+ <ul>
+ <li><a
+ href="http://old-releases.ubuntu.com/ubuntu/pool/universe/o/openjdk-8/openjdk-8-jre-headless_8u45-b14-1_amd64.deb">openjdk-8-jre-headless_8u45-b14-1_amd64.deb</a>
+ with SHA256 <code>0f5aba8db39088283b51e00054813063173a4d8809f70033976f83e214ab56c0</code>
+ </li>
+ <li><a
+ href="http://old-releases.ubuntu.com/ubuntu/pool/universe/o/openjdk-8/openjdk-8-jre_8u45-b14-1_amd64.deb">openjdk-8-jre_8u45-b14-1_amd64.deb</a>
+ with SHA256 <code>9ef76c4562d39432b69baf6c18f199707c5c56a5b4566847df908b7d74e15849</code>
+ </li>
+ <li><a
+ href="http://old-releases.ubuntu.com/ubuntu/pool/universe/o/openjdk-8/openjdk-8-jdk_8u45-b14-1_amd64.deb">openjdk-8-jdk_8u45-b14-1_amd64.deb</a>
+ with SHA256 <code>6e47215cf6205aa829e6a0a64985075bd29d1f428a4006a80c9db371c2fc3c4c</code>
+ </li>
+ </ul>
+ </li>
+ <li>Optionally, confirm the checksums of the downloaded files against the
+ SHA256 string listed with each package above. For example, with the
+ <code>sha256sum</code> tool:
+ <pre class="devsite-terminal devsite-click-to-copy">
+ sha256sum {downloaded.deb file}</pre>
+ </li>
+ <li>Install the packages:
+ <pre class="devsite-terminal devsite-click-to-copy">
+ sudo apt-get update</pre>
+ Run <code>dpkg</code> for each of the .deb files you downloaded. It may
+ produce errors due to missing dependencies:
+ <pre class="devsite-terminal devsite-click-to-copy">
+ sudo dpkg -i {downloaded.deb file}</pre>
+ To fix missing dependencies:
+ <pre class="devsite-terminal devsite-click-to-copy">
+ sudo apt-get -f install</pre>
+ </li>
+</ol>
+
+<h4 id="default-java-version">Update the default Java version - optional</h4>
+<p>
+ Optionally, for the Ubuntu versions above update the default Java version by
+ running:
+</p>
+<pre class="devsite-click-to-copy">
+<code class="devsite-terminal">sudo update-alternatives --config java</code>
+<code class="devsite-terminal">sudo update-alternatives --config javac</code>
+</pre>
+<p>
+ If, during a build, you encounter version errors for Java, set its
+ path as described in the <a href="building.html#wrong-java-version">Wrong
+ Java Version</a> section.
+</p>
+
+<h3 id="installing-required-packages-ubuntu-1404">Installing required packages
+(Ubuntu 14.04)</h3>
+<p>
+ You will need a 64-bit version of Ubuntu. Ubuntu 14.04 is recommended.
+</p>
+<pre class="devsite-terminal devsite-click-to-copy">
+sudo apt-get install git-core gnupg flex bison gperf build-essential zip curl zlib1g-dev gcc-multilib g++-multilib libc6-dev-i386 lib32ncurses5-dev x11proto-core-dev libx11-dev lib32z-dev ccache libgl1-mesa-dev libxml2-utils xsltproc unzip
+</pre>
+<aside class="note"><strong>Note:</strong> To use SELinux tools for policy
+ analysis, also install the <code>python-networkx</code> package.
+</aside>
+<aside class="note"><strong>Note:</strong> If you are using LDAP and want
+ to run ART host tests, also install the <code>libnss-sss:i386</code>
+ package.
+</aside>
+
+<h3 id="installing-required-packages-ubuntu-1204">Installing required packages
+ (Ubuntu 12.04)
+</h3>
+<p>
+ You may use Ubuntu 12.04 to build older versions of Android. Version 12.04
+ is not supported on master or recent releases.
+</p>
+<pre class="devsite-click-to-copy">
+<code class="devsite-terminal">sudo apt-get install git gnupg flex bison gperf build-essential zip curl libc6-dev libncurses5-dev:i386 x11proto-core-dev libx11-dev:i386 libreadline6-dev:i386 libgl1-mesa-glx:i386 libgl1-mesa-dev g++-multilib mingw32 tofrodos python-markdown libxml2-utils xsltproc zlib1g-dev:i386</code>
+<code class="devsite-terminal">sudo ln -s /usr/lib/i386-linux-gnu/mesa/libGL.so.1 /usr/lib/i386-linux-gnu/libGL.so</code>
+</pre>
+
+<h3 id="installing-required-packages-ubuntu-1004-1110">Installing required
+ packages (Ubuntu 10.04 -- 11.10)
+</h3>
+<p>
+ Building on Ubuntu 10.04-11.10 is no longer supported, but may be useful for
+ building older releases of AOSP.
+</p>
+<pre class="devsite-terminal devsite-click-to-copy">
+sudo apt-get install git gnupg flex bison gperf build-essential zip curl zlib1g-dev libc6-dev lib32ncurses5-dev ia32-libs x11proto-core-dev libx11-dev lib32readline5-dev lib32z-dev libgl1-mesa-dev g++-multilib mingw32 tofrodos python-markdown libxml2-utils xsltproc
+</pre>
+<p>
+ On Ubuntu 10.10:
+</p>
+<pre class="devsite-terminal devsite-click-to-copy">
+sudo ln -s /usr/lib32/mesa/libGL.so.1 /usr/lib32/mesa/libGL.so
+</pre>
+<p>
+ On Ubuntu 11.10:
+</p>
+<pre class="devsite-terminal devsite-click-to-copy">
+sudo apt-get install libx11-dev:i386
+</pre>
+
+<h3 id="configuring-usb-access">Configuring USB access</h3>
+<p>
+ Install a community-maintained default set of <code>udev</code> rules for
+ all Android devices by following the instructions to <a
+ href="https://developer.android.com/studio/run/device.html#setting-up"
+ class="external">Set up a device for development</a>.
+</p>
+
+<h3 id="using-a-separate-output-directory">Using a separate output
+directory</h3>
+<p>
+ By default, the output of each build is stored in the <code>out/</code>
+ subdirectory of the matching source tree.
+</p>
+<p>
+ On some machines with multiple storage devices, builds are
+ faster when storing the source files and the output on
+ separate volumes. For additional performance, the output
+ can be stored on a filesystem optimized for speed instead
+ of crash robustness, since all files can be re-generated
+ in case of filesystem corruption.
+</p>
+<p>
+ To set this up, export the <code>OUT_DIR_COMMON_BASE</code> variable
+ to point to the location where your output directories
+ will be stored.
+</p>
+<pre class="devsite-terminal devsite-click-to-copy">
+export OUT_DIR_COMMON_BASE=&lt;path-to-your-out-directory&gt;
+</pre>
+<p>
+ The output directory for each separate source tree will be named after the
+ directory holding the source tree. For instance, if you have source trees as
+ <code>/source/master1</code> and <code>/source/master2</code> and
+ <code>OUT_DIR_COMMON_BASE</code> is set to <code>/output</code>, the output
+ directories will be <code>/output/master1</code> and
+ <code>/output/master2</code>.
+</p>
+<p>
+ It's important in that case to not have multiple source
+ trees stored in directories that have the same name,
+ as those would end up sharing an output directory, with
+ unpredictable results. This is only supported on Jelly Bean (4.1) and newer,
+ including the <code>master</code> branch.
+</p>
+<h2 id="setting-up-a-mac-os-x-build-environment">Setting up a Mac OS build
+ environment
+</h2>
+<p>
+ In a default installation, Mac OS runs on a case-preserving but
+ case-insensitive filesystem. This type of filesystem is not supported by git
+ and will cause some git commands (such as <code>git status</code>) to behave
+ abnormally. Because of this, we recommend that you always work with the AOSP
+ source files on a case-sensitive filesystem. This can be done fairly easily
+ using a disk image, discussed below.
+</p>
+<p>
+ Once the proper filesystem is available, building the <code>master</code>
+ branch in a modern Mac OS environment is very straightforward. Earlier
+ branches require some additional tools and SDKs.
+</p>
+
+<h3 id="creating-a-case-sensitive-disk-image">Creating a case-sensitive disk
+image</h3>
+<p>
+ You can create a case-sensitive filesystem within your existing Mac OS
+ environment using a disk image. To create the image, launch Disk
+ Utility and select "New Image". A size of 25GB is the minimum to
+ complete the build; larger numbers are more future-proof. Using sparse images
+ saves space while allowing to grow later as the need arises. Be sure to select
+ "case sensitive, journaled" as the volume format.
+</p>
+<p>
+ You can also create it from a shell with the following command:
+</p>
+<pre class="devsite-click-to-copy devsite-terminal" data-terminal-prefix="# ">
+hdiutil create -type SPARSE -fs 'Case-sensitive Journaled HFS+' -size 40g ~/android.dmg
+</pre>
+<p>
+ This will create a <code>.dmg</code> (or possibly a
+ <code>.dmg.sparseimage</code>) file which, once mounted, acts as a drive with
+ the required formatting for Android development.
+</p>
+<p>
+ If you need a larger volume later, you can also resize the sparse image with
+ the following command:
+</p>
+<pre class="devsite-click-to-copy devsite-terminal" data-terminal-prefix="# ">hdiutil resize -size &lt;new-size-you-want&gt;g ~/android.dmg.sparseimage
+</pre>
+<p>
+ For a disk image named <code>android.dmg</code> stored in your home
+ directory, you can add helper functions to your <code>~/.bash_profile</code>:
+</p>
+<ul>
+ <li>To mount the image when you execute <code>mountAndroid</code>:
+ <pre class="devsite-click-to-copy">
+ # mount the android file image
+ mountAndroid() { hdiutil attach ~/android.dmg -mountpoint /Volumes/android; }</pre>
+ <aside class="note"><strong>Note:</strong> If your system created a
+ <code>.dmg.sparseimage</code> file, replace <code>~/android.dmg</code> with
+ <code>~/android.dmg.sparseimage</code>.
+ </aside>
+ </li>
+ <li>To unmount it when you execute <code>umountAndroid</code>:
+ <pre class="devsite-click-to-copy">
+ # unmount the android file image
+ umountAndroid() { hdiutil detach /Volumes/android; }</pre>
+ </li>
+</ul>
+<p>
+ After you've mounted the <code>android</code> volume, you'll do all your work
+ there. You can eject it (unmount it) just as you would an external drive.
+</p>
+
+<h3 id="installing-the-mac-jdk">Installing the JDK</h3>
+<p>
+ See <a href="requirements.html">Requirements</a> for the version of Java to
+ use when developing various versions of Android.
+</p>
+
+<h4 id="installing-required-packages">Installing required packages</h4>
+<ol>
+ <li>Install Xcode command line tools with:
+ <pre class="devsite-terminal devsite-click-to-copy">
+ xcode-select --install</pre>
+ For older versions of Mac OS (10.8 or earlier), you must install Xcode from
+ the <a href="http://developer.apple.com/" class="external">Apple developer
+ site</a>. If you are not already registered as an Apple developer, you must
+ must create an Apple ID to download.
+ </li>
+ <li>Install MacPorts from
+ <a href="http://www.macports.org/install.php">macports.org</a>. Ensure
+ <code>/opt/local/bin</code> appears in your path <strong>before</strong>
+ <code>/usr/bin</code>. If not, add the following to your
+ <code>~/.bash_profile</code> file:
+ <pre class="devsite-click-to-copy">
+ export PATH=/opt/local/bin:$PATH</pre>
+ <aside class="note"><strong>Note:</strong> If you do not have a
+ <code>.bash_profile</code> file in your home directory, create one.
+ </aside>
+ </li>
+ <li>Get make, git, and GPG packages from MacPorts:
+ <pre class="devsite-terminal devsite-click-to-copy">
+ POSIXLY_CORRECT=1 sudo port install gmake libsdl git gnupg</pre>
+ If using Mac OS X v10.4, also install bison:
+ <pre class="devsite-terminal devsite-click-to-copy">
+ POSIXLY_CORRECT=1 sudo port install bison</pre>
+ </li>
+</ol>
+
+<h4 id="reverting-from-make-382">Reverting from make 3.82</h4>
+<p>
+ In Android 4.0.x (Ice Cream Sandwich) and earlier, a bug exists in gmake 3.82
+ that prevents Android from building. You can install version 3.81 using
+ MacPorts with these steps:
+</p>
+<ol>
+ <li>Edit <code>/opt/local/etc/macports/sources.conf</code> and add a line that
+ says:
+ <pre class="devsite-click-to-copy">
+ file:///Users/Shared/dports</pre>
+ above the rsync line. Then create this directory:
+ <pre class="devsite-terminal devsite-click-to-copy">
+ mkdir /Users/Shared/dports</pre>
+ </li>
+ <li>In the new <code>dports</code> directory, run:
+ <pre class="devsite-terminal devsite-click-to-copy">
+ svn co --revision 50980 http://svn.macports.org/repository/macports/trunk/dports/devel/gmake/ devel/gmake/</pre>
+ </li>
+ <li>Create a port index for your new local repository:
+ <pre class="devsite-terminal devsite-click-to-copy">
+ portindex /Users/Shared/dports</pre>
+ </li>
+ <li>Install the old version of gmake with:
+ <pre class="devsite-terminal devsite-click-to-copy">
+ sudo port install gmake @3.81</pre>
+ </li>
+</ol>
+
+<h4 id="setting-a-file-descriptor-limit">Setting a file descriptor limit</h4>
+<p>
+ On Mac OS, the default limit on the number of simultaneous file descriptors
+ open is too low and a highly parallel build process may exceed this limit. To
+ increase the cap, add the following lines to your
+ <code>~/.bash_profile</code>:
+</p>
+<pre class="devsite-click-to-copy">
+# set the number of open files to be 1024
+ulimit -S -n 1024</pre>
+
+<h2 id="next-download-the-source">Next: Download the source</h2>
+<p>
+ Your build environment is good to go! Proceed to
+ <a href="downloading.html">downloading the source</a>.
+</p>
+
+ </body>
+</html>
diff --git a/en/setup/jack.html b/en/setup/build/jack.html
index 558eef73..5d32cb3e 100644
--- a/en/setup/jack.html
+++ b/en/setup/build/jack.html
@@ -37,10 +37,10 @@ build toolchain for Android 6.x, you don’t have to do anything differently to
use Jack&mdash;just use your standard makefile commands to compile the tree or
your project.</p>
-<h2 class="overview">About Jack</h2>
+<h2 id="overview">About Jack</h2>
<p>The Jack toolchain provides the following advantages:</p>
-<img src="./images/jack_overview.png" alt="Jack overview"/>
+<img src="../images/jack_overview.png" alt="Jack overview"/>
<figcaption><strong>Figure 1.</strong> Jack overview.</figcaption>
<ul>
@@ -65,7 +65,7 @@ Coverage with JaCoCo</a> and
<p>Jack has its own .jack file format that contains the pre-compiled dex code
for the library, allowing for faster compilation (pre-dex).</p>
-<img src="./images/jack_library.png" alt="Jack library file contents"/>
+<img src="../images/jack_library.png" alt="Jack library file contents"/>
<figcaption><strong>Figure 2.</strong> Jack library file contents.</figcaption>
<h3 id=jill>Jill</h3>
@@ -73,7 +73,7 @@ for the library, allowing for faster compilation (pre-dex).</p>
<p>The Jill tool translates the existing .jar libraries into the new library
format, as shown below.</p>
-<img src="./images/jack_jill.png" alt="Importing .jar libraries with Jill"/>
+<img src="../images/jack_jill.png" alt="Importing .jar libraries with Jill"/>
<figcaption><strong>Figure 3.</strong> Workflow to import an existing .jar
library.</figcaption>
@@ -234,11 +234,12 @@ features described below.</p>
<h3 id=predexing>Predexing</h3>
-<p>When generating a Jack library file, the .dex of the library is generated and
-stored inside the .jack library file as a pre-dex. When compiling, Jack reuses
-the pre-dex from each library. All libraries are pre-dexed:</p>
+<p>When generating a Jack library file, the <code>.dex</code> of the library is
+generated and stored inside the <code>.jack</code> library file as a pre-dex.
+When compiling, Jack reuses the pre-dex from each library. All libraries are
+pre-dexed:</p>
-<img src="./images/jack_predex.png" alt="Jack libraries with pre-dex" />
+<img src="../images/jack_predex.png" alt="Jack libraries with pre-dex" />
<figcaption><strong>Figure 4.</strong> Jack libraries with pre-dex.</figcaption>
<p>Jack does not reuse the library pre-dex if shrinking, obfuscation, or
diff --git a/en/setup/known-issues.html b/en/setup/build/known-issues.html
index e72de555..e72de555 100644
--- a/en/setup/known-issues.html
+++ b/en/setup/build/known-issues.html
diff --git a/en/setup/build/requirements.html b/en/setup/build/requirements.html
new file mode 100644
index 00000000..0a1f4259
--- /dev/null
+++ b/en/setup/build/requirements.html
@@ -0,0 +1,198 @@
+<html devsite>
+ <head>
+ <title>Requirements</title>
+ <meta name="project_path" value="/_project.yaml" />
+ <meta name="book_path" value="/_book.yaml" />
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<p>
+ Before you download and build the Android source, ensure your system meets
+ the following requirements then see <a href="initializing.html">Establishing
+ a Build Environment</a> for installation instructions by operating system.
+</p>
+
+<h2 id=hardware-requirements>Hardware requirements</h2>
+<p>
+ Your development workstation should meet or exceed these hardware
+ requirements:
+</p>
+<ul>
+ <li>A 64-bit environment is required for Android 2.3.x (Gingerbread) and
+ higher versions, including the master branch. You can compile older versions
+ on 32-bit systems.
+ </li>
+ <li>At least 100GB of free disk space to checkout the code and an extra 150GB
+ to build it. If you conduct multiple builds or employ ccache, you will need
+ even more space.
+ </li>
+ <li>If you are running Linux in a virtual machine, you need at
+ least 16GB of RAM/swap.
+ </li>
+</ul>
+
+<h2 id=software-requirements>Software requirements</h2>
+<p>
+ The <a href="https://android.googlesource.com/" class="external">Android Open
+ Source Project (AOSP)</a> <code>master</code> branch is traditionally
+ developed and tested on Ubuntu Long Term Support (LTS) releases, but other
+ distributions may be used. See the list below for recommended versions.
+</p>
+<p>
+ Your workstation must have the software listed below. See
+ <a href="initializing.html">Establishing a Build Environment</a> for
+ additional required packages and the commands to install them.
+</p>
+
+<h3 id=latest-version>OS and JDK</h3>
+<p>
+ If you are developing against the AOSP <code>master</code> branch, use one
+ of these operating systems: Ubuntu 14.04 (Trusty) or Mac OS v10.10 (Yosemite)
+ or later with Xcode 4.5.2 and Command Line Tools.
+</p>
+<p>
+ For the Java Development Kit (JDK), note the <code>master</code> branch of
+ Android in AOSP comes with a prebuilt version of OpenJDK; so no additional
+ installation is required. Older versions require a separate install.
+</p>
+<p>See <a href="#older-versions">Packages for older versions</a>.
+
+<h3 id=packages>Key packages</h3>
+<ul>
+ <li>Python 2.6 to 2.7 from <a href="http://www.python.org/download/" class="external">python.org</a></li>
+ <li>GNU Make 3.81 to 3.82 from <a href="http://ftp.gnu.org/gnu/make/" class="external">gnu.org</a></li>
+ <li>Git 1.7 or newer from <a href="http://git-scm.com/download" class="external">git-scm.com</a></li>
+</ul>
+
+<h3 id=binaries>Device binaries</h3>
+<p>
+ Download previews, factory images, drivers, over-the-air (OTA) updates, and
+ other blobs below. For details, see
+ <a href="building.html#obtaining-proprietary-binaries">Obtaining proprietary
+ binaries</a>.
+</p>
+<ul>
+ <li><a href="https://developers.google.com/android/blobs-preview" class="external">Preview
+ binaries (blobs)</a>. For AOSP <code>master</code> branch development.
+ </li>
+ <li><a href="https://developers.google.com/android/images" class="external">Factory
+ images</a>. For supported devices running tagged AOSP release branches.
+ </li>
+ <li><a href="https://developers.google.com/android/drivers" class="external">Binary
+ hardware support files</a>. For devices running tagged AOSP release
+ branches.
+ </li>
+</ul>
+
+<h3 id=toolchain>Build toolchain</h3>
+<p>
+ Android 8.0 and higher support only
+ <a href="https://developer.android.com/ndk/guides/standalone_toolchain.html#working_with_clang" class="external">Clang/LLVM</a>
+ for building the Android platform. Join the
+ <a href="https://groups.google.com/forum/#!forum/android-llvm" class="external">android-llvm</a>
+ group to pose questions and get help. Report NDK/compiler issues at the
+ <a href="https://github.com/android-ndk/ndk" class="external">NDK GitHub</a>.
+</p>
+<p>
+ For the
+ <a href="https://developer.android.com/ndk/guides/index.html" class="external">Native
+ Development Kit (NDK)</a> and legacy kernels, GCC 4.9 included in the AOSP
+ master branch (under <code>prebuilts/</code>) may also be used.
+</p>
+
+<h3 id=older-versions>Packages for older versions</h3>
+<p>
+ This section details operating systems and JDK packages for older versions of
+ Android.
+</p>
+
+<h4 id=operating-systems>Operating systems</h4>
+<p>
+ Android is typically built with a GNU/Linux or Mac OS operating system. It is
+ also possible to build Android in a virtual machine on unsupported systems
+ such as Windows.
+</p>
+
+<p>We recommend building on GNU/Linux instead of another operating system. The
+ Android build system normally uses ART, running on the build machine, to
+ pre-compile system dex files. Since ART is able to run only on Linux, the
+ build system skips this pre-compilation step on non-Linux operating systems,
+ resulting in an Android build with reduced performance.
+</p>
+
+<h5 id=linux>GNU/Linux</h5>
+<ul>
+ <li>Android 6.0 (Marshmallow) - AOSP master: Ubuntu 14.04 (Trusty)</li>
+ <li>Android 2.3.x (Gingerbread) - Android 5.x (Lollipop): Ubuntu 12.04
+ (Precise)</li>
+ <li>Android 1.5 (Cupcake) - Android 2.2.x (Froyo): Ubuntu 10.04 (Lucid)</li>
+</ul>
+<h5 id=mac>Mac OS (Intel/x86)</h5>
+<ul>
+ <li>Android 6.0 (Marshmallow) - AOSP master: Mac OS v10.10 (Yosemite) or
+ higher with Xcode 4.5.2 and Command Line Tools
+ </li>
+ <li>Android 5.x (Lollipop): Mac OS v10.8 (Mountain Lion) with Xcode 4.5.2
+ and Command Line Tools
+ </li>
+ <li>Android 4.1.x-4.3.x (Jelly Bean) - Android 4.4.x (KitKat): Mac OS v10.6
+ (Snow Leopard) or Mac OS X v10.7 (Lion) and Xcode 4.2 (Apple's Developer
+ Tools)
+ </li>
+ <li>Android 1.5 (Cupcake) - Android 4.0.x (Ice Cream Sandwich): Mac OS
+ v10.5 (Leopard) or Mac OS X v10.6 (Snow Leopard) and the Mac OS X v10.5
+ SDK
+ </li>
+</ul>
+
+<h4 id=jdk>JDK</h4>
+<p>
+ See <a href="initializing.html#installing-the-jdk">Installing the JDK</a>
+ for the prebuilt path and installation instructions for older versions.
+</p>
+<ul>
+ <li>Android 7.0 (Nougat) - Android 8.0 (Oreo): Ubuntu -
+ <a href="http://openjdk.java.net/install/" class="external">OpenJDK 8</a>,
+ Mac OS -
+ <a href="http://www.oracle.com/technetwork/java/javase/downloads/java-archive-javase8-2177648.html#jdk-8u45-oth-JPR" class="external">jdk
+ 8u45 or newer</a>
+ </li>
+ <li>Android 5.x (Lollipop) - Android 6.0 (Marshmallow): Ubuntu -
+ <a href="http://openjdk.java.net/install/" class="external">OpenJDK 7</a>,
+ Mac OS -
+ <a href="https://www.oracle.com/technetwork/java/javase/downloads/java-archive-downloads-javase7-521261.html#jdk-7u71-oth-JPR" class="external">jdk-7u71-macosx-x64.dmg</a>
+ </li>
+ <li>Android 2.3.x (Gingerbread) - Android 4.4.x (KitKat): Ubuntu -
+ <a href="http://www.oracle.com/technetwork/java/javase/archive-139210.html" class="external">Java
+ JDK 6</a>, Mac OS - <a href="http://support.apple.com/kb/dl1572" class="external">Java JDK
+ 6</a>
+ </li>
+ <li>Android 1.5 (Cupcake) - Android 2.2.x (Froyo): Ubuntu -
+ <a href="http://www.oracle.com/technetwork/java/javase/archive-139210.html" class="external">Java
+ JDK 5</a>
+ </li>
+</ul>
+
+<h4 id=make>Make</h4>
+<p>
+ To avoid build errors, Android 4.0.x (Ice Cream Sandwich) and earlier must
+ <a href="initializing.html#reverting-from-make-382">revert from make 3.82</a>.
+</p>
+
+ </body>
+</html>
diff --git a/en/setup/running.html b/en/setup/build/running.html
index e3d9f62d..6d6041f9 100644
--- a/en/setup/running.html
+++ b/en/setup/build/running.html
@@ -24,13 +24,13 @@
<p>This page provides details for running builds on specific devices and
-complements the information in <a href="/setup/building.html">Building the
-System</a>.</p>
+complements the information in <a href="building.html">Preparing to Build</a>.
+</p>
<h2 id="building-fastboot-and-adb">Building fastboot and adb</h2>
<p>If you don't already have <code>fastboot</code> and <code>adb</code>, you can
build them with the regular build system. Use the instructions in
-<a href="/setup/building.html">Building a System</a> and replace the
+<a href="building.html">Preparing to Build</a> and replace the
main <code>make</code> command with:</p>
<pre class="devsite-click-to-copy devsite-terminal">make fastboot adb</pre>
@@ -283,7 +283,7 @@ following directories:</p>
<p>The recommended builds for devices are available from the <code>lunch</code>
menu, accessed when running the <code>lunch</code> command with no arguments.
You can download factory images and binaries for Nexus devices from
-developers.google.com. See <a href="/setup/requirements#binaries">Device
+developers.google.com. See <a href="requirements#binaries">Device
binaries</a> for downloads. For details and additional resources, see <a
href="building.html#obtaining-proprietary-binaries">Obtaining proprietary
binaries</a>.
diff --git a/en/setup/code-lines.html b/en/setup/code-lines.html
deleted file mode 100644
index b4040abd..00000000
--- a/en/setup/code-lines.html
+++ /dev/null
@@ -1,187 +0,0 @@
-<html devsite>
- <head>
- <title>Codelines, Branches, and Releases</title>
- <meta name="project_path" value="/_project.yaml" />
- <meta name="book_path" value="/_book.yaml" />
- </head>
- <body>
- <!--
- Copyright 2017 The Android Open Source Project
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- -->
-
-
-
-<p>
- The Android Open Source Project (AOSP) maintains a complete software stack to be ported by
- OEMs and other device implementors and run on their own hardware. To maintain the quality of
- Android, Google has contributed full-time engineers, product managers, user interface designers,
- quality assurance testers, and all the other roles required to bring modern devices to market.
-</p>
-
-<p>
- Accordingly, we maintain a number of "code lines" to clearly separate the current stable
- version of Android from unstable experimental work. We roll the open source administration
- and maintenance of the Android code lines into the larger product development cycle.
-</p>
-
-<p>
- The chart below depicts at a conceptual level how AOSP manages code and releases. We're
- referring to these as "code lines" instead of "branches" simply because at any given moment
- there may be more than one branch for a given "code line". For instance, when a
- release is cut, it may or may not become a new branch based on the needs of the moment.
-</p>
-<ol>
- <li>
- <p>
- At any given moment, there is a current latest release of the Android platform. This
- typically takes the form of a branch in the tree.
- </p>
- </li>
- <li>
- <p>
- Device builders and contributors work with the current latest release, fixing bugs,
- launching new devices, experimenting with new features, and so on.
- </p>
- </li>
- <li>
- <p>
- In parallel, Google works internally on the next version of the Android platform and
- framework according to the product's needs and goals. We develop the next
- version of Android by working with a device partner on a flagship device whose
- specifications are chosen to push Android in the direction we believe it should go.
- </p>
- </li>
- <li>
- <p>
- When the "n+1"th version is ready, it will be published to the public source tree and
- become the new latest release.
- </p>
- </li>
-</ol>
- <img src="/images/code-lines.png" alt="code-line diagram" id="figure1" >
-<p class="img-caption">
- <strong>Figure 1.</strong> AOSP code and releases
-</p>
-<h2 id="terms-and-caveats">
- Terms and Caveats
-</h2>
-<ul>
- <li>
- <p>
- A <em>release</em> corresponds to a formal version of the Android platform, such as 1.5,
- 2.1, and so on. Generally speaking, a release of the platform corresponds to the version in
- the <code>SdkVersion</code> field of AndroidManifest.xml files and defined within
- <code>frameworks/base/api</code> in the source tree.
- </p>
- </li>
- <li>
- <p>
- An <em>upstream</em> project is an open source project from which the Android stack is
- pulling code. These include obvious projects such as the Linux kernel and WebKit.
- Over time we are migrating some of the semi-autonomous Android projects (such as ART,
- the Android SDK tools, Bionic, and so on) to work as "upstream" projects. Generally,
- these projects are developed entirely in the public tree. For some upstream projects,
- development is done by contributing directly to the upstream project itself. See <a href=
- "submit-patches.html#upstream-projects">Upstream Projects</a> for details. In both cases,
- snapshots will be periodically pulled into releases.
- </p>
- </li>
- <li>
- <p>
- At all times, a release code-line (which may actually consist of more than one actual
- branch in git) is considered the sole canonical source code for a given Android platform
- version. OEMs and other groups building devices should pull only from a release branch.
- </p>
- </li>
- <li>
- <p>
- "Experimental" code-lines are established to capture changes from the community so they can
- be iterated on with an eye toward stability.
- </p>
- </li>
- <li>
- <p>
- Changes that prove stable will eventually be pulled into a release branch. Note this
- applies only to bug fixes, application improvements, and other changes that do not affect the
- APIs of the platform.
- </p>
- </li>
- <li>
- <p>
- Changes will be pulled into release branches from upstream projects (including the
- Android "upstream" projects) as necessary.
- </p>
- </li>
- <li>
- <p>
- The "n+1"th version (that is, next major version of the framework and platform APIs) will
- be developed by Google internally. See <a href=
- "#about-private-code-lines">About Private Codelines</a> for details.
- </p>
- </li>
- <li>
- <p>
- Changes will be pulled from upstream, release, and experimental branches into Google's
- private branch as necessary.
- </p>
- </li>
- <li>
- <p>
- When the platform APIs for the next version have stabilized and been fully tested, Google
- will cut a release of the next platform version. (This specifically refers to a new
- <code>SdkVersion</code>.) This will also correspond to the internal code-line being made
- a public release branch, and the new current platform code-line.
- </p>
- </li>
- <li>
- <p>
- When a new platform version is cut, a corresponding experimental code-line will be
- created at the same time.
- </p>
- </li>
-</ul>
-
-<h2 id="about-private-code-lines">
- About Private Codelines
-</h2>
-<p>
- The source management strategy above includes a code-line that Google will keep private. The
- reason for this is to focus attention on the current public version of Android.
-</p>
-<p>
- OEMs and other device builders naturally want to ship devices with the latest version of
- Android. Similarly, application developers don't want to deal with more platform
- versions than strictly necessary. Meanwhile, Google retains responsibility for the strategic
- direction of Android as a platform and a product. Our approach focuses on a small number of
- flagship devices to drive features while securing protections of Android-related intellectual
- property.
-</p>
-<p>
- As a result, Google frequently has possession of confidential information from third parties.
- And we must refrain from revealing sensitive features until we've secured the appropriate
- protections. In addition, there are real risks to the platform arising from having too many
- platform versions extant at once. For these reasons, we have structured the open source
- project -- including third-party contributions -- to focus on the currently-public stable
- version of Android. "Deep development" on the next version of the platform will happen in
- private until it's ready to become an official release.
-</p>
-<p>
- We recognize many contributors will disagree with this approach. We respect others
- may have a different point of view; however, this is the approach we feel is best, and
- the one we've chosen to implement.
-</p>
-
- </body>
-</html>
diff --git a/en/setup/community.html b/en/setup/community.html
index af0d17ec..13e3e32c 100644
--- a/en/setup/community.html
+++ b/en/setup/community.html
@@ -42,7 +42,7 @@ Android, see the list of <a href="#resources">resources</a> below.</p>
accessories, and meeting compatibility requirements. The Android OS is a Git
repository of files and not a single file (.zip/tar/exe/etc.) to download. You
can get started with the Android source code by following the instructions on
-the <a href="downloading.html">Downloading the Source</a>
+the <a href="build/downloading.html">Downloading the Source</a>
page. For other information about Android, refer to the following resources.</p>
<table class="columns">
@@ -67,7 +67,7 @@ page. For other information about Android, refer to the following resources.</p>
<p></p>
<h5>Send feedback</h5>
-<a href="/setup/report-bugs.html">Report AOSP bug</a><br>
+<a href="contribute/report-bugs.html">Report AOSP bug</a><br>
<p></p>
</td>
diff --git a/en/setup/code-style.html b/en/setup/contribute/code-style.html
index dbb9887f..ddf945cd 100644
--- a/en/setup/code-style.html
+++ b/en/setup/contribute/code-style.html
@@ -35,11 +35,11 @@ follow the standard of their choosing, such as the <a
href="https://google.github.io/styleguide/javaguide.html">Google Java Style
Guide</a>.</p>
-<h2 id="java-language-rules">Java Language Rules</h2>
+<h2 id="java-language-rules">Java language rules</h2>
<p>Android follows standard Java coding conventions with the additional rules
described below.</p>
-<h3 id="dont-ignore-exceptions">Don't Ignore Exceptions</h3>
+<h3 id="dont-ignore-exceptions">Don't ignore exceptions</h3>
<p>It can be tempting to write code that completely ignores an exception, such
as:</p>
<pre><code>void setServerPort(String value) {
@@ -121,7 +121,7 @@ void setServerPort(String value) {
</li>
</ul>
-<h3 id="dont-catch-generic-exception">Don't Catch Generic Exception</h3>
+<h3 id="dont-catch-generic-exception">Don't catch generic exception</h3>
<p>It can also be tempting to be lazy when catching exceptions and do
something like this:</p>
<pre><code>try {
@@ -167,7 +167,7 @@ this level anyway, just let the method throw it.</p>
<p>Remember: exceptions are your friend! When the compiler complains you're
not catching an exception, don't scowl. Smile: the compiler just made it
easier for you to catch runtime problems in your code.</p>
-<h3 id="dont-use-finalizers">Don't Use Finalizers</h3>
+<h3 id="dont-use-finalizers">Don't use finalizers</h3>
<p>Finalizers are a way to have a chunk of code executed when an object is
garbage collected. While they can be handy for doing cleanup (particularly of
external resources), there are no guarantees as to when a finalizer will be
@@ -179,7 +179,7 @@ method needs to be called (see InputStream for an example). In this case it is
appropriate but not required to print a short log message from the finalizer,
as long as it is not expected to flood the logs.</p>
-<h3 id="fully-qualify-imports">Fully Qualify Imports</h3>
+<h3 id="fully-qualify-imports">Fully qualify imports</h3>
<p>When you want to use class Bar from package foo,there
are two possible ways to import it:</p>
<ul>
@@ -193,16 +193,16 @@ exception is made for java standard libraries (<code>java.util.*</code>,
<code>java.io.*</code>, etc.) and unit test code
(<code>junit.framework.*</code>).</p>
-<h2 id="java-library-rules">Java Library Rules</h2>
+<h2 id="java-library-rules">Java library rules</h2>
<p>There are conventions for using Android's Java libraries and tools. In some
cases, the convention has changed in important ways and older code might use a
deprecated pattern or library. When working with such code, it's okay to
continue the existing style. When creating new components however, never use
deprecated libraries.</p>
-<h2 id="java-style-rules">Java Style Rules</h2>
+<h2 id="java-style-rules">Java style rules</h2>
-<h3 id="use-javadoc-standard-comments">Use Javadoc Standard Comments</h3>
+<h3 id="use-javadoc-standard-comments">Use Javadoc standard comments</h3>
<p>Every file should have a copyright statement at the top, followed by package
and import statements (each block separated by a blank line) and finally the
class or interface declaration. In the Javadoc comments, describe what the class
@@ -269,17 +269,17 @@ should follow the instructions <a
href="http://www.oracle.com/technetwork/java/javase/documentation/index-137868.html">How
to Write Doc Comments for the Javadoc Tool</a>.</p>
-<h3 id="write-short-methods">Write Short Methods</h3>
+<h3 id="write-short-methods">Write short methods</h3>
<p>When feasible, keep methods small and focused. We recognize that long methods
are sometimes appropriate, so no hard limit is placed on method length. If a
method exceeds 40 lines or so, think about whether it can be broken up without
harming the structure of the program.</p>
-<h3 id="define-fields-in-standard-places">Define Fields in Standard Places</h3>
+<h3 id="define-fields-in-standard-places">Define fields in standard places</h3>
<p>Define fields either at the top of the file or immediately before the
methods that use them.</p>
-<h3 id="limit-variable-scope">Limit Variable Scope</h3>
+<h3 id="limit-variable-scope">Limit variable scope</h3>
<p>Keep the scope of local variables to a minimum. By doing so, you
increase the readability and maintainability of your code and reduce the
likelihood of error. Each variable should be declared in the innermost block
@@ -337,7 +337,7 @@ is a compelling reason to do otherwise:</p>
}
</code></pre>
-<h3 id="order-import-statements">Order Import Statements</h3>
+<h3 id="order-import-statements">Order import statements</h3>
<p>The ordering of import statements is:</p>
<ol>
<li>
@@ -391,7 +391,7 @@ pattern without extra engineering effort.</p>
<p>Put static imports above all the other imports ordered the same way as
regular imports.</p>
-<h3 id="use-spaces-for-indentation">Use Spaces for Indentation</h3>
+<h3 id="use-spaces-for-indentation">Use spaces for indentation</h3>
<p>We use four (4) space indents for blocks and never tabs. When in doubt, be
consistent with the surrounding code.</p>
<p>We use eight (8) space indents for line wraps, including function calls and
@@ -404,7 +404,7 @@ assignments. For example, this is correct:</p>
someLongExpression(that, wouldNotFit, on, one, line);
</code></pre>
-<h3 id="follow-field-naming-conventions">Follow Field Naming Conventions</h3>
+<h3 id="follow-field-naming-conventions">Follow field naming conventions</h3>
<ul>
<li>
<p>Non-public, non-static field names start with m.</p>
@@ -429,7 +429,7 @@ assignments. For example, this is correct:</p>
protected int mProtected;
}
</code></pre>
-<h3 id="use-standard-brace-style">Use Standard Brace Style</h3>
+<h3 id="use-standard-brace-style">Use standard brace style</h3>
<p>Braces do not go on their own line; they go on the same line as the code
before them:</p>
<pre><code>class MyClass {
@@ -459,7 +459,7 @@ are not obligated to) put it all on one line. For example, this is acceptable:</
body(); // bad!
</code></pre>
-<h3 id="limit-line-length">Limit Line Length</h3>
+<h3 id="limit-line-length">Limit line length</h3>
<p>Each line of text in your code should be at most 100 characters long. While
much discussion has surrounded this rule, the decision remains that 100
characters is the maximum <em>with the following exceptions</em>:</p>
@@ -471,7 +471,7 @@ ease of cut and paste.</li>
simplifies tool writing).</li>
</ul>
-<h3 id="use-standard-java-annotations">Use Standard Java Annotations</h3>
+<h3 id="use-standard-java-annotations">Use standard Java annotations</h3>
<p>Annotations should precede other modifiers for the same language element.
Simple marker annotations (e.g. @Override) can be listed on the same line with
the language element. If there are multiple annotations, or parameterized
@@ -509,7 +509,7 @@ refactored to isolate the software elements where the annotation applies.</p>
</li>
</ul>
-<h3 id="treat-acronyms-as-words">Treat Acronyms as Words</h3>
+<h3 id="treat-acronyms-as-words">Treat acronyms as words</h3>
<p>Treat acronyms and abbreviations as words in naming variables, methods, and
classes to make names more readable:</p>
<table>
@@ -546,7 +546,7 @@ classes to make names more readable:</p>
acronyms, it is virtually impossible to be consistent with the surrounding
code. Therefore, always treat acronyms as words.</p>
-<h3 id="use-todo-comments">Use TODO Comments</h3>
+<h3 id="use-todo-comments">Use TODO comments</h3>
<p>Use TODO comments for code that is temporary, a short-term solution, or
good-enough but not perfect. TODOs should include the string TODO in all caps,
followed by a colon:</p>
@@ -560,7 +560,7 @@ you either include a very specific date ("Fix by November 2005") or a very
specific event ("Remove this code after all production mixers understand
protocol V7.").</p>
-<h3 id="log-sparingly">Log Sparingly</h3>
+<h3 id="log-sparingly">Log sparingly</h3>
<p>While logging is necessary, it has a significantly negative impact on
performance and quickly loses its usefulness if not kept reasonably
terse. The logging facilities provides five different levels of logging:</p>
@@ -684,7 +684,7 @@ unnecessarily push other logs out of the buffer, just as others may not push
out yours.</em></li>
</ul>
-<h3 id="be-consistent">Be Consistent</h3>
+<h3 id="be-consistent">Be consistent</h3>
<p>Our parting thought: BE CONSISTENT. If you're editing code, take a few
minutes to look at the surrounding code and determine its style. If that code
uses spaces around the if clauses, you should too. If the code comments have
@@ -697,7 +697,7 @@ vocabulary, but local style is also important. If the code you add to a file
looks drastically different from the existing code around it, it throws
readers out of their rhythm when they go to read it. Try to avoid this.</p>
-<h2 id="javatests-style-rules">Javatests Style Rules</h2>
+<h2 id="javatests-style-rules">Javatests style rules</h2>
<p>Follow test method naming conventions and use an underscore to separate what
is being tested from the specific case being tested. This style makes it easier
to see exactly what cases are being tested. For example:</p>
diff --git a/en/setup/contributing.html b/en/setup/contribute/index.html
index ec212f99..829361af 100644
--- a/en/setup/contributing.html
+++ b/en/setup/contribute/index.html
@@ -24,11 +24,13 @@
<p>Thanks for your interest in Android! Here are some ways you can get involved
and help us improve Android. For background on the Android project and our
-goals, check out the <a href="/setup/index.html">Overview</a> page.</p>
+goals, check out the <a href="../index.html">Overview</a> page.</p>
+
<h2 id="report-bugs">Report Bugs</h2>
<p>One of the easiest and most effective ways you can help improve Android is
-to file bugs. For more information, visit the <a href="report-bugs.html">Reporting Bugs</a> page.</p>
+to file bugs. For more information, visit the
+<a href="report-bugs.html">Reporting Bugs</a> page.</p>
<p>Please note that we can't guarantee that any particular bug will be fixed in
any particular release. To see what happens to your bug once you report it,
read <a href="life-of-a-bug.html">Life of a Bug</a>.</p>
@@ -48,11 +50,11 @@ out the source, pick a bug or feature, and get coding. Note that the smaller
and more targetted your patch submissions, the easier it will be for us to
review them.</p>
-<p>You can get started with Android by learning about the <a href="life-of-a-patch.html">Life of a Patch</a>,
-and by learning about <code>git</code>, <code>repo</code>, and other tools using the links to the left.
+<p>You can get started with Android by learning about the <a href="life-of-a-patch.html">Life of a Patch</a>,
+and by learning about <code>git</code>, <code>repo</code>, and other tools using the links to the left.
You can also view the activity on all contributions on our
<a href="https://android-review.googlesource.com/">Gerrit server</a>.
-If you need help along the way, you can join our <a href="/setup/community.html">discussion groups</a>.</p>
+If you need help along the way, you can join our <a href="../community.html">discussion groups</a>.</p>
</body>
</html>
diff --git a/en/setup/life-of-a-bug.html b/en/setup/contribute/life-of-a-bug.html
index 571b7cd6..7490b456 100644
--- a/en/setup/life-of-a-bug.html
+++ b/en/setup/contribute/life-of-a-bug.html
@@ -34,7 +34,7 @@ intended only for bugs and feature requests related to the core Android
software stack, and is a technical tool for the Open Source community.</p>
<p>This is not a customer support forum. For support information, see the
-<a href="https://support.google.com/nexus">Nexus</a> and
+<a href="https://support.google.com/nexus">Nexus</a> and
<a href="https://support.google.com/pixelphone">Pixel</a> help centers.
Support for other devices is provided by the device manufacturers or by the
carriers selling those devices.</p>
diff --git a/en/setup/life-of-a-patch.html b/en/setup/contribute/life-of-a-patch.html
index 6f8d144a..6f8d144a 100644
--- a/en/setup/life-of-a-patch.html
+++ b/en/setup/contribute/life-of-a-patch.html
diff --git a/en/setup/read-bug-reports.html b/en/setup/contribute/read-bug-reports.html
index 63ff5cc0..63ff5cc0 100644
--- a/en/setup/read-bug-reports.html
+++ b/en/setup/contribute/read-bug-reports.html
diff --git a/en/setup/report-bugs.html b/en/setup/contribute/report-bugs.html
index 85ea2fd4..85ea2fd4 100644
--- a/en/setup/report-bugs.html
+++ b/en/setup/contribute/report-bugs.html
diff --git a/en/setup/submit-patches.html b/en/setup/contribute/submit-patches.html
index c9b7b404..578e4750 100644
--- a/en/setup/submit-patches.html
+++ b/en/setup/contribute/submit-patches.html
@@ -30,24 +30,24 @@ href="https://android-review.googlesource.com/">Gerrit</a>.</p>
<ul>
<li>
<p>Before you follow the instructions on this page, you need to <a
-href="/setup/initializing.html">
+href="../build/initializing.html">
initialize your build environment</a>, <a
-href="/setup/downloading.html">download the source</a>, <a
+href="../build/downloading.html">download the source</a>, <a
href="https://android.googlesource.com/new-password">create a
password</a>, and follow the instructions on the password generator page.</p>
</li>
<li>
-<p>For details about Repo and Git, see the <a
-href="/setup/developing.html">Developing</a> section.</p>
+<p>For details about Repo and Git, see <a
+href="../develop/index.html">Developing</a>.</p>
</li>
<li>
<p>For information about the different roles you can play within the Android
-Open Source community, see <a href="/setup/roles.html">Project
+Open Source community, see <a href="../start/roles.html">Project
roles</a>.</p>
</li>
<li>
<p>If you plan to contribute code to the Android platform, be sure to read
-the <a href="/setup/licenses.html">AOSP's licensing
+the <a href="../start/licenses.html">AOSP's licensing
information</a>.</p>
</li>
<li>
@@ -64,7 +64,7 @@ href="#upstream-projects">Upstream Projects</a>.</p>
href="https://android.googlesource.com/new-password">establish a password</a>
that will identify you with the server. Follow the instructions on the password
generator page. You need to do this only once. See <a
-href="/setup/downloading.html#using-authentication">Using
+href="../build/downloading.html#using-authentication">Using
Authentication</a> for additional details.</p>
<h3 id="start-a-repo-branch">Start a repo branch</h3>
<p>For each change you intend to make, start a new branch within the relevant
diff --git a/en/setup/view-patches.html b/en/setup/contribute/view-patches.html
index c14c3149..b3921fd1 100644
--- a/en/setup/view-patches.html
+++ b/en/setup/contribute/view-patches.html
@@ -89,7 +89,7 @@ repo download <var>TARGET CHANGE</var></pre>
which the change should be downloaded and
<code><var>CHANGE</var></code> is the change number as listed in
Gerrit. For more information, see the <a
- href="/setup/using-repo.html">Repo reference</a>.
+ href="../develop/repo.html">Repo reference</a>.
</p>
<h2 id="how-do-i-become-a-verifier-or-reviewer">How do I become a Verifier
@@ -99,7 +99,7 @@ repo download <var>TARGET CHANGE</var></pre>
In short, contribute high-quality code to one or more of the Android
projects. For details about the different roles in the Android Open
Source community and who plays them, see <a
- href="/setup/roles.html">Project Roles</a>.
+ href="../start/roles.html">Project Roles</a>.
</p>
<h2 id="diffs-and-comments">Diffs and comments</h2>
diff --git a/en/setup/64-bit-builds.html b/en/setup/develop/64-bit-builds.html
index 30b51d6f..30b51d6f 100644
--- a/en/setup/64-bit-builds.html
+++ b/en/setup/develop/64-bit-builds.html
diff --git a/en/setup/developing.html b/en/setup/develop/index.html
index 1b85969d..5ecf6dbd 100644
--- a/en/setup/developing.html
+++ b/en/setup/develop/index.html
@@ -42,7 +42,8 @@
<p>
For more details on Git, refer to
- <a href="https://git-scm.com/documentation">Git Documentation</a>.
+ <a href="https://git-scm.com/documentation" class="external">Git
+ Documentation</a>.
</p>
<h2 id="repo">Repo</h2>
@@ -62,7 +63,7 @@
In most situations, you can use Git instead of Repo, or mix Repo and Git
commands to form complex commands. However, using Repo for basic
across-network operations will make your work much simpler. For more details
- on Repo, see the <a href="/setup/using-repo.html">Repo Command Reference</a>.
+ on Repo, see the <a href="repo.html">Repo Command Reference</a>.
</p>
<h2 id="other-tools">Other tools</h2>
@@ -90,9 +91,8 @@
Android development involves the following basic workflow:
</p>
-<img src="images/git_workflow.png" alt="basic workflow diagram" />
+<img src="../images/git_workflow.png" alt="basic workflow diagram" />
<figcaption><strong>Figure 1.</strong> Basic Android workflow</figcaption>
-<p>&nbsp;</p>
<ol>
<li>Start a new topic branch using <code>repo start</code>.
</li>
@@ -182,8 +182,8 @@
<p>
For information about using Repo to download source, see
- <a href="/setup/downloading.html">Downloading the Source</a> and the
- <a href="/setup/using-repo.html">Repo Command Reference</a>.
+ <a href="../build/downloading.html">Downloading the Source</a> and the
+ <a href="repo.html">Repo Command Reference</a>.
</p>
<h3 id="synchronizing-clients">Synchronizing clients</h3>
@@ -209,7 +209,8 @@ repo sync <var>PROJECT0 PROJECT1 ... PROJECTN</var>
particular commit, which makes creating local branches and switching among
them a lightweight operation. By using branches, you can isolate one aspect of
your work from the others. For an interesting article about using topic
- branches, refer to <a href="http://www.kernel.org/pub/software/scm/git/docs/howto/separating-topic-branches.txt" class="external">Separating
+ branches, refer to
+ <a href="http://www.kernel.org/pub/software/scm/git/docs/howto/separating-topic-branches.txt" class="external">Separating
topic branches</a>.
</p>
@@ -323,7 +324,7 @@ repo diff
<code class="devsite-terminal">git diff --cached</code>
</pre>
-<img src="images/git_diff.png" alt="diff vs diff-cached" />
+<img src="../images/git_diff.png" alt="diff vs diff-cached" />
<figcaption><strong>Figure 2.</strong> Uncommitted vs. committed edits.
</figcaption>
diff --git a/en/setup/add-device.html b/en/setup/develop/new-device.html
index bd869f97..bd869f97 100644
--- a/en/setup/add-device.html
+++ b/en/setup/develop/new-device.html
diff --git a/en/setup/using-repo.html b/en/setup/develop/repo.html
index b84d9d2f..b84d9d2f 100644
--- a/en/setup/using-repo.html
+++ b/en/setup/develop/repo.html
diff --git a/en/setup/initializing.html b/en/setup/initializing.html
deleted file mode 100644
index 518a1d98..00000000
--- a/en/setup/initializing.html
+++ /dev/null
@@ -1,459 +0,0 @@
-<html devsite>
- <head>
- <title>Establishing a Build Environment</title>
- <meta name="project_path" value="/_project.yaml" />
- <meta name="book_path" value="/_book.yaml" />
- </head>
- <body>
- <!--
- Copyright 2017 The Android Open Source Project
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- -->
-
-<p>This section describes how to set up your local work environment to build
-the Android source files. You will need to use Linux or Mac OS. Building under
-Windows is not currently supported.</p>
-<p>For an overview of the entire code-review and code-update process, see <a
-href="life-of-a-patch.html">Life of a Patch</a>.</p>
-<p class="note"><strong>Note:</strong> All commands in this site are preceded
-by a dollar sign ($) to differentiate them from output or entries within files.
-You may use the <em>Click to copy</em> feature at the top right of each command
-box to copy all lines without the dollar signs or triple-click each line to
-copy it individually without the dollar sign.</p>
-<h2 id="choosing-a-branch">Choosing a Branch</h2>
-<p>Some of the requirements for your build environment are determined by which
-version of the source code you plan to compile. See
-<a href="build-numbers.html">Build Numbers</a> for a full listing of branches you may
-choose from. You may also choose to download and build the latest source code
-(called <code>master</code>), in which case you will simply omit the branch specification
-when you initialize the repository.</p>
-<p>Once you have selected a branch, follow the appropriate instructions below to
-set up your build environment.</p>
-<h2 id="setting-up-a-linux-build-environment">Setting up a Linux build environment</h2>
-<p>These instructions apply to all branches, including <code>master</code>.</p>
-<p>The Android build is routinely tested in house on recent versions of
-Ubuntu LTS (14.04), but most distributions should have the required
-build tools available. Reports of successes or failures on other
-distributions are welcome.</p>
-<p>For Gingerbread (2.3.x) and newer versions, including the <code>master</code>
-branch, a 64-bit environment is required. Older versions can be
-compiled on 32-bit systems.</p>
-<p class="note"><strong>Note:</strong> See the <a
-href="requirements.html">Requirements</a> for the complete list of hardware and
-software requirements. Then follow the detailed instructions for Ubuntu and Mac
-OS below.</p>
-
-<h3 id="installing-the-jdk">Installing the JDK</h3>
-<p>The <code>master</code> branch of Android in the <a
-href="https://android.googlesource.com/">Android Open Source Project (AOSP)</a>
-comes with prebuilt versions of OpenJDK below
-<code>prebuilts/jdk/</code>. So no additional installation is
-required.</p>
-
-<p>Older versions of Android require a separate installation of the JDK. On
-Ubuntu, use <a href="http://openjdk.java.net/install/">OpenJDK</a>. See <a
-href="requirements.html#jdk">JDK Requirements</a> for precise versions and the
-sections below for instructions.</p>
-
-<h4 id="for-ubuntu-15-04">For Ubuntu &gt;= 15.04</h4>
-<p>Run the following:</p>
-<pre class="devsite-click-to-copy">
-<code class="devsite-terminal">sudo apt-get update</code>
-<code class="devsite-terminal">sudo apt-get install openjdk-8-jdk</code>
-</pre>
-
-<h4 id="for-ubuntu-14-04">For Ubuntu LTS 14.04</h4>
-<p>There are no available supported OpenJDK 8 packages for Ubuntu 14.04. The
-<strong>Ubuntu 15.04 OpenJDK 8</strong> packages have been used successfully
-with Ubuntu 14.04. <em>Newer package versions (e.g. those for 15.10, 16.04) were
-found not to work on 14.04 using the instructions below.</em></p>
-<ol>
-<li>
-<p>Download the <code>.deb</code> packages for 64-bit architecture from
-<a href="http://old-releases.ubuntu.com/ubuntu/pool/universe/o/openjdk-8/">old-releases.ubuntu.com</a>:</p>
-<ul>
-<li><a
-href="http://old-releases.ubuntu.com/ubuntu/pool/universe/o/openjdk-8/openjdk-8-jre-headless_8u45-b14-1_amd64.deb">openjdk-8-jre-headless_8u45-b14-1_amd64.deb</a>
-with SHA256 <code>0f5aba8db39088283b51e00054813063173a4d8809f70033976f83e214ab56c0</code></li>
-<li><a
-href="http://old-releases.ubuntu.com/ubuntu/pool/universe/o/openjdk-8/openjdk-8-jre_8u45-b14-1_amd64.deb">openjdk-8-jre_8u45-b14-1_amd64.deb</a>
-with SHA256 <code>9ef76c4562d39432b69baf6c18f199707c5c56a5b4566847df908b7d74e15849</code></li>
-<li><a
-href="http://old-releases.ubuntu.com/ubuntu/pool/universe/o/openjdk-8/openjdk-8-jdk_8u45-b14-1_amd64.deb">openjdk-8-jdk_8u45-b14-1_amd64.deb</a>
-with SHA256 <code>6e47215cf6205aa829e6a0a64985075bd29d1f428a4006a80c9db371c2fc3c4c</code></li>
-</ul>
-</li>
-<li>
-<p>Optionally, confirm the checksums of the downloaded files against the SHA256
-string listed with each package above.</p>
-<p>For example, with the <code>sha256sum</code> tool:</p>
-<pre class="devsite-terminal devsite-click-to-copy">
-sha256sum {downloaded.deb file}
-</pre>
-</li>
-<li>
-<p>Install the packages:</p>
-<pre class="devsite-terminal devsite-click-to-copy">
-sudo apt-get update
-</pre>
-<p>Run <code>dpkg</code> for each of the .deb files you downloaded. It may produce errors due to
-missing dependencies:</p>
-<pre class="devsite-terminal devsite-click-to-copy">
-sudo dpkg -i {downloaded.deb file}
-</pre>
-<p>To fix missing dependencies:</p>
-<pre class="devsite-terminal devsite-click-to-copy">
-sudo apt-get -f install
-</pre>
-</li>
-</ol>
-
-<h4 id="default-java-version">Update the default Java version - optional</h4>
-
-<p>Optionally, for the Ubuntu versions above update the default Java version by
-running:</p>
-<pre class="devsite-click-to-copy">
-<code class="devsite-terminal">sudo update-alternatives --config java</code>
-<code class="devsite-terminal">sudo update-alternatives --config javac</code>
-</pre>
-
-<p>If, during a build, you encounter version errors for Java, set its
-path as described in the <a href="building.html#wrong-java-version">Wrong
-Java Version</a> section.</p>
-
-<h3 id="installing-required-packages-ubuntu-1404">Installing required packages (Ubuntu 14.04)</h3>
-
-<p>You will need a 64-bit version of Ubuntu. Ubuntu 14.04 is recommended.</p>
-
-<pre class="devsite-terminal devsite-click-to-copy">
-sudo apt-get install git-core gnupg flex bison gperf build-essential zip curl zlib1g-dev gcc-multilib g++-multilib libc6-dev-i386 lib32ncurses5-dev x11proto-core-dev libx11-dev lib32z-dev ccache libgl1-mesa-dev libxml2-utils xsltproc unzip
-</pre>
-
-<p class="note"><strong>Note:</strong> To use SELinux tools for policy
-analysis, also install the <code>python-networkx</code> package.</p>
-
-<p class="note"><strong>Note:</strong> If you are using LDAP and want
-to run ART host tests, also install the <code>libnss-sss:i386</code>
-package.</p>
-
-<h3 id="installing-required-packages-ubuntu-1204">Installing required packages
-(Ubuntu 12.04)</h3>
-
-<p>You may use Ubuntu 12.04 to build older versions of Android. Version 12.04
-is not supported on master or recent releases.</p>
-
-<pre class="devsite-click-to-copy">
-<code class="devsite-terminal">sudo apt-get install git gnupg flex bison gperf build-essential zip curl libc6-dev libncurses5-dev:i386 x11proto-core-dev libx11-dev:i386 libreadline6-dev:i386 libgl1-mesa-glx:i386 libgl1-mesa-dev g++-multilib mingw32 tofrodos python-markdown libxml2-utils xsltproc zlib1g-dev:i386</code>
-<code class="devsite-terminal">sudo ln -s /usr/lib/i386-linux-gnu/mesa/libGL.so.1 /usr/lib/i386-linux-gnu/libGL.so</code>
-</pre>
-
-<h3 id="installing-required-packages-ubuntu-1004-1110">Installing required
-packages (Ubuntu 10.04 -- 11.10)</h3>
-<p>Building on Ubuntu 10.04-11.10 is no longer supported, but may be useful for
-building older releases of AOSP.</p>
-
-<pre class="devsite-terminal devsite-click-to-copy">
-sudo apt-get install git gnupg flex bison gperf build-essential zip curl zlib1g-dev libc6-dev lib32ncurses5-dev ia32-libs x11proto-core-dev libx11-dev lib32readline5-dev lib32z-dev libgl1-mesa-dev g++-multilib mingw32 tofrodos python-markdown libxml2-utils xsltproc
-</pre>
-
-<p>On Ubuntu 10.10:</p>
-
-<pre class="devsite-terminal devsite-click-to-copy">
-sudo ln -s /usr/lib32/mesa/libGL.so.1 /usr/lib32/mesa/libGL.so
-</pre>
-
-<p>On Ubuntu 11.10:</p>
-
-<pre class="devsite-terminal devsite-click-to-copy">
-sudo apt-get install libx11-dev:i386
-</pre>
-
-<h3 id="configuring-usb-access">Configuring USB Access</h3>
-
-<p>Install a community-maintained default set of <code>udev</code> rules for
-all Android devices by following the instructions to <a
-href="https://developer.android.com/studio/run/device.html#setting-up"
-class="external">Set up a device for development</a>.
-
-<h3 id="using-a-separate-output-directory">Using a separate output directory</h3>
-
-<p>By default, the output of each build is stored in the <code>out/</code>
-subdirectory of the matching source tree.</p>
-
-<p>On some machines with multiple storage devices, builds are
-faster when storing the source files and the output on
-separate volumes. For additional performance, the output
-can be stored on a filesystem optimized for speed instead
-of crash robustness, since all files can be re-generated
-in case of filesystem corruption.</p>
-
-<p>To set this up, export the <code>OUT_DIR_COMMON_BASE</code> variable
-to point to the location where your output directories
-will be stored.</p>
-
-<pre class="devsite-terminal devsite-click-to-copy">
-export OUT_DIR_COMMON_BASE=&lt;path-to-your-out-directory&gt;
-</pre>
-
-<p>The output directory for each separate source tree will be
-named after the directory holding the source tree.</p>
-
-<p>For instance, if you have source trees as <code>/source/master1</code>
-and <code>/source/master2</code> and <code>OUT_DIR_COMMON_BASE</code> is set to
-<code>/output</code>, the output directories will be <code>/output/master1</code>
-and <code>/output/master2</code>.</p>
-
-<p>It's important in that case to not have multiple source
-trees stored in directories that have the same name,
-as those would end up sharing an output directory, with
-unpredictable results.</p>
-
-<p>This is only supported on Jelly Bean (4.1) and newer,
-including the <code>master</code> branch.</p>
-
-<h2 id="setting-up-a-mac-os-x-build-environment">Setting up a Mac OS build
-environment</h2>
-
-<p>In a default installation, Mac OS runs on a case-preserving but
-case-insensitive filesystem. This type of filesystem is not supported by git
-and will cause some git commands (such as <code>git status</code>) to behave
-abnormally. Because of this, we recommend that you always work with the AOSP
-source files on a case-sensitive filesystem. This can be done fairly easily
-using a disk image, discussed below.</p>
-
-<p>Once the proper filesystem is available, building the <code>master</code>
-branch in a modern Mac OS environment is very straightforward. Earlier
-branches require some additional tools and SDKs.</p>
-
-<h3 id="creating-a-case-sensitive-disk-image">Creating a case-sensitive disk image</h3>
-
-<p>You can create a case-sensitive filesystem within your existing Mac OS environment
-using a disk image. To create the image, launch Disk
-Utility and select "New Image". A size of 25GB is the minimum to
-complete the build; larger numbers are more future-proof. Using sparse images
-saves space while allowing to grow later as the need arises. Be sure to select
-"case sensitive, journaled" as the volume format.</p>
-
-<p>You can also create it from a shell with the following command:</p>
-<pre class="devsite-click-to-copy devsite-terminal" data-terminal-prefix="# ">
-hdiutil create -type SPARSE -fs 'Case-sensitive Journaled HFS+' -size 40g ~/android.dmg
-</pre>
-
-<p>This will create a <code>.dmg</code> (or possibly a
-<code>.dmg.sparseimage</code>) file which, once mounted, acts as a drive with
-the required formatting for Android development.</p>
-
-<p>If you need a larger volume later, you can also resize the sparse image with
-the following command:</p>
-
-<pre class="devsite-click-to-copy devsite-terminal" data-terminal-prefix="# ">hdiutil resize -size &lt;new-size-you-want&gt;g ~/android.dmg.sparseimage
-</pre>
-
-<p>For a disk image named <code>android.dmg</code> stored in your home
-directory, you can add helper functions to your <code>~/.bash_profile</code>:</p>
-
-<ul>
-<li>
-To mount the image when you execute <code>mountAndroid</code>:
-
-<pre class="devsite-click-to-copy">
-# mount the android file image
-mountAndroid() { hdiutil attach ~/android.dmg -mountpoint /Volumes/android; }
-</pre>
-
-<p class="note"><strong>Note:</strong> If your system created a
-<code>.dmg.sparseimage</code> file, replace <code>~/android.dmg</code> with
-<code>~/android.dmg.sparseimage</code>.</p>
-</li>
-
-<li>
-<p>To unmount it when you execute <code>umountAndroid</code>:</p>
-<pre class="devsite-click-to-copy">
-# unmount the android file image
-umountAndroid() { hdiutil detach /Volumes/android; }
-</pre>
-</li>
-</ul>
-
-<p>Once you've mounted the <code>android</code> volume, you'll do all your work
-there. You can eject it (unmount it) just like you would with an external
-drive.</p>
-
-<h3 id="installing-the-mac-jdk">Installing the JDK</h3>
-
-<p>See <a href="requirements.html">Requirements</a> for the version of Java to
-use when developing various versions of Android.</p>
-
-<h4 id="installing-required-packages">Installing required packages</h4>
-
-<ol>
-<li>
-<p>Install Xcode command line tools with:
-<pre class="devsite-terminal devsite-click-to-copy">
-xcode-select --install
-</pre>
-
-<p>For older versions of Mac OS (10.8 or earlier), you need to install Xcode from
-<a href="http://developer.apple.com/">the Apple developer site</a>.
-If you are not already registered as an Apple developer, you will have to
-create an Apple ID in order to download.</p>
-</li>
-
-<li>
-<p>Install MacPorts from <a
-href="http://www.macports.org/install.php">macports.org</a>.</p>
-
-<p class="note"><strong>Note:</strong> Make sure that
-<code>/opt/local/bin</code> appears in your path <strong>before</strong>
-<code>/usr/bin</code>. If not, please add the following to your
-<code>~/.bash_profile</code> file:</p>
-
-<pre class="devsite-click-to-copy">
-export PATH=/opt/local/bin:$PATH
-</pre>
-
-<p class="note"><strong>Note:</strong> If you do not have a
-<code>.bash_profile</code> file in your home directory, create one.</p>
-</li>
-
-<li>
-<p>Get make, git, and GPG packages from MacPorts:</p>
-
-<pre class="devsite-terminal devsite-click-to-copy">
-POSIXLY_CORRECT=1 sudo port install gmake libsdl git gnupg
-</pre>
-
-<p>If using Mac OS X v10.4, also install bison:</p>
-<pre class="devsite-terminal devsite-click-to-copy">
-POSIXLY_CORRECT=1 sudo port install bison
-</pre>
-</li>
-</ol>
-
-<h4 id="reverting-from-make-382">Reverting from make 3.82</h4>
-
-<p>In Android 4.0.x (Ice Cream Sandwich) and earlier, a bug exists in gmake 3.82
-that prevents android from building. You can install version 3.81 using
-MacPorts with these steps:</p>
-
-<ol>
-<li>
-<p>Edit <code>/opt/local/etc/macports/sources.conf</code> and add a line that says:</p>
-<pre class="devsite-click-to-copy">
-file:///Users/Shared/dports
-</pre>
-
-<p>above the rsync line. Then create this directory:</p>
-<pre class="devsite-terminal devsite-click-to-copy">
-mkdir /Users/Shared/dports
-</pre>
-</li>
-
-<li>
-<p>In the new <code>dports</code> directory, run:</p>
-<pre class="devsite-terminal devsite-click-to-copy">
-svn co --revision 50980 http://svn.macports.org/repository/macports/trunk/dports/devel/gmake/ devel/gmake/
-</pre>
-</li>
-
-<li>
-<p>Create a port index for your new local repository:</p>
-
-<pre class="devsite-terminal devsite-click-to-copy">
-portindex /Users/Shared/dports
-</pre>
-</li>
-
-<li>
-<p>Install the old version of gmake with:</p>
-<pre class="devsite-terminal devsite-click-to-copy">
-sudo port install gmake @3.81
-</pre>
-</li>
-</ol>
-
-<h4 id="setting-a-file-descriptor-limit">Setting a file descriptor limit</h4>
-
-<p>On Mac OS, the default limit on the number of simultaneous file descriptors
-open is too low and a highly parallel build process may exceed this limit.</p>
-
-<p>To increase the cap, add the following lines to your <code>~/.bash_profile</code>: </p>
-<pre class="devsite-click-to-copy">
-# set the number of open files to be 1024
-ulimit -S -n 1024
-</pre>
-
-<h2 id="optimizing-a-build-environment">Optimizing a build environment (optional)</h2>
-
-<h3 id="setting-up-ccache">Setting up ccache</h3>
-
-<p>You can optionally tell the build to use the ccache compilation tool, which
-is a compiler cache for C and C++ that can help make builds faster. It
-is especially useful for build servers and other high-volume production
-environments. Ccache acts as a compiler cache that can be used to speed up rebuilds.
-This works very well if you use <code>make clean</code> often, or if you frequently
-switch between different build products.</p>
-
-<p class="note"><strong>Note:</strong> If you're instead conducting incremental
-builds (such as an individual developer rather than a build server), ccache may
-slow your builds down by making you pay for cache misses.</p>
-
-<p>To use ccache, issue these commands in the root of the source tree:</p>
-
-<pre class="devsite-click-to-copy">
-<code class="devsite-terminal">export USE_CCACHE=1</code>
-<code class="devsite-terminal">export CCACHE_DIR=/&lt;path_of_your_choice&gt;/.ccache</code>
-<code class="devsite-terminal">prebuilts/misc/linux-x86/ccache/ccache -M 50G</code>
-</pre>
-
-<p>The suggested cache size is 50-100G.</p>
-
-<p>Put the following in your <code>.bashrc</code> (or equivalent):</p>
-
-<pre class="devsite-click-to-copy">
-export USE_CCACHE=1
-</pre>
-
-<p>By default the cache will be stored in <code>~/.ccache</code>.
-If your home directory is on NFS or some other non-local filesystem,
-you will want to specify the directory in your <code>.bashrc</code> file too.</p>
-
-<p>On Mac OS, you should replace <code>linux-x86</code> with <code>darwin-x86</code>:</p>
-
-<pre class="devsite-click-to-copy">
-prebuilts/misc/darwin-x86/ccache/ccache -M 50G
-</pre>
-
-<p>When building Ice Cream Sandwich (4.0.x) or older, ccache is in
-a different location:</p>
-
-<pre class="devsite-click-to-copy">
-prebuilt/linux-x86/ccache/ccache -M 50G
-</pre>
-
-<p>This setting is stored in the CCACHE_DIR and is persistent.</p>
-
-<p>On Linux, you can watch ccache being used by doing the following:</p>
-
-<pre class="devsite-terminal devsite-click-to-copy">
-watch -n1 -d prebuilts/misc/linux-x86/ccache/ccache -s
-</pre>
-
-<h2 id="next-download-the-source">Next: Download the source</h2>
-
-<p>Your build environment is good to go! Proceed to <a
-href="downloading.html">downloading the source</a>.</p>
-
- </body>
-</html>
diff --git a/en/setup/licenses.html b/en/setup/licenses.html
deleted file mode 100644
index a2114a2b..00000000
--- a/en/setup/licenses.html
+++ /dev/null
@@ -1,110 +0,0 @@
-<html devsite>
- <head>
- <title>Content License</title>
- <meta name="project_path" value="/_project.yaml" />
- <meta name="book_path" value="/_book.yaml" />
- </head>
- <body>
- <!--
- Copyright 2017 The Android Open Source Project
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- -->
-
-
-
-<p>The Android Open Source Project uses a few
-<a href="http://www.opensource.org/">open source initiative</a>
-approved open source licenses for our software.</p>
-<h2 id="android-open-source-project-license">Android Open Source Project License</h2>
-<p>The preferred license for the Android Open Source Project is the
-<a href="http://www.apache.org/licenses/LICENSE-2.0">Apache
-Software License, Version 2.0</a> ("Apache 2.0"),
-and the majority of the Android software is licensed
-with Apache 2.0. While the project will strive to adhere to the preferred
-license, there may be exceptions that will be handled on a case-by-case
-basis. For example, the Linux kernel patches are under the GPLv2 license with
-system exceptions, which can be found on <a href="http://www.kernel.org/pub/linux/kernel/COPYING">kernel.org</a>.</p>
-<h2 id="contributor-license-grants">Contributor License Agreements</h2>
-<p>All <em>individual</em> contributors (that is, contributors making contributions
-only on their own behalf) of ideas, code, or documentation to the Android Open
-Source Project will be required to complete, sign, and submit an <a
-href="https://cla.developers.google.com/about/google-individual">Individual
-Contributor License Agreement</a>. The agreement can be executed online through the
-<a href="https://android-review.googlesource.com/#/settings/agreements">code review tool</a>.
-The agreement clearly defines the terms under which intellectual
-property has been contributed to the Android Open Source Project. This license
-is for your protection as a contributor as well as the protection of the
-project; it does not change your rights to use your own contributions for any
-other purpose.</p>
-<p>For a <em>corporation</em> (or other entity) that has assigned employees to
-work on the Android Open Source Project, a <a
-href="https://cla.developers.google.com/about/google-corporate">Corporate
-Contributor License Agreement</a> is available.
-This version of the agreement allows a
-corporation to authorize contributions submitted by its designated employees
-and to grant copyright and patent licenses. Note that a Corporate Contributor
-License Agreement does not remove the need for any developer to sign their own
-Individual Contributor License Agreement as an individual. The individual
-agreement is needed to cover any of their contributions that are <em>not</em>
-owned by the corporation signing the Corporate Contributor License Agreement.</p>
-<p>Please note we based our agreements on the ones the
-<a href="http://www.apache.org">Apache Software Foundation</a> uses, which can
-be found on the <a href="http://www.apache.org/licenses/">Apache web site</a>.</p>
-<h2 id="why-apache-software-license">Why Apache Software License?</h2>
-<p>We are sometimes asked why Apache Software License 2.0 is the preferred
-license for Android. For userspace (that is, non-kernel) software, we do in
-fact prefer ASL2.0 (and similar licenses like BSD, MIT, etc.) over other
-licenses such as LGPL.</p>
-<p>Android is about freedom and choice. The purpose of Android is promote
-openness in the mobile world, and we don't believe it's possible to predict or
-dictate all the uses to which people will want to put our software. So, while
-we encourage everyone to make devices that are open and modifiable, we don't
-believe it is our place to force them to do so. Using LGPL libraries would
-often force them to do just that.</p>
-<p>Here are some of our specific concerns:</p>
-<ul>
-<li>
-<p>LGPL (in simplified terms) requires either: shipping of source to the
-application; a written offer for source; or linking the LGPL-ed library
-dynamically and allowing users to manually upgrade or replace the library.
-Since Android software is typically shipped in the form of a static system
-image, complying with these requirements ends up restricting OEMs' designs.
-(For instance, it's difficult for a user to replace a library on read-only
-flash storage.)</p>
-</li>
-<li>
-<p>LGPL requires allowance of customer modification and reverse
-engineering for debugging those modifications. Most device makers do
-not want to have to be bound by these terms. So to minimize the burden on
-these companies, we minimize usage of LGPL software in userspace.</li></p>
-</li>
-<li>
-<p>Historically, LGPL libraries have been the source of a large number
-of compliance problems for downstream device makers and application
-developers. Educating engineers on these issues is difficult and slow-going,
-unfortunately. It's critical to Android's success that it be as easy as
-possible for device makers to comply with the licenses. Given the
-difficulties with complying with LGPL in the past, it is most prudent to
-simply not use LGPL libraries if we can avoid it.</p>
-</li>
-</ul>
-<p>The issues discussed above are our reasons for preferring ASL2.0 for
-our own code. They aren't criticisms of LGPL or other licenses. We are
-passionate about this topic, even to the point where we've gone out of our
-way to make sure as much code as possible is ASL2.0 licensed. However, we love all free
-and open source licenses, and respect others' opinions and preferences. We've
-simply decided ASL2.0 is the right license for our goals.</p>
-
- </body>
-</html>
diff --git a/en/setup/requirements.html b/en/setup/requirements.html
deleted file mode 100644
index e95cbb20..00000000
--- a/en/setup/requirements.html
+++ /dev/null
@@ -1,180 +0,0 @@
-<html devsite>
- <head>
- <title>Requirements</title>
- <meta name="project_path" value="/_project.yaml" />
- <meta name="book_path" value="/_book.yaml" />
- </head>
- <body>
- <!--
- Copyright 2017 The Android Open Source Project
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- -->
-
-
-
-<p>Before you download and build the Android source, ensure your system meets
- the following requirements. Then see <a href="initializing.html">Establishing a
- Build Environment</a> for installation instructions by operating system.</p>
-
-<h2 id=hardware-requirements>Hardware requirements</h2>
-
-<p>Your development workstation should meet or exceed these hardware requirements:</p>
-
-<ul>
-
- <li>A 64-bit environment is required for Gingerbread (2.3.x) and newer
- versions, including the master
- branch. You can compile older versions on 32-bit systems.
- </li>
-
- <li>At least 100GB of free disk space to checkout the code and an extra 150GB
- to build it. If you conduct multiple builds or employ ccache, you will need
- even more space.</p>
- </li>
-
- <li>If you are running Linux in a virtual machine, you need at
- least 16GB of RAM/swap.
- </li>
-
-</ul>
-
-<h2 id=software-requirements>Software requirements</h2>
-
-<p>The <a
- href="https://android.googlesource.com/">Android Open Source Project
- (AOSP)</a> <code>master</code> branch is traditionally developed and tested
- on Ubuntu Long Term Support (LTS) releases, but other distributions may be
- used. See the list below for recommended versions.</p>
-
-<p>You workstation must have the software listed below. See <a
- href="initializing.html">Establishing a Build Environment</a> for
- additional required packages and the commands to install them.</p>
-
-<h3 id=latest-version>OS and JDK</h3>
-
-<p>If you are developing against the AOSP <code>master</code> branch, use one
-of these operating systems: Ubuntu 14.04 (Trusty) or Mac OS v10.10 (Yosemite)
-or later with Xcode 4.5.2 and Command Line Tools.</p>
-
-<p>For the Java Development Kit (JDK), note the <code>master</code> branch of
-Android in AOSP comes with a prebuilt version of OpenJDK; so no additional
-installation is required. Older versions require a separate install.</p>
-
-<p>See <a href="#older-versions">Packages for older versions</a>.
-
-<h3 id=packages>Key packages</h3>
- <ul>
- <li>Python 2.6 -- 2.7 from <a href="http://www.python.org/download/">python.org</a></li>
- <li>GNU Make 3.81 -- 3.82 from <a href="http://ftp.gnu.org/gnu/make/">gnu.org</a>
- <li>Git 1.7 or newer from <a href="http://git-scm.com/download">git-scm.com</a></li>
- </ul>
-
-<h3 id=binaries>Device binaries</h3>
-<p>Download previews, factory images, drivers, over-the-air (OTA) updates, and
-other blobs below. See <a
- href="/setup/building.html#obtaining-proprietary-binaries">Obtaining
- proprietary binaries</a> for additional details.</p>
- <ul>
- <li><a href="https://developers.google.com/android/blobs-preview">Preview
- binaries (blobs)</a> - for AOSP <code>master</code> branch
- development</li>
- <li><a href="https://developers.google.com/android/images">Factory
- images</a> - for the supported devices running tagged AOSP release
- branches</li>
- <li><a href="https://developers.google.com/android/drivers">Binary
- hardware support files</a> - for devices running tagged AOSP release
- branches</li>
- </ul>
-
- <h3 id=toolchain>Build toolchain</h3>
-
- <p>Android 8.0 and later support only <a
-href="https://developer.android.com/ndk/guides/standalone_toolchain.html#working_with_clang">Clang/LLVM</a>
- for building the Android platform. Join the <a
-href="https://groups.google.com/forum/#!forum/android-llvm">android-llvm</a>
- group to pose questions and get help. Report NDK/compiler issues at the <a
-href="https://github.com/android-ndk/ndk">NDK GitHub</a>.</p>
-
-<p>For the
-<a href="https://developer.android.com/ndk/guides/index.html">Native
-Development Kit (NDK)</a> and legacy kernels, GCC 4.9 included
-in the AOSP master branch (under <code>prebuilts/</code>) may also be used.</p>
-
-<h3 id=older-versions>Packages for older versions</h3>
-
-<p>The sections below provide relevant operating systems and JDK packages for
-older versions of Android.</p>
-
-<h4 id=operating-system>Operating system</h4>
-
-<p>Android is typically built with a GNU/Linux or Mac OS operating system. It is
- also possible to build Android in a virtual machine on unsupported systems such
- as Windows.</br>
-
- <h5 id=linux>GNU/Linux</h5>
-
- <ul>
- <li>Android 6.0 (Marshmallow) - AOSP master: Ubuntu 14.04 (Trusty)</li>
- <li>Android 2.3.x (Gingerbread) - Android 5.x (Lollipop): Ubuntu 12.04 (Precise)</li>
- <li>Android 1.5 (Cupcake) - Android 2.2.x (Froyo): Ubuntu 10.04 (Lucid)</li>
- </ul>
-
-<h5 id=mac>Mac OS (Intel/x86)</h5>
-
- <ul>
- <li>Android 6.0 (Marshmallow) - AOSP master: Mac OS v10.10 (Yosemite) or
- later with Xcode 4.5.2 and Command Line Tools</li>
- <li>Android 5.x (Lollipop): Mac OS v10.8 (Mountain Lion) with Xcode 4.5.2
- and Command Line Tools</li>
- <li>Android 4.1.x-4.3.x (Jelly Bean) - Android 4.4.x (KitKat): Mac OS v10.6
- (Snow Leopard) or Mac OS X v10.7 (Lion) and Xcode 4.2 (Apple's Developer
- Tools)</li>
- <li>Android 1.5 (Cupcake) - Android 4.0.x (Ice Cream Sandwich): Mac OS
- v10.5 (Leopard) or Mac OS X v10.6 (Snow Leopard) and the Mac OS X v10.5
- SDK</li>
- </ul>
-
- <p><b>Note</b>: consider building on GNU/Linux, not another
- operating system. The Android build system normally uses ART,
- running on the build machine, to pre-compile system dex files. Since
- ART is able to run only on Linux, the build system skips this
- pre-compilation step on non-Linux operating systems, resulting in an
- Android build with reduced performance.</p>
-
-<h4 id=jdk>JDK</h4>
-
-<p>See <a href="initializing.html#installing-the-jdk">Installing the JDK</a>
-for the prebuilt path and installation instructions for older versions.</p>
- <ul>
- <li>Android 7.0 (Nougat) - Android 8.0 (O release): Ubuntu - <a
- href="http://openjdk.java.net/install/">OpenJDK 8</a>, Mac OS - <a
- href="http://www.oracle.com/technetwork/java/javase/downloads/java-archive-javase8-2177648.html#jdk-8u45-oth-JPR">jdk
- 8u45 or newer</a></li>
- <li>Android 5.x (Lollipop) - Android 6.0 (Marshmallow): Ubuntu - <a
- href="http://openjdk.java.net/install/">OpenJDK 7</a>, Mac OS - <a
- href="https://www.oracle.com/technetwork/java/javase/downloads/java-archive-downloads-javase7-521261.html#jdk-7u71-oth-JPR">jdk-7u71-macosx-x64.dmg</a></li>
- <li>Android 2.3.x (Gingerbread) - Android 4.4.x (KitKat): Ubuntu - <a
- href="http://www.oracle.com/technetwork/java/javase/archive-139210.html">Java JDK 6</a>, Mac OS - <a
- href="http://support.apple.com/kb/dl1572">Java JDK 6</a></li>
- <li>Android 1.5 (Cupcake) - Android 2.2.x (Froyo): Ubuntu - <a
- href="http://www.oracle.com/technetwork/java/javase/archive-139210.html">Java JDK 5</a></li>
- </ul>
-
- <h4 id=make>Make</h4>
- <p> Android 4.0.x (Ice Cream Sandwich) and earlier will need to <a
- href="initializing.html#reverting-from-make-382">revert from make 3.82</a>
- to avoid build errors.</p>
-
- </body>
-</html>
diff --git a/en/setup/roles.html b/en/setup/roles.html
deleted file mode 100644
index 03e2b826..00000000
--- a/en/setup/roles.html
+++ /dev/null
@@ -1,102 +0,0 @@
-<html devsite>
- <head>
- <title>Project Roles</title>
- <meta name="project_path" value="/_project.yaml" />
- <meta name="book_path" value="/_book.yaml" />
- </head>
- <body>
- <!--
- Copyright 2017 The Android Open Source Project
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- -->
-
-
-<p>The Android Open Source Project (AOSP) includes individuals working in a variety
-of roles. Google is responsible for Android product management
-and the engineering process for the core framework and platform; however,
-the project considers contributions from any source, not just Google. This
-page describes the kinds of roles that interested parties can take on.</p>
-<p>Anyone who is interested in exploring and contributing to Android can use the
-Android Open Source Project resources. Anyone can join the mailing lists, ask
-questions, contribute patches, report bugs, look at submitted patches, and use
-the tools. To get started with the Android code, see <a href="/setup/contributing.html">Contributing</a>.</p>
-<h2 id="contributor">Contributor</h2>
-<p>"Contributors" are those making contributions to the AOSP source code,
-including both employees of Google or other companies, as well as individual
-developers who are contributing to Android on their own behalf. There is no
-distinction between contributors who are employed by Google and those who are
-not; all engineers use the same tools (git, repo, and gerrit),
-follow the same code review process, and are subject
-to the same requirements on code style and so on.</p>
-<h2 id="developer">Developer</h2>
-<p>"Developers" are engineers writing applications that run on Android
-devices. There is often little difference in skillset between a developer
-and a contributor. But AOSP uses "developer" to distinguish between
-engineers using the platform and those contributing to it. Developers
-(along with users) are the "customers" of the platform the contributors
-create. As such, we talk about developers a lot, though this isn't technically
-a separate role in the AOSP per se.</p>
-<h2 id="verifier">Verifier</h2>
-<p>"Verifiers" are responsible for testing change requests. After individuals
-have submitted a significant amount of high-quality code to the project, the
-project leads might invite them to become verifiers.</p>
-<p class="note"><strong>Note:</strong> At this time, verifiers act similarly to approvers.</p>
-<h2 id="approver">Approver</h2>
-<p>"Approvers" are experienced members of the project who have demonstrated their
-design skills and have made significant technical contributions to the
-project. In the code-review process, an approver decides whether to include or
-exclude a change. Project leads (who are typically employed by Google) choose
-the approvers, sometimes promoting to this position verifiers who have
-demonstrated their expertise within a specific project.</p>
-<h2 id="project-leads">Project Lead</h2>
-<p>Android consists of a number of sub-projects; you can see these in the git
-repository as individual .git files. "Project leads" are senior contributors who
-oversee the engineering for individual Android projects. Typically these project
-leads are Google employees. A project lead for an individual project is
-responsible for the following:</p>
-<ul>
-<li>
-<p>Lead all technical aspects of the project, including the project roadmap,
- development, release cycles, versioning, and quality assurance (QA).</p>
-</li>
-<li>
-<p>Ensure the project is tested by QA in time for scheduled Android platform
- releases.</p>
-</li>
-<li>
-<p>Designate Verifiers and Approvers for submitted patches.</p>
-</li>
-<li>
-<p>Be fair and unbiased while reviewing changes. Accept or reject patches
- based on technical merit and alignment with the Android strategy.</p>
-</li>
-<li>
-<p>Review changes in a timely manner and make best efforts to communicate
- when changes are not accepted.</p>
-</li>
-<li>
-<p>Optionally maintain a web site for the project for information and
- documents specific to the project.</p>
-</li>
-<li>
-<p>Act as a facilitator in resolving technical conflicts.</p>
-</li>
-<li>
-<p>Be a public face for the project and the go-to person for questions
- related to the project.</p>
-</li>
-</ul>
-
- </body>
-</html>
diff --git a/en/setup/site-updates.html b/en/setup/site-updates.html
deleted file mode 100644
index a77ebbda..00000000
--- a/en/setup/site-updates.html
+++ /dev/null
@@ -1,777 +0,0 @@
-<html devsite>
- <head>
- <title>Site Updates</title>
- <meta name="project_path" value="/_project.yaml" />
- <meta name="book_path" value="/_book.yaml" />
- </head>
- <body>
- <!--
- Copyright 2017 The Android Open Source Project
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- -->
-
-
-<p>This page describes significant revisions to source.android.com. Please see
-the <a
-href="https://android.googlesource.com/platform/docs/source.android.com/+log/master?pretty=full&no-merges">Android
-Open Source Project (AOSP) docs/source.android.com log</a> for the complete
-list of changes to this site.
-
-<h2 id="Dec-2017">December 2017</h2>
-
-<p>Android 8.1 has been released! See the entries below for the major platform
-features introduced in this release.</p>
-
-<h3 id="aaudio">AAudio and MMAP</h3>
-
-<p>AAudio is an audio API that has enhancements to reduce latency when used in
-conjunction with a HAL and driver that support MMAP. See <a
-href="/devices/audio/aaudio">AAudio and MMAP</a> for documentation
-describing the hardware abstraction layer (HAL) and driver changes needed to
-support AAudio's MMAP feature in Android.</p>
-
-<h3 id="art-config">ART configuration changes</h3>
-
-<p>The <code>WITH_DEXPREOPT_BOOT_IMG_ONLY</code> makefile option was removed
-from the Android runtime (ART) in Android 8.1 and replaced with the
-<code>WITH_DEXPREOPT_BOOT_IMG_AND_SYSTEM_SERVER_ONLY</code> option that
-pre-optimizes the system server jars, as well as the boot classpath. See <a
-href="/devices/tech/dalvik/configure#build_options">Configuring ART</a> for the
-deprecation notice.</p>
-
-<h3 id="biometric-unlock">Biometric unlock security measurements</h3>
-
-<p>Android 8.1 introduces two new metrics associated with biometric unlocks
-that are intended to help device manufacturers evaluate their security more
-accurately: Imposter Accept Rate (IAR) and Spoof Accept Rate (SAR). See <a
-href="/security/biometric/">Measuring Biometric Unlock Security</a> for
-example attacks and test methodology.</p>
-
-<h3 id="boot-times">Boot time optimizations</h3>
-
-<p>Starting in Android 8.1, power saving setting for components like UFS and
-CPU governor can be disabled to improve device boot times. See <a
-href="/devices/tech/perf/boot-times#disable-power-saving">Optimizing Boot
-Times</a> for the new <code>init.*.rc</code> settings.</p>
-
-<h3 id=“color-mgmt”>Color management</h3>
-
-<p>Android 8.1 adds support for color management that can be used to provide a
-consistent experience across display technologies. Applications running on
-Android 8.1 can access the full capabilities of a wide gamut display to get the
-most out of a display device. See <a
-href="/devices/tech/display/color-mgmt">Color Management</a> for
-instructions on implementing, customizing, and testing this feature.</p>
-
-<h3 id="opengl-config">OpenGLRenderer configuration simplification</h3>
-
-<p>In Android 8.1 and later, only the <code>ro.zygote.disable_gl_preload
-property</code> still applies to OpenGLRenderer configuration. All other
-properties have been removed. See <a
-href="/devices/graphics/renderer">OpenGLRenderer Configuration</a> for the
-notice and previously supported properties.</p>
-
-<h3 id="retail-mode">Retail demo mode made easy</h3>
-
-<p>Through Device Policy Manager, Android 8.1 supports demonstrating device
-functionality in retail stores via a demo-type user role. See <a
-href="/devices/tech/display/retail-mode.html">Retail Demo Mode</a> for
-implementation instructions.</p>
-
-<h3 id="textclassifier">TEXTCLASSIFIER</h3>
-
-<p>Android 8.1 introduces the TextClassfier API that uses machine learning
-techniques to help developers classify text.
-See <a href="/devices/tech/display/textclassifier.html">TEXTCLASSIFIER</a> for
-implementation instructions.</p>
-
-<h3 id="timezone-rules">Time zone rules</h3>
-
-<p>Android 8.1 provides a new mechanism for device manufacturers (OEMs) to push
-updated time zone rules data to devices without requiring a system update. This
-mechanism enables users to receive timely updates and OEMs to test time zone
-updates independently of system image updates. See <a
-href="/devices/tech/config/timezone-rules">Time Zone Rules</a> for
-instructions on applying these updates.</p>
-
-<h3 id="wifi-aware">Wi-Fi Aware</h3>
-
-<p>The Wi-Fi Aware feature in Android 8.1 enables supporting devices to connect
-to one another directly over Wi-Fi without internet or cellular network access.
-This feature allows easy sharing of high-throughput data among trusted devices
-and apps that are otherwise off network. See <a
-href="/devices/tech/connect/wifi-aware">Wi-Fi Aware</a> for examples, source
-files, and links to additional documentation.</p>
-
-<h2 id="Nov-2017">November 2017</h2>
-
-<p>The <em>Source</em> section has been renamed to
- <a href="/setup"><em>Setup</em></a>. Redirects are in place to ensure the old
- URLs still work.</p>
-
-<h2 id="Sept-2017">September 2017</h2>
-
-<p>This site has been released in China at <a
- href="https://source.android.google.cn"
- class="external-link">source.android.google.cn</a>. All
- non-reference materials have also been translated into Simplified Chinese for
- ease of use.</p>
-
-<h2 id="August-2017">August 2017</h2>
-
-<p>Android 8.0 has been released! This section describes the major new features
-in the Android 8.0 platform.</p>
-
-<h3 id="architecture">Architecture</h3>
-
-<h4>Treble</h4>
-<p>
-Android 8.0 includes support for Treble, a major re-architect of the
-Android OS framework designed to make it easier, faster, and less costly
-for manufacturers to update devices to a new version of Android. Documentation
-includes details on the <a href="/devices/architecture/hidl/index.html">HAL interface definition
-language (HIDL)</a>, a new <a href="/devices/architecture/configstore/index.html">ConfigStore HAL</a>,
-<a href="/devices/architecture/dto/index.html">Device Tree Overlays</a>,
-the <a href="/devices/architecture/vndk/index.html">Vendor Native Development
-Kit (VNDK)</a>, <a href="/devices/architecture/vintf/index.html">Vendor
- Interface Objects (VINTF)</a>, <a href="/devices/architecture/kernel/modular-kernels.html">
-Modular Kernel requirements</a>, and the <a href="/devices/tech/vts/index.html">
-Vendor Test Suite (VTS) and Infrastructure</a>.
-</p>
-
-<h4>FunctionFS support</h4>
-<p>
-<a class="external-link"
- href="https://www.kernel.org/doc/Documentation/usb/functionfs.txt">FunctionFS</a>
-(FFS) is a USB gadget function that is designed and controlled through user space.
-Its support allows all of the function- and protocol-specific code to live in
-user space, while all of the USB transport code lives in the kernel. Using
- FFS moves Media Transfer Protocol (MTP) implementation into user space.
-</p>
-
-<p>
-On the frameworks side, most of the major changes exist in MtpServer. The
-USB driver interface has been refactored into two different classes, one that
-uses the old kernel driver and one that uses FFS. MtpServer is then able
-to use that driver interface without needing to know the details of
-implementation. The FFS driver writes the USB descriptors to a file when
-the server starts up; it then writes data to endpoint files similar to the
-kernel driver use.
-</p>
-
-<h4>Kernel enhancements to LLDB/C++ debugging</h4>
-<p>
-The Android 8.0 release includes kernel enhancements that help developers create
-better applications by improving their debugging experience. For more
-information, see <a
-href="/devices/architecture/kernel/lldb-debug.html">Implementing
-kernel enhancements to LLDB/C++ debugging</a>.
-</p>
-
-<h4>Kernel Hardening</h4>
-<p>
-Upstreamed kernel hardening features and tools to find bugs in kernel drivers.
-For more information, see <a
-href="/devices/architecture/kernel/hardening.html">Kernel Hardening</a>.
-</p>
-
-<h4>Optimizing SquashFS at the Kernel Level</h4>
-<p>
-SquashFS is a compressed read-only filesystem for Linux, suitable for use on the
-system partition. The optimizations in this document help improve the
-performance of SquashFS. For more information, see <a
-href="/devices/architecture/kernel/squashfs.html">Optimizing
-SquashFS at the Kernel Level</a>.
-</p>
-
-<h3 id="art-dalvik">ART and Dalvik</h3>
-<h4>Fuzz Testing</h4>
-<p>
-The Android Open Source Project (AOSP) offers a new fuzzing testing suite for
-testing the <a href="/devices/tech/dalvik/">Android
-runtime (ART)</a> infrastructure. The new toolset, JFuzz and an improved
-DexFuzz, are directly available in AOSP now with accompanying documentation.
-See:
-<a
-href="https://android.googlesource.com/platform/art/+/master/tools/jfuzz/README.md">https://android.googlesource.com/platform/art/+/master/tools/jfuzz/README.md</a>
-<a
-href="https://android.googlesource.com/platform/art/+/master/tools/dexfuzz/README">https://android.googlesource.com/platform/art/+/master/tools/dexfuzz/README</a>
-</p>
-<p>
-Nothing is required to implement or use the new tools. You may make changes
-to the tools if required, just like you can make changes to the
-runtime/compiler already.
-</p>
-
-<h4>VDEX files: Improve System Update Performance</h4>
-<p>
-VDEX files improve the performance and user experience of software updates. VDEX
-files store pre-validated DEX files with verifier dependencies so that during
-system updates ART does not need to extract and verify the DEX files again. No
-action is needed to implement this feature. It is enabled by default. To
-disable the feature, set the <code>ART_ENABLE_VDEX</code> environment variable
-to <code>false</code>.
-</p>
-
-<h4>ART performance improvements</h4>
-<p>
-The Android runtime (ART) has been improved significantly in the Android 8.0
-release. This document summarizes enhancements device manufacturers can expect
-in ART. For more information, see <a
-href="/devices/tech/dalvik/improvements.html">Improving
-ART Performance in Android 8.0</a>.
-</p>
-
-<h4>Android A/B OTA Updates</h4>
-<p>
-This update answers common questions device manufacturers have regarding Android
-A/B (seamless) system updates. For more information, see <a
-href="/devices/tech/ota/ab_updates#frequently-asked-questions.html">A/B
-(Seamless) System Updates Frequently asked questions</a>.
-</p>
-
-<h3 id="automotive">Automotive</h3>
-
-<h4>Bluetooth connection management</h4>
-<p>
-Android 8.0 provides Bluetooth connection management in in-vehicle infotainment
-systems for a more seamless Bluetooth user experience. For more information, see
-<a href="/devices/automotive/ivi_connectivity.html#bluetooth-connection-management">
-Bluetooth connection management</a>.
-</p>
-
-<h4>Bluetooth multi-device HFP</h4>
-<p>
-Bluetooth multi-device connectivity lets users connect multiple devices to telephony profiles in
-an Android Automotive IVI Bluetooth. For more information, see
-<a href="/devices/automotive/ivi_connectivity.html#bluetooth-multi-device-connectivity">
-IVI Connectivity</a>.
-</p>
-
-<h4>Vehicle Camera HAL</h4>
-<p>
-Describes the design of an exterior view system (EVS) stack and provides the HAL
-specification for supporting the acquisition and presentation of vehicle camera
-data. For more information, see <a
-href="/devices/automotive/camera-hal.html">Exterior
-View System (EVS) Vehicle Camera HAL.</a>
-</p>
-
-<h3 id="bluetooth">Bluetooth</h3>
-<p>
-See the updated <a
-href="/devices/bluetooth/index.html">Bluetooth
-overview</a>.
-</p>
-
-<h4>Verifying and debugging Bluetooth</h4>
-<p>
-A new page about how to verify and debug the native Bluetooth stack. For more details, see
-<a href="/devices/bluetooth/verifying_debugging.html">Verifying and Debugging</a>.
-</p>
-
-<h4>Bluetooth services</h4>
-<p>
-Bluetooth provides a variety of features that enable core services between devices,
-such as audio streaming, phone calls, and messaging. For more information about the Android
-Bluetooth services, see <a href="/devices/bluetooth/services.html">
-Bluetooth Services</a>.
-</p>
-
-<h4>BLE advertising</h4>
-<p>
-Bluetooth 5 supports different modes of data advertisements for Bluetooth Low Energy,
-including higher bandwidth or increased range. For more information, see
-<a href="/devices/bluetooth/ble_advertising.html">
-Bluetooth Low Energy Advertising</a>.
-</p>
-
-
-<h4>Bluetooth support for audio codecs</h4>
-<p>
-The Android 8.0 release includes support for Bluetooth high-definition audio
-codecs. For more information, see <a
-href="/devices/bluetooth/services.html#advanced-audio-codecs">Advanced audio codecs</a>.
-</p>
-
-
-<h3 id="camera">Camera</h3>
-
-<h4>Critical camera features</h4>
-<p>
-The Android 8.0 release contains these key enhancements to the Camera service:
-shared surfaces, enable multiple surfaces sharing the same OutputConfiguration
-System API for custom camera modes, and onCaptureQueueEmpty. For more
-information, see <a
-href="/devices/camera/versioning.html">Camera Version
-Support</a>.
-</p>
-
-<h3 id="configuration">Configuration</h3>
-
-<h4>Ambient Capabilities</h4>
-<p>
-Capabilities allow Linux processes to drop most root-like privileges, while
-retaining the subset of privileges that they require to perform their function.
-Ambient capabilities allows system services to configure capabilities in their
-<code>.rc</code> files, bringing all their configuration into a single file. For
-more information, see <a
-href="/devices/tech/config/ambient.html">Implementing
-Ambient Capabilities</a>.
-</p>
-
-<h4>Privileged Permission Whitelist Requirement</h4>
-<p>
-Starting in Android 8.0, all privileged apps must be explicitly whitelisted in
-system configuration XML files in the <code>/etc/permissions</code> directory.
-If they are not, then the device will boot, but the device implementation will
-not pass CTS. For more information, see <a
-href="/devices/tech/config/perms-whitelist.html">Privileged
-Permission Whitelist Requirement</a>.
-</p>
-
-<h4>Implementing USB HAL</h4>
-<p>
-The Android 8.0 release moves handling of USB commands out of init scripts and
-into a native USB daemon for better configuration and code reliability. For more
-information, see <a
-href="/devices/tech/config/usb-hal.html">Implementing
-USB HAL</a>.
-</p>
-
-<h3 id="connectivity">Connectivity</h3>
-
-<h4>Customizing Device Behavior for Out-of-balance Users</h4>
-<p>
-Android devices with no data balance allow network traffic through, requiring
-carriers and telecoms to implement mitigation protocols. This feature implements
-a generic solution that allows carriers and telcos to indicate when a device has
-run out of balance. For more information, see <a
-href="/devices/tech/connect/oob-users.html">Customizing
-device behavior for out-of-balance users</a>.
-</p>
-
-<h3 id="debugging">Debugging</h3>
-
-<h4>Enabling sanitizers in the Android build system</h4>
-<p>
-Sanitizers are compiler-based instrumentation components to use during
-development and testing in order to identify bugs and make Android better.
-Android's current set of sanitizers can discover and diagnose memory misuse bugs
-and potentially dangerous undefined behavior. For more information, see <a
-href="/devices/tech/debug/sanitizers.html">Enabling
-Sanitizers in the Android Build System</a>.
-</p>
-
-<h4>Recover devices in reboot loops</h4>
-<p>
-Android 8.0 includes a feature that sends out a "rescue party" when it notices
-core system components stuck in crash loops. Rescue Party then escalates through
-a series of actions to recover the device. For more information, see <a
-href="/devices/tech/debug/rescue-party.html">Rescue
-Party</a>.
-</p>
-
-<h4>Storaged</h4>
-<p>
-Android 8.0 adds support for <code>storaged</code>, an Android native daemon that
-collects and publishes storage metrics on Android devices. For more information,
-see <a
-href="/devices/tech/debug/storaged.html">Implementing
-Storaged</a>.
-</p>
-
-<h3 id="display">Display</h3>
-
-<h4>Air Traffic Control for floating windows</h4>
-<p>
-Android 8.0 introduces Air Traffic Control for floating windows in order to
-simplify and unify how apps display on top of other apps. Everything necessary
-to use the feature is included in the Android Open Source Project (AOSP).
-</p>
-<p>
-Air Traffic Control allows developers to create a new (managed) floating
-layer/window type for apps to use to display windows on-top of other apps. The
-feature displays ongoing notifications for all apps using a floating layer that
-lets the user manage the alert window.
-</p>
-<p>
-The Android Compatibility Test Suite (CTS) confirms:
-</p> <ul>
- <li>The current alert window types are: <code>TYPE_PHONE</code>, <code>TYPE_PRIORITY_PHONE</code>,
-<code>TYPE_SYSTEM_ALERT</code>, <code>TYPE_SYSTEM_OVERLAY</code>, or <code>TYPE_SYSTEM_ERROR</code>
- <li>Apps targeting the O SDK won't be able to use the window types above to
-display windows above other apps. They will need to use a new window type
-TYPE_APPLICATION_OVERLAY.
- <li>Apps targeting older SDKs can still use the current window types; however,
-the windows will be z-ordered below the new TYPE_APPLICATION_OVERLAY windows.
- <li>The system can move or resize windows in the new layer to reduce clutter.
- <li>Device manufacturers must keep the notification that lets users control
-what is displayed over other apps.</li> </ul>
-
-<h4>Launching activities on secondary displays</h4>
-<p>
-Virtual displays are available to everyone, and they don't require any special
-hardware. Any application can create an instance of virtual display; and in the
-Android 8.0 release, activities can be launched on that virtual display if the
-associated feature is enabled.
-</p>
-<p>
-To support multi-display features, you should either use one of the
-existing supported ways of connecting secondary devices or build new hardware.
-The supported ways of connecting displays on Nexus and Pixel devices are Google
-Cast and <a
-href="https://developer.android.com/reference/android/hardware/display/VirtualDisplay.html">virtual
-displays inside apps</a>. Support of other ways depends on kernel driver support
-for each particular case (like MHL or DisplayPort over USB-C) and fully
-implementing interface definitions that are related to displays in
-HardwareComposer HAL (IComposerCallback.hal and IComposerClient.hal).
-</p>
-<p>
-Each of the ways may require SoC or OEM support. For example, to enable
-DisplayPort over USB-C, both hardware (SOC) and software (drivers) support is
-required. You might need to implement drivers for your hardware to support
-connecting external displays.
-</p>
-<p>
-The default implementation will allow launching fullscreen stacks of activities
-on secondary displays. You can customize the stacks and System UI and
-behavior on secondary displays.
-</p>
-
-<h4>Support for generic tooltip</h4>
-<p>
-Android 8.0 allows developers to provide descriptive action names and other
-helpful information on mouse hover over buttons and other icons. Device
-manufacturers may style the tooltip popup. Its layout is defined in
-<code>android/frameworks/base/core/res/res/layout/tooltip.xml</code>.
-</a>
-</p>
-<p>
-OEMs may replace the layout or change its dimensions and style parameters. Use
-only text and keep the size reasonably small. The feature is implemented
-entirely inside the View class, and there are quite exhaustive CTS tests that
-check many aspects of Tooltip behavior.
-</p>
-<p>
-
-<h4>Support for extended aspect ratio</h4>
-<p>
-Android 8.0 includes a new manifest attribute, <a
-href="https://developer.android.com/reference/android/R.attr.html#maxAspectRatio">maxAspectRatio</a>,
-which lets an activity or app specify the maximum aspect ratio it supports.
-maxAspectRatio replaces the previous meta-data tag with a first-class API and
-allows devices to support an aspect ratio greater than 16:9.
-</p><ul>
-<li>If an activity or app is <a
-href="https://developer.android.com/guide/topics/ui/multi-window.html#configuring">resizable</a>,
-allow the activity to fill the screen.
-<li>If an activity or app is non-resizeable or the platform is force resizing
-the activity, allow the app window to display up to the maximum aspect ratio,
-according to the <a
-href="https://developer.android.com/reference/android/R.attr.html#maxAspectRatio">maxAspectRatio</a>
-value. <ul>
- <li>For applications on devices running Android 8.0, the default value is the
-aspect ratio of the current device.
- <li>For applications on devices running earlier versions of Android, the
-default value is 16:9.</li> </ul>
-</li> </ul>
-
-<h4>Implementing Adaptive Icons</h4>
-<p>
-Adaptive Icons maintain a consistent shape intra-device but vary from device to
-device with only one icon asset provided by the developer. Additionally, icons
-support two layers (foreground and background) that can be used for motion to
-provide visual delight to users. For more information, see <a
-href="/devices/tech/display/adaptive-icons.html">Implementing
-Adaptive Icons</a>.
-</p>
-
-<h4>Night Light</h4>
-<p>
-Night Light, introduced in Android 7.0.1, allows users to reduce the amount of
-blue light that their screen emits. Android 8.0 gives users more control over the
-intensity of this effect. For more information, see <a
-href="/devices/tech/display/night-light.html">Implementing
-Night Light</a>.
-</p>
-
-<h4>Picture-in-picture</h4>
-<p>
-Android 8.0 includes support for picture-in-picture (PIP) on Android handheld
-devices. PIP allows users to resize an app with an ongoing activity, such as a
-video, into a small window. For more information, see <a
-href="/devices/tech/display/pip.html">Picture-in-Picture
-on Android handsets</a>.
-</p>
-
-<h4>Better Split-Screen Interactions</h4>
-<p>
-Multi-window lets multiple apps simultaneously display on users' device screens.
-Android 8.0 improves the default mode, split-screen, by compressing the top pane
-and resizing the launcher if a user taps Home after entering split-screen. For
-more information, see <a
-href="/devices/tech/display/split-screen.html">Better
-Split-Screen Interactions</a>.
-</p>
-
-<h4>Add Widgets/Shortcuts</h4>
-<p>
-A new API in Android 8.0 allows application developers to add shortcuts and
-widgets from inside the app instead of relying on the widget tray. The older
-method of adding shortcuts by sending a broadcast has been deprecated for
-security reasons. For more information, see <a
-href="/devices/tech/display/widgets-shortcuts.html">Implementing
-Add Widgets/Shortcuts</a>.
-</p>
-
-<h3 id="downloading-building">Downloading and Building</h3>
-
-<h4>Android LLVM Toolchain improvements</h4>
-<p>
-OEMs who wish to use our latest toolchain/tools will need to ensure that any of
-their private code compiles successfully with the updated toolchains. This may
-require them to fix existing issues in their code with undefined behavior. (Of
-course, they are free to use whatever tools they prefer to compile their own
-code too.)
-</p>
-<p>
-They must ensure their code is free of undefined behavior (by using tools like
-UBSan), so they are less susceptible to problems caused by newer toolchains. All
-of the toolchains are always updated directly in AOSP. Everything will be
-available well before OC even ships, so OEMs should be following along
-already.
-</p>
-<p>
-See the <a href="https://llvm.org/">public Clang/LLVM</a> documentation for
-general instructions and the <a
-href="https://android.googlesource.com/platform/external/clang/+/dev/ReadmeAndroid.md">Android
-Clang/LLVM</a> documentation set within AOSP for Android-specific guidance.
-Finally, join the <a
-href="https://groups.google.com/forum/#!forum/android-llvm">android-llvm</a>
-public group to get help and take part in development.
-</p>
-
-<h3 id="drm-kms">DRM / KMS</h3>
-
-<h4>DRM/KMS in Linux Kernel Version 4.9</h4>
-<p>
-The Direct Rendering Manager (DRM)/Kernel Mode Setting (KMS) framework used by
-Android is developed and maintained by Linux kernel developers in the Linux
-kernel. Android merges down from the Linux kernel. By merging down from our
-common kernel, device manufacturers gain the DRM/KMS framework automatically.
-</p>
-<p>
-DRM/KMS became viable in Linux kernel version 4.9, and Android <strong>strongly
-encourages</strong> OEM partners to use DRM/KMS starting with this kernel
-version. <a href="https://lwn.net/Articles/565422/">Atomic Display Framework
-(ADF)</a>, the display framework officially supported by Android today, will not
-be supported in 4.9 and higher versions of the common Android kernel; instead,
-Android will support DRM/KMS from this version. OEMs can continue to use ADF (or
-any other framework), but Android will not support them in the common Android
-kernel.
-</p>
-<p>
-To implement DRM/KMS, you will need to write your own drivers using
-DRM/KMS in addition to merging down the DRM/KMS framework from the android
-common kernel.
-</p>
-
-<h3 id="keystore">Keystore</h3>
-
-<h4>Keymaster 3</h4>
-<p>
-Android 8.0 updates Keymaster, the keystore HAL, by extending the capabilities of
-hardware-backed key storage on Android devices. This builds upon the Android 7.1.2
-updates to Keymaster 2. For more information, see <a
-href="/security/keystore/index.html">Keymaster 3 documentation</a>.
-</p>
-
-<h3 id="security-enhancements">Security Enhancements</h3>
-
-<h4>Insecure TLS Version Fallback removed from HttpsURLConnection</h4>
-<p>
-Insecure TLS/SSL protocol version fallback is a workaround for buggy
-implementations of TLS protocol downgrade negotiation in some servers. This is
-vulnerable to POODLE. When Chrome 45 dropped the insecure fallback in September
-2015, less than 0.01% of servers relied on it. To improve security, insecure TLS
-version fallback has been removed from <a
-href="https://developer.android.com/reference/javax/net/ssl/HttpsURLConnection.html">HttpsURLConnection</a>
-in Android 8.0. For more details, see <a
-href="https://android-developers.googleblog.com/2017/04/android-o-to-drop-insecure-tls-version.html
-">this blog post</a>.
-</p>
-<p>
-To test this feature on devices with Android 8.0, run this CTS test case:
-</p>
-
-<pre class="devsite-click-to-copy devsite-terminal" data-terminal-prefix="# ">
-cts-tradefed run cts -m CtsLibcoreOkHttpTestCases</pre>
-
-<h3 id="performance">Performance</h3>
-
-<h4>Flash Wear Management</h4>
-<p>
-Describes eMMC behavior and new features to help OEMs lower the risk of a
-failing eMMC in the automotive environment. For more information, see <a
-href="/devices/tech/perf/flash-wear.html">Flash Wear
-Management in Android Automotive</a>.
-</p>
-
-<h4>Optimizing Boot Times</h4>
-<p>
-Guidance for improving boot times for specific Android devices. For more
-information, see <a
-href="/devices/tech/perf/boot-times.html">Optimizing
-boot times</a>.
-</p>
-
-<h4>Task Snapshots</h4>
-<p>
-Task Snapshots is infrastructure introduced in Android 8.0 that combines
-screenshots for Recents Thumbnails as well as Saved Surfaces from Window Manager
-to save memory. For more information, see <a
-href="/devices/tech/perf/task-snapshots.html">Task
-Snapshots</a>.
-</p>
-
-<h3 id="peripherals">Peripherals</h3>
-
-<h4>Default Print Services</h4>
-<p>
-A <a
-href="https://developer.android.com/reference/android/printservice/PrintService.html">print
-service</a> is an app that discovers and presents printers to a device's print
-framework. In earlier Android versions, users had to search for and install
-third-party print services to be able to print.
-</p>
-<p>
-Android 8.0 includes a default print service in <code><a
-href="https://android.googlesource.com/platform/packages/services/BuiltInPrintService/">platform/packages/services/BuiltInPrintService/</a></code>
-that lets users print on modern printers without installing any additional apps.
-This implementation supports printers that use the Internet Printing Protocol
-(IPP) to communicate with the printer and use PCLm, PWG-Raster, or PDF to send
-printable content. For older printers, users should install the app recommended
-by the <a
-href="https://android.googlesource.com/platform/frameworks/base/+/android-7.0.0_r1/packages/PrintRecommendationService/">PrintRecommendationService</a>
-as seen in this <a href="https://youtu.be/M_JGeGLpOKs?t=16m20s">this I/O presentation</a>.
-
-<h3 id="reference">Reference Updates</h3>
-
-<p>
-The <a href="/reference/">Reference</a> section has been added to the top-level
-navigation. As part of the <a href="/devices/architecture/treble">Treble</a>
-release, a <a href="/reference/hidl/">HIDL reference</a> section was added.
-The <a href="/reference/tradefed/">Trade Federation</a> and the
-<a href="/reference/hal/">legacy HAL</a> reference documentation has been updated.
-</p>
-
-<h3 id="settings-menu">Settings menu</h3>
-
-<h4>Settings: Patterns and Components</h4>
-<p>
-In Android 8.0, the Settings menu gains several components and widgets that
-cover common uses. For more information, see <a
-href="/devices/tech/settings/patterns-components.html">Patterns
-and Components</a>.
-</p>
-
-<h4>Settings: Updated information architecture</h4>
-<p>
-Android 8.0 introduces a new information architecture for the Settings app. The
-goal of the new information architecture is to simplify the way settings are
-organized and make it easier for users to quickly find the settings needed to
-customize their Android devices. For more information, see Implementing <a
-href="/devices/tech/settings/info-architecture.html">Updated
-Information Architecture</a>.
-</p>
-
-<h4>Personalized Settings</h4>
-<p>
-The Android Settings app provides a list of suggestions to the users. This
-feature provides ranking for suggestions, based on any contextual signal or the
-user's past interactions with suggestions. For more information, see <a
-href="/devices/tech/settings/personalized.html">Personalized
-Settings</a>.
-</p>
-
-<h4>Implementing Settings: Universal Search</h4>
-<p>
-Android 8.0 adds expanded search capabilities for the Settings menu. This document
-describes how to add a setting and ensure it is properly indexed for Settings.
-For more information, see <a
-href="/devices/tech/settings/universal-search.html">Universal
-Search</a>.
-</p>
-
-<h3 id="storage">Storage</h3>
-
-<h4>Faster storage statistics</h4>
-<p>
-Android 8.0 leverages the ext4 filesystem's "quota" support to return disk usage
-statistics almost instantly. For more information, see <a
-href="/devices/storage/faster-stats.html">Implementing
-faster storage statistics</a>.
-</p>
-
-<h2 id="april-2017">April 2017</h2>
-<p>Welcome to a new source.android.com! The site has been overhauled to make it
-easier for you to navigate, search, and read its ever-growing set of information.
-Here is a summary of enhancements:</p>
-
-<h3 id="screen-estate">More screen real estate, larger type size</h3>
-<p>The entire site is wider, allowing you to view more content at once. Code
-samples and commands are more visible, and all text has been enlarged.</p>
-
-<h3 id="mobile-ready">Mobile-ready view</h3>
-<p>The new site renders more cleanly on handheld devices with a dedicated
-mobile view.</p>
-
-<div style="width:407px">
- <img src="images/mobile-view.png" alt="new mobile view" height="533px" />
- <p class="img-caption">
- <strong>Figure 1.</strong> Site's new mobile view
- </p>
-</div>
-
-<h3 id="top-tabs">New top-level tabs</h3>
-<p>The former <em>Devices</em> tab has been renamed <a
-href="/devices/">Porting</a>, while the old <em>Core Technologies</em>
-subtab has been renamed <a href="/devices/tech/">Tuning</a> and moved to the top
-of the site for better exposure.</p>
-
-<h3 id="security-forefront">Security at the forefront</h3>
-<p>With an ever-increasing focus on security in Android, the <a
-href="/security/">Security</a> tab has been moved forward (next to <a
-href="/setup/">Source</a>) to reflect its importance.</p>
-
-<h3 id="reference-materials">Better reference materials</h3>
-<p><a href="/reference/hal/">Hardware Abstraction Layer</a> and <a
-href="/reference/tradefed/packages">Trade Federation</a> reference
-materials are available directly from a top-level <a
-href="/reference/">Reference</a> tab.</p>
-
-<h3 id="code-links">Persistent code links</h3>
-<p>The <a href="https://android.googlesource.com/">AOSP code
-repository</a> is always just a click away with the <strong>Go to Code</strong>
-button at the top right of every page.</p>
-
-<h3 id="comprehensive-footers">Comprehensive footers</h3>
-<p>In addition to the existing <em>About</em>, <em>Community</em>, and
-<em>Legal</em> footers, you can now find a complete list of links at the bottom
-of every page for building Android, connecting with the ecosystem, and getting
-help with the operating system's use.</p>
-
- </body>
-</html>
diff --git a/en/setup/brands.html b/en/setup/start/brands.html
index ca08b8dd..c530e043 100644
--- a/en/setup/brands.html
+++ b/en/setup/start/brands.html
@@ -79,23 +79,23 @@ assets.</p>
</ul>
<h4>Acceptable examples</h4>
-<img src="images/JB-TM-example.png" alt="Jelly Bean trademark example" />
-<img src="images/8100-TM-example.png" alt="8100 series trademark example" />
+<img src="../images/JB-TM-example.png" alt="Jelly Bean trademark example" />
+<img src="../images/8100-TM-example.png" alt="8100 series trademark example" />
<h4>Unacceptable example</h4>
-<img src="images/XBrand-TM-example.jpg" alt="XBrand trademark example" />
+<img src="../images/XBrand-TM-example.jpg" alt="XBrand trademark example" />
<h3 id="logo-android">Android logo</h3>
<p>Unless expressly authorized by Google through written agreement, the Android
logo and custom typeface may not be used (with or without the Android robot).</p>
-<img alt="No Logo" src="images/android_logo_new_crossed_out.png">
+<img alt="No Logo" src="../images/android_logo_new_crossed_out.png">
<img alt="No Logo" src="https://developer.android.com/images/brand/android_logo_no.png">
<h3 id="robot-android">Android robot</h3>
<div class="wrap">
<div class="col-4">
- <img alt="android-robot" style="float:left;margin-right:10px" src="/setup/images/Android_Robot_100.png">
+ <img alt="android-robot" style="float:left;margin-right:10px" src="../images/Android_Robot_100.png">
<p style="padding-top:20px">
<a href="https://developer.android.com/images/brand/Android_Robot_100.png">100x118</a><br>
<a href="https://developer.android.com/images/brand/Android_Robot_200.png">200x237</a><br>
@@ -115,7 +115,7 @@ license</a>.</p>
<div class="wrap" style="padding-top:20px">
<div class="col-4" style="align:center">
-<img alt="no-peace-robot" style="width:30%;height:30%" src="images/No_PeaceBot_200.jpg">
+<img alt="no-peace-robot" style="width:30%;height:30%" src="../images/No_PeaceBot_200.jpg">
</div>
<div class="col-8">
<p style="padding-top:20px">The Android Peace Robot or any variation of the
@@ -130,7 +130,7 @@ used in partner marketing.</p>
<p>Use of the “Google Play” name and the Google Play Store icon on the
packaging of the hardware, marketing materials of the hardware, or the hardware
itself is allowed only on devices
-<a href="/setup/faqs.html#if-my-device-is-compatible-does-it-automatically-have-access-to-google-play-and-branding">licensed
+<a href="/setup/start/faqs.html#if-my-device-is-compatible-does-it-automatically-have-access-to-google-play-and-branding">licensed
to access Google Play</a>. For a list of devices licensed to use Google Play,
refer to
<a href="https://support.google.com/googleplay/answer/1727131">Supported
diff --git a/en/setup/build-numbers.html b/en/setup/start/build-numbers.html
index dcfc5c0d..21519cb9 100644
--- a/en/setup/build-numbers.html
+++ b/en/setup/start/build-numbers.html
@@ -23,11 +23,11 @@
-<p>At a high level, Android development happens around families of
-releases, which use code names ordered alphabetically after tasty
-treats.</p>
+<p>Android development happens around families of releases that use code names
+ordered alphabetically after tasty treats.</p>
-<h2 id="platform-code-names-versions-api-levels-and-ndk-releases">Platform Codenames, Versions, API Levels, and NDK Releases</h2>
+<h2 id="platform-code-names-versions-api-levels-and-ndk-releases">Platform
+Codenames, Versions, API Levels, and NDK Releases</h2>
<p>The code names match the following version numbers, along with
API levels and NDK releases provided for convenience:</p>
<table>
@@ -171,38 +171,58 @@ API levels and NDK releases provided for convenience:</p>
</tr>
</tbody>
</table>
-<p>Starting with Oreo, individual builds are identified with a new build ID format, in the form of PVBB.YYMMDD.bbb[.Cn].</p>
-<p>The P part represents the first letter of the code name of the platform release, e.g. O is Oreo.</p>
-<p>The V part represents a supported vertical. By convention, 'P' represents the primary platform branch.</p>
-<p>The BB part represents a alpha numeric code which allows Google to identify the exact code branch that the build was made from.</p>
-<p>The YYMMDD part identifies the date when the release is branched from or synced with the development branch. It is not guaranteed to be the exact date at which a build was made, and it is common that minor variations added to an existing build re-use the same date code as that existing build.</p>
-<p>The bbb part identifies individual versions related to the same date code, sequentially starting with 001.</p>
-<p>An optional, alphanumeric Cn part identifies a hotfix on top of an existing PVBB.YYMMDD.bbb build, starting from A1.</p>
-<p>Older Android releases from Cupcake to Nougat uses a different build ID scheme. These Android builds are identified with a short build code, e.g. FRF85B.
-</p>
-<p>The first letter is the code name of the release family, e.g. F is
-Froyo.</p>
-<p>The second letter is a branch code that allows Google to identify
-the exact code branch that the build was made from, and R is by
-convention the primary release branch.</p>
-<p>The next letter and two digits are a date code. The letter counts
-quarters, with A being Q1 2009. Therefore, F is Q2 2010. The two
-digits count days within the quarter, so F85 is June 24 2010.</p>
-<p>Finally, the last letter identifies individual versions related to
-the same date code, sequentially starting with A; A is actually
-implicit and usually omitted for brevity.</p>
-<p>The date code is not guaranteed to be the exact date at which a build
-was made, and it is common that minor variations added to an existing
-build re-use the same date code as that existing build.</p>
+
+<p>In Android 8.0 (Oreo) and higher, individual builds are identified with the
+ build ID format <strong>PVBB.YYMMDD.bbb[.Cn]</strong>, where:</p>
+<ul>
+ <li>P represents the first letter of the code name of the platform release,
+ e.g. O is Oreo.</li>
+ <li>V represents a supported vertical. By convention, P represents the primary
+ platform branch.</li>
+ <li>BB represents an alphanumeric code that allows Google to identify the
+ exact code branch the build was made from.</li>
+ <li>YYMMDD identifies the date when the release is branched from or synced
+ with the development branch. It is not guaranteed to be the exact date at
+ which a build was made as it is common for minor variations added to an
+ existing build to re-use the same date code as the existing build.</li>
+ <li>bbb identifies individual versions related to the same date code,
+ sequentially starting with 001.</li>
+ <li>Cn is an optional, alphanumeric that identifies a hotfix on top of an
+ existing PVBB.YYMMDD.bbb build, starting from A1.</li>
+</ul>
+
+<p>Older Android releases use a different, shorter build ID code (e.g.
+ <strong>FRF85B</strong>) where:</p>
+
+<ul>
+ <li>The first letter is the code name of the release family, e.g. F is Froyo.
+ </li>
+ <li>The second letter is a branch code that allows Google to identify the
+ exact code branch the build was made from. By convention, R is the primary
+ release branch.</li>
+ <li>The third letter and following two digits are a date code. The letter
+ counts quarters (A = Q1 2009, F = Q2 2010, etc.). The two digits count days
+ within the quarter (F85 is June 24 2010). The date code is not guaranteed to
+ be the exact date at which a build was made as it is common for minor
+ variations added to an existing build to re-use the same date code as the
+ existing build.</li>
+ <li>The last letter identifies individual versions related to the same date
+ code, sequentially starting with A (which is implicit and usually omitted for
+ brevity.</li>
<h2 id="source-code-tags-and-builds">Source Code Tags and Builds</h2>
<p>Starting with Donut, the exact list of tags and builds is in the
-following table. Factory images, binaries, and full OTA images for
-Nexus and Pixel devices can be downloaded from the Android Developer
-site:</p>
-<p><a href="https://developers.google.com/android/images">Images</a></p>
-<p><a href="https://developers.google.com/android/drivers">Drivers</a></p>
-<p><a href="https://developers.google.com/android/ota">OTA</a></p>
+following table.
+
+<aside class="note"><strong>Note:</strong> To download
+ <a href="https://developers.google.com/android/images">factory images</a>,
+ <a href="https://developers.google.com/android/drivers">drivers</a>, and full
+ <a href="https://developers.google.com/android/ota">OTA</a> images for Nexus
+ and Pixel devices, refer to the
+ <a href="https://developers.google.com/android/">Android Developer site</a>.
+</aside>
+
+
<table>
<thead>
<tr>
@@ -214,6 +234,36 @@ site:</p>
</thead>
<tbody>
<tr>
+ <td>OPM4.171019.015.A1</td>
+ <td>android-8.1.0_r23</td>
+ <td>Oreo</td>
+ <td>Pixel 2 XL, Pixel 2</td>
+ </tr>
+ <tr>
+ <td>OPM5.171019.019</td>
+ <td>android-8.1.0_r22</td>
+ <td>Oreo</td>
+ <td>Nexus 6P</td>
+ </tr>
+ <tr>
+ <td>OPM3.171019.019</td>
+ <td>android-8.1.0_r21</td>
+ <td>Oreo</td>
+ <td>Nexus 6P</td>
+ </tr>
+ <tr>
+ <td>OPM2.171019.029</td>
+ <td>android-8.1.0_r20</td>
+ <td>Oreo</td>
+ <td>Pixel 2 XL, Pixel 2, Pixel XL, Pixel, Nexus 5X</td>
+ </tr>
+ <tr>
+ <td>OPM1.171019.026</td>
+ <td>android-8.1.0_r19</td>
+ <td>Oreo</td>
+ <td>Pixel C</td>
+ </tr>
+ <tr>
<td>OPM5.171019.017</td>
<td>android-8.1.0_r18</td>
<td>Oreo</td>
@@ -2304,32 +2354,38 @@ site:</p>
</tr>
</tbody>
</table>
-<p>The branches froyo, gingerbread, ics-mr0, ics-mr1, jb-dev,
-jb-mr1-dev, jb-mr1.1-dev, jb-mr2-dev, kitkat-dev
-represent development
-branches that do not exactly match configurations that were tested
-by Google. They might contain a variety of changes in addition to
-the official tagged releases, and those haven't been as thoroughly
-tested.</p>
-<p>To differentiate between releases, you may obtain a list of changes
+<p>The branches froyo, gingerbread, ics-mr0, ics-mr1, jb-dev, jb-mr1-dev,
+ jb-mr1.1-dev, jb-mr2-dev, kitkat-dev represent development branches that do
+ not exactly match configurations tested by Google. As such, these branches
+ might contain a variety of changes in addition to the official tagged releases
+ and might not be as thoroughly tested.</p>
+
+<p>To differentiate between releases, you can obtain a list of changes
associated with each project by issuing the following command and passing it
the two branch tags:</p>
-<pre class="devsite-terminal devsite-click-to-copy">repo forall -pc 'git log --no-merges --oneline branch-1..branch-2'</pre>
+<pre class="devsite-terminal devsite-click-to-copy">
+repo forall -pc 'git log --no-merges --oneline branch-1..branch-2'
+</pre>
<p>For example:</p>
-<pre class="devsite-terminal devsite-click-to-copy">repo forall -pc 'git log --no-merges --oneline android-4.4.2_r2..android-4.4.2_r1'</pre>
+<pre class="devsite-terminal devsite-click-to-copy">
+repo forall -pc 'git log --no-merges --oneline android-4.4.2_r2..android-4.4.2_r1'
+</pre>
-<p>And to output to a text file:</p>
+<p>To send the output to a text file:</p>
-<pre class="devsite-terminal devsite-click-to-copy">repo forall -pc 'git log --no-merges --oneline android-4.4.2_r2..android-4.4.2_r1' > /tmp/android-4.4.2_r2-android-4.4.2_r1-diff.txt</pre>
+<pre class="devsite-terminal devsite-click-to-copy">
+ repo forall -pc 'git log --no-merges --oneline android-4.4.2_r2..android-4.4.2_r1' > /tmp/android-4.4.2_r2-android-4.4.2_r1-diff.txt
+</pre>
<h2 id="honeycomb-gpl-modules">Honeycomb GPL Modules</h2>
-<p>For Honeycomb, the entire platform source code isn't available.
-However, the parts of Honeycomb licensed under the GPL and LGPL
-are available under the following tags:</p>
+
+<p>For Honeycomb, the entire platform source code isn't available. However, the
+parts of Honeycomb licensed under the GPL and LGPL are available under the
+following tags:</p>
<table>
<thead>
@@ -2402,18 +2458,20 @@ are available under the following tags:</p>
</tr>
</tbody>
</table>
-<p>There is no manifest that contains exactly those. However, there
-are manifests that allow building those components. The following
-commands work for 3.0_r1.1, and using other versions can be done by
-switching the git checkout paramater, and if necessary the -m parameter in
-repo init. The git checkout command outputs an error for the non-GPL
-projects, where it can't find the tag in question.</p>
+
+<p>While no manifest contains exactly these modules, some manifests allow
+ building those components. The following commands work for 3.0_r1.1:</p>
+
<pre class="devsite-click-to-copy">
<code class="devsite-terminal">repo init -b master -m base-for-3.0-gpl.xml</code>
<code class="devsite-terminal">repo sync</code>
<code class="devsite-terminal">repo forall -c git checkout android-3.0_r1.1</code>
</pre>
+<p>To use another version, switch the <code>git checkout</code> parameter and
+ (if necessary) the <code>-m</code> parameter in <code>repo init</code>. The
+ <code>git checkout</code> command outputs an error for the
+ non-GPL projects, where it can't find the tag in question.</p>
</body>
</html>
diff --git a/en/setup/start/codelines.html b/en/setup/start/codelines.html
new file mode 100644
index 00000000..654d412c
--- /dev/null
+++ b/en/setup/start/codelines.html
@@ -0,0 +1,168 @@
+<html devsite>
+ <head>
+ <title>Codelines, Branches, and Releases</title>
+ <meta name="project_path" value="/_project.yaml" />
+ <meta name="book_path" value="/_book.yaml" />
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<p>
+ The Android Open Source Project (AOSP) maintains a complete software stack to
+ be ported by OEMs and other device implementors and run on their own hardware.
+ To maintain the quality of Android, Google has contributed full-time
+ engineers, product managers, user interface designers, quality assurance
+ testers, and all the other roles required to bring modern devices to market.
+</p>
+
+<p>
+ Accordingly, we maintain a number of codelines to clearly separate the current
+ stable version of Android from unstable experimental work. We roll the open
+ source administration and maintenance of the Android codelines into the larger
+ product development cycle.
+</p>
+
+<h2 id="aosp-management">AOSP code management</h2>
+<p>
+ The chart below depicts the concepts behind AOSP code management and releases.
+</p>
+
+<img src="/images/code-lines.png" alt="codeline diagram" id="figure1" >
+<figcaption><strong>Figure 1.</strong> AOSP code and releases</figcaption>
+
+<ol>
+ <li>
+ At any given moment, there is a current latest release of the Android
+ platform. This typically takes the form of a branch in the tree.
+ </li>
+ <li>
+ Device builders and contributors work with the current latest release,
+ fixing bugs, launching new devices, experimenting with new features, etc.
+ </li>
+ <li>
+ In parallel, Google works internally on the next version of the Android
+ platform and framework according to the product's needs and goals. We
+ develop the next version of Android by working with a device partner on a
+ flagship device whose specifications are chosen to push Android in the
+ direction we believe it should go.
+ </li>
+ <li>
+ When the n+1th version is ready, it is published to the public source
+ tree and become the new latest release.
+ </li>
+</ol>
+
+<aside class="note"><strong>Note:</strong> We use the term <em>codelines</em>
+ instead of <em>branches</em> simply because at any given moment there may be
+ more than one branch for a given codeline. For instance, when a release is
+ cut, it may or may not become a new branch based on the needs of the moment.
+</aside>
+
+
+<h2 id="terms-and-caveats">Terms and Caveats</h2>
+
+<ul>
+ <li>
+ A <em>release</em> corresponds to a formal version of the Android platform,
+ such as 1.5, 2.1, and so on. A release of the platform corresponds to the
+ version in the <code>SdkVersion</code> field of
+ <code>AndroidManifest.xml</code> files and defined within
+ <code>frameworks/base/api</code> in the source tree.
+ </li>
+ <li>
+ An <em>upstream</em> project is an open source project from which the
+ Android stack pulls code. In addition to projects such as the Linux kernel
+ and WebKit, we continue to migrate some semi-autonomous Android projects
+ such as ART, the Android SDK tools, Bionic, and so on to work as
+ upstream projects. Generally, these projects are developed entirely in the
+ public tree. For some upstream projects, development is done by contributing
+ directly to the upstream project itself. For details, see
+ <a href="../contribute/submit-patches.html#upstream-projects">Upstream
+ projects</a>. In both cases, snapshots are periodically pulled into
+ releases.
+ </li>
+ <li>
+ At all times, a release codeline (which may actually consist of more than
+ one actual branch in git) is considered the sole canonical source code for a
+ given Android platform version. OEMs and other groups building devices
+ should pull only from a release branch.
+ </li>
+ <li>
+ Experimental codelines are established to capture changes from the community
+ so they can be iterated on with an eye toward stability.
+ </li>
+ <li>
+ Changes that prove stable are eventually be pulled into a release branch.
+ This applies only to bug fixes, application improvements, and other changes
+ that do not affect the APIs of the platform.
+ </li>
+ <li>
+ Changes are pulled into release branches from upstream projects
+ (including the Android upstream projects) as necessary.
+ </li>
+ <li>
+ The n+1th version (the next major version of the framework and platform
+ APIs) is developed by Google internally. For details, see
+ <a href="#private-codelines">Private codelines</a>.
+ </li>
+ <li>
+ Changes are pulled from upstream, release, and experimental branches into
+ Google's private branch as necessary.
+ </li>
+ <li>
+ When the platform APIs for the next version have stabilized and been fully
+ tested, Google cuts a release of the next platform version (specifically, a
+ new <code>SdkVersion</code>). This corresponds to the internal codeline
+ being made a public release branch and the new current platform codeline.
+ </li>
+ <li>
+ When a new platform version is cut, a corresponding experimental codeline is
+ created at the same time.
+ </li>
+</ul>
+
+<h2 id="private-codelines">Private codelines</h2>
+<p>
+ The source management strategy above includes a codeline that Google keeps
+ private to focus attention on the current public version of Android.
+</p>
+<p>
+ OEMs and other device builders naturally want to ship devices with the latest
+ version of Android. Similarly, application developers don't want to deal with
+ more platform versions than strictly necessary. Meanwhile, Google retains
+ responsibility for the strategic direction of Android as a platform and a
+ product. Our approach focuses on a small number of flagship devices to drive
+ features while securing protections of Android-related intellectual property.
+</p>
+<p>
+ As a result, Google frequently has possession of confidential information from
+ third parties and must refrain from revealing sensitive features until
+ securing the appropriate protections. In addition, there are real risks to the
+ platform arising from having too many platform versions extant at once. For
+ these reasons, we have structured the open source project (including
+ third-party contributions) to focus on the currently-public stable version of
+ Android. Deep development on the next version of the platform occurs in
+ private until it's ready to become an official release.
+</p>
+<p>
+ We recognize many contributors disagree with this approach and we respect
+ their different points of view. However, this is the approach we feel is best
+ and the one we've chosen to implement for Android.
+</p>
+
+ </body>
+</html>
diff --git a/en/setup/faqs.html b/en/setup/start/faqs.html
index 938f07c5..f8611db8 100644
--- a/en/setup/faqs.html
+++ b/en/setup/start/faqs.html
@@ -24,19 +24,26 @@
<a name="top"></a>
-<p>Please see the <a
-href="http://developer.android.com/guide/faq/index.html">Android FAQs</a> on
-developer.android.com for answers to other common questions.
+<p>
+ This page provides answers to Frequently Asked Questions (FAQs). For answers
+ other common questions, refer to
+ <a href="http://developer.android.com/guide/faq/index.html" class="external">Android
+ FAQs</a> on developer.android.com.
+</p>
<h2 id="open-source">Open Source</h2>
-<h3 id="what-is-the-android-open-source-project">What is the Android Open Source Project?</h3>
+
+<h3 id="what-is-the-android-open-source-project">What is the Android Open Source
+Project?</h3>
<p>We use the phrase "Android Open Source Project" or "AOSP" to refer to the
people, the processes, and the source code that make up Android.</p>
<p>The people oversee the project and develop the actual source code. The
processes refer to the tools and procedures we use to manage the development
of the software. The net result is the source code you can use to build
mobile phones and other devices.</p>
-<h3 id="why-did-we-open-the-android-source-code">Why did we open the Android source code?</h3>
+
+<h3 id="why-did-we-open-the-android-source-code">Why did we open the Android
+source code?</h3>
<p>Google started the Android project in response to our own experiences
launching mobile apps. We wanted to make sure there would always be an
open platform available for carriers, OEMs, and developers to use to make
@@ -46,15 +53,19 @@ the innovations of any other. The single most important goal of the Android
Open Source Project (AOSP) is to make sure that the open source Android
software is implemented as widely and compatibly as possible, to everyone's
benefit.</p>
-<h3 id="what-kind-of-open-source-project-is-android">What kind of open source project is Android?</h3>
+
+<h3 id="what-kind-of-open-source-project-is-android">What kind of open source
+project is Android?</h3>
<p>Google oversees the development of the core Android open source platform
and works to create robust developer and user communities. For the most part,
the Android source code is licensed under the permissive Apache Software
License 2.0, rather than a "copyleft" license. The main reason for this is
because our most important goal is widespread adoption of the software, and
-we believe that the ASL2.0 license best achieves that goal.</p>
-<p>You can find more information on this topic on our <a href="/setup/licenses.html">Licenses</a> page.</p>
-<h3 id="why-is-google-in-charge-of-android">Why is Google in charge of Android?</h3>
+we believe that the ASL2.0 license best achieves that goal. For details, see
+<a href="licenses.html">Licenses</a>.</p>
+
+<h3 id="why-is-google-in-charge-of-android">Why is Google in charge of
+Android?</h3>
<p>Launching a software platform is complex. Openness is vital to the
long-term success of a platform, since openness is required to attract
investment from developers and ensure a level playing field. However, the
@@ -67,10 +78,12 @@ devices running Android actually make it to market.</p>
<p>By making sure Android is a success with users, we help ensure the
vitality of Android as a platform and as an open source project. After all,
who wants the source code to an unsuccessful product?</p>
-<p>Google's goal is to ensure a successful ecosystem around Android. Of course, no
-one is required to participate. We opened the Android source code
-so anyone can modify and distribute the software to meet their own needs.</p>
-<h3 id="what-is-googles-overall-strategy-for-android-product-development">What is Google's overall strategy for Android product development?</h3>
+<p>Google's goal is to ensure a successful ecosystem around Android. Of course,
+no one is required to participate. We opened the Android source code so anyone
+can modify and distribute the software to meet their own needs.</p>
+
+<h3 id="what-is-googles-overall-strategy-for-android-product-development">What
+is Google's overall strategy for Android product development?</h3>
<p>We aim to release great devices into a competitive marketplace. We
then incorporate the innovations and enhancements we made into the core
platform as the next version.</p>
@@ -81,7 +94,9 @@ devices absorb much of the product risk and blaze a trail for the broad OEM
community, who follow up with many more devices that take advantage of the
new features. In this way, we make sure the Android platform evolves
according to the actual needs of real-world devices.</p>
-<h3 id="how-is-the-android-software-developed">How is the Android software developed?</h3>
+
+<h3 id="how-is-the-android-software-developed">How is the Android software
+developed?</h3>
<p>Each platform version of Android (such as 1.5, 1.6, and so on) has a
corresponding branch in the open source tree. At any given moment, the most
recent such branch will be considered the "current stable" branch version.
@@ -94,12 +109,14 @@ stable branch from the experimental branch as appropriate.</p>
<p>Finally, Google works on the next version of the Android platform in tandem
with developing a flagship device. This branch pulls in changes from the
experimental and stable branches as appropriate.</p>
-<p>You can find more information on this topic at our <a href="/setup/code-lines.html">Codelines,
-Branches and Releases</a> page.</p>
-<h3 id="why-are-parts-of-android-developed-in-private">Why are parts of Android developed in private?</h3>
-<p>It typically takes more than a year to bring a device to market. And, of course,
-device manufacturers want to ship the latest software they can. Developers,
-meanwhile, don't want to constantly track new versions of the
+<p>For details, see <a href="codelines.html">Codelines, Branches and
+Releases</a>.</p>
+
+<h3 id="why-are-parts-of-android-developed-in-private">Why are parts of Android
+developed in private?</h3>
+<p>It typically takes more than a year to bring a device to market. And, of
+course, device manufacturers want to ship the latest software they can.
+Developers, meanwhile, don't want to constantly track new versions of the
platform when writing apps. Both groups experience a tension between
shipping products and not wanting to fall behind.</p>
<p>To address this, some parts of the next version of Android including the
@@ -112,7 +129,9 @@ future work just to keep up. Other parts of the Android system that aren't
related to application compatibility are developed in the open, however.
It's our intention to move more of these parts to open development over
time.</p>
-<h3 id="when-are-source-code-releases-made">When are source code releases made?</h3>
+
+<h3 id="when-are-source-code-releases-made">When are source code releases
+made?</h3>
<p>When they are ready. Releasing the source code is a fairly complex process.
Some parts of Android are developed in the open,
so that source code is always available. Other parts are developed first in
@@ -120,24 +139,26 @@ a private tree, and that source code is released when the next platform
version is ready.</p>
<p>In some releases, core platform APIs will be ready far enough in advance
that we can push the source code out for an early look prior to the
-device's release; however in other releases, this isn't possible. In all cases, we
-release the platform source when we feel the version has stabilized enough,
+device's release; however in other releases, this isn't possible. In all cases,
+we release the platform source when we feel the version has stabilized enough,
and when the development process permits.</p>
-<h3 id="what-is-involved-in-releasing-the-source-code-for-a-new-android-version">What is involved in releasing the source code for a new Android version?</h3>
+
+<h3 id="what-is-involved-in-releasing-the-source-code-for-a-new-android-version">What
+is involved in releasing the source code for a new Android version?</h3>
<p>Releasing the source code for a new version of the Android platform is a
significant process. First, the software gets built into a system image for
a device and put through various forms of certification, including
government regulatory certification for the regions the phones will be
deployed. It also goes through operator testing. This is an important phase
-of the process, since it helps shake out a lot of software bugs.</p></p>
+of the process, since it helps shake out a lot of software bugs.</p>
<p>Once the release is approved by the regulators and operators, the
manufacturer begins mass producing devices, and we turn to releasing the
source code.</p>
<p>Simultaneous to mass production, the Google team kicks off several efforts
-to prepare the open source release. These efforts include making final API changes,
-updating documentation (to reflect any modifications that were made during
-qualification testing, for example), preparing an SDK for the new version,
-and launching the platform compatibility information.</p>
+to prepare the open source release. These efforts include making final API
+changes, updating documentation (to reflect any modifications that were made
+during qualification testing, for example), preparing an SDK for the new
+version,and launching the platform compatibility information.</p>
<p>Also included is a final legal sign-off to release the code into open
source. Just as open source contributors are required to sign a Contributors
License Agreement attesting to their intellectual property ownership of their
@@ -145,7 +166,9 @@ contribution, Google too must verify it is clear to make contributions.</p>
<p>From the time mass production begins, the software release process
usually takes around a month. This often places source code releases
around the same time the devices reach users.</p>
-<h3 id="how-does-the-aosp-relate-to-the-android-compatibility-program">How does the AOSP relate to the Android Compatibility Program?</h3>
+
+<h3 id="how-does-the-aosp-relate-to-the-android-compatibility-program">How does
+AOSP relate to the Android Compatibility Program?</h3>
<p>The Android Open Source Project maintains the Android software, and
develops new versions. Since it's open source, this software can be used for
any purpose, including to develop devices that are not compatible with other
@@ -158,8 +181,9 @@ compatibility requirements exist outside that ecosystem.</p>
<p>In other words, the Android Compatibility Program is how we separate
"Android-compatible devices" from devices that merely run derivatives of the
source code. We welcome all uses of the Android source code, but only
-Android-compatible devices -- as defined and tested by the Android
-Compatibility Program -- may participate in the Android ecosystem.</p>
+Android-compatible devices (as defined and tested by the Android
+Compatibility Program) may participate in the Android ecosystem.</p>
+
<h3 id="how-can-i-contribute-to-android">How can I contribute to Android?</h3>
<p>There are a number of ways you can contribute to Android. You can report
bugs, write apps for Android, or contribute source code to the Android
@@ -171,23 +195,28 @@ decline that contribution, since Android encourages applications to be run
in the ART runtime. Similarly, we won't accept contributions such as GPL
or LGPL libraries that are incompatible with our licensing goals.</p>
<p>We encourage those interested in contributing source code to contact us
-via the channels listed on the <a href="/setup/community.html">
-Android Community</a> page prior to beginning any work. You can find more
-information on this topic from the <a href="/setup/contributing.html">
-Contributing</a> page.</p>
-<h3 id="how-do-i-become-an-android-committer">How do I become an Android committer?</h3>
+via the channels listed on the <a href="../community.html">
+Android Community</a> page prior to beginning any work. For details, see
+<a href="../contribute/index.html">Contributing</a>.</p>
+
+<h3 id="how-do-i-become-an-android-committer">How do I become an Android
+committer?</h3>
<p>The Android Open Source Project doesn't really have a notion of a
-"committer". All contributions -- including those authored by Google
-employees -- go through a web-based system known as "gerrit" that's part of
+"committer". All contributions (including those authored by Google
+employees) go through a web-based system known as "gerrit" that's part of
the Android engineering process. This system works in tandem with the git
source code management system to cleanly manage source code
contributions.</p>
<p>Once submitted, changes need to be accepted by a designated Approver.
Approvers are typically Google employees, but the same approvers are
responsible for all submissions, regardless of origin.</p>
-<p>You can find more information on this topic at the <a href="submit-patches.html">Submitting Patches</a> page.</p>
+<p>For details, see <a href="../contribute/submit-patches.html">Submitting
+Patches</a>.</p>
+
<a href="#top">Back to top</a>
+
<h2 id="compatibility">Compatibility</h2>
+
<h3 id="what-does-compatibility-mean">What does "compatibility" mean?</h3>
<p>We define an "Android-compatible device" as one that can run any
application written by third-party developers using the Android SDK and NDK.
@@ -200,13 +229,17 @@ use the Android trademark.</p>
Android apps ecosystem. Anyone is welcome to use the Android source code.
But if the device isn't compatible, it's not considered part of the Android
ecosystem.</p>
-<h3 id="what-is-the-role-of-google-play-in-compatibility">What is the role of Google Play in compatibility?</h3>
+
+<h3 id="what-is-the-role-of-google-play-in-compatibility">What is the role of
+Google Play in compatibility?</h3>
<p>Devices that are Android compatible may seek to license the Google Play
client software. This allows them to become part of the Android app
ecosystem, enabling their users to download developers' apps from a catalog
shared by all compatible devices. This option isn't available to devices
that aren't compatible.</p>
-<h3 id="what-kinds-of-devices-can-be-android-compatible">What kinds of devices can be Android compatible?</h3>
+
+<h3 id="what-kinds-of-devices-can-be-android-compatible">What kinds of devices
+can be Android compatible?</h3>
<p>The Android software can be ported to many different kinds of devices,
including some on which third-party apps won't run properly. The
<a href="/compatibility/index.html">Android Compatibility Definition
@@ -214,58 +247,77 @@ Document</a> (CDD) spells out the specific device configurations that will be
considered compatible.</p>
<p>For example, though the Android source code could be ported to run on a
phone that doesn't have a camera, the CDD requires all phones to have a camera.
-This allows developers to rely on a consistent set of capabilities when writing their apps.</p>
+This allows developers to rely on a consistent set of capabilities when writing
+their apps.</p>
<p>The CDD will evolve over time to reflect market realities. For instance,
version 1.6 of the CDD supports only cell phones. But the 2.1 CDD allows devices
-to omit telephony hardware, enabling non-phone devices such as tablet-style music
-players to be compatible. As we make these changes, we will also
+to omit telephony hardware, enabling non-phone devices such as tablet-style
+music players to be compatible. As we make these changes, we will also
augment Google Play to allow developers to retain control over where
their apps are available. To continue the telephony example, an app that
manages SMS text messages would not be useful on a media player, so Google
-Play allows the developer to restrict that app exclusively to phone
-devices.</p>
-<h3 id="if-my-device-is-compatible-does-it-automatically-have-access-to-google-play-and-branding">If my device is compatible, does it automatically have access to Google Play and branding?</h3>
+Play allows the developer to restrict that app exclusively to phone devices.</p>
+
+<h3 id="if-my-device-is-compatible-does-it-automatically-have-access-to-google-play-and-branding">If
+my device is compatible, does it automatically have access to Google Play and
+branding?</h3>
<p>Google Play is a service operated by Google. Achieving compatibility is
a prerequisite for obtaining access to the Google Play software and branding.
Device manufacturers should complete the contact form included in <a
href="/compatibility/contact-us#for-business-inquiries">licensing Google Mobile
Services</a> to seek access to Google Play. We will be in contact if we can
help you.</p>
-<h3 id="if-i-am-not-a-manufacturer-how-can-i-get-google-play">If I am not a manufacturer, how can I get Google Play?</h3>
+
+<h3 id="if-i-am-not-a-manufacturer-how-can-i-get-google-play">If I am not a
+manufacturer, how can I get Google Play?</h3>
<p>Google Play is only licensed to handset manufacturers shipping devices.
For questions about specific cases, contact <a
-href="mailto:android-partnerships@google.com">android-partnerships@google.com</a>.</p>
-<h3 id="how-can-i-get-access-to-the-google-apps-for-android-such-as-maps">How can I get access to the Google apps for Android, such as Maps?</h3>
+href="mailto:android-partnerships@google.com">android-partnerships@google.com</a>.
+</p>
+
+<h3 id="how-can-i-get-access-to-the-google-apps-for-android-such-as-maps">How
+can I get access to the Google apps for Android, such as Maps?</h3>
<p>The Google apps for Android, such as YouTube, Google Maps,
Gmail, and more, are Google properties that are not part of Android and
are licensed separately. Contact <a
href="mailto:android-partnerships@google.com">android-partnerships@google.com</a>
for inquiries related to those apps.</p>
+
<h3 id="is-compatibility-mandatory">Is compatibility mandatory?</h3>
<p>No. The Android Compatibility Program is optional. Since the Android source
-code is open, anyone can use it to build any kind of device. However, if manufacturers
-wish to use the Android name with their products, or want access to Google Play,
-they must first demonstrate their devices are compatible.</p>
-<h3 id="how-much-does-compatibility-certification-cost">How much does compatibility certification cost?</h3>
+code is open, anyone can use it to build any kind of device. However, if
+manufacturers wish to use the Android name with their products, or want access
+to Google Play, they must first demonstrate their devices are compatible.</p>
+
+<h3 id="how-much-does-compatibility-certification-cost">How much does
+compatibility certification cost?</h3>
<p>There is no cost to obtain Android compatibility for a device. The
-Compatibility Test Suite is open source and available to anyone for device testing.</p>
+Compatibility Test Suite is open source and available to anyone for device
+testing.</p>
+
<h3 id="how-long-does-compatibility-take">How long does compatibility take?</h3>
<p>The process is automated. The Compatibility Test Suite generates a report
that can be provided to Google to verify compatibility. Eventually we intend
to provide self-service tools to upload these reports to a public database.</p>
-<h3 id="who-determines-what-will-be-part-of-the-compatibility-definition">Who determines what will be part of the compatibility definition?</h3>
+
+<h3 id="who-determines-what-will-be-part-of-the-compatibility-definition">Who
+determines what will be part of the compatibility definition?</h3>
<p>Since Google is responsible for the overall direction of Android as a
platform and product, Google maintains the Compatibility Definition Document
for each release. We draft the CDD for a new Android version in consultation
with various OEMs who provide input on its contents.</p>
-<h3 id="how-long-will-each-android-version-be-supported-for-new-devices">How long will each Android version be supported for new devices?</h3>
+
+<h3 id="how-long-will-each-android-version-be-supported-for-new-devices">How
+long will each Android version be supported for new devices?</h3>
<p>Since Android's code is open source, we can't prevent someone from using an
old version to launch a device. Instead, Google chooses not to license the
Google Play client software for use on versions that are considered
obsolete. This allows anyone to continue to ship old versions of Android,
but those devices won't use the Android name and will exist outside the
Android apps ecosystem, just as if they were non-compatible.</p>
-<h3 id="can-a-device-have-a-different-user-interface-and-still-be-compatible">Can a device have a different user interface and still be compatible?</h3>
+
+<h3 id="can-a-device-have-a-different-user-interface-and-still-be-compatible">Can
+a device have a different user interface and still be compatible?</h3>
<p>The Android Compatibility Program determines whether a device can run
third-party applications. The user interface components shipped with a
device (such as home screen, dialer, color scheme, and so on) do not
@@ -273,52 +325,72 @@ generally have much effect on third-party apps. As such, device builders are
free to customize the user interface as much as they like. The Compatibility
Definition Document does restrict the degree to which OEMs may alter the
system user interface for areas that do impact third-party apps.</p>
-<h3 id="when-are-compatibility-definitions-released-for-new-android-versions">When are compatibility definitions released for new Android versions?</h3>
+
+<h3 id="when-are-compatibility-definitions-released-for-new-android-versions">When
+are compatibility definitions released for new Android versions?</h3>
<p>Our goal is to release new versions of Android Compatibility Definition
Documents (CDDs) once the corresponding Android platform version has
converged enough to permit it. While we can't release a final draft of a CDD
for an Android software version before the first flagship device ships with
that software, final CDDs will always be released after the first device.
However, wherever practical we will make draft versions of CDDs available.</p>
-<h3 id="how-are-device-manufacturers-compatibility-claims-validated">How are device manufacturers' compatibility claims validated?</h3>
+
+<h3 id="how-are-device-manufacturers-compatibility-claims-validated">How are
+device manufacturers' compatibility claims validated?</h3>
<p>There is no validation process for Android device compatibility. However,
if the device is to include Google Play, Google will typically validate
the device for compatibility before agreeing to license the Google Play client
software.</p>
-<h3 id="what-happens-if-a-device-that-claims-compatibility-is-later-found-to-have-compatibility-problems">What happens if a device that claims compatibility is later found to have compatibility problems?</h3>
+
+<h3 id="what-happens-if-a-device-that-claims-compatibility-is-later-found-to-have-compatibility-problems">What
+happens if a device that claims compatibility is later found to have
+compatibility problems?</h3>
<p>Typically, Google's relationships with Google Play licensees allow us to
ask them to release updated system images that fix the problems.</p>
+
<a href="#top">Back to top</a>
+
<h2 id="compatibility-test-suite">Compatibility Test Suite</h2>
+
<h3 id="what-is-the-purpose-of-the-cts">What is the purpose of the CTS?</h3>
<p>The Compatibility Test Suite is a tool used by device manufacturers to help
ensure their devices are compatible, and to report test results for
validations. The CTS is intended to be run frequently by OEMs throughout the
engineering process to catch compatibility issues early.</p>
-<h3 id="what-kinds-of-things-does-the-cts-test">What kinds of things does the CTS test?</h3>
+
+<h3 id="what-kinds-of-things-does-the-cts-test">What kinds of things does the
+CTS test?</h3>
<p>The CTS currently tests that all of the supported Android strong-typed APIs
are present and behave correctly. It also tests other non-API system
behaviors such as application lifecycle and performance. We plan to add
support in future CTS versions to test "soft" APIs such as Intents as
well.</p>
-<h3 id="will-the-cts-reports-be-made-public">Will the CTS reports be made public?</h3>
+
+<h3 id="will-the-cts-reports-be-made-public">Will the CTS reports be made
+public?</h3>
<p>Yes. While not currently implemented, Google intends to provide web-based
self-service tools for OEMs to publish CTS reports so that they can be
viewed by anyone. CTS reports can be shared as widely as manufacturers
prefer.</p>
+
<h3 id="how-is-the-cts-licensed">How is the CTS licensed?</h3>
<p>The CTS is licensed under the same Apache Software License 2.0 that the
bulk of Android uses.</p>
-<h3 id="does-the-cts-accept-contributions">Does the CTS accept contributions?</h3>
+
+<h3 id="does-the-cts-accept-contributions">Does the CTS accept
+contributions?</h3>
<p>Yes please! The Android Open Source Project accepts contributions to
improve the CTS in the same way as for any other component. In fact,
improving the coverage and quality of the CTS test cases is one of the best
ways to help out Android.</p>
-<h3 id="can-anyone-use-the-cts-on-existing-devices">Can anyone use the CTS on existing devices?</h3>
+
+<h3 id="can-anyone-use-the-cts-on-existing-devices">Can anyone use the CTS on
+existing devices?</h3>
<p>The Compatibility Definition Document requires that compatible devices
-implement the 'adb' debugging utility. This means that any compatible device
--- including ones available at retail -- must be able to run the CTS
+implement the <code>adb</code> debugging utility. This means that any compatible
+device (including ones available at retail) must be able to run the CTS
tests.</p>
+
<h3 id="are-codecs-verified">Are codecs verified by CTS?</h3>
<p>Yes. All mandatory codecs are verified by CTS.</p>
diff --git a/en/setup/start/licenses.html b/en/setup/start/licenses.html
new file mode 100644
index 00000000..4c1a3b82
--- /dev/null
+++ b/en/setup/start/licenses.html
@@ -0,0 +1,126 @@
+<html devsite>
+ <head>
+ <title>Content License</title>
+ <meta name="project_path" value="/_project.yaml" />
+ <meta name="book_path" value="/_book.yaml" />
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<p>
+ The Android Open Source Project (AOSP) uses a few
+ <a href="http://www.opensource.org/" class="external">open source
+ initiative</a> approved open source licenses for our software.
+</p>
+<h2 id="android-open-source-project-license">AOSP license</h2>
+<p>
+ The preferred license for AOSP is the
+ <a href="http://www.apache.org/licenses/LICENSE-2.0" class="external">Apache
+ Software License, Version 2.0</a> ("Apache 2.0"), and the majority of the
+ Android software is licensed with Apache 2.0. While the project strives to
+ adhere to the preferred license, there may be exceptions that will be handled
+ on a case-by-case basis. For example, the Linux kernel patches are under the
+ GPLv2 license with system exceptions, which can be found on
+ <a href="http://www.kernel.org/pub/linux/kernel/COPYING" class="external">kernel.org</a>.
+</p>
+<h2 id="contributor-license-grants">Contributor License Agreements</h2>
+<p>All <em>individual</em> contributors (those making contributions only on
+ their own behalf) of ideas, code, or documentation to AOSP will be required to
+ complete, sign, and submit an
+ <a href="https://cla.developers.google.com/about/google-individual" class="external">Individual
+ Contributor License Agreement</a>. The agreement can be executed online
+ through the
+ <a href="https://android-review.googlesource.com/#/settings/agreements" class="external">code
+ review tool</a>. The agreement clearly defines the terms under which
+ intellectual property has been contributed to AOSP. This license is for your
+ protection as a contributor as well as the protection of the project; it does
+ not change your rights to use your own contributions for any other purpose.
+</p>
+<p>
+ For a <em>corporation</em> (or other entity) that has assigned employees to
+ work on AOSP, a
+ <a href="https://cla.developers.google.com/about/google-corporate" class="external">Corporate
+ Contributor License Agreement</a> is available. This version of the agreement
+ allows a corporation to authorize contributions submitted by its designated
+ employees and to grant copyright and patent licenses. A Corporate Contributor
+ License Agreement does not remove the need for any developer to sign their own
+ Individual Contributor License Agreement as an individual. The individual
+ agreement is needed to cover any of their contributions that are <em>not</em>
+ owned by the corporation signing the Corporate Contributor License Agreement.
+</p>
+<p>
+ We based our agreements on the ones used by the
+ <a href="http://www.apache.org">Apache Software Foundation</a>, which can
+ be found on the
+ <a href="http://www.apache.org/licenses/" class="external">Apache website</a>.
+</p>
+<h2 id="why-apache-software-license">Why Apache Software License?</h2>
+<p>
+ We are sometimes asked why Apache Software License 2.0 is the preferred
+ license for Android. For userspace (non-kernel) software, we prefer ASL2.0
+ (and similar licenses such as BSD, MIT, etc.) over other licenses such as
+ LGPL.
+</p>
+<p>
+ Android is about freedom and choice. The purpose of Android is promote
+ openness in the mobile world, and we don't believe it's possible to predict or
+ dictate all the uses to which people will want to put our software. So, while
+ we encourage everyone to make devices that are open and modifiable, we don't
+ believe it is our place to force them to do so. Using LGPL libraries would
+ often force them to do just that.
+</p>
+<p>
+ Here are some of our specific concerns:
+</p>
+<ul>
+ <li>
+ LGPL (in simplified terms) requires either: shipping of source to the
+ application; a written offer for source; or linking the LGPL-ed library
+ dynamically and allowing users to manually upgrade or replace the library.
+ Since Android software is typically shipped in the form of a static system
+ image, complying with these requirements restricts OEMs' designs. For
+ instance, it's difficult for a user to replace a library on read-only
+ flash storage.)
+ </li>
+ <li>
+ LGPL requires allowance of customer modification and reverse
+ engineering for debugging those modifications. Most device makers do
+ not want to have to be bound by these terms. So to minimize the burden on
+ these companies, we minimize usage of LGPL software in userspace.
+ </li>
+ </li>
+ <li>
+ Historically, LGPL libraries have been the source of a large number
+ of compliance problems for downstream device makers and application
+ developers. Educating engineers on these issues is difficult and slow-going,
+ unfortunately. It's critical to Android's success that it be as easy as
+ possible for device makers to comply with the licenses. Given the
+ difficulties with complying with LGPL in the past, it is most prudent to
+ simply not use LGPL libraries if we can avoid it.
+ </li>
+</ul>
+<p>
+ The issues discussed above are our reasons for preferring ASL2.0 for
+ our own code. They aren't criticisms of LGPL or other licenses. We are
+ passionate about this topic, even to the point where we've gone out of our
+ way to make sure as much code as possible is ASL2.0 licensed. However, we love
+ all free and open source licenses, and respect others' opinions and
+ preferences. We've simply decided ASL2.0 is the right license for our goals.
+</p>
+
+ </body>
+</html>
diff --git a/en/setup/start/roles.html b/en/setup/start/roles.html
new file mode 100644
index 00000000..b420be2f
--- /dev/null
+++ b/en/setup/start/roles.html
@@ -0,0 +1,122 @@
+<html devsite>
+ <head>
+ <title>Project Roles</title>
+ <meta name="project_path" value="/_project.yaml" />
+ <meta name="book_path" value="/_book.yaml" />
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+
+<p>
+ The Android Open Source Project (AOSP) includes individuals working in a
+ variety of roles. Google is responsible for Android product management
+ and the engineering process for the core framework and platform; however,
+ the project considers contributions from any source, not just Google. This
+ page describes the kinds of roles that interested parties can take on.
+</p>
+<p>
+ Anyone who is interested in exploring and contributing to Android can use the
+ AOSP resources. Anyone can join the mailing lists, ask questions, contribute
+ patches, report bugs, look at submitted patches, and use the tools. To get
+ started with the Android code, see
+ <a href="../contribute/index.html">Contributing</a>.
+</p>
+
+<h2 id="contributor">Contributor</h2>
+<p>
+ "Contributors" are those making contributions to the AOSP source code,
+ including both employees of Google or other companies, as well as individual
+ developers who are contributing to Android on their own behalf. There is no
+ distinction between contributors who are employed by Google and those who are
+ not; all engineers use the same tools (git, repo, and gerrit), follow the same
+ code review process, and are subject to the same requirements on code style
+ and so on.
+</p>
+
+<h2 id="developer">Developer</h2>
+<p>
+ "Developers" are engineers writing applications that run on Android
+ devices. There is often little difference in skillset between a developer
+ and a contributor. But AOSP uses "developer" to distinguish between
+ engineers using the platform and those contributing to it. Developers
+ (along with users) are the "customers" of the platform the contributors
+ create. As such, we talk about developers a lot, though this isn't technically
+ a separate role in the AOSP per se.
+</p>
+
+<h2 id="verifier">Verifier</h2>
+<p>
+ "Verifiers" are responsible for testing change requests. After individuals
+ have submitted a significant amount of high-quality code to the project, the
+ project leads might invite them to become verifiers.
+</p>
+<aside class="note"><strong>Note:</strong> At this time, verifiers act similarly
+to approvers.</aside>
+
+<h2 id="approver">Approver</h2>
+<p>
+ "Approvers" are experienced members of the project who have demonstrated their
+ design skills and have made significant technical contributions to the
+ project. In the code-review process, an approver decides whether to include or
+ exclude a change. Project leads (who are typically employed by Google) choose
+ the approvers, sometimes promoting to this position verifiers who have
+ demonstrated their expertise within a specific project.
+</p>
+
+<h2 id="project-leads">Project lead</h2>
+<p>
+ Android consists of a number of sub-projects; you can see these in the git
+ repository as individual .git files. "Project leads" are senior contributors
+ who oversee the engineering for individual Android projects. Typically these
+ project leads are Google employees. A project lead for an individual project
+ is responsible for the following:
+</p>
+<ul>
+ <li>
+ Lead all technical aspects of the project, including the project roadmap,
+ development, release cycles, versioning, and quality assurance (QA).
+ <li>
+ Ensure the project is tested by QA in time for scheduled Android platform
+ releases.
+ </li>
+ <li>
+ Designate Verifiers and Approvers for submitted patches.
+ </li>
+ <li>
+ Be fair and unbiased while reviewing changes. Accept or reject patches
+ based on technical merit and alignment with the Android strategy.
+ </li>
+ <li>
+ Review changes in a timely manner and make best efforts to communicate
+ when changes are not accepted.</p>
+ </li>
+ <li>
+ Optionally maintain a web site for the project for information and
+ documents specific to the project.
+ </li>
+ <li>
+ Act as a facilitator in resolving technical conflicts.
+ </li>
+ <li>
+ Be a public face for the project and the go-to person for questions
+ related to the project.
+ </li>
+</ul>
+
+ </body>
+</html>
diff --git a/en/setup/start/site-updates.html b/en/setup/start/site-updates.html
new file mode 100644
index 00000000..2f7df35e
--- /dev/null
+++ b/en/setup/start/site-updates.html
@@ -0,0 +1,803 @@
+<html devsite>
+ <head>
+ <title>Site Updates</title>
+ <meta name="project_path" value="/_project.yaml" />
+ <meta name="book_path" value="/_book.yaml" />
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+
+ <p>
+ This page describes significant revisions to source.android.com. For a
+ complete list of changes to this site refer to the Android Open Source Project
+ (AOSP)
+ <a href="https://android.googlesource.com/platform/docs/source.android.com/+log/master?pretty=full&no-merges" class="external">docs/source.android.com
+ log</a>.
+</p>
+
+<h2 id="Dec-2017">December 2017</h2>
+<p>
+ Android 8.1 has been released! See the entries below for the major platform
+ features introduced in this release.
+</p>
+
+<h3 id="aaudio">AAudio and MMAP</h3>
+<p>
+ AAudio is an audio API that has enhancements to reduce latency when used in
+ conjunction with a HAL and driver that support MMAP. See
+ <a href="/devices/audio/aaudio">AAudio and MMAP</a> for documentation
+ describing the hardware abstraction layer (HAL) and driver changes needed to
+ support AAudio's MMAP feature in Android.
+</p>
+
+<h3 id="art-config">ART configuration changes</h3>
+<p>
+ The <code>WITH_DEXPREOPT_BOOT_IMG_ONLY</code> makefile option was removed
+ from the Android runtime (ART) in Android 8.1 and replaced with the
+ <code>WITH_DEXPREOPT_BOOT_IMG_AND_SYSTEM_SERVER_ONLY</code> option that
+ pre-optimizes the system server jars, as well as the boot classpath. See
+ <a href="/devices/tech/dalvik/configure#build_options">Configuring ART</a> for
+ the deprecation notice.
+</p>
+
+<h3 id="biometric-unlock">Biometric unlock security measurements</h3>
+<p>
+ Android 8.1 introduces two new metrics associated with biometric unlocks
+ that are intended to help device manufacturers evaluate their security more
+ accurately: Imposter Accept Rate (IAR) and Spoof Accept Rate (SAR). See <a
+ href="/security/biometric/">Measuring Biometric Unlock Security</a> for
+ example attacks and test methodology.
+</p>
+
+<h3 id="boot-times">Boot time optimizations</h3>
+<p>
+ Starting in Android 8.1, power saving setting for components like UFS and
+ CPU governor can be disabled to improve device boot times. See <a
+ href="/devices/tech/perf/boot-times#disable-power-saving">Optimizing Boot
+ Times</a> for the new <code>init.*.rc</code> settings.
+</p>
+
+<h3 id=“color-mgmt”>Color management</h3>
+<p>
+ Android 8.1 adds support for color management that can be used to provide a
+ consistent experience across display technologies. Applications running on
+ Android 8.1 can access the full capabilities of a wide gamut display to get
+ the most out of a display device. See
+ <a href="/devices/tech/display/color-mgmt">Color Management</a> for
+ instructions on implementing, customizing, and testing this feature.
+</p>
+
+<h3 id="opengl-config">OpenGLRenderer configuration simplification</h3>
+<p>
+ In Android 8.1 and later, only the <code>ro.zygote.disable_gl_preload
+ property</code> still applies to OpenGLRenderer configuration. All other
+ properties have been removed. See <a
+ href="/devices/graphics/renderer">OpenGLRenderer Configuration</a> for the
+ notice and previously supported properties.
+</p>
+
+<h3 id="retail-mode">Retail demo mode made easy</h3>
+<p>
+ Through Device Policy Manager, Android 8.1 supports demonstrating device
+ functionality in retail stores via a demo-type user role. See <a
+ href="/devices/tech/display/retail-mode.html">Retail Demo Mode</a> for
+ implementation instructions.
+</p>
+
+<h3 id="textclassifier">TEXTCLASSIFIER</h3>
+<p>
+ Android 8.1 introduces the TextClassfier API that uses machine learning
+ techniques to help developers classify text.
+ See <a href="/devices/tech/display/textclassifier.html">TEXTCLASSIFIER</a> for
+ implementation instructions.
+</p>
+
+<h3 id="timezone-rules">Time zone rules</h3>
+<p>
+ Android 8.1 provides a new mechanism for device manufacturers (OEMs) to push
+ updated time zone rules data to devices without requiring a system update.
+ This mechanism enables users to receive timely updates and OEMs to test time
+ zone updates independently of system image updates. See
+ <a href="/devices/tech/config/timezone-rules">Time Zone Rules</a> for
+ instructions on applying these updates.
+</p>
+
+<h3 id="wifi-aware">Wi-Fi Aware</h3>
+<p>
+ The Wi-Fi Aware feature in Android 8.1 enables supporting devices to connect
+ to one another directly over Wi-Fi without internet or cellular network access.
+ This feature allows easy sharing of high-throughput data among trusted devices
+ and apps that are otherwise off network. See <a
+ href="/devices/tech/connect/wifi-aware">Wi-Fi Aware</a> for examples, source
+ files, and links to additional documentation.
+</p>
+
+<h2 id="Nov-2017">November 2017</h2>
+<p>
+ The <em>Source</em> section has been renamed to
+ <a href="/setup"><em>Setup</em></a>. Redirects are in place to ensure the old
+ URLs still work.
+</p>
+
+<h2 id="Sept-2017">September 2017</h2>
+<p>
+ This site has been released in China at
+ <a href="https://source.android.google.cn" class="external-link">source.android.google.cn</a>.
+ All non-reference materials have also been translated into Simplified Chinese
+ for ease of use.
+</p>
+
+<h2 id="August-2017">August 2017</h2>
+<p>
+ Android 8.0 has been released! This section describes the major new features
+ in the Android 8.0 platform.
+</p>
+<h3 id="architecture">Architecture</h3>
+<h4>Treble</h4>
+<p>
+ Android 8.0 includes support for Treble, a major re-architect of the
+ Android OS framework designed to make it easier, faster, and less costly
+ for manufacturers to update devices to a new version of Android. Documentation
+ includes details on the <a href="/devices/architecture/hidl/index.html">HAL
+ interface definition language (HIDL)</a>, a new
+ <a href="/devices/architecture/configstore/index.html">ConfigStore HAL</a>,
+ <a href="/devices/architecture/dto/index.html">Device Tree Overlays</a>, the
+ <a href="/devices/architecture/vndk/index.html">Vendor Native Development Kit
+ (VNDK)</a>, <a href="/devices/architecture/vintf/index.html">Vendor Interface
+ Objects (VINTF)</a>,
+ <a href="/devices/architecture/kernel/modular-kernels.html">Modular Kernel
+ requirements</a>, and the <a href="/devices/tech/vts/index.html">Vendor Test
+ Suite (VTS) and Infrastructure</a>.
+</p>
+
+<h4>FunctionFS support</h4>
+<p>
+ <a class="external-link" href="https://www.kernel.org/doc/Documentation/usb/functionfs.txt">FunctionFS</a>
+ (FFS) is a USB gadget function that is designed and controlled through user
+ space. Its support allows all of the function- and protocol-specific code to
+ live in user space, while all of the USB transport code lives in the kernel.
+ Using FFS moves Media Transfer Protocol (MTP) implementation into user space.
+</p>
+<p>
+ On the frameworks side, most of the major changes exist in MtpServer. The
+ USB driver interface has been refactored into two different classes, one that
+ uses the old kernel driver and one that uses FFS. MtpServer is then able
+ to use that driver interface without needing to know the details of
+ implementation. The FFS driver writes the USB descriptors to a file when
+ the server starts up; it then writes data to endpoint files similar to the
+ kernel driver use.
+</p>
+
+<h4>Kernel enhancements to LLDB/C++ debugging</h4>
+<p>
+ The Android 8.0 release includes kernel enhancements that help developers
+ create better applications by improving their debugging experience. For more
+ information, see
+ <a href="/devices/architecture/kernel/lldb-debug.html">Implementing kernel
+ enhancements to LLDB/C++ debugging</a>.
+</p>
+
+<h4>Kernel hardening</h4>
+<p>
+ Upstreamed kernel hardening features and tools to find bugs in kernel drivers.
+ For more information, see
+ <a href="/devices/architecture/kernel/hardening.html">Kernel Hardening</a>.
+</p>
+
+<h4>Optimizing SquashFS at the kernel level</h4>
+<p>
+ SquashFS is a compressed read-only filesystem for Linux, suitable for use on
+ the system partition. The optimizations in this document help improve the
+ performance of SquashFS. For more information, see
+ <a href="/devices/architecture/kernel/squashfs.html">Optimizing SquashFS at
+ the Kernel Level</a>.
+</p>
+
+<h3 id="art-dalvik">ART and Dalvik</h3>
+
+<h4>Fuzz testing</h4>
+<p>
+ AOSP offers a new fuzzing testing suite for testing the
+ <a href="/devices/tech/dalvik/">Android runtime (ART)</a> infrastructure. The
+ new toolset, JFuzz and an improved DexFuzz, are directly available in AOSP now
+ with accompanying documentation. See:
+ <a href="https://android.googlesource.com/platform/art/+/master/tools/jfuzz/README.md">https://android.googlesource.com/platform/art/+/master/tools/jfuzz/README.md</a>
+ <a href="https://android.googlesource.com/platform/art/+/master/tools/dexfuzz/README">https://android.googlesource.com/platform/art/+/master/tools/dexfuzz/README</a>
+</p>
+<p>
+ Nothing is required to implement or use the new tools. You may make changes
+ to the tools if required, just like you can make changes to the
+ runtime/compiler already.
+</p>
+
+<h4>VDEX files: Improve system update performance</h4>
+<p>
+ VDEX files improve the performance and user experience of software updates.
+ VDEX files store pre-validated DEX files with verifier dependencies so that
+ during system updates ART does not need to extract and verify the DEX files
+ again. No action is needed to implement this feature. It is enabled by
+ default. To disable the feature, set the <code>ART_ENABLE_VDEX</code>
+ environment variable to <code>false</code>.
+</p>
+
+<h4>ART performance improvements</h4>
+<p>
+ The Android runtime (ART) has been improved significantly in the Android 8.0
+ release. This document summarizes enhancements device manufacturers can expect
+ in ART. For more information, see
+ <a href="/devices/tech/dalvik/improvements.html">Improving ART Performance in
+ Android 8.0</a>.
+</p>
+
+<h4>Android A/B OTA updates</h4>
+<p>
+ This update answers common questions device manufacturers have regarding
+ Android A/B (seamless) system updates. For more information, see A/B updates
+ <a href="/devices/tech/ota/ab/ab_faqs.html">frequently asked questions</a>.
+</p>
+
+<h3 id="automotive">Automotive</h3>
+
+<h4>Bluetooth connection management</h4>
+<p>
+ Android 8.0 provides Bluetooth connection management in in-vehicle
+ infotainment systems for a more seamless Bluetooth user experience. For more
+ information, see
+ <a href="/devices/automotive/ivi_connectivity.html#bluetooth-connection-management">Bluetooth
+ connection management</a>.
+</p>
+
+<h4>Bluetooth multi-device HFP</h4>
+<p>
+ Bluetooth multi-device connectivity lets users connect multiple devices to
+ telephony profiles in an Android Automotive IVI Bluetooth. For more
+ information, see
+ <a href="/devices/automotive/ivi_connectivity.html#bluetooth-multi-device-connectivity">IVI
+ Connectivity</a>.
+</p>
+
+<h4>Vehicle Camera HAL</h4>
+<p>
+ Describes the design of an exterior view system (EVS) stack and provides the
+ HAL specification for supporting the acquisition and presentation of vehicle
+ camera data. For more information, see
+ <a href="/devices/automotive/camera-hal.html">Exterior View System (EVS)
+ Vehicle Camera HAL.</a>
+</p>
+
+<h3 id="bluetooth">Bluetooth</h3>
+<p>
+ See the updated <a href="/devices/bluetooth/index.html">Bluetooth overview</a>.
+</p>
+
+<h4>Verifying and debugging Bluetooth</h4>
+<p>
+ For details on how to verify and debug the native Bluetooth stack, see
+ <a href="/devices/bluetooth/verifying_debugging.html">Verifying and
+ Debugging</a>.
+</p>
+
+<h4>Bluetooth services</h4>
+<p>
+ Bluetooth provides a variety of features that enable core services between
+ devices, such as audio streaming, phone calls, and messaging. For more
+ information about the Android Bluetooth services, see
+ <a href="/devices/bluetooth/services.html">Bluetooth Services</a>.
+</p>
+
+<h4>BLE advertising</h4>
+<p>
+ Bluetooth 5 supports different modes of data advertisements for Bluetooth Low
+ Energy, including higher bandwidth or increased range. For more information,
+ see <a href="/devices/bluetooth/ble_advertising.html">Bluetooth Low Energy
+ Advertising</a>.
+</p>
+
+<h4>Bluetooth support for audio codecs</h4>
+<p>
+ The Android 8.0 release includes support for Bluetooth high-definition audio
+ codecs. For more information, see <a
+ href="/devices/bluetooth/services.html#advanced-audio-codecs">Advanced audio codecs</a>.
+</p>
+<h3 id="camera">Camera</h3>
+<h4>Critical camera features</h4>
+<p>
+ The Android 8.0 release contains these key enhancements to the Camera service:
+ shared surfaces, enable multiple surfaces sharing the same OutputConfiguration
+ System API for custom camera modes, and onCaptureQueueEmpty. For more
+ information, see <a href="/devices/camera/versioning.html">Camera Version
+ Support</a>.
+</p>
+
+<h3 id="configuration">Configuration</h3>
+
+<h4>Ambient capabilities</h4>
+<p>
+ Capabilities allow Linux processes to drop most root-like privileges, while
+ retaining the subset of privileges they require to perform their function.
+ Ambient capabilities allows system services to configure capabilities in their
+ <code>.rc</code> files, bringing all their configuration into a single file.
+ For more information, see
+ <a href="/devices/tech/config/ambient.html">Implementing Ambient
+ Capabilities</a>.
+</p>
+
+<h4>Privileged permission whitelist requirement</h4>
+<p>
+ Starting in Android 8.0, all privileged apps must be explicitly whitelisted in
+ system configuration XML files in the <code>/etc/permissions</code> directory.
+ If they are not, then the device will boot, but the device implementation will
+ not pass CTS. For more information, see
+ <a href="/devices/tech/config/perms-whitelist.html">Privileged Permission
+ Whitelist Requirement</a>.
+</p>
+
+<h4>Implementing USB HAL</h4>
+<p>
+ The Android 8.0 release moves handling of USB commands out of init scripts and
+ into a native USB daemon for better configuration and code reliability. For
+ more information, see <a href="/devices/tech/config/usb-hal.html">Implementing
+ USB HAL</a>.
+</p>
+
+<h3 id="connectivity">Connectivity</h3>
+
+<h4>Customizing device behavior for out-of-balance users</h4>
+<p>
+ Android devices with no data balance allow network traffic through, requiring
+ carriers and telecoms to implement mitigation protocols. This feature
+ implements a generic solution that allows carriers and telcos to indicate when
+ a device has run out of balance. For more information, see
+ <a href="/devices/tech/connect/oob-users.html">Customizing device behavior for
+ out-of-balance users</a>.
+</p>
+
+<h3 id="debugging">Debugging</h3>
+
+<h4>Enabling sanitizers in the Android build system</h4>
+<p>
+ Sanitizers are compiler-based instrumentation components to use during
+ development and testing in order to identify bugs and make Android better.
+ Android's current set of sanitizers can discover and diagnose memory misuse
+ bugs and potentially dangerous undefined behavior. For more information, see
+ <a href="/devices/tech/debug/sanitizers.html">Enabling Sanitizers in the
+ Android Build System</a>.
+</p>
+
+<h4>Recover devices in reboot loops</h4>
+<p>
+ Android 8.0 includes a feature that sends out a "rescue party" when it notices
+ core system components stuck in crash loops. Rescue Party then escalates
+ through a series of actions to recover the device. For more information, see
+ <a href="/devices/tech/debug/rescue-party.html">Rescue Party</a>.
+</p>
+
+<h4>Storaged</h4>
+<p>
+ Android 8.0 adds support for <code>storaged</code>, an Android native daemon
+ that collects and publishes storage metrics on Android devices. For more
+ information, see <a href="/devices/tech/debug/storaged.html">Implementing
+ Storaged</a>.
+</p>
+
+<h3 id="display">Display</h3>
+
+<h4>Air Traffic Control for floating windows</h4>
+<p>
+ Android 8.0 introduces Air Traffic Control for floating windows in order to
+ simplify and unify how apps display on top of other apps. Everything necessary
+ to use the feature is included in the AOSP.
+</p>
+<p>
+ Air Traffic Control allows developers to create a new (managed) floating
+ layer/window type for apps to use to display windows on-top of other apps. The
+ feature displays ongoing notifications for all apps using a floating layer
+ that lets the user manage the alert window.
+</p>
+<p>
+ The Android Compatibility Test Suite (CTS) confirms:
+</p>
+<ul>
+ <li>The current alert window types are: <code>TYPE_PHONE</code>,
+ <code>TYPE_PRIORITY_PHONE</code>, <code>TYPE_SYSTEM_ALERT</code>,
+ <code>TYPE_SYSTEM_OVERLAY</code>, or <code>TYPE_SYSTEM_ERROR</code>.
+ </li>
+ <li>Apps targeting the Android 8.0 SDK won't be able to use the window types
+ above to display windows above other apps. They will need to use a new
+ window type <code>TYPE_APPLICATION_OVERLAY</code>.
+ </li>
+ <li>Apps targeting older SDKs can still use the current window types; however,
+ the windows will be z-ordered below the new
+ <code>TYPE_APPLICATION_OVERLAY</code> windows.
+ </li>
+ <li>The system can move or resize windows in the new layer to reduce clutter.
+ </li>
+ <li>Device manufacturers must keep the notification that lets users control
+ what is displayed over other apps.
+ </li>
+</ul>
+
+<h4>Launching activities on secondary displays</h4>
+<p>
+ Virtual displays are available to everyone, and they don't require any special
+ hardware. Any application can create an instance of virtual display; in the
+ Android 8.0 release, activities can be launched on that virtual display if the
+ associated feature is enabled.
+</p>
+<p>
+ To support multi-display features, you should either use one of the
+ existing supported ways of connecting secondary devices or build new hardware.
+ The supported ways of connecting displays on Nexus and Pixel devices are
+ Google Cast and
+ <a href="https://developer.android.com/reference/android/hardware/display/VirtualDisplay.html" class="external">virtual
+ displays inside apps</a>. Support of other ways depends on kernel driver
+ support for each particular case (like MHL or DisplayPort over USB-C) and
+ fully implementing interface definitions that are related to displays in
+ HardwareComposer HAL (<code>IComposerCallback.hal</code> and
+ <code>IComposerClient.hal</code>).
+</p>
+<p>
+ Each of the ways may require SoC or OEM support. For example, to enable
+ DisplayPort over USB-C, both hardware (SOC) and software (drivers) support is
+ required. You might need to implement drivers for your hardware to support
+ connecting external displays.
+</p>
+<p>
+ The default implementation will allow launching fullscreen stacks of activities
+ on secondary displays. You can customize the stacks and System UI and
+ behavior on secondary displays.
+</p>
+<h4>Support for generic tooltip</h4>
+<p>
+ Android 8.0 allows developers to provide descriptive action names and other
+ helpful information on mouse hover over buttons and other icons. Device
+ manufacturers may style the tooltip popup. Its layout is defined in
+ <code>android/frameworks/base/core/res/res/layout/tooltip.xml</code>.
+ </a>
+</p>
+<p>
+ OEMs may replace the layout or change its dimensions and style parameters. Use
+ only text and keep the size reasonably small. The feature is implemented
+ entirely inside the View class, and there are quite exhaustive CTS tests that
+ check many aspects of Tooltip behavior.
+</p>
+<p>
+
+<h4>Support for extended aspect ratio</h4>
+<p>
+ Android 8.0 includes a new manifest attribute,
+ <a href="https://developer.android.com/reference/android/R.attr.html#maxAspectRatio" class="external">maxAspectRatio</a>,
+ which lets an activity or app specify the maximum aspect ratio it supports.
+ maxAspectRatio replaces the previous meta-data tag with a first-class API and
+ allows devices to support an aspect ratio greater than 16:9.
+</p>
+<ul>
+ <li>If an activity or app is
+ <a href="https://developer.android.com/guide/topics/ui/multi-window.html#configuring" class="external">resizable</a>,
+ allow the activity to fill the screen.
+ <li>
+ If an activity or app is non-resizeable or the platform is force resizing
+ the activity, allow the app window to display up to the maximum aspect ratio,
+ according to the
+ <a href="https://developer.android.com/reference/android/R.attr.html#maxAspectRatio" class="external">maxAspectRatio</a>
+ value.
+ <ul>
+ <li>For applications on devices running Android 8.0, the default value is
+ the aspect ratio of the current device.</li>
+ <li>For applications on devices running earlier versions of Android, the
+ default value is 16:9.</li>
+ </ul>
+ </li>
+</ul>
+
+<h4>Implementing Adaptive Icons</h4>
+<p>
+ Adaptive Icons maintain a consistent shape intra-device but vary from device
+ to device with only one icon asset provided by the developer. Additionally,
+ icons support two layers (foreground and background) that can be used for
+ motion to provide visual delight to users. For more information, see
+ <a href="/devices/tech/display/adaptive-icons.html">Implementing Adaptive
+ Icons</a>.
+</p>
+
+<h4>Night Light</h4>
+<p>
+ Night Light, introduced in Android 7.0.1, allows users to reduce the amount of
+ blue light that their screen emits. Android 8.0 gives users more control over
+ the intensity of this effect. For more information, see
+ <a href="/devices/tech/display/night-light.html">Implementing Night Light</a>.
+</p>
+
+<h4>Picture-in-picture</h4>
+<p>
+ Android 8.0 includes support for picture-in-picture (PIP) on Android handheld
+ devices. PIP allows users to resize an app with an ongoing activity, such as a
+ video, into a small window. For more information, see
+ <a href="/devices/tech/display/pip.html">Picture-in-Picture on Android
+ handsets</a>.
+</p>
+
+<h4>Better split-screen interactions</h4>
+<p>
+ Multi-window lets multiple apps simultaneously display on users' device
+ screens. Android 8.0 improves the default mode, split-screen, by compressing
+ the top pan and resizing the launcher if a user taps Home after entering
+ split-screen. For more information, see
+ <a href="/devices/tech/display/split-screen.html">Better Split-Screen
+ Interactions</a>.
+</p>
+
+<h4>Add Widgets/Shortcuts</h4>
+<p>
+ A new API in Android 8.0 allows application developers to add shortcuts and
+ widgets from inside the app instead of relying on the widget tray. The older
+ method of adding shortcuts by sending a broadcast has been deprecated for
+ security reasons. For more information, see
+ <a href="/devices/tech/display/widgets-shortcuts.html">Implementing Add
+ Widgets/Shortcuts</a>.
+</p>
+
+<h3 id="downloading-building">Downloading and building</h3>
+
+<h4>Android LLVM Toolchain improvements</h4>
+<p>
+ OEMs who wish to use our latest toolchain/tools must ensure that their private
+ code compiles successfully with the updated toolchains. This may
+ require them to fix existing issues in their code with undefined behavior. (Of
+ course, they are free to use whatever tools they prefer to compile their own
+ code too.)
+</p>
+<p>
+ They must ensure their code is free of undefined behavior (by using tools like
+ UBSan), so they are less susceptible to problems caused by newer toolchains.
+ All of the toolchains are always updated directly in AOSP. Everything will be
+ available well before OC even ships, so OEMs should be following along
+ already.
+</p>
+<p>
+ See the <a href="https://llvm.org/" class="external">public Clang/LLVM</a>
+ documentation for general instructions and the
+ <a href="https://android.googlesource.com/platform/external/clang/+/dev/ReadmeAndroid.md" class="external">Android
+ Clang/LLVM</a> documentation set within AOSP for Android-specific guidance.
+ Finally, join the
+ <a href="https://groups.google.com/forum/#!forum/android-llvm">android-llvm</a>
+ public group to get help and take part in development.
+</p>
+
+<h3 id="drm-kms">DRM/KMS</h3>
+
+<h4>DRM/KMS in Linux Kernel Version 4.9</h4>
+<p>
+ The Direct Rendering Manager (DRM)/Kernel Mode Setting (KMS) framework used by
+ Android is developed and maintained by Linux kernel developers in the Linux
+ kernel. Android merges down from the Linux kernel. By merging down from our
+ common kernel, device manufacturers gain the DRM/KMS framework automatically.
+</p>
+<p>
+ DRM/KMS became viable in Linux kernel version 4.9, and Android
+ <strong>strongly encourages</strong> OEM partners to use DRM/KMS starting with
+ this kernel version.
+ <a href="https://lwn.net/Articles/565422/" class="external">Atomic Display
+ Framework (ADF)</a>, the display framework officially supported by Android
+ today, will not be supported in 4.9 and higher versions of the common Android
+ kernel; instead, Android will support DRM/KMS from this version. OEMs can
+ continue to use ADF (or any other framework), but Android will not support
+ them in the common Android kernel.
+</p>
+<p>
+ To implement DRM/KMS, you will need to write your own drivers using
+ DRM/KMS in addition to merging down the DRM/KMS framework from the android
+ common kernel.
+</p>
+
+<h3 id="keystore">Keystore</h3>
+
+<h4>Keymaster 3</h4>
+<p>
+ Android 8.0 updates Keymaster, the keystore HAL, by extending the capabilities
+ of hardware-backed key storage on Android devices. This builds upon the
+ Android 7.1.2 updates to Keymaster 2. For more information, see
+ <a href="/security/keystore/index.html">Keymaster 3 documentation</a>.
+</p>
+
+<h3 id="security-enhancements">Security enhancements</h3>
+
+<h4>Insecure TLS version fallback removed from HttpsURLConnection</h4>
+<p>
+ Insecure TLS/SSL protocol version fallback is a workaround for buggy
+ implementations of TLS protocol downgrade negotiation in some servers. This is
+ vulnerable to POODLE. When Chrome 45 dropped the insecure fallback in
+ September 2015, less than 0.01% of servers relied on it. To improve security,
+ insecure TLS version fallback has been removed from
+ <a href="https://developer.android.com/reference/javax/net/ssl/HttpsURLConnection.html" class="external">HttpsURLConnection</a>
+ in Android 8.0. For more details, see
+ <a href="https://android-developers.googleblog.com/2017/04/android-o-to-drop-insecure-tls-version.html
+ " class="external">this blog post</a>.
+</p>
+<p>
+ To test this feature on devices with Android 8.0, run this CTS test case:
+</p>
+<pre class="devsite-click-to-copy devsite-terminal" data-terminal-prefix="# ">
+cts-tradefed run cts -m CtsLibcoreOkHttpTestCases</pre>
+
+<h3 id="performance">Performance</h3>
+
+<h4>Flash wear management</h4>
+<p>
+ Describes eMMC behavior and new features to help OEMs lower the risk of a
+ failing eMMC in the automotive environment. For more information, see
+ <a href="/devices/tech/perf/flash-wear.html">Flash Wear Management in Android
+ Automotive</a>.
+</p>
+
+<h4>Optimizing boot times</h4>
+<p>
+ Guidance for improving boot times for specific Android devices. For more
+ information, see <a href="/devices/tech/perf/boot-times.html">Optimizing
+ boot times</a>.
+</p>
+
+<h4>Task Snapshots</h4>
+<p>
+ Task Snapshots is infrastructure introduced in Android 8.0 that combines
+ screenshots for Recents Thumbnails as well as Saved Surfaces from Window
+ Manager to save memory. For more information, see
+ <a href="/devices/tech/perf/task-snapshots.html">Task Snapshots</a>.
+</p>
+
+<h3 id="peripherals">Peripherals</h3>
+
+<h4>Default print services</h4>
+<p>
+ A
+ <a href="https://developer.android.com/reference/android/printservice/PrintService.html" class="external">print
+ service</a> is an app that discovers and presents printers to a device's print
+ framework. In earlier Android versions, users had to search for and install
+ third-party print services to be able to print.
+</p>
+<p>
+ Android 8.0 includes a default print service in
+ <code><a href="https://android.googlesource.com/platform/packages/services/BuiltInPrintService/" class="external">platform/packages/services/BuiltInPrintService/</a></code>
+ that lets users print on modern printers without installing additional apps.
+ This implementation supports printers that use the Internet Printing Protocol
+ (IPP) to communicate with the printer and use PCLm, PWG-Raster, or PDF to send
+ printable content. For older printers, users should install the app
+ recommended by the
+ <a href="https://android.googlesource.com/platform/frameworks/base/+/android-7.0.0_r1/packages/PrintRecommendationService/" class="external">PrintRecommendationService</a>
+ as seen in
+ <a href="https://youtu.be/M_JGeGLpOKs?t=16m20s" class="external">this I/O
+ presentation</a>.
+
+<h3 id="reference">Reference updates</h3>
+<p>
+ The <a href="/reference/">Reference</a> section has been added to the
+ top-level navigation. As part of the
+ <a href="/devices/architecture/treble">Treble</a> release, a
+ <a href="/reference/hidl/">HIDL reference</a> section was added. The
+ <a href="/reference/tradefed/">Trade Federation</a> and the
+ <a href="/reference/hal/">legacy HAL</a> reference documentation has been
+ updated.
+</p>
+
+<h3 id="settings-menu">Settings menu</h3>
+
+<h4>Settings: Patterns and components</h4>
+<p>
+ In Android 8.0, the Settings menu gains several components and widgets that
+ cover common uses. For more information, see
+ <a href="/devices/tech/settings/patterns-components.html">Patterns and
+ Components</a>.
+</p>
+
+<h4>Settings: Updated information architecture</h4>
+<p>
+ Android 8.0 introduces a new information architecture for the Settings app.
+ The goal of the new information architecture is to simplify the way settings
+ are organized and make it easier for users to quickly find the settings needed
+ to customize their Android devices. For more information, see Implementing
+ <a href="/devices/tech/settings/info-architecture.html">Updated Information
+ Architecture</a>.
+</p>
+
+<h4>Personalized Settings</h4>
+<p>
+ The Android Settings app provides a list of suggestions to the users. This
+ feature provides ranking for suggestions, based on any contextual signal or
+ the user's past interactions with suggestions. For more information, see
+ <a href="/devices/tech/settings/personalized.html">Personalized Settings</a>.
+</p>
+
+<h4>Implementing Settings: Universal search</h4>
+<p>
+ Android 8.0 adds expanded search capabilities for the Settings menu. This
+ document describes how to add a setting and ensure it is properly indexed for
+ Settings. For more information, see
+ <a href="/devices/tech/settings/universal-search.html">Universal Search</a>.
+</p>
+
+<h3 id="storage">Storage</h3>
+
+<h4>Faster storage statistics</h4>
+<p>
+ Android 8.0 leverages the ext4 filesystem's quota support to return disk usage
+ statistics almost instantly. For more information, see
+ <a href="/devices/storage/faster-stats.html">Implementing faster storage
+ statistics</a>.
+</p>
+
+<h2 id="april-2017">April 2017</h2>
+<p>
+ Welcome to a new source.android.com! The site has been overhauled to make it
+ easier for you to navigate, search, and read its ever-growing set of
+ information. Here is a summary of enhancements:
+</p>
+
+<h3 id="screen-estate">More screen real estate, larger type size</h3>
+<p>
+ The entire site is wider, allowing you to view more content at once. Code
+ samples and commands are more visible, and all text has been enlarged.
+</p>
+
+<h3 id="mobile-ready">Mobile-ready view</h3>
+<p>The new site renders more cleanly on handheld devices with a dedicated
+ mobile view.
+</p>
+
+<img src="../images/mobile-view.png" alt="new mobile view" height="533px" />
+<figcaption><strong>Figure 1.</strong> Site's new mobile view</figcaption>
+
+<h3 id="top-tabs">New top-level tabs</h3>
+<p>
+ The former <em>Devices</em> tab has been renamed
+ <a href="/devices/">Porting</a>, while the old <em>Core Technologies</em>
+ subtab has been renamed <a href="/devices/tech/">Tuning</a> and moved to the
+ top of the site for better exposure.
+</p>
+
+<h3 id="security-forefront">Security at the forefront</h3>
+<p>
+ With an ever-increasing focus on security in Android, the
+ <a href="/security/">Security</a> tab has been moved forward (next to
+ <a href="/setup/">Source</a>) to reflect its importance.
+</p>
+
+<h3 id="reference-materials">Better reference materials</h3>
+<p>
+ <a href="/reference/hal/">Hardware Abstraction Layer</a> and
+ <a href="/reference/tradefed/packages">Trade Federation</a> reference
+ materials are available directly from a top-level
+ <a href="/reference/">Reference</a> tab.
+</p>
+
+<h3 id="code-links">Persistent code links</h3>
+<p>
+ The <a href="https://android.googlesource.com/" class="external">AOSP code
+ repository</a> is just a click away with the <strong>Go to Code</strong>
+ button at the top right of every page.
+</p>
+
+<h3 id="comprehensive-footers">Comprehensive footers</h3>
+<p>
+ In addition to the existing <em>About</em>, <em>Community</em>, and
+ <em>Legal</em> footers, you can now find a complete list of links at the
+ bottom of every page for building Android, connecting with the ecosystem, and
+ getting help with the operating system's use.
+</p>
+
+ </body>
+</html>
diff --git a/ja/security/bulletin/2015-09-01.html b/ja/security/bulletin/2015-09-01.html
index 9668cc8c..17c33cbf 100644
--- a/ja/security/bulletin/2015-09-01.html
+++ b/ja/security/bulletin/2015-09-01.html
@@ -37,7 +37,7 @@
<p>ここでは、<a href="/security/enhancements">Android セキュリティ プラットフォーム</a>の保護と SafetyNet のようなサービスの保護によるリスクの軽減について概説します。こうした機能は、Android でセキュリティの脆弱性が悪用される可能性を減らします。</p>
<ul>
- <li> Android プラットフォームの最新版での機能強化により、Android 上の多くの問題の悪用が困難になります。Google では、すべてのユーザーに対し、できる限り最新バージョンの Android に更新することをおすすめしています。
+ <li>Android プラットフォームの最新版での機能強化により、Android 上の多くの問題の悪用が困難になります。Google では、すべてのユーザーに対し、できる限り最新バージョンの Android に更新することをおすすめしています。
</li><li> Android セキュリティ チームは、「アプリの確認」や SafetyNet によって脆弱性の悪用を積極的に監視しています。こうした機能は、有害なおそれのあるアプリがインストールされる前に警告します。端末のルート権限を取得するツールは、Google Play で禁止されています。Google Play 以外からアプリをインストールするユーザーを保護するため、「アプリの確認」はデフォルトで有効になっており、ルート権限を取得する既知のアプリについてユーザーに警告します。「アプリの確認」では、悪意のある既知のアプリで権限昇格の脆弱性が悪用されないように、そのようなアプリのインストールを見つけて阻止します。こうしたアプリがすでにインストールされている場合は、ユーザーに通知して、そのアプリの削除を試みます。
</li><li> Google ハングアウトやメッセンジャーのアプリでは状況を判断し、メディアサーバーなどのプロセスに自動的にメディアを渡すことはありません。
</li></ul>
diff --git a/ja/security/bulletin/2016-01-01.html b/ja/security/bulletin/2016-01-01.html
index ab694d0b..494eb437 100644
--- a/ja/security/bulletin/2016-01-01.html
+++ b/ja/security/bulletin/2016-01-01.html
@@ -334,5 +334,4 @@
<ul>
<li> 2016 年 1 月 4 日: 情報公開
</li><li>2016 年 1 月 6 日: 公開情報を改訂し AOSP リンクを追加
- </li><li>2016 年 4 月 28 日: 謝辞から CVE-2015-6617 を削除、概要表に CVE-2015-6647 を追加
-</li></ul></body></html> \ No newline at end of file
+ </li><li>2016 年 4 月 28 日: 謝辞から CVE-2015-6617 を削除、概要表に CVE-2015-6647 を追加</li></ul></body></html> \ No newline at end of file
diff --git a/ja/security/bulletin/2016-02-01.html b/ja/security/bulletin/2016-02-01.html
index 559343e7..cb92f71c 100644
--- a/ja/security/bulletin/2016-02-01.html
+++ b/ja/security/bulletin/2016-02-01.html
@@ -273,7 +273,7 @@ LMY49G 以降のビルド、および Android Marshmallow(セキュリティ
<p>libmediaplayerservice に情報開示の脆弱性があり、攻撃者による
プラットフォームの悪用を阻むためのセキュリティ対策が回避される
-おそれがあります。サードパーティ製アプリによるアクセスが不可能となっている <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signature</a> 権限や <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signatureOrSystem</a> 権限などへの昇格にこのような脆弱性が利用されるおそれがあるため、この問題の重大度は「高」と判断されています。</p>
+おそれがあります。サードパーティ製アプリによるアクセスが不可能となっている <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signature</a> 権限や <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signatureOrSystem</a> 権限などへの昇格に利用されるおそれがあるため、この問題の重大度は「高」と判断されています。</p>
<table>
<tbody><tr>
<th>CVE</th>
diff --git a/ja/security/bulletin/2016-06-01.html b/ja/security/bulletin/2016-06-01.html
index 4ae53279..69835d17 100644
--- a/ja/security/bulletin/2016-06-01.html
+++ b/ja/security/bulletin/2016-06-01.html
@@ -28,7 +28,7 @@
<p>最も重大度の高い問題は、多様な方法(メール、ウェブの閲覧、MMS など)により、攻撃対象の端末でメディア ファイルを処理する際にリモートでのコード実行が可能になるおそれのある重大なセキュリティの脆弱性です。<a href="/security/overview/updates-resources.html#severity">重大度の評価</a>は、攻撃対象の端末でその脆弱性が悪用された場合の影響に基づくもので、プラットフォームやサービスでのリスク軽減策が開発目的または不正な回避により無効となっていることを前提としています。</p>
-<p>この新たに報告された問題によって実際のユーザー端末が不正使用された報告はありません。<a href="#mitigations">Android セキュリティ プラットフォームの保護</a>や SafetyNet のようなサービスの保護について詳しくは、<a href="/security/enhancements/index.html">Android と Google サービスでのリスク軽減策</a>をご覧ください。こうした保護により、Android プラットフォームのセキュリティが改善されます。</p>
+<p>この新たに報告された問題によって実際のユーザー端末が不正使用された報告はありません。<a href="/security/enhancements/index.html">Android セキュリティ プラットフォームの保護</a>や SafetyNet のようなサービスの保護について詳しくは、<a href="#mitigations">Android と Google サービスでのリスク軽減策</a>をご覧ください。こうした保護により、Android プラットフォームのセキュリティが改善されます。</p>
<p>ご利用の端末に上記のアップデートを適用することをすべてのユーザーにおすすめします。</p>
@@ -47,7 +47,7 @@
<p>調査にご協力くださった下記の皆様方に感謝いたします(敬称略)。</p>
<ul>
- <li>Tencent KeenLab(<a href="https://twitter.com/returnsme">@keen_lab</a>)の Di Shen(<a href="https://twitter.com/keen_lab">@returnsme</a>): CVE-2016-2468</li><li> <a href="http://bits-please.blogspot.com">Gal Beniamini</a>(<a href="https://twitter.com/laginimaineb">@laginimaineb</a>): CVE-2016-2476</li><li>Qihoo 360 Technology Co. Ltd. IceSword Lab の Gengjia Chen(<a href="https://twitter.com/chengjia4574">@chengjia4574</a>)、pjf(<a href="http://weibo.com/jfpan">weibo.com/jfpan</a>): CVE-2016-2492</li><li>Mobile Safe Team、Qihoo 360 Technology Co. Ltd. の Hao Chen、Guang Gong、Wenlin Yang: CVE-2016-2470、CVE-2016-2471、CVE-2016-2472、CVE-2016-2473、CVE-2016-2498</li><li> <a href="http://www.iwobanas.com">Iwo Banas</a>: CVE-2016-2496</li><li>Qihoo 360 Technology Co. Ltd. IceSword Lab の Jianqiang Zhao(<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>)、pjf(<a href="http://weibo.com/jfpan">weibo.com/jfpan</a>): CVE-2016-2490、CVE-2016-2491</li><li>Google の Lee Campbell: CVE-2016-2500</li><li>Google セキュリティ チームの Maciej Szawłowski: CVE-2016-2474</li><li>Google の Marco Nelissen および Max Spector: CVE-2016-2487</li><li>Google Project Zero の Mark Brand: CVE-2016-2494</li><li><a href="https://twitter.com/Mingjian_Zhou">C0RE Team</a> の Mingjian Zhou(<a href="https://twitter.com/chiachih_wu">@Mingjian_Zhou</a>)、Chiachih Wu(<a href="http://c0reteam.org">@chiachih_wu</a>)、Xuxian Jiang: CVE-2016-2477、CVE-2016-2478、CVE-2016-2479、CVE-2016-2480、CVE-2016-2481、CVE-2016-2482、CVE-2016-2483、CVE-2016-2484、CVE-2016-2485、CVE-2016-2486</li><li> <a href="mailto:sbauer@plzdonthack.me">Scott Bauer</a>(<a href="https://twitter.com/ScottyBauer1">@ScottyBauer1</a>): CVE-2016-2066、CVE-2016-2061、CVE-2016-2465、CVE-2016-2469、CVE-2016-2489</li><li>Vasily Vasilev: CVE-2016-2463</li><li>Alibaba Inc. の Weichao Sun(<a href="https://twitter.com/sunblate">@sunblate</a>): CVE-2016-2495</li><li>Tencent Security Platform Department の Xiling Gong: CVE-2016-2499</li><li>Android セキュリティ チームの Zach Riggle(<a href="https://twitter.com/ebeip90">@ebeip90</a>): CVE-2016-2493</li></ul>
+ <li>Tencent KeenLab(<a href="https://twitter.com/keen_lab">@keen_lab</a>)の Di Shen(<a href="https://twitter.com/returnsme">@returnsme</a>): CVE-2016-2468</li><li> <a href="http://bits-please.blogspot.com">Gal Beniamini</a>(<a href="https://twitter.com/laginimaineb">@laginimaineb</a>): CVE-2016-2476</li><li>Qihoo 360 Technology Co. Ltd. IceSword Lab の Gengjia Chen(<a href="https://twitter.com/chengjia4574">@chengjia4574</a>)、pjf(<a href="http://weibo.com/jfpan">weibo.com/jfpan</a>): CVE-2016-2492</li><li>Mobile Safe Team、Qihoo 360 Technology Co. Ltd. の Hao Chen、Guang Gong、Wenlin Yang: CVE-2016-2470、CVE-2016-2471、CVE-2016-2472、CVE-2016-2473、CVE-2016-2498</li><li> <a href="http://www.iwobanas.com">Iwo Banas</a>: CVE-2016-2496</li><li>Qihoo 360 Technology Co. Ltd. IceSword Lab の Jianqiang Zhao(<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>)、pjf(<a href="http://weibo.com/jfpan">weibo.com/jfpan</a>): CVE-2016-2490、CVE-2016-2491</li><li>Google の Lee Campbell: CVE-2016-2500</li><li>Google セキュリティ チームの Maciej Szawłowski: CVE-2016-2474</li><li>Google の Marco Nelissen および Max Spector: CVE-2016-2487</li><li>Google Project Zero の Mark Brand: CVE-2016-2494</li><li><a href="http://c0reteam.org">C0RE Team</a> の Mingjian Zhou(<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>)、Chiachih Wu(<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>)、Xuxian Jiang: CVE-2016-2477、CVE-2016-2478、CVE-2016-2479、CVE-2016-2480、CVE-2016-2481、CVE-2016-2482、CVE-2016-2483、CVE-2016-2484、CVE-2016-2485、CVE-2016-2486</li><li> <a href="mailto:sbauer@plzdonthack.me">Scott Bauer</a>(<a href="https://twitter.com/ScottyBauer1">@ScottyBauer1</a>): CVE-2016-2066、CVE-2016-2061、CVE-2016-2465、CVE-2016-2469、CVE-2016-2489</li><li>Vasily Vasilev: CVE-2016-2463</li><li>Alibaba Inc. の Weichao Sun(<a href="https://twitter.com/sunblate">@sunblate</a>): CVE-2016-2495</li><li>Tencent Security Platform Department の Xiling Gong: CVE-2016-2499</li><li>Android セキュリティ チームの Zach Riggle(<a href="https://twitter.com/ebeip90">@ebeip90</a>): CVE-2016-2493</li></ul>
<h2 id="security_vulnerability_details">セキュリティの脆弱性の詳細</h2>
diff --git a/ja/security/bulletin/2016-07-01.html b/ja/security/bulletin/2016-07-01.html
index 31a859f9..89588a9b 100644
--- a/ja/security/bulletin/2016-07-01.html
+++ b/ja/security/bulletin/2016-07-01.html
@@ -57,7 +57,7 @@
<h3 id="remote-code-execution-vulnerability-in-mediaserver">
メディアサーバーでのリモートコード実行の脆弱性</h3>
-<p>メディアサーバーにリモートコード実行の脆弱性があるため、攻撃者が特別に細工したファイルを使用して、メディア ファイルやデータの処理中にメモリ破壊を引き起こすおそれがあります。この問題は、メディアサーバーのプロセスにおいてリモートでコードが実行されるおそれがあるため、重大と見なされています。メディアサーバーのプロセスは、音声や動画のストリームにアクセスできるほか、サードパーティ製アプリが通常はアクセスできないような権限にアクセスできます。</p>
+<p>メディアサーバーにリモートコード実行の脆弱性があるため、攻撃者が特別に細工したファイルを使用して、メディア ファイルやデータの処理中にメモリ破壊を引き起こすおそれがあります。メディアサーバーのプロセスにおいてリモートでコードが実行されるおそれがあるため、この問題は「重大」と判断されています。メディアサーバーのプロセスは、音声や動画のストリームにアクセスできるほか、サードパーティ製アプリが通常はアクセスできないような権限にアクセスできます。</p>
<p>影響を受ける機能はオペレーティング システムの中核部分として提供されており、複数のアプリにおいて、リモート コンテンツ(特に MMS やブラウザでのメディアの再生)によってこの脆弱性が攻撃されるおそれがあります。</p>
<table>
@@ -105,8 +105,8 @@
<tr>
<td>CVE-2016-2508</td>
<td><a href="https://android.googlesource.com/platform/frameworks/av/+/f81038006b4c59a5a148dcad887371206033c28f">
-A-28799341</a>
- [<a href="https://android.googlesource.com/platform/frameworks/av/+/d112f7d0c1dbaf0368365885becb11ca8d3f13a4">2</a>]
+ A-28799341</a>
+ [<a href="https://android.googlesource.com/platform/frameworks/av/+/d112f7d0c1dbaf0368365885becb11ca8d3f13a4">2</a>]
</td>
<td>重大</td>
<td><a href="#all_nexus">すべての Nexus</a></td>
@@ -116,8 +116,8 @@ A-28799341</a>
<tr>
<td>CVE-2016-3741</td>
<td><a href="https://android.googlesource.com/platform/external/libavc/+/e629194c62a9a129ce378e08cb1059a8a53f1795">
-A-28165661</a>
- [<a href="https://android.googlesource.com/platform/external/libavc/+/cc676ebd95247646e67907ccab150fb77a847335">2</a>]
+ A-28165661</a>
+ [<a href="https://android.googlesource.com/platform/external/libavc/+/cc676ebd95247646e67907ccab150fb77a847335">2</a>]
</td>
<td>重大</td>
<td><a href="#all_nexus">すべての Nexus</a></td>
@@ -495,8 +495,8 @@ OpenSSL での情報開示の脆弱性</h3>
<tr>
<td>CVE-2016-3754</td>
<td><a href="https://android.googlesource.com/platform/frameworks/av/+/6fdee2a83432b3b150d6a34f231c4e2f7353c01e">
-A-28615448</a>
- [<a href="https://android.googlesource.com/platform/frameworks/av/+/e7142a0703bc93f75e213e96ebc19000022afed9">2</a>]
+ A-28615448</a>
+ [<a href="https://android.googlesource.com/platform/frameworks/av/+/e7142a0703bc93f75e213e96ebc19000022afed9">2</a>]
</td>
<td>高</td>
<td><a href="#all_nexus">すべての Nexus</a></td>
@@ -670,8 +670,8 @@ Bluetooth での権限昇格の脆弱性</h3>
<tr>
<td>CVE-2016-3760</td>
<td><a href="https://android.googlesource.com/platform/hardware/libhardware/+/8b3d5a64c3c8d010ad4517f652731f09107ae9c5">A-27410683</a>
- [<a href="https://android.googlesource.com/platform/system/bt/+/37c88107679d36c419572732b4af6e18bb2f7dce">2</a>]
- [<a href="https://android.googlesource.com/platform/packages/apps/Bluetooth/+/122feb9a0b04290f55183ff2f0384c6c53756bd8">3</a>]
+[<a href="https://android.googlesource.com/platform/system/bt/+/37c88107679d36c419572732b4af6e18bb2f7dce">2</a>]
+[<a href="https://android.googlesource.com/platform/packages/apps/Bluetooth/+/122feb9a0b04290f55183ff2f0384c6c53756bd8">3</a>]
</td>
<td>中</td>
<td><a href="#all_nexus">すべての Nexus</a></td>
@@ -836,8 +836,8 @@ NFC での権限昇格の脆弱性</h3>
<tr>
<td>CVE-2016-3766</td>
<td><a href="https://android.googlesource.com/platform/frameworks/av/+/6fdee2a83432b3b150d6a34f231c4e2f7353c01e">
-A-28471206</a>
- [<a href="https://android.googlesource.com/platform/frameworks/av/+/e7142a0703bc93f75e213e96ebc19000022afed9">2</a>]
+ A-28471206</a>
+ [<a href="https://android.googlesource.com/platform/frameworks/av/+/e7142a0703bc93f75e213e96ebc19000022afed9">2</a>]
</td>
<td>中</td>
<td><a href="#all_nexus">すべての Nexus</a></td>
@@ -1105,7 +1105,7 @@ USB ドライバでの権限昇格の脆弱性</h3>
<td>CVE-2014-9795</td>
<td>A-28820720<br />
<a href="https://us.codeaurora.org/cgit/quic/la//kernel/lk/commit/?id=ce2a0ea1f14298abc83729f3a095adab43342342">QC-CR681957</a>
- [<a href="https://us.codeaurora.org/cgit/quic/la//kernel/lk/commit/?id=fc3b31f81a1c128c2bcc745564a075022cd72a2e">2</a>]
+ [<a href="https://us.codeaurora.org/cgit/quic/la//kernel/lk/commit/?id=fc3b31f81a1c128c2bcc745564a075022cd72a2e">2</a>]
</td>
<td>重大</td>
<td>Nexus 5</td>
@@ -1198,7 +1198,7 @@ USB ドライバでの権限昇格の脆弱性</h3>
<td>CVE-2014-9783</td>
<td>A-28441831<br />
<a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=2b1050b49a9a5f7bb57006648d145e001a3eaa8b">QC-CR511382</a>
- [<a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=a7502f4f801bb95bff73617309835bb7a016cde5">2</a>]</td>
+ [<a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=a7502f4f801bb95bff73617309835bb7a016cde5">2</a>]</td>
<td>高</td>
<td>Nexus 7(2013)</td>
<td>2014 年 3 月 31 日</td>
@@ -1247,7 +1247,7 @@ USB ドライバでの権限昇格の脆弱性</h3>
<td>CVE-2014-9790</td>
<td>A-28769136<br />
<a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?h=LA.BF.1.1.3_rb1.12&id=6ed921bda8cbb505e8654dfc1095185b0bccc38e">QC-CR545716</a>
- [<a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit?h=LA.BF.1.1.3_rb1.12&id=9bc30c0d1832f7dd5b6fa10d5e48a29025176569">2</a>]</td>
+ [<a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit?h=LA.BF.1.1.3_rb1.12&id=9bc30c0d1832f7dd5b6fa10d5e48a29025176569">2</a>]</td>
<td>高</td>
<td>Nexus 5、Nexus 7(2013)</td>
<td>2014 年 4 月 30 日</td>
diff --git a/ja/security/bulletin/2016-08-01.html b/ja/security/bulletin/2016-08-01.html
index 2014204b..81c58137 100644
--- a/ja/security/bulletin/2016-08-01.html
+++ b/ja/security/bulletin/2016-08-01.html
@@ -1088,7 +1088,7 @@ QC-CR#794217</a></p>
<a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=ad376e4053b87bd58f62f45b6df2c5544bc21aee">
QC-CR#836226</a></p></td>
<td>高</td>
- <td>Google Nexus 5</td>
+ <td>Nexus 5</td>
<td>2015 年 9 月 11 日</td>
</tr>
<tr>
@@ -1098,7 +1098,7 @@ QC-CR#836226</a></p></td>
<a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=c10f03f191307f7114af89933f2d91b830150094">
QC-CR#550061</a></p></td>
<td>中</td>
- <td>Google Nexus 5</td>
+ <td>Nexus 5</td>
<td>2014 年 3 月 13 日</td>
</tr>
<tr>
@@ -1431,7 +1431,7 @@ N-CVE-2016-3844</p></td>
<td>CVE-2016-3845</td>
<td>A-28399876*</td>
<td>高</td>
- <td>Google Nexus 5</td>
+ <td>Nexus 5</td>
<td>2016 年 4 月 20 日</td>
</tr>
</tbody></table>
@@ -1608,8 +1608,7 @@ QC-CR#945164</a></p></td>
<h3 id="elevation-of-privilege-vulnerability-in-lg-electronics-bootloader">
LG Electronics ブートローダーでの権限昇格の脆弱性</h3>
<p>
-LG Electronics ブートローダーに権限昇格の脆弱性があるため、攻撃者によってカーネル内で任意のコードが実行されるおそれがあります。
-最初に特権プロセスへの侵入が必要であるため、この問題の重大度は「高」と判断されています。
+LG Electronics ブートローダーに権限昇格の脆弱性があるため、攻撃者によってカーネル内で任意のコードが実行されるおそれがあります。最初に特権プロセスへの侵入が必要であるため、この問題の重大度は「高」と判断されています。
</p>
<table>
<colgroup><col width="19%" />
@@ -1684,7 +1683,7 @@ QC-CR#786116</a></p></td>
<a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=bfc6eee5e30a0c20bc37495233506f4f0cc4991d">
QC-CR#542223</a></p></td>
<td>中</td>
- <td>Google Nexus 5</td>
+ <td>Nexus 5</td>
<td>2014 年 3 月 27 日</td>
</tr>
<tr>
@@ -1724,7 +1723,7 @@ QC-CR#551795</a></p></td>
<a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=46135d80765cb70a914f02a6e7b6abe64679ec86">
QC-CR#563752</a></p></td>
<td>中</td>
- <td>Google Nexus 5</td>
+ <td>Nexus 5</td>
<td>2014 年 4 月 30 日</td>
</tr>
<tr>
@@ -1744,7 +1743,7 @@ QC-CR#554575</a></p></td>
<a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=8756624acb1e090b45baf07b2a8d0ebde114000e">
QC-CR#547910</a></p></td>
<td>中</td>
- <td>Google Nexus 5</td>
+ <td>Nexus 5</td>
<td>2014 年 7 月 3 日</td>
</tr>
<tr>
@@ -2090,16 +2089,17 @@ Qualcomm コンポーネントでの脆弱性</h3>
<p>
<a href="#2016-08-01-details">2016-08-01</a> と <a href="#2016-08-05-details">2016-08-05</a> のセキュリティ脆弱性の詳細に関するセクションで、各表中の「更新された Nexus 端末」列に、その問題の影響を受ける、更新対象の Nexus 端末の種類を記載しています。この列には次のいずれかが表示されています。</p>
<ul>
-<li><strong>すべての Nexus 端末</strong>: 問題がすべての Nexus 端末に影響を与える場合、表の「更新された Nexus 端末」列には「すべての Nexus」と記載されています。<em></em>「すべての Nexus」には<a href="https://support.google.com/nexus/answer/4457705#nexus_devices">サポート対象の端末</a>(Nexus 5、Nexus 5X、Nexus 6、Nexus 6P、Nexus 7(2013)、Nexus 9、Android One、Nexus Player、Pixel C)が含まれます。</li>
-<li><strong>一部の Nexus 端末</strong>: 問題が一部の Nexus 端末のみに影響する場合、「更新された Nexus 端末」列には影響を受ける Nexus 端末が記載されています。<em></em></li>
-<li><strong>影響を受ける Nexus 端末がない</strong>: 問題の影響を受ける Nexus 端末がない場合、表の「更新された Nexus 端末」列には「なし」と記載されています。<em></em>
+<li><strong>すべての Nexus 端末</strong>: 問題がすべての Nexus 端末に影響を与える場合、表の「更新された Nexus 端末<em></em>」列には「すべての Nexus」と記載されています。「すべての Nexus」には<a href="https://support.google.com/nexus/answer/4457705#nexus_devices">サポート対象の端末</a>(Nexus 5、Nexus 5X、Nexus 6、Nexus 6P、Nexus 7(2013)、Nexus 9、Android One、Nexus Player、Pixel C)が含まれます。</li>
+<li><strong>一部の Nexus 端末</strong>: 問題が一部の Nexus 端末のみに影響する場合、「更新された Nexus 端末<em></em>」列には影響を受ける Nexus 端末が記載されています。</li>
+<li><strong>影響を受ける Nexus 端末がない</strong>: 問題の影響を受ける Nexus 端末がない場合、表の「更新された Nexus 端末<em></em>」列には「なし」と記載されています。
</li>
</ul>
<p>
<strong>4. 「参照」列の項目はどのような情報に関連付けられていますか?</strong>
</p>
<p>
-脆弱性の詳細の表で「参照」列に記載されている内容には、参照の値が属している組織を示した接頭辞が含まれている場合があります。<em></em>各接頭辞の意味は以下のとおりです。</p>
+脆弱性の詳細の表で「参照<em></em>」列に記載されている内容には、参照の値が属している組織を示した接頭辞が含まれている場合があります。各接頭辞の意味は以下のとおりです。
+</p>
<table>
<tbody><tr>
<th>接頭辞</th>
diff --git a/ja/security/bulletin/2016-10-01.html b/ja/security/bulletin/2016-10-01.html
index e6e06546..c02bcebd 100644
--- a/ja/security/bulletin/2016-10-01.html
+++ b/ja/security/bulletin/2016-10-01.html
@@ -1699,7 +1699,7 @@ Binder に情報開示の脆弱性があるため、悪意のあるローカル
<ul>
<li><strong>すべての Nexus 端末</strong>: 問題がすべての Nexus 端末に影響を与える場合、表の「更新された Nexus 端末<em></em>」列には「すべての Nexus」と記載されています。「すべての Nexus」には<a href="https://support.google.com/nexus/answer/4457705#nexus_devices">サポート対象の端末</a>(Nexus 5、Nexus 5X、Nexus 6、Nexus 6P、Nexus 9、Android One、Nexus Player、Pixel C)が含まれます。</li>
<li><strong>一部の Nexus 端末</strong>: 問題が一部の Nexus 端末のみに影響する場合、「更新された Nexus 端末<em></em>」列には影響を受ける Nexus 端末が記載されています。</li>
- <li><strong>影響を受ける Nexus 端末がない</strong>: 問題の影響を受ける Nexus 端末がない場合、表の「更新された Nexus 端末<em></em>」列には「なし」と記載されています。</li>
+ <li><strong>影響を受ける Nexus 端末がない</strong>: 問題の影響を受ける Android 7.0 搭載 Nexus 端末がない場合、表の「更新された Nexus 端末<em></em>」列には「なし」と記載されています。</li>
</ul>
<p>
<strong>4. 「参照」列の項目はどのような情報に関連付けられていますか?</strong>
diff --git a/ja/security/bulletin/2017-01-01.html b/ja/security/bulletin/2017-01-01.html
index 0ee00ae0..66fc336e 100644
--- a/ja/security/bulletin/2017-01-01.html
+++ b/ja/security/bulletin/2017-01-01.html
@@ -22,25 +22,25 @@
<p><em>2017 年 1 月 3 日公開 | 2017 年 2 月 2 日更新</em></p>
-<p>Android のセキュリティに関する公開情報には、Android 搭載端末に影響を与えるセキュリティの脆弱性の詳細を掲載しています。情報の公開に伴い、Google 端末に対するセキュリティ アップデートを無線(OTA)アップデートで配信しました。Google 端末のファームウェア イメージも <a href="https://developers.google.com/android/nexus/images">Google デベロッパー サイト</a>でリリースしています。2017 年 1 月 5 日以降のセキュリティ パッチ レベルでは、下記のすべての問題に対処しています。端末のセキュリティ パッチレベルを確認する方法については、<a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel と Nexus のアップデート スケジュール</a>をご覧ください。</p>
+<p>Android のセキュリティに関する公開情報には、Android 搭載端末に影響を与えるセキュリティの脆弱性の詳細を掲載しています。情報の公開に伴い、Google 端末に対するセキュリティ アップデートを無線(OTA)アップデートで配信しました。Google 端末のファームウェア イメージも <a href="https://developers.google.com/android/nexus/images">Google デベロッパー サイト</a>でリリースしています。2017 年 1 月 5 日以降のセキュリティ パッチレベルでは、下記のすべての問題に対処しています。端末のセキュリティ パッチレベルを確認する方法については、<a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel と Nexus のアップデート スケジュール</a>をご覧ください。</p>
-<p>パートナーには、この公開情報に記載の問題について 2016 年 12 月 5 日までに通知済みです。Android オープンソース プロジェクト(AOSP)レポジトリに、下記の問題に対するソースコードのパッチをリリースしています。AOSP 以外のパッチへのリンクも掲載しています。</p>
+<p>パートナーには、この公開情報に記載の問題について 2016 年 12 月 5 日までに通知済みです。Android オープンソース プロジェクト(AOSP)のレポジトリに、下記の問題に対するソースコードのパッチをリリースしています。また、この公開情報では、これらのパッチへのリンクに加え、AOSP 以外のパッチへのリンクも掲載しています。</p>
<p>下記の問題のうち最も重大度の高いものは、多様な方法(メール、ウェブの閲覧、MMS など)により、攻撃対象の端末でメディア ファイルを処理する際にリモートでのコード実行が可能になるおそれのある重大なセキュリティの脆弱性です。<a href="/security/overview/updates-resources.html#severity">重大度の評価</a>は、攻撃対象の端末でその脆弱性が悪用された場合の影響に基づくもので、プラットフォームやサービスでのリスク軽減策が開発目的または不正な回避により無効となっていることを前提としています。</p>
<p>この新たに報告された問題によって実際のユーザー端末が不正使用された報告はありません。<a href="/security/enhancements/index.html">Android セキュリティ プラットフォームの保護</a>や <a href="https://developer.android.com/training/safetynet/index.html">SafetyNet</a> のようなサービスの保護について詳しくは、<a href="#mitigations">Android と Google サービスでのリスク軽減策</a>をご覧ください。こうした保護により、Android プラットフォームのセキュリティが改善されます。</p>
-<p>ご利用の端末で上記の更新を行うことをすべてのユーザーにおすすめします。</p>
+<p>ご利用の端末にこのアップデートを適用することをすべてのユーザーにおすすめします。</p>
<h2 id="announcements">お知らせ</h2>
<ul>
<li>この公開情報では、2 つのセキュリティ パッチレベル文字列を定義しています。これは、すべての Android 搭載端末で同様の問題が発生する一部の脆弱性をサブセットとし、Android パートナーが迅速かつ柔軟に修正できるようにするためです。詳しくは、<a href="#common-questions-and-answers">一般的な質問と回答</a>をご覧ください。
<ul>
- <li><strong>2017-01-01</strong>: 部分的に対処したセキュリティ パッチレベル文字列。このセキュリティ パッチ レベル文字列は、2017-01-01(およびそれ以前のすべてのセキュリティ パッチ レベル文字列)に関連するすべての問題に対処していることを示します。</li>
- <li><strong>2017-01-05</strong>: 完全に対処したセキュリティ パッチレベル文字列。このセキュリティ パッチ レベル文字列は、2017-01-01 と 2017-01-05(およびそれ以前のすべてのセキュリティ パッチ レベル文字列)に関連するすべての問題に対処していることを示します。</li>
+ <li><strong>2017-01-01</strong>: 部分的に対処したセキュリティ パッチレベル文字列。このセキュリティ パッチレベル文字列は、2017-01-01(およびそれ以前のすべてのセキュリティ パッチレベル文字列)に関連するすべての問題に対処していることを示します。</li>
+ <li><strong>2017-01-05</strong>: 完全に対処したセキュリティ パッチレベル文字列。このセキュリティ パッチレベル文字列は、2017-01-01 と 2017-01-05(およびそれ以前のすべてのセキュリティ パッチレベル文字列)に関連するすべての問題に対処していることを示します。</li>
</ul>
</li>
- <li>サポート対象の Google 端末には、2017 年 1 月 5 日のセキュリティ パッチ レベルのアップデート 1 件が OTA で配信されます。</li>
+ <li>サポート対象の Google 端末には、2017 年 1 月 5 日のセキュリティ パッチレベルのアップデート 1 件が OTA で配信されます。</li>
</ul>
<h2 id="security-vulnerability-summary">セキュリティの脆弱性の概要</h2>
<p>下記の表に、セキュリティの脆弱性、その共通脆弱性識別子(CVE)、重大度の判定、Google 端末への影響があるかどうかの一覧を示します。<a href="/security/overview/updates-resources.html#severity">重大度の評価</a>は、攻撃対象の端末でその脆弱性が悪用された場合の影響に基づくもので、プラットフォームやサービスでのリスク軽減策が開発目的または不正な回避により無効となっていることを前提としています。</p>
@@ -65,7 +65,7 @@
<li>Qihoo 360 Technology Co. Ltd. IceSword Lab の Gengjia Chen(<a href="https://twitter.com/chengjia4574">@chengjia4574</a>)、<a href="http://weibo.com/jfpan">pjf</a>: CVE-2016-8464</li>
<li>Google WebM Team: CVE-2017-0393</li>
<li><a href="http://www.360.com">Qihoo 360 Technology Co. Ltd.</a> Alpha Team の Guang Gong(龚广)(<a href="http://twitter.com/oldfresher">@oldfresher</a>): CVE-2017-0387</li>
- <li>Alpha Team、Qihoo 360 Technology Co. Ltd. の Hao Chen と Guang Gong: CVE-2016-8415、CVE-2016-8454、CVE-2016-8455、CVE-2016-8456、CVE-2016-8457、CVE-2016-8465</li>
+ <li>Qihoo 360 Technology Co. Ltd. Alpha Team の Hao Chen、Guang Gong: CVE-2016-8415、CVE-2016-8454、CVE-2016-8455、CVE-2016-8456、CVE-2016-8457、CVE-2016-8465</li>
<li>Qihoo 360 IceSword Lab の Jianqiang Zhao(<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>)、<a href="http://weibo.com/jfpan">pjf</a>: CVE-2016-8475</li>
<li>Jon Sawyer(<a href="http://twitter.com/jcase">@jcase</a>)、Sean Beaupre(<a href="https://twitter.com/firewaterdevs">@firewaterdevs</a>): CVE-2016-8462</li>
<li>Jon Sawyer(<a href="http://twitter.com/jcase">@jcase</a>)、Sean Beaupre(<a href="https://twitter.com/firewaterdevs">@firewaterdevs</a>)、Ben Actis(<a href="https://twitter.com/ben_ra">@Ben_RA</a>): CVE-2016-8461</li>
@@ -96,7 +96,7 @@
<li>Google の Zubin Mithra</li>
</ul>
-<h2 id="2017-01-01-details">セキュリティ パッチ レベル 2017-01-01 の脆弱性の詳細</h2>
+<h2 id="2017-01-01-details">セキュリティ パッチレベル 2017-01-01 の脆弱性の詳細</h2>
<p>
パッチレベル 2017-01-01 に該当するセキュリティ脆弱性の各項目について、下記に詳細を説明します。問題の内容とその重大度の根拠について説明し、CVE、関連する参照先、重大度、更新対象の Google 端末、更新対象の AOSP バージョン(該当する場合)、報告日を表にまとめています。該当する場合は、バグ ID の欄に、その問題に対処した一般公開されている変更(AOSP の変更の一覧など)へのリンクがあります。複数の変更が同じバグに関係する場合は、バグ ID の後に続く番号で、追加の参照先へのリンクを示します。</p>
@@ -583,7 +583,7 @@ Framesequence ライブラリにリモートコード実行の脆弱性がある
</tr>
</tbody></table>
-<h2 id="2017-01-05-details">セキュリティ パッチ レベル 2017-01-05 の脆弱性の詳細</h2>
+<h2 id="2017-01-05-details">セキュリティ パッチレベル 2017-01-05 の脆弱性の詳細</h2>
<p>
パッチレベル 2017-01-05 に該当するセキュリティ脆弱性の各項目について、下記に詳細を説明します。
問題の内容とその重大度の根拠について説明し、CVE、関連する参照先、重大度、更新対象の Google 端末、更新対象の AOSP バージョン(該当する場合)、報告日を表にまとめています。該当する場合は、バグ ID の欄に、その問題に対処した一般公開されている変更(AOSP の変更の一覧など)へのリンクがあります。複数の変更が同じバグに関係する場合は、バグ ID の後に続く番号で、追加の参照先へのリンクを示します。</p>
@@ -1932,15 +1932,15 @@ Broadcom Wi-Fi ドライバに権限昇格の脆弱性があるため、悪意
</tbody></table>
<h2 id="common-questions-and-answers">一般的な質問と回答</h2>
-<p>上記の公開情報に対する一般的な質問について、以下で回答します。</p>
+<p>上記の公開情報に対する一般的な質問についての回答は以下のとおりです。</p>
<p><strong>1. 上記の問題に対処するように端末が更新されているかどうかを確かめるには、どうすればよいですか?
</strong></p>
<p>端末のセキュリティ パッチレベルを確認する方法については、<a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel および Nexus のアップデート スケジュール</a>に記載されている手順をご覧ください。</p>
<ul>
- <li>セキュリティ パッチ レベル 2017-01-01 以降では、セキュリティ パッチ レベル 2017-01-01 に関連するすべての問題に対処しています。</li>
- <li>セキュリティ パッチ レベル 2017-01-05 以降では、セキュリティ パッチ レベル 2017-01-05、およびそれ以前のすべてのパッチレベルに関連するすべての問題に対処しています。</li>
+ <li>セキュリティ パッチレベル 2017-01-01 以降では、セキュリティ パッチレベル 2017-01-01 に関連するすべての問題に対処しています。</li>
+ <li>セキュリティ パッチレベル 2017-01-05 以降では、セキュリティ パッチレベル 2017-01-05、およびそれ以前のすべてのパッチレベルに関連するすべての問題に対処しています。</li>
</ul>
<p>このアップデートを組み込んだ端末メーカーは、パッチレベル文字列を以下に設定する必要があります。</p>
<ul>
@@ -1949,16 +1949,16 @@ Broadcom Wi-Fi ドライバに権限昇格の脆弱性があるため、悪意
</ul>
<p><strong>2. この公開情報に 2 つのセキュリティ パッチレベルがあるのはなぜですか?</strong></p>
-<p>この公開情報では、2 つのセキュリティ パッチレベルを定義しています。これは、すべての Android 搭載端末で同様の問題が発生する一部の脆弱性をサブセットとし、Android パートナーが迅速かつ柔軟に修正できるようにするためです。Android パートナーには、この公開情報に掲載されている問題をすべて修正し、最新のセキュリティ パッチ レベルを使用することが推奨されています。</p>
+<p>この公開情報では、2 つのセキュリティ パッチレベルを定義しています。これは、すべての Android 搭載端末で同様の問題が発生する一部の脆弱性をサブセットとし、Android パートナーが迅速かつ柔軟に修正できるようにするためです。Android パートナーには、この公開情報に掲載されている問題をすべて修正し、最新のセキュリティ パッチレベルを使用することが推奨されています。</p>
<ul>
- <li>2017 年 1 月 1 日のセキュリティ パッチ レベルを使用する端末には、そのセキュリティ パッチ レベルに関連するすべての問題と、それ以前のセキュリティに関する公開情報で報告されたすべての問題の修正を組み込む必要があります。</li>
- <li>2017 年 1 月 5 日以降のセキュリティ パッチ レベルを使用する端末には、今回(およびそれ以前)のセキュリティに関する公開情報に掲載された、該当するすべてのパッチを組み込む必要があります。</li>
+ <li>2017 年 1 月 1 日のセキュリティ パッチレベルを使用する端末には、そのセキュリティ パッチレベルに関連するすべての問題と、それ以前のセキュリティに関する公開情報で報告されたすべての問題の修正を組み込む必要があります。</li>
+ <li>2017 年 1 月 5 日以降のセキュリティ パッチレベルを使用する端末には、今回(およびそれ以前)のセキュリティに関する公開情報に掲載された、該当するすべてのパッチを組み込む必要があります。</li>
</ul>
<p>パートナーには、対処するすべての問題の修正を 1 つのアップデートにまとめて提供することが推奨されています。</p>
<p><strong>3. 各問題の影響を受ける Google 端末を判断するにはどうすればよいですか?</strong></p>
-<p><a href="#2017-01-01-details">2017-05-01</a> と <a href="#2017-01-05-details">2017-05-05</a> のセキュリティの脆弱性の詳細に関するセクションで、各表中の「更新対象の Google 端末<em></em>」列に、その問題の影響を受ける、更新対象の Google 端末の種類を記載しています。この列には次のいずれかが表示されています。</p>
+<p><a href="#2017-01-01-details">2017-01-01</a> と <a href="#2017-01-05-details">2017-01-05</a> のセキュリティの脆弱性の詳細に関するセクションで、各表中の「更新対象の Google 端末<em></em>」列に、その問題の影響を受ける、更新対象の Google 端末の種類を記載しています。この列には次のいずれかが表示されています。</p>
<ul>
<li><strong>すべての Google 端末</strong>: 問題がすべての端末と Pixel 端末に影響を与える場合、表の「更新対象の Google 端末<em></em>」列には「すべて」と記載されています。「すべて」には<a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">サポート対象の端末</a>(Nexus 5X、Nexus 6、Nexus 6P、Nexus 9、Android One、Nexus Player、Pixel C、Pixel、Pixel XL)が含まれます。</li>
<li><strong>一部の Google 端末</strong>: 問題が一部の Google 端末のみに影響する場合、「更新対象の Google 端末<em></em>」列には影響を受ける Google 端末が記載されています。</li>
diff --git a/ja/security/bulletin/2017-03-01.html b/ja/security/bulletin/2017-03-01.html
index 6fd440ad..c48f1260 100644
--- a/ja/security/bulletin/2017-03-01.html
+++ b/ja/security/bulletin/2017-03-01.html
@@ -24,8 +24,8 @@
<p>Android のセキュリティに関する公開情報には、Android 搭載端末に影響を与えるセキュリティの脆弱性の詳細を掲載しています。情報の公開に伴い、Google 端末に対するセキュリティ アップデートを無線(OTA)アップデートで配信しました。Google 端末のファームウェア イメージも <a href="https://developers.google.com/android/nexus/images">Google デベロッパー サイト</a>でリリースしています。2017 年 3 月 5 日以降のセキュリティ パッチ レベルでは、下記のすべての問題に対処しています。端末のセキュリティ パッチレベルを確認する方法については、<a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel と Nexus のアップデート スケジュール</a>をご覧ください。</p>
<p>パートナーには、この公開情報に記載の問題について 2017 年 2 月 6 日までに通知済みです。Android オープンソース プロジェクト(AOSP)レポジトリに、下記の問題に対するソースコードのパッチをリリースしています。AOSP 以外のパッチへのリンクも掲載しています。</p>
<p>下記の問題のうち最も重大度の高いものは、多様な方法(メール、ウェブの閲覧、MMS など)により、攻撃対象の端末でメディア ファイルを処理する際にリモートでのコード実行が可能になるおそれのある重大なセキュリティの脆弱性です。<a href="/security/overview/updates-resources.html#severity">重大度の評価</a>は、攻撃対象の端末でその脆弱性が悪用された場合の影響に基づくもので、プラットフォームやサービスでのリスク軽減策が開発目的または不正な回避により無効となっていることを前提としています。</p>
-<p>この新たに報告された問題によって実際のユーザー端末が不正使用された報告はありません。<a href="#mitigations">Android セキュリティ プラットフォームの保護</a>や <a href="/security/enhancements/index.html">SafetyNet</a> のようなサービスの保護について詳しくは、<a href="https://developer.android.com/training/safetynet/index.html">Android と Google サービスでのリスク軽減策</a>をご覧ください。こうした保護により、Android プラットフォームのセキュリティが改善されます。</p>
-<p>ご利用の端末で上記の更新を行うことをすべてのユーザーにおすすめします。</p>
+<p>この新たに報告された問題によって実際のユーザー端末が不正使用された報告はありません。<a href="/security/enhancements/index.html">Android セキュリティ プラットフォームの保護</a>や <a href="https://developer.android.com/training/safetynet/index.html">SafetyNet</a> のようなサービスの保護について詳しくは、<a href="#mitigations">Android と Google サービスでのリスク軽減策</a>をご覧ください。こうした保護により、Android プラットフォームのセキュリティが改善されます。</p>
+<p>ご利用の端末にこのアップデートを適用することをすべてのユーザーにおすすめします。</p>
<h2 id="announcements">お知らせ</h2>
<ul>
<li>この公開情報では、2 つのセキュリティ パッチ レベル文字列を定義しています。これは、すべての Android 搭載端末で同様の問題が発生する一部の脆弱性をサブセットとし、Android パートナーが迅速かつ柔軟に修正できるようにするためです。詳しくは、<a href="#common-questions-and-answers">一般的な質問と回答</a>をご覧ください。<ul>
@@ -45,7 +45,7 @@
<h2 id="acknowledgements">謝辞</h2>
<p>調査にご協力くださった下記の皆様方に感謝いたします(敬称略)。</p>
<ul>
-<li>Google Dynamic Tools チームの Alexander Potapenko: CVE-2017-0537</li><li>Alibaba Mobile Security Group の Baozeng Ding、Chengming Yang、Peng Xiao、Yang Song: CVE-2017-0506</li><li>Alibaba Mobile Security Group の Baozeng Ding、Ning You、Chengming Yang、Peng Xiao、Yang Song: CVE-2017-0463</li><li>Android Security の Billy Lau: CVE-2017-0335、CVE-2017-0336、CVE-2017-0338、CVE-2017-0460</li><li><a href="mailto:derrek.haxx@gmail.com">derrek</a>(<a href="https://twitter.com/derrekr6">@derrekr6</a>): CVE-2016-8413、CVE-2016-8477、CVE-2017-0531</li><li><a href="mailto:derrek.haxx@gmail.com">derrek</a>(<a href="https://twitter.com/derrekr6">@derrekr6</a>)、<a href="mailto:sbauer@plzdonthack.me">Scott Bauer</a>(<a href="https://twitter.com/ScottyBauer1">@ScottyBauer1</a>): CVE-2017-0521</li><li>Tencent KeenLab(<a href="https://twitter.com/returnsme">@keen_lab</a>)の Di Shen(<a href="https://twitter.com/keen_lab">@returnsme</a>): CVE-2017-0334、CVE-2017-0456、CVE-2017-0457、CVE-2017-0525</li><li><a href="https://twitter.com/heeeeen4x">MS509Team</a> の En He(<a href="http://www.ms509.com">@heeeeen4x</a>)、Bo Liu: CVE-2017-0490</li><li>Qihoo 360 Technology Co. Ltd. IceSword Lab の Gengjia Chen(<a href="https://twitter.com/chengjia4574">@chengjia4574</a>)、<a href="http://weibo.com/jfpan">pjf</a>: CVE-2017-0500、CVE-2017-0501、CVE-2017-0502、CVE-2017-0503、CVE-2017-0509、CVE-2017-0524、CVE-2017-0529、CVE-2017-0536</li><li>Qihoo 360 Technology Co. Ltd. の Alpha Team の Hao Chen、Guang Gong: CVE-2017-0453、CVE-2017-0461、CVE-2017-0464</li><li>Sony Mobile Communications Inc. の Hiroki Yamamoto、Fang Chen: CVE-2017-0481</li><li>IBM Security X-Force Researcher の Sagi Kedmi、Roee Hay: CVE-2017-0510</li><li><a href="https://twitter.com/Jioun_dai">Qihoo 360 Skyeye Labs</a> の Jianjun Dai(<a href="https://skyeye.360safe.com">@Jioun_dai</a>): CVE-2017-0478</li><li>Qihoo 360 IceSword Lab の Jianqiang Zhao(<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>)、<a href="http://weibo.com/jfpan">pjf</a>: CVE-2016-8416、CVE-2016-8478、CVE-2017-0458、CVE-2017-0459、CVE-2017-0518、CVE-2017-0519、CVE-2017-0533、CVE-2017-0534</li><li><a href="mailto:zlbzlb815@163.com">C0RE Team</a> の <a href="mailto:segfault5514@gmail.com">Lubo Zhang</a>、<a href="mailto:computernik@gmail.com">Tong Lin</a>、<a href="http://c0reteam.org">Yuan-Tsung Lo</a>、Xuxian Jiang: CVE-2016-8479</li><li>Google の大貫誠: CVE-2017-0491</li><li><a href="https://twitter.com/Mingjian_Zhou">C0RE Team</a> の Mingjian Zhou(<a href="mailto:arnow117@gmail.com">@Mingjian_Zhou</a>)、<a href="http://c0reteam.org">Hanxiang Wen</a>、Xuxian Jiang: CVE-2017-0479、CVE-2017-0480</li><li>Nathan Crandall(<a href="https://twitter.com/natecray">@natecray</a>): CVE-2017-0535</li><li>Tesla Motors Product Security Team の Nathan Crandall(<a href="https://twitter.com/natecray">@natecray</a>): CVE-2017-0306</li><li>Baidu X-Lab(百度安全实验室)の Pengfei Ding(丁鹏飞)、Chenfu Bao(包沉浮)、Lenx Wei(韦韬): CVE-2016-8417</li><li>Tencent KeenLab の Qidan He(何淇丹)(<a href="https://twitter.com/flanker_hqd">@flanker_hqd</a>): CVE-2017-0337、CVE-2017-0476</li><li>Qihoo 360 の Qing Zhang、Singapore Institute of Technology(SIT)の Guangdong Bai: CVE-2017-0496</li><li>Ant-financial Light-Year Security Lab(蚂蚁金服巴斯光年安全实验室)の Quhe、wanchouchou: CVE-2017-0522</li><li>DarkMatter Secure Communications の <a href="mailto:keun-o.park@darkmatter.ae">Sahara</a>: CVE-2017-0528</li><li>UC Santa Barbara Shellphish Grill Team の salls(<a href="https://twitter.com/chris_salls">@chris_salls</a>): CVE-2017-0505</li><li><a href="mailto:sbauer@plzdonthack.me">Scott Bauer</a>(<a href="https://twitter.com/ScottyBauer1">@ScottyBauer1</a>): CVE-2017-0504、CVE-2017-0516</li><li>Sean Beaupre(beaups): CVE-2017-0455</li><li>Trend Micro の Seven Shen(<a href="https://twitter.com/lingtongshen">@lingtongshen</a>): CVE-2017-0452</li><li>Fujitsu の Shinichi Matsumoto: CVE-2017-0498</li><li><a href="mailto:smarques84@gmail.com">ByteRev</a> の <a href="http://www.byterev.com">Stéphane Marques</a>: CVE-2017-0489</li><li>Google の Svetoslav Ganov: CVE-2017-0492</li><li><a href="mailto:segfault5514@gmail.com">C0RE Team</a> の <a href="mailto:computernik@gmail.com">Tong Lin</a>、<a href="http://c0reteam.org">Yuan-Tsung Lo</a>、Xuxian Jiang: CVE-2017-0333</li><li><a href="https://twitter.com/vysea">Trend Micro</a> <a href="http://blog.trendmicro.com/trendlabs-security-intelligence/category/mobile">Mobile Threat Response Team</a> の V.E.O(<a href="http://www.trendmicro.com">@VYSEa</a>): CVE-2017-0466、CVE-2017-0467、CVE-2017-0468、CVE-2017-0469、CVE-2017-0470、CVE-2017-0471、CVE-2017-0472、CVE-2017-0473、CVE-2017-0482、CVE-2017-0484、CVE-2017-0485、CVE-2017-0486、CVE-2017-0487、CVE-2017-0494、CVE-2017-0495</li><li>Ant-financial Light-Year Security Lab(蚂蚁金服巴斯光年安全实验室)の Wish Wu(吴潍浠 此彼)(<a href="https://twitter.com/wish_wu">@wish_wu</a>): CVE-2017-0477</li><li>Qihoo 360 Technology Co. Ltd の Vulpecker Team の Yu Pan: CVE-2017-0517、CVE-2017-0532</li><li><a href="mailto:computernik@gmail.com">C0RE Team</a> の <a href="http://c0reteam.org">Yuan-Tsung Lo</a>、Xuxian Jiang: CVE-2017-0526、CVE-2017-0527</li><li><a href="https://twitter.com/nikos233__">C0RE Team</a> の Yuqi Lu(<a href="mailto:vancouverdou@gmail.com">@nikos233</a>)、<a href="mailto:shaodacheng2016@gmail.com">Wenke Dou</a>、<a href="https://twitter.com/Mingjian_Zhou">Dacheng Shao</a>、Mingjian Zhou(<a href="http://c0reteam.org">@Mingjian_Zhou</a>)、Xuxian Jiang: CVE-2017-0483</li>
+<li>Google Dynamic Tools チームの Alexander Potapenko: CVE-2017-0537</li><li>Alibaba Mobile Security Group の Baozeng Ding、Chengming Yang、Peng Xiao、Yang Song: CVE-2017-0506</li><li>Alibaba Mobile Security Group の Baozeng Ding、Ning You、Chengming Yang、Peng Xiao、Yang Song: CVE-2017-0463</li><li>Android Security の Billy Lau: CVE-2017-0335、CVE-2017-0336、CVE-2017-0338、CVE-2017-0460</li><li><a href="mailto:derrek.haxx@gmail.com">derrek</a>(<a href="https://twitter.com/derrekr6">@derrekr6</a>): CVE-2016-8413、CVE-2016-8477、CVE-2017-0531</li><li><a href="mailto:derrek.haxx@gmail.com">derrek</a>(<a href="https://twitter.com/derrekr6">@derrekr6</a>)、<a href="mailto:sbauer@plzdonthack.me">Scott Bauer</a>(<a href="https://twitter.com/ScottyBauer1">@ScottyBauer1</a>): CVE-2017-0521</li><li>Tencent KeenLab(<a href="https://twitter.com/keen_lab">@keen_lab</a>)の Di Shen(<a href="https://twitter.com/returnsme">@returnsme</a>): CVE-2017-0334、CVE-2017-0456、CVE-2017-0457、CVE-2017-0525</li><li><a href="http://www.ms509.com">MS509Team</a> の En He(<a href="https://twitter.com/heeeeen4x">@heeeeen4x</a>)、Bo Liu: CVE-2017-0490</li><li>Qihoo 360 Technology Co. Ltd. IceSword Lab の Gengjia Chen(<a href="https://twitter.com/chengjia4574">@chengjia4574</a>)、<a href="http://weibo.com/jfpan">pjf</a>: CVE-2017-0500、CVE-2017-0501、CVE-2017-0502、CVE-2017-0503、CVE-2017-0509、CVE-2017-0524、CVE-2017-0529、CVE-2017-0536</li><li>Qihoo 360 Technology Co. Ltd. の Alpha Team の Hao Chen、Guang Gong: CVE-2017-0453、CVE-2017-0461、CVE-2017-0464</li><li>Sony Mobile Communications Inc. の Hiroki Yamamoto、Fang Chen: CVE-2017-0481</li><li>IBM Security X-Force Researcher の Sagi Kedmi、Roee Hay: CVE-2017-0510</li><li><a href="https://skyeye.360safe.com">Qihoo 360 Skyeye Labs</a> の Jianjun Dai(<a href="https://twitter.com/Jioun_dai">@Jioun_dai</a>): CVE-2017-0478</li><li>Qihoo 360 IceSword Lab の Jianqiang Zhao(<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>)、<a href="http://weibo.com/jfpan">pjf</a>: CVE-2016-8416、CVE-2016-8478、CVE-2017-0458、CVE-2017-0459、CVE-2017-0518、CVE-2017-0519、CVE-2017-0533、CVE-2017-0534</li><li><a href="http://c0reteam.org">C0RE Team</a> の <a href="mailto:zlbzlb815@163.com">Lubo Zhang</a>、<a href="mailto:segfault5514@gmail.com">Tong Lin</a>、<a href="mailto:computernik@gmail.com">Yuan-Tsung Lo</a>、Xuxian Jiang: CVE-2016-8479</li><li>Google の大貫誠: CVE-2017-0491</li><li><a href="http://c0reteam.org">C0RE Team</a> の Mingjian Zhou(<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>)、<a href="mailto:arnow117@gmail.com">Hanxiang Wen</a>、Xuxian Jiang: CVE-2017-0479、CVE-2017-0480</li><li>Nathan Crandall(<a href="https://twitter.com/natecray">@natecray</a>): CVE-2017-0535</li><li>Tesla Motors Product Security Team の Nathan Crandall(<a href="https://twitter.com/natecray">@natecray</a>): CVE-2017-0306</li><li>Baidu X-Lab(百度安全实验室)の Pengfei Ding(丁鹏飞)、Chenfu Bao(包沉浮)、Lenx Wei(韦韬): CVE-2016-8417</li><li>Tencent KeenLab の Qidan He(何淇丹)(<a href="https://twitter.com/flanker_hqd">@flanker_hqd</a>): CVE-2017-0337、CVE-2017-0476</li><li>Qihoo 360 の Qing Zhang、Singapore Institute of Technology(SIT)の Guangdong Bai: CVE-2017-0496</li><li>Ant-financial Light-Year Security Lab(蚂蚁金服巴斯光年安全实验室)の Quhe、wanchouchou: CVE-2017-0522</li><li>DarkMatter Secure Communications の <a href="mailto:keun-o.park@darkmatter.ae">Sahara</a>: CVE-2017-0528</li><li>UC Santa Barbara Shellphish Grill Team の salls(<a href="https://twitter.com/chris_salls">@chris_salls</a>): CVE-2017-0505</li><li><a href="mailto:sbauer@plzdonthack.me">Scott Bauer</a>(<a href="https://twitter.com/ScottyBauer1">@ScottyBauer1</a>): CVE-2017-0504、CVE-2017-0516</li><li>Sean Beaupre(beaups): CVE-2017-0455</li><li>Trend Micro の Seven Shen(<a href="https://twitter.com/lingtongshen">@lingtongshen</a>): CVE-2017-0452</li><li>Fujitsu の Shinichi Matsumoto: CVE-2017-0498</li><li><a href="http://www.byterev.com">ByteRev</a> の <a href="mailto:smarques84@gmail.com">Stéphane Marques</a>: CVE-2017-0489</li><li>Google の Svetoslav Ganov: CVE-2017-0492</li><li><a href="http://c0reteam.org">C0RE Team</a> の <a href="mailto:segfault5514@gmail.com">Tong Lin</a>、<a href="mailto:computernik@gmail.com">Yuan-Tsung Lo</a>、Xuxian Jiang: CVE-2017-0333</li><li><a href="http://www.trendmicro.com">Trend Micro</a> <a href="http://blog.trendmicro.com/trendlabs-security-intelligence/category/mobile">Mobile Threat Response Team</a> の V.E.O(<a href="https://twitter.com/vysea">@VYSEa</a>): CVE-2017-0466、CVE-2017-0467、CVE-2017-0468、CVE-2017-0469、CVE-2017-0470、CVE-2017-0471、CVE-2017-0472、CVE-2017-0473、CVE-2017-0482、CVE-2017-0484、CVE-2017-0485、CVE-2017-0486、CVE-2017-0487、CVE-2017-0494、CVE-2017-0495</li><li>Ant-financial Light-Year Security Lab(蚂蚁金服巴斯光年安全实验室)の Wish Wu(吴潍浠 此彼)(<a href="https://twitter.com/wish_wu">@wish_wu</a>): CVE-2017-0477</li><li>Qihoo 360 Technology Co. Ltd の Vulpecker Team の Yu Pan: CVE-2017-0517、CVE-2017-0532</li><li><a href="http://c0reteam.org">C0RE Team</a> の <a href="mailto:computernik@gmail.com">Yuan-Tsung Lo</a>、Xuxian Jiang: CVE-2017-0526、CVE-2017-0527</li><li><a href="http://c0reteam.org">C0RE Team</a> の Yuqi Lu(<a href="https://twitter.com/nikos233__">@nikos233</a>)、<a href="mailto:vancouverdou@gmail.com">Wenke Dou</a>、<a href="mailto:shaodacheng2016@gmail.com">Dacheng Shao</a>、Mingjian Zhou(<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>)、Xuxian Jiang: CVE-2017-0483</li>
<li>Qihoo 360 Technology Co. Ltd. Chengdu Security Response Center の Zinuo Han(<a href="https://weibo.com/ele7enxxh">weibo.com/ele7enxxh</a>): CVE-2017-0475、CVE-2017-0497</li></ul>
<h2 id="2017-03-01-details">セキュリティ パッチ レベル 2017-03-01 の脆弱性の詳細</h2>
@@ -2083,7 +2083,7 @@ QC-CR#1090007</a>
</tbody></table>
<p>* この問題に対するパッチは公開されていません。アップデートは <a href="https://developers.google.com/android/nexus/drivers">Google デベロッパー サイト</a>から入手できる Nexus 端末用最新バイナリ ドライバに含まれています。</p>
<h2 id="common-questions-and-answers">一般的な質問と回答</h2>
-<p>上記の公開情報に対する一般的な質問について、以下で回答します。</p>
+<p>上記の公開情報に対する一般的な質問についての回答は以下のとおりです。</p>
<p><strong>1. 上記の問題に対処するように端末が更新されているかどうかを確かめるには、どうすればよいですか?
</strong></p>
<p>端末のセキュリティ パッチレベルを確認する方法については、<a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel および Nexus のアップデート スケジュール</a>に記載されている手順をご覧ください。</p>
diff --git a/ja/security/bulletin/2017-05-01.html b/ja/security/bulletin/2017-05-01.html
index 5da194ee..06368e99 100644
--- a/ja/security/bulletin/2017-05-01.html
+++ b/ja/security/bulletin/2017-05-01.html
@@ -74,7 +74,7 @@
<li><a href="mailto:sbauer@plzdonthack.me">Scott Bauer</a>(<a href="https://twitter.com/ScottyBauer1">@ScottyBauer1</a>): CVE-2016-10274</li>
<li><a href="http://c0reteam.org">C0RE Team</a> の <a href="mailto:segfault5514@gmail.com">Tong Lin</a>、<a href="mailto:computernik@gmail.com">Yuan-Tsung Lo</a>、Xuxian Jiang: CVE-2016-10291</li>
<li>Vasily Vasiliev: CVE-2017-0589</li>
-<li><a href="http://www.trendmicro.com">Trend Micro</a>、<a href="http://blog.trendmicro.com/trendlabs-security-intelligence/category/mobile">Mobile Threat Response Team</a> の V.E.O(<a href="https://twitter.com/vysea">@VYSEa</a>): CVE-2017-0590、CVE-2017-0587、CVE-2017-0600</li>
+<li><a href="http://www.trendmicro.com">Trend Micro</a> <a href="http://blog.trendmicro.com/trendlabs-security-intelligence/category/mobile">Mobile Threat Response Team</a> の V.E.O(<a href="https://twitter.com/vysea">@VYSEa</a>): CVE-2017-0590、CVE-2017-0587、CVE-2017-0600</li>
<li>Tencent Security Platform Department の Xiling Gong: CVE-2017-0597</li>
<li>360 Marvel Team の Xingyuan Lin: CVE-2017-0627</li>
<li>Alibaba Inc. の Yong Wang(王勇)(<a href="https://twitter.com/ThomasKing2014">@ThomasKing2014</a>): CVE-2017-0588</li>
@@ -2371,7 +2371,7 @@ QC-CR#832915</a></td>
<p>*** Android 7.1.1 以降が搭載されたサポート対象の Google 端末において、適用できるすべてのアップデートがインストールされている場合は、この脆弱性が悪用されることはありません。</p>
<h2 id="common-questions-and-answers">一般的な質問と回答</h2>
-<p>上記の公開情報に対する一般的な質問について、以下で回答します。</p>
+<p>上記の公開情報に対する一般的な質問についての回答は以下のとおりです。</p>
<p><strong>1. 上記の問題に対処するように端末が更新されているかを判断するには、どうすればよいですか?
</strong></p>
diff --git a/ja/security/bulletin/2017-11-01.html b/ja/security/bulletin/2017-11-01.html
index c9269e2b..f554c2ba 100644
--- a/ja/security/bulletin/2017-11-01.html
+++ b/ja/security/bulletin/2017-11-01.html
@@ -41,10 +41,11 @@ Android パートナーには、2017-11-01 および 2017-11-05 パッチレベ
<li>KRACK 脆弱性に対するセキュリティ パッチは、2017-11-06 セキュリティ パッチレベルで提供されます。</li>
</ul>
<h2 id="mitigations">Android と Google サービスでのリスク軽減策</h2>
-<p>ここでは、<a href="/security/enhancements/index.html">Android セキュリティ プラットフォーム</a>の保護と <a href="//www.android.com/play-protect">Google Play プロテクト</a>のようなサービスの保護によるリスクの軽減について概説します。こうした機能は、Android でセキュリティの脆弱性が悪用される可能性を減らします。
+<p>
+ここでは、<a href="/security/enhancements/index.html">Android セキュリティ プラットフォーム</a>の保護と <a href="//www.android.com/play-protect">Google Play プロテクト</a>のようなサービスの保護によるリスクの軽減について概説します。こうした機能は、Android でセキュリティの脆弱性が悪用される可能性を減らします。
</p>
<ul>
- <li>Android プラットフォームの最新版での機能強化により、Android にある多くの問題の悪用が困難になります。Google では、すべてのユーザーに対し、できる限り最新バージョンの Android に更新することをおすすめしています。</li>
+ <li>Android プラットフォームの最新版での機能強化により、Android 上の多くの問題の悪用が困難になります。Google では、すべてのユーザーに対し、できる限り最新バージョンの Android に更新することをおすすめしています。</li>
<li>Android セキュリティ チームは、<a href="//www.android.com/play-protect">Google Play プロテクト</a>によって脆弱性の悪用を積極的に監視しており、<a href="/security/reports/Google_Android_Security_PHA_classifications.pdf">有害なおそれのあるアプリ</a>についてユーザーに警告しています。Google Play プロテクトは、<a href="//www.android.com/gms">Google モバイル サービス</a>を搭載した端末ではデフォルトで有効になっており、Google Play 以外からアプリをインストールするユーザーにとっては特に重要です。</li>
</ul>
<h2 id="2017-11-01-details">セキュリティ パッチレベル 2017-11-01 の脆弱性の詳細</h2>
@@ -184,11 +185,11 @@ Android パートナーには、2017-11-01 および 2017-11-05 パッチレベ
<h2 id="2017-11-05-details">セキュリティ パッチレベル 2017-11-05 の脆弱性の詳細</h2>
<p>
-パッチレベル 2017-11-05 に該当するセキュリティ脆弱性の各項目について、下記に詳細を説明します。影響を受けるコンポーネントごとに脆弱性を分類し、CVE、関連する参照先、<a href="#type">脆弱性の種類</a>、<a href="/security/overview/updates-resources.html#severity">重大度</a>、コンポーネント(該当する場合)、更新対象の AOSP バージョン(該当する場合)などの詳細を記載しています。該当する場合は、バグ ID の欄に、その問題に対処した一般公開されている変更(AOSP の変更の一覧など)へのリンクがあります。複数の変更が同じバグに関係する場合は、バグ ID の後に続く番号で、追加の参照先へのリンクを示します。
+パッチレベル 2017-11-05 に該当するセキュリティ脆弱性の各項目について、下記に詳細を説明します。影響を受けるコンポーネントごとに脆弱性を分類し、CVE、関連する参照先、<a href="#type">脆弱性のタイプ</a>、<a href="/security/overview/updates-resources.html#severity">重大度</a>、コンポーネント(該当する場合)、更新対象の AOSP バージョン(該当する場合)などの詳細を記載しています。該当する場合は、バグ ID の欄に、その問題に対処した一般公開されている変更(AOSP の変更の一覧など)へのリンクがあります。複数の変更が同じバグに関係する場合は、バグ ID の後に続く番号で、追加の参照先へのリンクを示します。
</p>
<h3 id="kernel-components">カーネル コンポーネント</h3>
-<p>カーネル コンポーネントの最も重大な脆弱性は、悪意のあるローカルアプリによって特権プロセス内で任意のコードが実行されるおそれがあることです。</p>
+<p>カーネル コンポーネントに重大な脆弱性があるため、悪意のあるローカルアプリによって特権プロセス内で任意のコードが実行されるおそれがあります。</p>
<table>
<colgroup><col width="17%" />
@@ -224,7 +225,7 @@ Android パートナーには、2017-11-01 および 2017-11-05 パッチレベ
</tbody></table>
<h3 id="mediatek-components">MediaTek コンポーネント</h3>
-<p>MediaTek コンポーネントの最も重大な脆弱性は、悪意のあるローカルアプリによって特権プロセス内で任意のコードが実行されるおそれがあることです。</p>
+<p>MediaTek コンポーネントに重大な脆弱性があるため、悪意のあるローカルアプリによって特権プロセス内で任意のコードが実行されるおそれがあります。</p>
<table>
<colgroup><col width="17%" />
@@ -358,7 +359,7 @@ QC-CR#2008683</a>
<h2 id="2017-11-06-details">セキュリティ パッチレベル 2017-11-06 の脆弱性の詳細</h2>
<p>
-パッチレベル 2017-11-06 に該当するセキュリティ脆弱性の各項目について、下記に詳細を説明します。影響を受けるコンポーネントごとに脆弱性を分類し、CVE、関連する参照先、<a href="#type">脆弱性の種類</a>、<a href="/security/overview/updates-resources.html#severity">重大度</a>、コンポーネント(該当する場合)、更新対象の AOSP バージョン(該当する場合)などの詳細を記載しています。該当する場合は、バグ ID の欄に、その問題に対処した一般公開されている変更(AOSP の変更の一覧など)へのリンクがあります。複数の変更が同じバグに関係する場合は、バグ ID の後に続く番号で、追加の参照先へのリンクを示します。</p>
+パッチレベル 2017-11-06 に該当するセキュリティ脆弱性の各項目について、下記に詳細を説明します。影響を受けるコンポーネントごとに脆弱性を分類し、CVE、関連する参照先、<a href="#type">脆弱性のタイプ</a>、<a href="/security/overview/updates-resources.html#severity">重大度</a>、コンポーネント(該当する場合)、更新対象の AOSP バージョン(該当する場合)などの詳細を記載しています。該当する場合は、バグ ID の欄に、その問題に対処した一般公開されている変更(AOSP の変更の一覧など)へのリンクがあります。複数の変更が同じバグに関係する場合は、バグ ID の後に続く番号で、追加の参照先へのリンクを示します。</p>
<h3 id="11-06-system">システム</h3>
<p>
システムの最も重大な脆弱性は、近くにいる攻撃者によって、保護されていない Wi-Fi ネットワークに接続する前のユーザー操作要件が回避されるおそれがあることです。
@@ -511,7 +512,7 @@ QC-CR#2008683</a>
<td>サービス拒否</td>
</tr>
<tr>
- <td>N/A</td>
+ <td>なし</td>
<td>該当する分類なし</td>
</tr>
</tbody></table>
diff --git a/ja/security/bulletin/2018-01-01.html b/ja/security/bulletin/2018-01-01.html
index d4901572..4db7eee4 100644
--- a/ja/security/bulletin/2018-01-01.html
+++ b/ja/security/bulletin/2018-01-01.html
@@ -19,14 +19,13 @@
See the License for the specific language governing permissions and
limitations under the License.
-->
-<p><em>公開日: 2018 年 1 月 2 日</em></p>
+<p><em>2018 年 1 月 2 日公開 | 2018 年 1 月 29 日更新</em></p>
<p>
Android のセキュリティに関する公開情報には、Android 搭載端末に影響を与えるセキュリティの脆弱性の詳細を掲載しています。セキュリティ パッチレベル 2018-01-05 以降では、下記のすべての問題に対処しています。端末のセキュリティ パッチレベルを確認する方法については、<a href="https://support.google.com/pixelphone/answer/4457705">Android のバージョンを確認して更新する</a>をご覧ください。
</p>
<p>
-Android パートナーには、情報公開の少なくとも 1 か月前にすべての問題が通知されます。下記の問題に対するソースコードのパッチは、これから 48 時間の間に Android オープンソース プロジェクト(AOSP)レポジトリにリリースされます。AOSP リンクが利用可能になり次第、この公開情報を改訂します。
-</p>
+Android パートナーには、情報公開の 1 か月前までにすべての問題が通知されます。Android オープンソース プロジェクト(AOSP)のレポジトリに、下記の問題に対するソースコードのパッチをリリースしています。また、この公開情報では、これらのパッチへのリンクに加え、AOSP 以外のパッチへのリンクも掲載しています。</p>
<p>
下記の問題のうち最も重大度の高いものは、メディア フレームワークに重大なセキュリティの脆弱性があるため、離れた場所にいる攻撃者が特別に細工したファイルを使用して、特権プロセス内で任意のコードを実行するおそれがあることです。<a href="/security/overview/updates-resources.html#severity">重大度の評価</a>は、攻撃対象の端末でその脆弱性が悪用された場合の影響に基づくもので、プラットフォームやサービスでのリスク軽減策が開発目的または不正な回避により無効となっていることを前提としています。
</p>
@@ -37,6 +36,14 @@ Android パートナーには、情報公開の少なくとも 1 か月前にす
<strong>注:</strong> 最新の無線(OTA)アップデートと Google 端末のファームウェア イメージについての情報は、2018 年 1 月の Pixel&amp;hairsp;/&amp;hairsp;Nexus のセキュリティに関する公開情報でご覧いただけます。
</p>
<h2 id="announcements">お知らせ</h2>
+<aside class="note">
+<p><strong>注:</strong> CVE-2017-5715、CVE-2017-5753、CVE-2017-5754(プロセッサの投機的実行に関する一連の脆弱性)が公開されています。Android では、ARM ベースの Android 搭載端末において不正な情報開示を可能にするこれらの脆弱性が再現されても認識できません。
+</p>
+<p>
+保護を強化するには、この公開情報に含まれている CVE-2017-13218 に対するアップデートを適用して、高精度タイマーへのアクセスを減らします。これにより、既知のすべての種類の ARM プロセッサに対するサイドチャネル攻撃(CVE-2017-5715、CVE-2017-5753、CVE-2017-5754 など)を制限することができます。
+</p>
+<p>Google では、Android 搭載端末に利用可能なセキュリティ アップデートを適用することをおすすめしています。詳しくは、<a href="https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html">Google セキュリティ ブログ</a>をご覧ください。</p>
+</aside>
<p>
新たに <a href="/security/bulletin/pixel/">Pixel  /  Nexus のセキュリティに関する公開情報</a>の提供を開始しました。この公開情報には、Pixel 端末と Nexus 端末で対処されているその他のセキュリティの脆弱性や機能強化についての情報を掲載しています。Android 搭載端末メーカーは、自社の端末でそれらの問題に対処することができます。詳しくは、<a href="#common-questions-and-answers">一般的な質問と回答</a>をご覧ください。
</p>
@@ -68,7 +75,8 @@ Android パートナーには、情報公開の少なくとも 1 か月前にす
</tr>
<tr>
<td>CVE-2017-13176</td>
- <td>A-68341964</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/base/+/4afa0352d6c1046f9e9b67fbf0011bcd751fcbb5">
+ A-68341964</a></td>
<td>EoP</td>
<td>高</td>
<td>5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
@@ -92,109 +100,124 @@ Android パートナーには、情報公開の少なくとも 1 か月前にす
<th>更新対象の AOSP バージョン</th>
</tr>
<tr>
- <td>CVE-2017-13177</td>
- <td>A-68320413</td>
- <td>RCE</td>
- <td>重大</td>
- <td>5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
+ <td>CVE-2017-13177</td>
+ <td><a href="https://android.googlesource.com/platform/external/libhevc/+/b686bb2df155fd1f55220d56f38cc0033afe278c">
+ A-68320413</a></td>
+ <td>RCE</td>
+ <td>重大</td>
+ <td>5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
</tr>
<tr>
- <td>CVE-2017-13178</td>
- <td>A-66969281</td>
- <td>RCE</td>
- <td>重大</td>
- <td>6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
+ <td>CVE-2017-13178</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/av/+/646a18fef28d19ba5beb6a2e1c00ac4c2663a10b">
+ A-66969281</a></td>
+ <td>RCE</td>
+ <td>重大</td>
+ <td>6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
</tr>
<tr>
- <td>CVE-2017-13179</td>
- <td>A-66969193</td>
- <td>RCE</td>
- <td>重大</td>
- <td>6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
+ <td>CVE-2017-13179</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/av/+/47d4b33b504e14e98420943f771a9aecd6d09516">
+ A-66969193</a></td>
+ <td>RCE</td>
+ <td>重大</td>
+ <td>6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
</tr>
<tr>
- <td>CVE-2017-13180</td>
- <td>A-66969349</td>
- <td>EoP</td>
- <td>高</td>
- <td>6.0、6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
+ <td>CVE-2017-13180</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/av/+/cf1e36f93fc8776e3a8109149424babeee7f8382">
+ A-66969349</a></td>
+ <td>EoP</td>
+ <td>高</td>
+ <td>6.0、6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
</tr>
<tr>
- <td>CVE-2017-13181</td>
- <td>A-67864232</td>
- <td>EoP</td>
- <td>高</td>
- <td>7.0、7.1.1、7.1.2、8.0、8.1</td>
+ <td>CVE-2017-13181</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/base/+/d64e9594d3d73c613010ca9fafc7af9782e9225d">
+ A-67864232</a></td>
+ <td>EoP</td>
+ <td>高</td>
+ <td>7.0、7.1.1、7.1.2、8.0、8.1</td>
</tr>
<tr>
- <td>CVE-2017-13182</td>
- <td>A-67737022</td>
- <td>EoP</td>
- <td>高</td>
- <td>8.0、8.1</td>
+ <td>CVE-2017-13182</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/av/+/f1652e1b9f1d2840c79b6bf784d1befe40f4799e">
+ A-67737022</a></td>
+ <td>EoP</td>
+ <td>高</td>
+ <td>8.0、8.1</td>
</tr>
<tr>
- <td>CVE-2017-13184</td>
- <td>A-65483324</td>
- <td>EoP</td>
- <td>高</td>
- <td>8.0、8.1</td>
+ <td>CVE-2017-13184</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/native/+/16392a119661fd1da750d4d4e8e03442578bc543">
+ A-65483324</a></td>
+ <td>EoP</td>
+ <td>高</td>
+ <td>8.0、8.1</td>
</tr>
<tr>
- <td>CVE-2017-0855</td>
- <td>A-64452857</td>
- <td>DoS</td>
- <td>高</td>
- <td>5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2、8.0</td>
+ <td>CVE-2017-0855</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/av/+/d7d6df849cec9d0a9c1fd0d9957a1b8edef361b7">
+ A-64452857</a></td>
+ <td>DoS</td>
+ <td>高</td>
+ <td>5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2、8.0</td>
</tr>
<tr>
- <td>CVE-2017-13191</td>
- <td>A-64380403</td>
- <td>DoS</td>
- <td>高</td>
- <td>5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
+ <td>CVE-2017-13191</td>
+ <td><a href="https://android.googlesource.com/platform/external/libhevc/+/f5b2fa243b4c45a4cd885e85f49ae548ab88c264">
+ A-64380403</a></td>
+ <td>DoS</td>
+ <td>高</td>
+ <td>5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
</tr>
<tr>
- <td>CVE-2017-13192</td>
- <td>A-64380202</td>
- <td>DoS</td>
- <td>高</td>
- <td>5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
+ <td>CVE-2017-13192</td>
+ <td><a href="https://android.googlesource.com/platform/external/libhevc/+/52ca619511acbd542d843df1f92f858ce13048a5">
+ A-64380202</a></td>
+ <td>DoS</td>
+ <td>高</td>
+ <td>5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
</tr>
<tr>
- <td>CVE-2017-13193</td>
- <td>A-65718319</td>
- <td>DoS</td>
- <td>高</td>
- <td>5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
+ <td>CVE-2017-13193</td>
+ <td><a href="https://android.googlesource.com/platform/external/libhevc/+/b3f31e493ef6fa886989198da9787807635eaae2">
+ A-65718319</a></td>
+ <td>DoS</td>
+ <td>高</td>
+ <td>5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
</tr>
<tr>
- <td>CVE-2017-13195</td>
- <td>A-65398821</td>
- <td>DoS</td>
- <td>高</td>
- <td>5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
+ <td>CVE-2017-13195</td>
+ <td><a href="https://android.googlesource.com/platform/external/libhevc/+/066e3b1f9c954d95045bc9d33d2cdc9df419784f">
+ A-65398821</a></td>
+ <td>DoS</td>
+ <td>高</td>
+ <td>5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
</tr>
<tr>
- <td>CVE-2017-13196</td>
- <td>A-63522067</td>
- <td>DoS</td>
- <td>高</td>
- <td>5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
+ <td>CVE-2017-13196</td>
+ <td><a href="https://android.googlesource.com/platform/external/libhevc/+/f5b2fa243b4c45a4cd885e85f49ae548ab88c264">
+ A-63522067</a></td>
+ <td>DoS</td>
+ <td>高</td>
+ <td>5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
</tr>
<tr>
- <td>CVE-2017-13197</td>
- <td>A-64784973</td>
- <td>DoS</td>
- <td>高</td>
- <td>6.0、6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
+ <td>CVE-2017-13197</td>
+ <td><a href="https://android.googlesource.com/platform/external/libhevc/+/0a714d3a14d256c6a5675d6fbd975ca26e9bc471">
+ A-64784973</a></td>
+ <td>DoS</td>
+ <td>高</td>
+ <td>6.0、6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
</tr>
<tr>
- <td>CVE-2017-13199</td>
- <td>A-33846679</td>
- <td>DoS</td>
- <td>高</td>
- <td>8.0、8.1</td>
+ <td>CVE-2017-13199</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/base/+/42b2e419b48a26d2ba599d87e3a2a02c4aa625f4">
+ A-33846679</a></td>
+ <td>DoS</td>
+ <td>高</td>
+ <td>8.0、8.1</td>
</tr>
</tbody></table>
@@ -215,32 +238,38 @@ Android パートナーには、情報公開の少なくとも 1 か月前にす
<th>更新対象の AOSP バージョン</th>
</tr>
<tr>
- <td>CVE-2017-13208</td>
- <td>A-67474440</td>
- <td>RCE</td>
- <td>重大</td>
- <td>5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
+ <td>CVE-2017-13208</td>
+ <td><a href="https://android.googlesource.com/platform/system/core/+/b71335264a7c3629f80b7bf1f87375c75c42d868">
+ A-67474440</a></td>
+ <td>RCE</td>
+ <td>重大</td>
+ <td>5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
</tr>
<tr>
- <td>CVE-2017-13209</td>
- <td>A-68217907</td>
- <td>EoP</td>
- <td>高</td>
- <td>8.0、8.1</td>
+ <td>CVE-2017-13209</td>
+ <td><a href="https://android.googlesource.com/platform/system/libhidl/+/a4d0252ab5b6f6cc52a221538e1536c5b55c1fa7">
+ A-68217907</a>
+[<a href="https://android.googlesource.com/platform/system/tools/hidl/+/8539fc8ac94d5c92ef9df33675844ab294f68d61">2</a>]
+[<a href="https://android.googlesource.com/platform/system/hwservicemanager/+/e1b4a889e8b84f5c13b76333d4de90dbe102a0de">3</a>]</td>
+ <td>EoP</td>
+ <td>高</td>
+ <td>8.0、8.1</td>
</tr>
<tr>
- <td>CVE-2017-13210</td>
- <td>A-67782345</td>
- <td>EoP</td>
- <td>高</td>
- <td>5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
+ <td>CVE-2017-13210</td>
+ <td><a href="https://android.googlesource.com/platform/system/media/+/e770e378dc8e2320679272234285456ca2244a62">
+ A-67782345</a></td>
+ <td>EoP</td>
+ <td>高</td>
+ <td>5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
</tr>
<tr>
- <td>CVE-2017-13211</td>
- <td>A-65174158</td>
- <td>DoS</td>
- <td>高</td>
- <td>8.0</td>
+ <td>CVE-2017-13211</td>
+ <td><a href="https://android.googlesource.com/platform/system/bt/+/181144a50114c824cfe3cdfd695c11a074673a5e">
+ A-65174158</a></td>
+ <td>DoS</td>
+ <td>高</td>
+ <td>8.0</td>
</tr>
</tbody></table>
@@ -274,7 +303,7 @@ Android パートナーには、情報公開の少なくとも 1 か月前にす
</tbody></table>
<h3 id="kernel-components">カーネル コンポーネント</h3>
-<p>カーネル コンポーネントの最も重大な脆弱性は、悪意のあるローカルアプリによって特権プロセス内で任意のコードが実行されるおそれがあることです。</p>
+<p>カーネル コンポーネントに重大な脆弱性があるため、悪意のあるローカルアプリによって特権プロセス内で任意のコードが実行されるおそれがあります。</p>
<table>
<colgroup><col width="17%" />
@@ -319,7 +348,7 @@ Android パートナーには、情報公開の少なくとも 1 か月前にす
<td>A-68266545<a href="#asterisk">*</a></td>
<td>ID</td>
<td>高</td>
- <td>タイマー</td>
+ <td>高精度タイマー</td>
</tr>
</tbody></table>
@@ -373,32 +402,6 @@ Android パートナーには、情報公開の少なくとも 1 か月前にす
</tr>
</tbody></table>
-<h3 id="mediatek-components">MediaTek コンポーネント</h3>
-<p>MediaTek コンポーネントの最も重大な脆弱性は、悪意のあるローカルアプリによって特権プロセス内で任意のコードが実行されるおそれがあることです。</p>
-
-<table>
- <colgroup><col width="17%" />
- <col width="19%" />
- <col width="9%" />
- <col width="14%" />
- <col width="39%" />
- </colgroup><tbody><tr>
- <th>CVE</th>
- <th>参照</th>
- <th>タイプ</th>
- <th>重大度</th>
- <th>コンポーネント</th>
- </tr>
- <tr>
- <td>CVE-2017-13225</td>
- <td>A-38308024<a href="#asterisk">*</a><br />
- M-ALPS03495789</td>
- <td>EoP</td>
- <td>高</td>
- <td>MTK Media</td>
- </tr>
-</tbody></table>
-
<h3 id="nvidia-components">NVIDIA コンポーネント</h3>
<p>NVIDIA コンポーネントの最も重大な脆弱性は、悪意のあるローカルアプリによって特権プロセス内で任意のコードが実行されるおそれがあることです。</p>
@@ -550,10 +553,10 @@ QC-CR#2060780</a></td>
<li>[ro.build.version.security_patch]:[2018-01-05]</li>
</ul>
<p>
-<strong>2. この公開情報に 2 つのセキュリティ パッチ レベルがあるのはなぜですか?</strong>
+<strong>2. この公開情報に 2 つのセキュリティ パッチレベルがあるのはなぜですか?</strong>
</p>
<p>
-この公開情報では、2 つのセキュリティ パッチ レベルを定義しています。これは、すべての Android 搭載端末で同様の問題が発生する一部の脆弱性をサブセットとし、Android パートナーが迅速かつ柔軟に修正できるようにするためです。Android パートナーには、この公開情報に掲載されている問題をすべて修正し、最新のセキュリティ パッチレベルを使用することが推奨されています。
+この公開情報では、2 つのセキュリティ パッチレベルを定義しています。これは、すべての Android 搭載端末で同様の問題が発生する一部の脆弱性をサブセットとし、Android パートナーが迅速かつ柔軟に修正できるようにするためです。Android パートナーには、この公開情報に掲載されている問題をすべて修正し、最新のセキュリティ パッチレベルを使用することが推奨されています。
</p>
<ul>
<li>2018-01-01 のセキュリティ パッチレベルを使用する端末では、そのセキュリティ パッチレベルに関連するすべての問題と、それ以前のセキュリティに関する公開情報で報告されたすべての問題の修正を含める必要があります。</li>
@@ -563,10 +566,10 @@ QC-CR#2060780</a></td>
パートナーには、対処するすべての問題の修正を 1 つのアップデートにまとめて提供することが推奨されています。
</p>
<p id="type">
-<strong>3. 「タイプ」列の項目はどういう意味ですか?<em></em></strong>
+<strong>3. 「タイプ」<em></em>列の項目はどういう意味ですか?</strong>
</p>
<p>
-脆弱性の詳細の表で「タイプ」列に記載した項目は、セキュリティの脆弱性の分類を示しています。<em></em>
+脆弱性の詳細の表で「タイプ」<em></em>列に記載した項目は、セキュリティの脆弱性の分類を示しています。
</p>
<table>
<colgroup><col width="25%" />
@@ -592,15 +595,15 @@ QC-CR#2060780</a></td>
<td>サービス拒否</td>
</tr>
<tr>
- <td>N/A</td>
+ <td>なし</td>
<td>該当する分類なし</td>
</tr>
</tbody></table>
<p>
-<strong>4. 「参照」列の項目はどういう意味ですか?<em></em></strong>
+<strong>4. 「参照」<em></em>列の項目はどういう意味ですか?</strong>
</p>
<p>
-脆弱性の詳細の表で「参照」列に記載した項目には、その参照番号が属す組織を示す接頭辞を含めている場合があります。<em></em>
+脆弱性の詳細の表で「参照」<em></em>列に記載した項目には、その参照番号が属す組織を示す接頭辞を含めている場合があります。
</p>
<table>
<colgroup><col width="25%" />
@@ -631,10 +634,10 @@ QC-CR#2060780</a></td>
</tr>
</tbody></table>
<p id="asterisk">
-<strong>5. 「参照」列の Android バグ ID の横にある「*」はどういう意味ですか?<em></em></strong>
+<strong>5. 「参照」<em></em>列の Android バグ ID の横にある「*」はどういう意味ですか?</strong>
</p>
<p>
-公開されていない問題には、「参照」列の Android バグ ID の横に「*」を付けています。<em></em>この問題のアップデートは、通常、<a href="https://developers.google.com/android/nexus/drivers">Google デベロッパー サイト</a>から入手できる Nexus 端末用最新バイナリ ドライバに含まれています。
+公開されていない問題には、「参照」<em></em>列の Android バグ ID の横に「*」を付けています。この問題のアップデートは、通常、<a href="https://developers.google.com/android/nexus/drivers">Google デベロッパー サイト</a>から入手できる Nexus 端末用最新バイナリ ドライバに含まれています。
</p>
<p>
<strong>6. セキュリティの脆弱性が、この公開情報と端末やパートナーのセキュリティに関する公開情報(Pixel / Nexus のセキュリティに関する公開情報など)に分けられているのはなぜですか?</strong>
@@ -644,9 +647,9 @@ Android 搭載端末の最新のセキュリティ パッチレベルを宣言
</p>
<h2 id="versions">バージョン</h2>
<table>
- <colgroup><col width="25%" />
+ <colgroup><col width="15%" />
<col width="25%" />
- <col width="50%" />
+ <col width="60%" />
</colgroup><tbody><tr>
<th>バージョン</th>
<th>日付</th>
@@ -657,6 +660,20 @@ Android 搭載端末の最新のセキュリティ パッチレベルを宣言
<td>2018 年 1 月 2 日</td>
<td>情報公開</td>
</tr>
-</tbody></table>
+ <tr>
+ <td>1.1</td>
+ <td>2018 年 1 月 3 日</td>
+ <td>公開情報を更新し CVE-2017-13218 に関するお知らせを追加</td>
+ </tr>
+ <tr>
+ <td>1.2</td>
+ <td>2018 年 1 月 5 日</td>
+ <td>公開情報を改訂し AOSP リンクを追加</td>
+ </tr>
+ <tr>
+ <td>1.3</td>
+ <td>2018 年 1 月 29 日</td>
+ <td>CVE-2017-13225 を <a href="/security/bulletin/pixel/">Pixel / Nexus のセキュリティに関する公開情報</a>に移動</td>
+</tr></tbody></table>
</body></html> \ No newline at end of file
diff --git a/ja/security/bulletin/pixel/2017-10-01.html b/ja/security/bulletin/pixel/2017-10-01.html
index 44f5f2dc..fcad3ba0 100644
--- a/ja/security/bulletin/pixel/2017-10-01.html
+++ b/ja/security/bulletin/pixel/2017-10-01.html
@@ -161,7 +161,7 @@
<th>参照</th>
<th>タイプ</th>
<th>重大度</th>
- <th>更新された AOSP のバージョン</th>
+ <th>更新対象の AOSP バージョン</th>
</tr>
<tr>
<td>CVE-2017-0822</td>
@@ -554,7 +554,7 @@ QC-CR#2016076</a></td>
<td>サービス拒否</td>
</tr>
<tr>
- <td>N/A</td>
+ <td>なし</td>
<td>該当する分類なし</td>
</tr>
</tbody></table>
diff --git a/ja/security/bulletin/pixel/2018-03-01.html b/ja/security/bulletin/pixel/2018-03-01.html
new file mode 100644
index 00000000..73168b45
--- /dev/null
+++ b/ja/security/bulletin/pixel/2018-03-01.html
@@ -0,0 +1,653 @@
+<html devsite><head>
+ <title>Pixel  /  Nexus のセキュリティに関する公開情報 - 2018 年 3 月</title>
+ <meta name="project_path" value="/_project.yaml"/>
+ <meta name="book_path" value="/_book.yaml"/>
+ </head>
+ <body>
+ <!--
+ Copyright 2018 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ //www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<p><em>2018 年 3 月 5 日公開</em></p>
+
+<p>
+Pixel / Nexus のセキュリティに関する公開情報には、<a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">サポート対象の Google Pixel 端末と Nexus 端末</a>(Google 端末)に影響を与えるセキュリティの脆弱性や機能強化の詳細を掲載しています。Google 端末では、セキュリティ パッチレベル 2018-03-05 以降において、この公開情報に掲載されているすべての問題と、<a href="/security/bulletin/2018-03-01">2018 年 3 月の Android のセキュリティに関する公開情報</a>に掲載されているすべての問題に対処しています。端末のセキュリティ パッチレベルを確認する方法については、<a href="https://support.google.com/pixelphone/answer/4457705">Android のバージョンを確認して更新する</a>をご覧ください。</p>
+<p>
+パッチレベル 2018-03-05 へのアップデートは、サポート対象のすべての Google 端末に送信されます。ご利用の端末にこのアップデートを適用することをすべてのユーザーにおすすめします。
+</p>
+<p class="note">
+<strong>注:</strong> Google 端末のファームウェア イメージは、<a href="https://developers.google.com/android/nexus/images">Google デベロッパー サイト</a>で入手できます。
+</p>
+
+<h2 id="announcements">お知らせ</h2>
+<p><a href="/security/bulletin/2018-03-01">2018 年 3 月の Android のセキュリティに関する公開情報</a>に掲載されているセキュリティの脆弱性に加えて、Google 端末には、下記のセキュリティの脆弱性に対するパッチも含まれています。パートナーには少なくとも 1 か月前に下記の問題が通知されており、パートナーは端末のアップデートにこうしたパッチを組み込むことができます。</p>
+
+<h2 id="security-patches">セキュリティ パッチ</h2>
+<p>
+脆弱性は、影響を受けるコンポーネントごとに分類しています。問題の内容について説明し、CVE、関連する参照先、<a href="#type">脆弱性のタイプ</a>、<a href="https://source.android.com/security/overview/updates-resources.html#severity">重大度</a>、更新対象の AOSP(Android オープンソース プロジェクト)バージョン(該当する場合)を表にまとめています。該当する場合は、バグ ID の欄に、その問題に対処した一般公開されている変更(AOSP の変更の一覧など)へのリンクがあります。複数の変更が同じバグに関係する場合は、バグ ID の後に続く番号で、追加の参照先へのリンクを示します。
+</p>
+
+<h3 id="framework">フレームワーク</h3>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>参照</th>
+ <th>タイプ</th>
+ <th>重大度</th>
+ <th>更新対象の AOSP バージョン</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-13263</td>
+ <td>A-69383160</td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>8.0、8.1</td>
+ </tr>
+</tbody></table>
+
+<h3 id="media-framework">メディア フレームワーク</h3>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>参照</th>
+ <th>タイプ</th>
+ <th>重大度</th>
+ <th>更新対象の AOSP バージョン</th>
+ </tr>
+ <tr>
+ <td rowspan="2">CVE-2017-13264</td>
+ <td rowspan="2">A-70294343</td>
+ <td>NSI</td>
+ <td>NSI</td>
+ <td>7.0、7.1.1、7.1.2、8.0、8.1</td>
+ </tr>
+ <tr>
+ <td>DoS</td>
+ <td>高</td>
+ <td>6.0、6.0.1</td>
+ </tr>
+ <tr>
+ <td rowspan="2">CVE-2017-13254</td>
+ <td rowspan="2">A-70239507</td>
+ <td>NSI</td>
+ <td>NSI</td>
+ <td>7.0、7.1.1、7.1.2、8.0、8.1</td>
+ </tr>
+ <tr>
+ <td>DoS</td>
+ <td>高</td>
+ <td>5.1.1、6.0、6.0.1</td>
+ </tr>
+</tbody></table>
+
+<h3 id="system">システム</h3>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>参照</th>
+ <th>タイプ</th>
+ <th>重大度</th>
+ <th>更新対象の AOSP バージョン</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-13265</td>
+ <td>A-36232423</td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>7.0、7.1.1、7.1.2、8.0、8.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-13266</td>
+ <td>A-69478941</td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-13268</td>
+ <td>A-67058064</td>
+ <td>ID</td>
+ <td>中</td>
+ <td>5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-13269</td>
+ <td>A-68818034</td>
+ <td>ID</td>
+ <td>中</td>
+ <td>5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
+ </tr>
+</tbody></table>
+
+<h3 id="kernel-components">カーネル コンポーネント</h3>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>参照</th>
+ <th>タイプ</th>
+ <th>重大度</th>
+ <th>コンポーネント</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-5754</td>
+ <td>A-69856074<a href="#asterisk">*</a></td>
+ <td>ID</td>
+ <td>高</td>
+ <td>メモリ マッピング</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-13270</td>
+ <td>A-69474744<a href="#asterisk">*</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>Mnh_sm ドライバ</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-13271</td>
+ <td>A-69006799<a href="#asterisk">*</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>Mnh_sm ドライバ</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-16527</td>
+ <td>A-69051382<br />
+<a href="https://github.com/torvalds/linux/commit/124751d5e63c823092060074bd0abaae61aaa9c4">
+アップストリーム カーネル</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>USB サウンド ドライバ</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-15649</td>
+ <td>A-69160446<br />
+<a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=008ba2a13f2d04c947adc536d19debb8fe66f110">
+アップストリーム カーネル</a>
+[<a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4971613c1639d8e5f102c4e797c3bf8f83a5a69e">2</a>]</td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>ネットワーク ドライバ</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-1000111</td>
+ <td>A-68806121<br />
+<a href="http://patchwork.ozlabs.org/patch/800274/">アップストリーム カーネル</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>ネットワーク ドライバ</td>
+ </tr>
+</tbody></table>
+
+<h3 id="nvidia-components">NVIDIA コンポーネント</h3>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>参照</th>
+ <th>タイプ</th>
+ <th>重大度</th>
+ <th>コンポーネント</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-6287</td>
+ <td>A-64893264<a href="#asterisk">*</a><br />
+ N-CVE-2017-6287</td>
+ <td>ID</td>
+ <td>中</td>
+ <td>メディア フレームワーク</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-6285</td>
+ <td>A-64893156<a href="#asterisk">*</a><br />
+ N-CVE-2017-6285</td>
+ <td>ID</td>
+ <td>中</td>
+ <td>メディア フレームワーク</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-6288</td>
+ <td>A-65482562<a href="#asterisk">*</a><br />
+ N-CVE-2017-6288</td>
+ <td>ID</td>
+ <td>中</td>
+ <td>メディア フレームワーク</td>
+ </tr>
+</tbody></table>
+
+<h3 id="qualcomm-components">Qualcomm コンポーネント</h3>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>参照</th>
+ <th>タイプ</th>
+ <th>重大度</th>
+ <th>コンポーネント</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-18061</td>
+ <td>A-70237701<br />
+<a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=b65cf2a007e88fe86dbd6d3269682fc585a4130f">
+QC-CR#2117246</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>Wil6210</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18050</td>
+ <td>A-70237697<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=63b57442d65dfdb4b4634ff32059b1bca8c72fb7">
+QC-CR#2119443</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>Wma 管理</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18054</td>
+ <td>A-70237694<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=6eefc756612e39fab49ff719b3dc9b94def53396">
+QC-CR#2119432</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>Wma</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18055</td>
+ <td>A-70237693<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=50a0554d12cff58b3ffbd51d3194304244b87023">
+QC-CR#2119430</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>Wma</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18065</td>
+ <td>A-70237685<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=a8bc0f90ef49ea0aee90047a17772e4eebff259a">
+QC-CR#2113423</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>Wma</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18066</td>
+ <td>A-70235107<br />
+<a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=ff11f44c0c10c94170f03a8698f73f7e08b74625">
+QC-CR#2107976</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>電源ドライバ</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18062</td>
+ <td>A-68992451<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=d7927eb7c9c2d79a3e24cddd1e9447ab98bf6700">
+QC-CR#2115375</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>Wma</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-3561</td>
+ <td>A-68870904<a href="#asterisk">*</a><br />
+ QC-CR#2068569</td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>Diagchar</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-3560</td>
+ <td>A-68664502<a href="#asterisk">*</a><br />
+ QC-CR#2142216</td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>Qdsp6v2 サウンド ドライバ</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-15834</td>
+ <td>A-70237704<br />
+<a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=2e1b54e38f1516e70d9f6581c4f1ee935effb903">
+QC-CR#2111858</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>Diagchar</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-15833</td>
+ <td>A-70237702<br />
+<a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=51ce6aec73d80e1f1fcc9c7fa71e9c2fcbdbc0fd">
+QC-CR#2059835</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>電源ドライバ</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-15831</td>
+ <td>A-70237687<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=31e6a657320e4299c659e3d57d38a89afe8c1ce1">
+QC-CR#2114255</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>Wma</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-15830</td>
+ <td>A-70237719<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=8a7a2a9c5d203e3395811963061c79d3bc257ebe">
+QC-CR#2120725</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>sme ドライバ</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-14889</td>
+ <td>A-70237700<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=e11e9dc8298dc0632050cacce96e9652d017f755">
+QC-CR#2119803</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>Wma</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-14887</td>
+ <td>A-70237715<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=4ce28e7c85f89e2c3555ec840b6adda47bd5dab0">
+QC-CR#2119673</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-14879</td>
+ <td>A-63851638<a href="#asterisk">*</a><br />
+ QC-CR#2056307</td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>IPA</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-11082</td>
+ <td>A-66937387<br />
+<a href="https://www.codeaurora.org/gitweb/quic/la/?p=kernel/msm-3.10.git;a=commit;h=2d4f8cd8d11f8fb1491a20d7e316cc0fd03eeb59">
+QC-CR#2071560</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-11074</td>
+ <td>A-68940798<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=f5ae7b35c90f14b7e66b3a91d4fb247563a8a22b">
+QC-CR#2049138</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18052</td>
+ <td>A-70237712<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=c04c4870bd86a5f878553d7acf207388f3d6c3bd">
+QC-CR#2119439</a></td>
+ <td>ID</td>
+ <td>中</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18057</td>
+ <td>A-70237709<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=24d41d2bd3d98325b3800345f4ba27a334b3894b">
+QC-CR#2119403</a></td>
+ <td>ID</td>
+ <td>中</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18059</td>
+ <td>A-70237708<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=217705da7726002ffe61dad51a6c9cc97c52f649">
+QC-CR#2119399</a></td>
+ <td>ID</td>
+ <td>中</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18060</td>
+ <td>A-70237707<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=f3d81bd0b3cb992c214d94196b33168b02589c6b">
+QC-CR#2119394</a></td>
+ <td>ID</td>
+ <td>中</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18051</td>
+ <td>A-70237696<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=38fba6a9f6ca3c7bf0c4c1bd84fa2b89fbcaeb93">
+QC-CR#2119442</a></td>
+ <td>ID</td>
+ <td>中</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18053</td>
+ <td>A-70237695<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=da1c6e996ac7635c202296e31118f088f9427947">
+QC-CR#2119434</a></td>
+ <td>ID</td>
+ <td>中</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18058</td>
+ <td>A-70237690<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=d6d42a10d4abf09299cdfacdd8aed5c26731b5ff">
+QC-CR#2119401</a></td>
+ <td>ID</td>
+ <td>中</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-15855</td>
+ <td>A-38232131<a href="#asterisk">*</a><br />
+ QC-CR#2139514</td>
+ <td>ID</td>
+ <td>中</td>
+ <td>Camera_v2 ドライバ</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-15814</td>
+ <td>A-64836865<a href="#asterisk">*</a><br />
+ QC-CR#2092793</td>
+ <td>ID</td>
+ <td>中</td>
+ <td>Camera_v2 ドライバ</td>
+ </tr>
+</tbody></table>
+
+<h2 id="functional-updates">機能の更新</h2>
+<p>
+影響を受ける Pixel 端末には、Pixel 端末のセキュリティに関係しない機能の問題に対処する下記のアップデートが組み込まれています。関連する参照先、影響を受けるカテゴリ(Bluetooth やモバイルデータなど)、問題の概要を下記の表にまとめています。
+</p>
+
+<table>
+ <tbody><tr>
+ <th>参照</th>
+ <th>カテゴリ</th>
+ <th>改善内容</th>
+ <th>端末</th>
+ </tr>
+ <tr>
+ <td>A-70491468</td>
+ <td>パフォーマンス</td>
+ <td>指紋でのロック解除により画面復帰のパフォーマンスを向上</td>
+ <td>Pixel 2、Pixel 2 XL</td>
+ </tr>
+ <tr>
+ <td>A-69307875</td>
+ <td>オーディオ</td>
+ <td>動画を撮影する際のオーディオ性能を向上</td>
+ <td>Pixel 2 XL</td>
+ </tr>
+ <tr>
+ <td>A-70641186</td>
+ <td>レポート</td>
+ <td>クラッシュ レポートを改善</td>
+ <td>Pixel 2、Pixel 2 XL</td>
+ </tr>
+</tbody></table>
+
+<h2 id="common-questions-and-answers">一般的な質問と回答</h2>
+<p>
+上記の公開情報に対する一般的な質問について、以下で回答します。
+</p>
+<p>
+<strong>1. 上記の問題に対処するように端末が更新されているかどうかを確かめるには、どうすればよいですか?
+</strong>
+</p>
+<p>
+セキュリティ パッチレベル 2018-03-05 以降では、セキュリティ パッチレベル 2018-03-05、およびそれ以前のすべてのパッチレベルに関連するすべての問題に対処しています。端末のセキュリティ パッチレベルを確認する方法については、<a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel および Nexus のアップデート スケジュール</a>に記載されている手順をご覧ください。
+</p>
+<p id="type">
+<strong>2. 「タイプ」<em></em>列の項目はどういう意味ですか?</strong>
+</p>
+<p>
+脆弱性の詳細の表で「タイプ」<em></em>列に記載した項目は、セキュリティの脆弱性の分類を示しています。
+</p>
+<table>
+ <colgroup><col width="25%" />
+ <col width="75%" />
+ </colgroup><tbody><tr>
+ <th>略語</th>
+ <th>定義</th>
+ </tr>
+ <tr>
+ <td>RCE</td>
+ <td>リモートコード実行</td>
+ </tr>
+ <tr>
+ <td>EoP</td>
+ <td>権限昇格</td>
+ </tr>
+ <tr>
+ <td>ID</td>
+ <td>情報開示</td>
+ </tr>
+ <tr>
+ <td>DoS</td>
+ <td>サービス拒否</td>
+ </tr>
+ <tr>
+ <td>なし</td>
+ <td>該当する分類なし</td>
+ </tr>
+</tbody></table>
+<p>
+<strong>3. 「参照」<em></em>列の項目はどういう意味ですか?</strong>
+</p>
+<p>
+脆弱性の詳細の表で「参照」<em></em>列に記載した項目には、その参照番号が属す組織を示す接頭辞を含めている場合があります。
+</p>
+<table>
+ <colgroup><col width="25%" />
+ <col width="75%" />
+ </colgroup><tbody><tr>
+ <th>接頭辞</th>
+ <th>参照</th>
+ </tr>
+ <tr>
+ <td>A-</td>
+ <td>Android バグ ID</td>
+ </tr>
+ <tr>
+ <td>QC-</td>
+ <td>Qualcomm の参照番号</td>
+ </tr>
+ <tr>
+ <td>M-</td>
+ <td>MediaTek の参照番号</td>
+ </tr>
+ <tr>
+ <td>N-</td>
+ <td>NVIDIA の参照番号</td>
+ </tr>
+ <tr>
+ <td>B-</td>
+ <td>Broadcom の参照番号</td>
+ </tr>
+</tbody></table>
+<p id="asterisk">
+<strong>4. 「参照」<em></em>列の Android バグ ID の横にある「*」はどういう意味ですか?</strong>
+</p>
+<p>
+公開されていない問題には、「参照」<em></em>列の Android バグ ID の横に「*」を付けています。この問題のアップデートは、通常、<a href="https://developers.google.com/android/nexus/drivers">Google デベロッパー サイト</a>から入手できる Nexus 端末用最新バイナリ ドライバに含まれています。
+</p>
+<p>
+<strong>5. セキュリティの脆弱性が、この公開情報と Android のセキュリティに関する公開情報に分けられているのはなぜですか?</strong>
+</p>
+<p>
+Android 搭載端末の最新のセキュリティ パッチレベルを宣言するためには、Android のセキュリティに関する公開情報に掲載されているセキュリティの脆弱性への対処が必要です。それ以外の、この公開情報などに掲載されているセキュリティの脆弱性への対処は必要ありません。
+</p>
+<h2 id="versions">バージョン</h2>
+<table>
+ <colgroup><col width="25%" />
+ <col width="25%" />
+ <col width="50%" />
+ </colgroup><tbody><tr>
+ <th>バージョン</th>
+ <th>日付</th>
+ <th>メモ</th>
+ </tr>
+ <tr>
+ <td>1.0</td>
+ <td>2018 年 3 月 5 日</td>
+ <td>情報公開</td>
+ </tr>
+</tbody></table>
+
+</body></html> \ No newline at end of file
diff --git a/ja/security/bulletin/pixel/2018.html b/ja/security/bulletin/pixel/2018.html
index d86a4973..0fbbff3a 100644
--- a/ja/security/bulletin/pixel/2018.html
+++ b/ja/security/bulletin/pixel/2018.html
@@ -34,17 +34,43 @@
<th>セキュリティ パッチレベル</th>
</tr>
<tr>
- <td><a href="/security/bulletin/pixel/2018-01-01.html">2018 年 1 月</a></td>
+ <td><a href="/security/bulletin/pixel/2018-03-01.html">2018 年 3 月</a></td>
<td>準備中
<!--
- <a href="/security/bulletin/pixel/2018-01-01.html">English</a>&nbsp;/
- <a href="/security/bulletin/pixel/2018-01-01.html?hl=ja">日本語</a>&nbsp;/
- <a href="/security/bulletin/pixel/2018-01-01.html?hl=ko">한국어</a>&nbsp;/
- <a href="/security/bulletin/pixel/2018-01-01.html?hl=ru">ру́сский</a>&nbsp;/
- <a href="/security/bulletin/pixel/2018-01-01.html?hl=zh-cn">中文&nbsp;(中国)</a>&nbsp;/
- <a href="/security/bulletin/pixel/2018-01-01.html?hl=zh-tw">中文&nbsp;(台灣)</a>
+ <a href="/security/bulletin/pixel/2018-03-01.html">English</a>&nbsp;/
+ <a href="/security/bulletin/pixel/2018-03-01.html?hl=ja">日本語</a>&nbsp;/
+ <a href="/security/bulletin/pixel/2018-03-01.html?hl=ko">한국어</a>&nbsp;/
+ <a href="/security/bulletin/pixel/2018-03-01.html?hl=ru">ру́сский</a>&nbsp;/
+ <a href="/security/bulletin/pixel/2018-03-01.html?hl=zh-cn">中文&nbsp;(中国)</a>&nbsp;/
+ <a href="/security/bulletin/pixel/2018-03-01.html?hl=zh-tw">中文&nbsp;(台灣)</a>
-->
</td>
+ <td>2018 年 3 月</td>
+ <td>2018-03-05</td>
+ </tr>
+ <tr>
+ <td><a href="/security/bulletin/pixel/2018-02-01.html">2018 年 2 月</a></td>
+ <td>
+ <a href="/security/bulletin/pixel/2018-02-01.html">英語</a> /
+ <a href="/security/bulletin/pixel/2018-02-01.html?hl=ja">日本語</a> /
+ <a href="/security/bulletin/pixel/2018-02-01.html?hl=ko">한국어</a> /
+ <a href="/security/bulletin/pixel/2018-02-01.html?hl=ru">ру́сский</a> /
+ <a href="/security/bulletin/pixel/2018-02-01.html?hl=zh-cn">中文(中国)</a> /
+ <a href="/security/bulletin/pixel/2018-02-01.html?hl=zh-tw">中文(台灣)</a>
+ </td>
+ <td>2018 年 2 月</td>
+ <td>2018-02-05</td>
+ </tr>
+ <tr>
+ <td><a href="/security/bulletin/pixel/2018-01-01.html">2018 年 1 月</a></td>
+ <td>
+ <a href="/security/bulletin/pixel/2018-01-01.html">英語</a> /
+ <a href="/security/bulletin/pixel/2018-01-01.html?hl=ja">日本語</a> /
+ <a href="/security/bulletin/pixel/2018-01-01.html?hl=ko">한국어</a> /
+ <a href="/security/bulletin/pixel/2018-01-01.html?hl=ru">ру́сский</a> /
+ <a href="/security/bulletin/pixel/2018-01-01.html?hl=zh-cn">中文(中国)</a> /
+ <a href="/security/bulletin/pixel/2018-01-01.html?hl=zh-tw">中文(台灣)</a>
+ </td>
<td>2018 年 1 月</td>
<td>2018-01-05</td>
</tr>
diff --git a/ko/security/bulletin/2015-08-01.html b/ko/security/bulletin/2015-08-01.html
index 59c91a88..c3964d1e 100644
--- a/ko/security/bulletin/2015-08-01.html
+++ b/ko/security/bulletin/2015-08-01.html
@@ -27,13 +27,13 @@
Nexus 펌웨어 이미지도 <a href="https://developers.google.com/android/nexus/images">Google 개발자 사이트</a>에 출시되었습니다. 빌드 LMY48I 이상에서 다음 문제가 해결됩니다. 이 문제에 관한 알림은 2015년 6월 25일 이전에
파트너에게 전달되었습니다.</p>
-<p>이 중 가장 심각한 문제는 미디어 파일을 처리할 때 이메일과
+<p>이 중 가장 심각한 문제는 미디어 파일을 처리할 때 이메일,
웹 탐색, MMS 등 여러 방법을 통해 대상 기기에서 원격으로 코드를
실행할 수 있게 하는 심각한 보안 취약성입니다. <a href="/security/overview/updates-resources.html#severity">심각도
평가</a>는
개발 목적으로 플랫폼 및 서비스 완화가 사용 중지되어 있거나
-우회되는 경우 취약성 악용으로 인해 대상 기기가
-받는 영향을 기준으로 내려집니다.</p>
+우회에 성공한 경우 취약성 악용으로 인해 대상 기기가
+받을 수 있는 영향을 기준으로 내려집니다.</p>
<h2 id="mitigations">완화</h2>
@@ -48,12 +48,12 @@ Android에서 보안 취약성이 악용될 가능성을 줄일 수
</li><li> Android 보안팀에서는 유해할 수 있는 애플리케이션이 설치될 때
경고를 보내는 앱 인증 및 SafetyNet을 사용하여 악용사례를 적극적으로
모니터링합니다. Google Play 내에서 기기 루팅 도구는 금지되어 있습니다. Google Play
-외부에서 애플리케이션을 설치하는 사용자를 보호하기 위해 앱 인증이
+외부에서 가져온 애플리케이션을 설치하는 사용자를 보호하기 위해 앱 인증이
기본적으로 사용 설정되며 알려진 루팅 애플리케이션이 감지되면 경고를 표시합니다. 앱
인증에서는 권한 승격 취약성을 악용하는 것으로 알려진 악성 애플리케이션을
식별하고 차단합니다. 이러한 애플리케이션이
이미 설치된 경우 앱 인증에서 사용자에게 이를 알리고
-애플리케이션 삭제하려고 시도합니다.
+애플리케이션 삭제를 시도합니다.
</li><li> Google 행아웃과 메신저 애플리케이션이 미디어 서버와 같은
취약한 프로세스에 미디어를 자동으로 전달하지 않도록
업데이트되었습니다.
@@ -77,7 +77,7 @@ Android에서 보안 취약성이 악용될 가능성을 줄일 수
</li><li> Artem Chaykin: CVE-2015-3843
</li></ul>
-<p>*Wish는 <a href="https://www.google.com/about/appsecurity/android-rewards/">Android 보안 리워드</a>의 최초 수혜자이기도 합니다.</p>
+<p>*Wish는 <a href="https://www.google.com/about/appsecurity/android-rewards/">Android 보안 리워드</a>의 최초 수상자입니다.</p>
<h3 id="integer_overflows_during_mp4_atom_processing">MP4 Atom 처리 중 정수 오버플로우</h3>
@@ -92,11 +92,11 @@ Android에서 보안 취약성이 악용될 가능성을 줄일 수
<p>이 문제는 원격 코드를 권한 있는 미디어 서버 서비스로 실행할
가능성이 있으므로 심각도 심각으로 평가됩니다. 미디어 서버는
SELinux로 보호되지만 오디오 및 동영상 스트림뿐 아니라 다양한 기기에서
-타사 앱이 일반적으로 액세스할 수 없는 권한 있는 커널 드라이버 기기 노드에
-액세스할 수 있습니다. 이 문제는 이전에 심각도 평가 가이드라인에
-따라 심각도 높음 취약성으로 평가되었으며 파트너에 그렇게
-보고되었습니다. 하지만 2015년 6월에 게시된 새로운 가이드라인에 따르면
-이 문제의 심각도는 심각입니다.</p>
+타사 앱이 일반적으로 액세스할 수 없는 권한 있는 커널 드라이버
+기기 노드에 액세스할 수 있습니다. 이 문제는 이전의 심각도 평가
+가이드라인에 따라 심각도 높음 취약성으로 평가되었으며 파트너에
+그렇게 보고되었습니다. 하지만 2015년 6월에 게시된 새로운
+가이드라인에 따르면 이 문제의 심각도는 심각입니다.</p>
<table>
<tbody><tr>
<th>CVE</th>
@@ -125,11 +125,11 @@ SELinux로 보호되지만 오디오 및 동영상 스트림뿐 아니라 다양
<p>이 문제는 원격 코드를 권한 있는 미디어 서버 서비스로 실행할
가능성이 있으므로 심각도 심각으로 평가됩니다. 미디어 서버는
SELinux로 보호되지만 오디오 및 동영상 스트림뿐 아니라 다양한 기기에서
-타사 앱이 일반적으로 액세스할 수 없는 권한 있는 커널 드라이버 기기 노드에
-액세스할 수 있습니다. 이 문제는 이전에 심각도 평가 가이드라인에
-따라 심각도 높음 취약성으로 평가되었으며 파트너에 그렇게
-보고되었습니다. 하지만 2015년 6월에 게시된 새로운 가이드라인에 따르면
-이 문제의 심각도는 심각입니다.</p>
+타사 앱이 일반적으로 액세스할 수 없는 권한 있는 커널 드라이버
+기기 노드에 액세스할 수 있습니다. 이 문제는 이전의 심각도 평가
+가이드라인에 따라 심각도 높음 취약성으로 평가되었으며 파트너에
+그렇게 보고되었습니다. 하지만 2015년 6월에 게시된 새로운
+가이드라인에 따르면 이 문제의 심각도는 심각입니다.</p>
<table>
<tbody><tr>
<th>CVE</th>
@@ -161,9 +161,9 @@ SELinux로 보호되지만 오디오 및 동영상 스트림뿐 아니라 다양
타사 앱이 일반적으로 액세스할 수 없는 권한 있는 커널 드라이버 기기 노드에
액세스할 수 있습니다.</p>
-<p>이 문제는 이전에 심각도 평가 가이드라인에 따라 심각도 높음 취약성으로
-평가되었으며 파트너에 그렇게 보고되었습니다. 하지만 2015년 6월에
-게시된 새로운 가이드라인에 따르면 이 문제의 심각도는 심각입니다.</p>
+<p>이 문제는 이전의 심각도 평가 가이드라인에 따라 심각도 높음 취약성으로
+평가되었으며 파트너에 그렇게 보고되었습니다. 하지만 2015년 6월에 게시된
+새로운 가이드라인에 따르면 이 문제의 심각도는 심각입니다.</p>
<table>
<tbody><tr>
<th>CVE</th>
@@ -195,7 +195,7 @@ SELinux로 보호되지만 오디오 및 동영상 스트림뿐 아니라 다양
타사 앱이 일반적으로 액세스할 수 없는 권한 있는 커널 드라이버 기기 노드에
액세스할 수 있습니다.</p>
-<p>이 문제는 이전에 심각도 평가 가이드라인에 따라 심각도 높음 취약성으로
+<p>이 문제는 이전의 심각도 평가 가이드라인에 따라 심각도 높음 취약성으로
평가되었으며 파트너에 그렇게 보고되었습니다. 하지만 2015년 6월에 게시된
새로운 가이드라인에 따르면 이 문제의 심각도는 심각입니다.</p>
<table>
@@ -227,11 +227,11 @@ SELinux로 보호되지만 오디오 및 동영상 스트림뿐 아니라 다양
<p>이 문제는 원격 코드를 권한 있는 미디어 서버 서비스로 실행할
가능성이 있으므로 심각도 심각으로 평가됩니다. 미디어 서버는
SELinux로 보호되지만 오디오 및 동영상 스트림뿐 아니라 다양한 기기에서
-타사 앱이 일반적으로 액세스할 수 없는 권한 있는 커널 드라이버 기기 노드에
-액세스할 수 있습니다. 이 문제는 이전에 심각도 평가 가이드라인에
-따라 심각도 높음 취약성으로 평가되었으며 파트너에 그렇게
-보고되었습니다. 하지만 2015년 6월에 게시된 새로운 가이드라인에 따르면
-이 문제의 심각도는 심각입니다.</p>
+타사 앱이 일반적으로 액세스할 수 없는 권한 있는 커널 드라이버
+기기 노드에 액세스할 수 있습니다. 이 문제는 이전의 심각도 평가
+가이드라인에 따라 심각도 높음 취약성으로 평가되었으며 파트너에
+그렇게 보고되었습니다. 하지만 2015년 6월에 게시된 새로운
+가이드라인에 따르면 이 문제의 심각도는 심각입니다.</p>
<table>
<tbody><tr>
<th>CVE</th>
@@ -262,7 +262,7 @@ libstagefright의 정수 오버플로우</h3>
가능성이 있으므로 심각도 심각으로 평가됩니다. 미디어 서버는
SELinux로 보호되지만 오디오 및 동영상 스트림뿐 아니라 다양한 기기에서
타사 앱이 일반적으로 액세스할 수 없는 권한 있는 커널 드라이버
-기기 노드에 액세스할 수 있습니다. 이 문제는 이전에 심각도 평가
+기기 노드에 액세스할 수 있습니다. 이 문제는 이전의 심각도 평가
가이드라인에 따라 심각도 높음 취약성으로 평가되었으며 파트너에
그렇게 보고되었습니다. 하지만 2015년 6월에 게시된 새로운
가이드라인에 따르면 이 문제의 심각도는 심각입니다.</p>
@@ -283,7 +283,7 @@ SELinux로 보호되지만 오디오 및 동영상 스트림뿐 아니라 다양
<h3 id="buffer_overflow_in_sonivox_parse_wave">Sonivox Parse_wave의 버퍼 오버플로우</h3>
-<p>Sonivox에 XMF 데이터가 처리되는 동안 메모리 손상을 일으키고
+<p>Sonivox에 XMF 데이터를 처리하는 중 메모리 손상을 일으키고
원격 코드를 미디어 서버 프로세스로 실행할 수 있게 하는
버퍼 오버플로우 가능성이 있습니다.</p>
@@ -295,7 +295,7 @@ SELinux로 보호되지만 오디오 및 동영상 스트림뿐 아니라 다양
가능성이 있으므로 심각도 심각으로 평가됩니다. 미디어 서버는
SELinux로 보호되지만 오디오 및 동영상 스트림뿐 아니라 다양한 기기에서
타사 앱이 일반적으로 액세스할 수 없는 권한 있는 커널 드라이버
-기기 노드에 액세스할 수 있습니다. 이 문제는 이전에 심각도 평가
+기기 노드에 액세스할 수 있습니다. 이 문제는 이전의 심각도 평가
가이드라인에 따라 심각도 높음 취약성으로 평가되었으며 파트너에
그렇게 보고되었습니다. 하지만 2015년 6월에 게시된 새로운
가이드라인에 따르면 이 문제의 심각도는 심각입니다.</p>
@@ -331,7 +331,7 @@ SELinux로 보호되지만 오디오 및 동영상 스트림뿐 아니라 다양
기기 노드에 액세스할 수 있습니다.</p>
<p>처음에 이 문제는 원격으로 액세스할 수 없는 로컬 악용으로 보고되었습니다.
-이 문제는 이전에 심각도 평가 가이드라인에 따라 심각도 보통 취약성으로
+이 문제는 이전의 심각도 평가 가이드라인에 따라 심각도 보통 취약성으로
평가되었으며 파트너에 그렇게 보고되었습니다. 하지만 2015년 6월에
게시된 새로운 가이드라인에 따르면 이 문제의 심각도는 심각입니다.</p>
<table>
@@ -483,7 +483,7 @@ SELinux로 보호되지만 오디오 및 동영상 스트림뿐 아니라 다양
타사 앱이 일반적으로 액세스할 수 없는 권한 있는 커널 드라이버 기기 노드에
액세스할 수 있습니다.</p>
-<p>이 문제는 이전에 심각도 평가 가이드라인에 따라 심각도 보통 취약성으로
+<p>이 문제는 이전의 심각도 평가 가이드라인에 따라 심각도 보통 취약성으로
평가되었으며 파트너에 그렇게 보고되었습니다. 하지만 2015년 6월에
게시된 새로운 가이드라인에 따르면 이 문제는 심각도 높음 취약성입니다.</p>
<table>
@@ -513,7 +513,7 @@ SELinux로 보호되지만 오디오 및 동영상 스트림뿐 아니라 다양
타사 앱이 일반적으로 액세스할 수 없는 권한 있는 커널 드라이버 기기 노드에
액세스할 수 있습니다.</p>
-<p>이 문제는 이전에 심각도 평가 가이드라인에 따라 심각도 보통 취약성으로
+<p>이 문제는 이전의 심각도 평가 가이드라인에 따라 심각도 보통 취약성으로
평가되었으며 파트너에 그렇게 보고되었습니다. 하지만 2015년 6월에
게시된 새로운 가이드라인에 따르면 이 문제는 심각도 높음 취약성입니다.</p>
<table>
diff --git a/ko/security/bulletin/2015-12-01.html b/ko/security/bulletin/2015-12-01.html
index 9c9c6601..7a2b7f3a 100644
--- a/ko/security/bulletin/2015-12-01.html
+++ b/ko/security/bulletin/2015-12-01.html
@@ -42,8 +42,8 @@ Android 6.0에서 문제가 해결되었습니다. 자세한 내용은 <a href="
기준으로 내려집니다.</p>
<p>실제 고객이 새로 보고된 이러한 문제로 인해 악용당했다는 신고는
-접수되지 않았습니다. SafetyNet과 같이 Android 플랫폼의 보안을 개선하는 <a href="/security/enhancements/index.html">Android 보안 플랫폼 보호</a> 및 서비스 보호 기능에 대해 자세히 알아보려면 <a href="#mitigations">완화</a>
-섹션을 참조하세요. 모든 고객은 기기에서 이 업데이트를 수락하는 것이
+접수되지 않았습니다. SafetyNet과 같이 Android 플랫폼의 보안을 개선하는 <a href="/security/enhancements/index.html">Android 보안 플랫폼 보호</a> 및 서비스 보호 기능에 관해 자세히 알아보려면
+<a href="#mitigations">완화</a> 섹션을 참조하세요. 모든 고객은 기기에서 이 업데이트를 수락하는 것이
좋습니다.</p>
<h2 id="mitigations">완화</h2>
@@ -54,17 +54,17 @@ Android에서 보안 취약성이 악용될 가능성을 줄일 수
<ul>
<li> Android 플랫폼 최신 버전의 향상된 기능으로 Android의 여러 문제를
-악용하기 더욱 어려워졌습니다. 가능한 경우 모든 사용자는
-Android 최신 버전으로 업데이트하는 것이 좋습니다.</li>
+악용하기 더욱 어려워졌습니다. 가능하다면 모든 사용자는 최신 버전의 Android로
+업데이트하는 것이 좋습니다.</li>
<li> Android 보안팀에서는 유해할 수 있는 애플리케이션이 설치될 때
경고를 보내는 앱 인증 및 SafetyNet을 사용하여 악용사례를 적극적으로
모니터링합니다. Google Play 내에서 기기 루팅 도구는 금지되어 있습니다. Google Play
외부에서 애플리케이션을 설치하는 사용자를 보호하기 위해 앱 인증이
-기본적으로 사용 설정되며 알려진 루팅 애플리케이션이 감지되면 경고를 표시합니다. 앱 인증은
-권한 승격 취약성을 악용하는 것으로 알려진 악성 애플리케이션을
-식별하고 차단합니다. 이러한
-애플리케이션이 이미 설치된 경우 앱 인증에서 사용자에게
-이를 알리고 애플리케이션 삭제를 시도합니다.</li>
+기본적으로 사용 설정되며 알려진 루팅 애플리케이션이 감지되면 경고를 표시합니다. 앱
+인증에서는 권한 승격 취약성을 악용하는 것으로 알려진 악성 애플리케이션을
+식별하고 차단합니다. 이러한 애플리케이션이
+이미 설치된 경우 앱 인증에서 사용자에게 이를 알리고
+애플리케이션 삭제를 시도합니다.</li>
<li> Google 행아웃과 메신저 애플리케이션은 미디어 서버와 같은 프로세스에
미디어를 자동으로 전달하지 않습니다.</li>
</ul>
@@ -78,12 +78,12 @@ Android 최신 버전으로 업데이트하는 것이 좋습니다.</li>
Barbella: CVE-2015-6616, CVE-2015-6617, CVE-2015-6623, CVE-2015-6626,
CVE-2015-6619, CVE-2015-6633, CVE-2015-6634
</li><li> <a href="http://k33nteam.org/">KeenTeam</a>(<a href="https://twitter.com/k33nteam">@K33nTeam</a>)의 Flanker(<a href="https://twitter.com/flanker_hqd">@flanker_hqd</a>): CVE-2015-6620
- </li><li> <a href="http://www.360.cn">Qihoo 360 Technology Co.Ltd</a>의 Guang Gong(龚广)(<a href="https://twitter.com/oldfresher">@oldfresher</a>, higongguang@gmail.com): CVE-2015-6626
+ </li><li> <a href="http://www.360.cn">Qihoo 360 Technology Co.Ltd</a>의 Guang Gong(龚广)(<a href="https://twitter.com/oldfresher">@oldfresher</a>, higongguang@gmail.com) of : CVE-2015-6626
</li><li> EmberMitre Ltd의 Mark Carter(<a href="https://twitter.com/hanpingchinese">@hanpingchinese</a>): CVE-2015-6630
</li><li> Michał Bednarski(<a href="https://github.com/michalbednarski">https://github.com/michalbednarski</a>): CVE-2015-6621
</li><li> Google Project Zero의 Natalie Silvanovich: CVE-2015-6616
</li><li> Trend Micro의 Peter Pi: CVE-2015-6616, CVE-2015-6628
- </li><li> <a href="http://k33nteam.org/">KeenTeam</a>(<a href="https://twitter.com/k33nteam">@K33nTeam</a>)의 Qidan He(<a href="https://twitter.com/flanker_hqd">@flanker_hqd</a>), Marco Grassi(<a href="https://twitter.com/marcograss">@marcograss</a>): CVE-2015-6622
+ </li><li> <a href="http://k33nteam.org/">KeenTeam</a>(<a href="https://twitter.com/k33nteam">@K33nTeam</a>)의 Qidan He(<a href="https://twitter.com/flanker_hqd">@flanker_hqd</a>), Marco Grassi (<a href="https://twitter.com/marcograss">@marcograss</a>): CVE-2015-6622
</li><li> Tzu-Yin(Nina) Tai: CVE-2015-6627
</li><li> 아르헨티나 부에노스아이레스 Fundación Dr. Manuel Sadosky,
Programa STIC의 Joaquín Rinaudo(<a href="https://twitter.com/xeroxnir">@xeroxnir</a>): CVE-2015-6631
@@ -275,9 +275,9 @@ libstagefright의 권한 승격 취약성</h3>
<p>libstagefright에 로컬 악성 애플리케이션이 미디어 서버
서비스에서 임의의 코드를 실행할 수 있게 하는 여러
-취약성이 있습니다. 이 문제는 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">서명</a> 또는 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a>
-권한과 같이 타사 애플리케이션이 액세스할 수 없는 승격된 권한을 부여하는 데
-사용될 수 있으므로 심각도 높음으로 평가됩니다.</p>
+취약성이 있습니다. 이 문제는 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">서명</a> 또는 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> 권한과 같이
+타사 애플리케이션이 액세스할 수 없는 승격된 권한을 부여하는 데 사용될 수 있으므로
+심각도 높음으로 평가됩니다.</p>
<table>
<tbody><tr>
<th>CVE</th>
@@ -306,9 +306,9 @@ SystemUI의 권한 승격 취약성</h3>
<p>시계 애플리케이션을 사용하여 알람을 설정할 때 SystemUI 구성요소의
취약성이 승격된 권한 수준에서 애플리케이션의 작업 수행을 허용할 수
-있습니다. 이 문제는 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">서명</a> 또는 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a>
-권한과 같이 타사 애플리케이션이 액세스할 수 없는 승격된 권한을 부여하는 데
-사용될 수 있으므로 심각도 높음으로 평가됩니다.</p>
+있습니다. 이 문제는 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">서명</a> 또는 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> 권한과 같이
+타사 애플리케이션이 액세스할 수 없는 승격된 권한을 부여하는 데 사용될 수 있으므로
+심각도 높음으로 평가됩니다.</p>
<table>
<tbody><tr>
<th>CVE</th>
@@ -331,7 +331,8 @@ SystemUI의 권한 승격 취약성</h3>
<p>Android 기본 프레임워크 라이브러리의 정보 공개 취약성으로 인해
공격자가 플랫폼을 악용하기 어렵도록 마련된 보안 장치를
우회할 수 있습니다. 이 문제는 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">서명</a> 또는 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> 권한과 같이
-타사 애플리케이션이 액세스할 수 없는 승격된 권한을 부여하는 데 사용될 수 있으므로 심각도 높음으로 평가됩니다.</p>
+타사 애플리케이션이 액세스할 수 없는 승격된 권한을 부여하는 데 사용될 수 있으므로
+심각도 높음으로 평가됩니다.</p>
<table>
<tbody><tr>
<th>CVE</th>
@@ -400,9 +401,9 @@ libstagefright의 정보 공개 취약성</h3>
<p>미디어 서버와 통신할 때 공격자가 플랫폼을 악용하기
어렵도록 마련된 보안 장치를 우회할 수 있게 하는
-libstagefright의 정보 공개 취약성이 있습니다. 이 문제는
-<a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">서명</a> 또는 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> 권한과 같이
-타사 애플리케이션이 액세스할 수 없는 승격된 권한을 부여하는 데 사용될 수 있으므로 심각도 높음으로 평가됩니다.</p>
+libstagefright의 정보 공개 취약성이 있습니다. 이 문제는 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">서명</a> 또는
+<a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> 권한과 같이 타사 애플리케이션이 액세스할 수 없는
+승격된 권한을 부여하는 데 사용될 수 있으므로 심각도 높음으로 평가됩니다.</p>
<table>
<tbody><tr>
<th>CVE</th>
@@ -462,8 +463,8 @@ libstagefright의 정보 공개 취약성이 있습니다. 이 문제는
<p>미디어 서버와 통신할 때 공격자가 플랫폼을 악용하기
어렵도록 마련된 보안 장치를 우회할 수 있게 하는
-미디어 프레임워크의 정보 공개 취약성이 있습니다. 이 문제는
-<a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">서명</a> 또는 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> 권한과 같이 타사 애플리케이션이 액세스할 수 없는
+미디어 프레임워크의 정보 공개 취약성이 있습니다. 이 문제는 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">서명</a>
+또는 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> 권한과 같이 타사 애플리케이션이 액세스할 수 없는
승격된 권한을 부여하는 데 사용될 수 있으므로 심각도 높음으로 평가됩니다.</p>
<table>
<tbody><tr>
@@ -484,9 +485,9 @@ libstagefright의 정보 공개 취약성이 있습니다. 이 문제는
<h3 id="information_disclosure_vulnerability_in_wi-fi">Wi-Fi의 정보 공개 취약성</h3>
-<p>Wi-Fi 구성요소의 취약성으로 공격자가 Wi-Fi 서비스 정보 공개를 유발할 수 있습니다. 이 문제는 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">서명</a> 또는 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a>
-권한과 같이 타사 애플리케이션이 액세스할 수 없는 승격된 권한을 부여하는 데 사용될 수 있으므로 심각도 높음으로
-평가됩니다.</p>
+<p>Wi-Fi 구성요소의 취약성으로 공격자가 Wi-Fi 서비스 정보 공개를 유발할 수 있습니다. 이 문제는 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">서명</a>
+또는 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> 권한과 같이 타사 애플리케이션이 액세스할 수 없는 승격된 권한을 부여하는 데 사용될 수 있으므로
+심각도 높음으로 평가됩니다.</p>
<table>
<tbody><tr>
<th>CVE</th>
diff --git a/ko/security/bulletin/2016-06-01.html b/ko/security/bulletin/2016-06-01.html
index d2236553..af04d739 100644
--- a/ko/security/bulletin/2016-06-01.html
+++ b/ko/security/bulletin/2016-06-01.html
@@ -45,10 +45,10 @@ Nexus 도움말</a>을 참조하세요.</p>
<p>실제 고객이 새로 보고된 이러한 문제로 인해 악용당했다는 신고는
접수되지 않았습니다. SafetyNet과 같이
-Android 플랫폼의 보안을 개선하는 <a href="/security/enhancements/index.html">Android
+Android 플랫폼의 보안을 개선하는 <a href="/security/enhancements/index.html">Android 보안 플랫폼 보호</a> 및
-보안 플랫폼 보호</a> 및 서비스 보호 기능에 관해 자세히 알아보려면
-<a href="#mitigations">Android 및 Google 서비스 완화</a> 섹션을 참조하세요.</p>
+서비스 보호 기능에 관해 자세히 알아보려면 <a href="#mitigations">
+Android 및 Google 서비스 완화</a> 섹션을 참조하세요.</p>
<p>모든 고객은 기기에서 이 업데이트를 수락하는 것이 좋습니다.</p>
@@ -87,7 +87,7 @@ Android 플랫폼의 보안을 개선하는 <a href="/security/enhancements/inde
<ul>
<li> Tencent KeenLab(<a href="https://twitter.com/keen_lab">@keen_lab</a>)의
- Di Shen(<a href="https://twitter.com/returnsme">@returnsme</a>): CVE-2016-2468
+Di Shen (<a href="https://twitter.com/returnsme">@returnsme</a>): CVE-2016-2468
</li><li> <a href="http://bits-please.blogspot.com">Gal Beniamini</a>
(<a href="https://twitter.com/laginimaineb">@laginimaineb</a>): CVE-2016-2476
</li><li> Qihoo 360 Technology Co. Ltd. IceSword Lab의
@@ -440,7 +440,7 @@ Qualcomm 사운드 드라이버의 권한 승격 취약성</h3>
<a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">서명</a> 또는
<a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a>
권한과 같이 타사 애플리케이션이 액세스할 수 없는 승격된 권한으로의
-로컬 액세스를 부여하는 데 사용될 수 있으므로 심각도 높음으로 평가됩니다.</p>
+로컬 액세스를 부여하는 데 사용될 수 있으므로 심각도 높음으로 평가됩니다..</p>
<table>
<colgroup><col width="19%" />
@@ -779,11 +779,11 @@ MediaTek 전원 관리 드라이버의 권한 승격 취약성</h3>
<h3 id="elevation_of_privilege_vulnerability_in_sd_card_emulation_layer">
SD 카드 에뮬레이션 레이어의 권한 승격 취약성</h3>
-<p>SD 카드 에뮬레이션 레이어의 권한 승격 취약성으로 인해 로컬 악성 애플리케이션이 승격된 시스템 애플리케이션 컨텍스트 내에서 임의의 코드를 실행할 수 있습니다. 이 문제는
-<a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">서명</a>
+<p>SD 카드 에뮬레이션 레이어의 권한 승격 취약성으로 인해 로컬 악성 애플리케이션이 승격된 시스템 애플리케이션 컨텍스트 내에서 임의의 코드를 실행할 수 있습니다. 이 문제는 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">서명</a>
또는 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a>
-권한과 같이 타사 애플리케이션이 액세스할 수 없는 승격된 권한으로의
-로컬 액세스를 부여하는 데 사용될 수 있으므로 심각도 높음으로 평가됩니다.</p>
+권한과 같이 타사 애플리케이션이 액세스할 수 없는
+승격된 권한으로의 로컬 액세스를 부여하는 데 사용될 수 있으므로
+심각도 높음으로 평가됩니다.</p>
<table>
<colgroup><col width="19%" />
@@ -1008,7 +1008,7 @@ Qualcomm Wi-Fi 드라이버의 정보 공개 취약성</h3>
<h2 id="common_questions_and_answers">일반적인 질문 및 답변</h2>
-<p>이 섹션에서는 게시판을 읽은 뒤 제기될 수 있는 일반적인 질문에 대한 답변을 제시합니다.</p>
+<p>이 섹션에서는 게시판을 읽은 뒤 제기될 수 있는 일반적인 질문의 답변을 제시합니다.</p>
<p><strong>1. 내 기기가 업데이트되어 이 문제가 해결되었는지 어떻게 알 수 있나요?</strong></p>
diff --git a/ko/security/bulletin/2016-07-01.html b/ko/security/bulletin/2016-07-01.html
index b17a8165..da787e67 100644
--- a/ko/security/bulletin/2016-07-01.html
+++ b/ko/security/bulletin/2016-07-01.html
@@ -36,16 +36,17 @@ Nexus 펌웨어 이미지도 <a href="https://developers.google.com/android/nexu
<p>이 중 가장 심각한 문제는 미디어 파일을 처리할 때
이메일, 웹 탐색, MMS 등 여러 방법을 통해 대상 기기에서
-원격으로 코드를 실행할 수 있게 하는 심각한 보안 취약성입니다. <a href="/security/overview/updates-resources.html#severity">심각도 평가</a>는
+원격으로 코드를 실행할 수 있게 하는 심각한 보안 취약성입니다. <a href="/security/overview/updates-resources.html#severity">심각도
+평가</a>는
개발 목적으로 플랫폼 및 서비스 완화를 사용할 수 없거나
-우회에 성공한 경우 취약성 악용으로 인해 대상 기기가 받는 영향을
-기준으로 내려집니다.</p>
+우회에 성공한 경우 취약성 악용으로 인해 대상 기기가
+받는 영향을 기준으로 내려집니다.</p>
<p>실제 고객이 새로 보고된 이러한 문제로 인해 악용당했다는 신고는
-접수되지 않았습니다. SafetyNet과 같이
-Android 플랫폼의 보안을 개선하는
+접수되지 않았습니다. SafetyNet과 같이 Android 플랫폼의 보안을 개선하는
<a href="/security/enhancements/index.html">Android
보안 플랫폼 보호</a> 및 서비스 보호 기능에 관해 자세히 알아보려면
-<a href="#mitigations">Android 및 Google 서비스 완화</a> 섹션을 참조하세요.</p>
+<a href="#mitigations">Android 및 Google 서비스 완화</a>
+섹션을 참조하세요.</p>
<p>모든 고객은 기기에서 이 업데이트를 수락하는 것이 좋습니다.</p>
<h2 id="announcements">공지사항</h2>
<ul>
@@ -85,11 +86,11 @@ Android 플랫폼의 보안을 개선하는
Google Play 외부에서 애플리케이션을 설치하는 사용자에게 특히 중요합니다. Google Play
내에서 기기 루팅 도구는 금지되어 있지만
사용자가 출처에 상관없이 루팅 애플리케이션을 설치하려 하면
- 앱 인증이 경고를 표시합니다. 또한 앱 인증은
+ 앱 인증이 경고를 표시합니다. 또한 앱 인증에서는
권한 승격 취약성을 악용하는 것으로 알려진 악성 애플리케이션을
식별하고 차단합니다. 이러한 애플리케이션이 이미 설치된 경우 앱 인증에서 사용자에게
이를 알리고 감지된 애플리케이션을 삭제하려고 시도합니다.</li>
- <li>Google 행아웃과 메신저 애플리케이션은 미디어 서버와 같은 프로세스에
+ <li>Google 행아웃과 메신저 애플리케이션에서는 미디어 서버와 같은 프로세스에
미디어를 자동으로 전달하지 않습니다.</li>
</ul>
@@ -101,7 +102,7 @@ Android 플랫폼의 보안을 개선하는
</li><li>Google의 Adam Powell: CVE-2016-3752
</li><li>Context Information Security의 Alex Chapman, Paul Stone: CVE-2016-3763
</li><li><a href="https://www.e2e-assure.com/">e2e-assure</a>의
- Andy Tyler(<a href="https://twitter.com/ticarpi">@ticarpi</a>): CVE-2016-2457
+ Andy Tyler (<a href="https://twitter.com/ticarpi">@ticarpi</a>): CVE-2016-2457
</li><li>Google Project Zero의 Ben Hawkes: CVE-2016-3775
</li><li><a href="http://c0reteam.org">C0RE Team</a>의 Chiachih Wu(<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>),
Yuan-Tsung Lo(<a href="mailto:computernik@gmail.com">computernik@gmail.com</a>),
@@ -116,15 +117,15 @@ Android 플랫폼의 보안을 개선하는
CVE-2016-3816, CVE-2016-3805, CVE-2016-3804, CVE-2016-3767, CVE-2016-3810,
CVE-2016-3795, CVE-2016-3796
</li><li>Google Android팀의 Greg Kaiser: CVE-2016-3758
- </li><li><a href="http://www.360.com">Qihoo 360 Technology Co. Ltd.</a>
- Mobile Safe Team의
- Guang Gong(龚广)(<a href="https://twitter.com/oldfresher">@oldfresher</a>): CVE-2016-3764
+ </li><li><a href="http://www.360.com">Qihoo 360 Technology Co. Ltd</a> Mobile Safe Team의
+ Guang Gong(龚广)(<a href="https://twitter.com/oldfresher">@oldfresher</a>)
+ : CVE-2016-3764
</li><li><a href="http://www.360.com">Qihoo 360 Technology Co. Ltd</a>. Alpha Team의
Hao Chen, Guang Gong: CVE-2016-3792, CVE-2016-3768
</li><li><a href="http://www.cmcm.com">Cheetah Mobile</a> Security Research Lab의
Hao Qin: CVE-2016-3754, CVE-2016-3766
- </li><li><a href="http://www.360.com">Qihoo 360 Technology Co. Ltd.</a>
- IceSword Lab의 Jianqiang Zhao(<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>),
+ </li><li><a href="http://www.360.com">Qihoo 360 Technology Co. Ltd</a> IceSword Lab의
+ Jianqiang Zhao(<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>)
pjf(<a href="http://weibo.com/jfpan">weibo.com/jfpan</a>): CVE-2016-3814,
CVE-2016-3802, CVE-2016-3769, CVE-2016-3807, CVE-2016-3808
</li><li>Google의 Marco Nelissen: CVE-2016-3818
@@ -147,7 +148,7 @@ Android 플랫폼의 보안을 개선하는
</li><li>Alibaba Inc.의 Weichao Sun(<a href="https://twitter.com/sunblate">@sunblate</a>)
: CVE-2016-2508, CVE-2016-3755
</li><li>Tencent KeenLab(<a href="https://twitter.com/keen_lab">@keen_lab</a>)의
-Wen Niu(<a href="https://twitter.com/NWMonster">@NWMonster</a>): CVE-2016-3809
+ Wen Niu(<a href="https://twitter.com/NWMonster">@NWMonster</a>) : CVE-2016-3809
</li><li>Tencent Security Platform Department의 Xiling Gong: CVE-2016-3745
</li><li>Chinese Academy of Sciences Institute of Software TCA Lab의 Yacong Gu:
CVE-2016-3761
@@ -171,9 +172,9 @@ AOSP 변경사항 목록과 같이 문제를 해결한 공개 변경사항을
<h3 id="remote-code-execution-vulnerability-in-mediaserver">
미디어 서버의 원격 코드 실행 취약성</h3>
-<p>미디어 서버의 원격 코드 실행 취약성으로 인해 특별히 제작된 파일을 사용하는
-공격자가 미디어 파일 및 데이터 처리 중에 메모리 손상을 일으킬 수
-있습니다. 이 문제는 미디어 서버 프로세스 내에서 원격 코드를 실행할 가능성이 있으므로
+<p>미디어 서버의 원격 코드 실행 취약성으로 인해 특별히 제작된 파일을
+사용하는 공격자가 미디어 파일 및 데이터 처리 중에 메모리 손상을
+일으킬 수 있습니다. 이 문제는 미디어 서버 프로세스 내에서 원격 코드를 실행할 가능성이 있으므로
심각도 심각으로 평가됩니다. 미디어 서버 프로세스는
오디오와 동영상 스트림뿐 아니라 타사 앱이 일반적으로
액세스할 수 없는 권한에 액세스할 수 있습니다.</p>
@@ -374,8 +375,8 @@ libpng의 권한 승격 취약성</h3>
<h3 id="elevation-of-privilege-vulnerability-in-mediaserver">
미디어 서버의 권한 승격 취약성</h3>
<p>미디어 서버의 권한 승격 취약성으로 인해 로컬 악성 애플리케이션이 승격된 시스템 애플리케이션 컨텍스트 내에서 임의의 코드를 실행할 수 있습니다. 이 문제는
-<a href="https://developer.android.com/guide/topics/manifest/permission-element.html#plevel">서명</a> 또는
-<a href="https://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a>
+<a href="https://developer.android.com/guide/topics/manifest/permission-element.html#plevel">서명</a>
+또는 <a href="https://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a>
권한과 같이 타사 애플리케이션이 액세스할 수 없는 승격된 권한으로의
로컬 액세스를 부여하는 데 사용될 수 있으므로 심각도 높음으로 평가됩니다.</p>
@@ -1627,9 +1628,9 @@ Qualcomm USB 드라이버의 권한 승격 취약성</h3>
<h3 id="elevation-of-privilege-vulnerability-in-qualcomm-wi-fi-driver">
Qualcomm Wi-Fi 드라이버의 권한 승격 취약성</h3>
<p>Qualcomm Wi-Fi 드라이버의 권한 승격 취약성으로 인해
-로컬 악성 애플리케이션이 커널 컨텍스트 내에서 임의의 코드를 실행할 수
-있습니다. 이 문제는 먼저 권한이 설정된 프로세스에 침투해야만 실행
-가능하므로 심각도 높음으로 평가됩니다.</p>
+로컬 악성 애플리케이션이 커널 컨텍스트 내에서 임의의 코드를
+실행할 수 있습니다. 이 문제는 먼저 권한이 설정된 프로세스에
+침투해야만 실행 가능하므로 심각도 높음으로 평가됩니다.</p>
<table>
<colgroup><col width="19%" />
@@ -1658,7 +1659,7 @@ Qualcomm Wi-Fi 드라이버의 권한 승격 취약성</h3>
Qualcomm 카메라 드라이버의 권한 승격 취약성</h3>
<p>Qualcomm 카메라 드라이버의 권한 승격 취약성으로 인해
로컬 악성 애플리케이션이 커널 컨텍스트 내에서 임의의 코드를
-실행할 수 있습니다. 이 문제는 먼저 권한이 설정된 프로세스에 침투해야만 실행
+실행할 수 있습니다. 이 문제는 먼저 권한이 설정된 절차에 침투해야만 실행
가능하므로 심각도 높음으로 평가됩니다.</p>
<table>
@@ -1764,9 +1765,9 @@ MediaTek 전원 드라이버의 권한 승격 취약성</h3>
<h3 id="elevation-of-privilege-vulnerability-in-qualcomm-wi-fi-driver-2">
Qualcomm Wi-Fi 드라이버의 권한 승격 취약성</h3>
<p>Qualcomm Wi-Fi 드라이버의 권한 승격 취약성으로 인해
-로컬 악성 애플리케이션이 커널 컨텍스트 내에서 임의의 코드를 실행할 수
-있습니다. 이 문제는 먼저 권한이 설정된 프로세스에 침투해야만 실행
-가능하므로 심각도 높음으로 평가됩니다.</p>
+로컬 악성 애플리케이션이 커널 컨텍스트 내에서 임의의 코드를
+실행할 수 있습니다. 이 문제는 먼저 권한이 설정된 프로세스에
+침투해야만 실행 가능하므로 심각도 높음으로 평가됩니다.</p>
<table>
<colgroup><col width="19%" />
@@ -2248,8 +2249,8 @@ MediaTek 동영상 코덱 드라이버의 정보 공개 취약성</h3>
Qualcomm USB 드라이버의 정보 공개 취약성</h3>
<p>Qualcomm USB 드라이버의 정보 공개 취약성으로 인해 로컬 악성 애플리케이션이
권한 수준을 벗어난 데이터에 액세스할 수 있습니다.
-이 문제는 먼저 권한이 설정된 절차에 침투해야만
-실행 가능하므로 심각도 보통으로 평가됩니다.</p>
+이 문제는 먼저 권한이 설정된 절차에 침투해야만 실행 가능하므로
+심각도 보통으로 평가됩니다.</p>
<table>
<colgroup><col width="19%" />
@@ -2420,7 +2421,8 @@ Qualcomm 부트로더의 서비스 거부(DoS) 취약성</h3>
</tr>
</tbody></table>
<h2 id="common-questions-and-answers">일반적인 질문 및 답변</h2>
-<p>이 섹션에서는 게시판을 읽은 뒤 제기될 수 있는 일반적인 질문에 대한 답변을 제시합니다.</p>
+<p>이 섹션에서는 게시판을 읽은 뒤 제기될 수 있는 일반적인 질문의 답변을
+제시합니다.</p>
<p><strong>1. 내 기기가 업데이트되어 이 문제가 해결되었는지 어떻게 알 수 있나요?</strong></p>
<p>2016-07-01 보안 패치 문자열 수준과 관련된 모든 문제는 2016-07-01
diff --git a/ko/security/bulletin/2016-08-01.html b/ko/security/bulletin/2016-08-01.html
index ea9bb52f..9bef71a8 100644
--- a/ko/security/bulletin/2016-08-01.html
+++ b/ko/security/bulletin/2016-08-01.html
@@ -23,7 +23,7 @@
<p><em>2016년 8월 1일 게시됨 | 2016년 10월 21일 업데이트됨</em></p>
<p>
Android 보안 게시판에서는 Android 기기에 영향을 미치는 보안 취약성
-세부정보를 다룹니다. 게시판과 함께 무선 업데이트를 통해
+세부정보를 다룹니다. 게시판과 함께 무선(OTA) 업데이트를 통해
Nexus 기기 보안 업데이트가 출시되었습니다. 또한
Nexus 펌웨어 이미지도 <a href="https://developers.google.com/android/nexus/images">Google 개발자 사이트</a>에
출시되었습니다. 다음 문제는 2016년 8월 5일 보안 패치 수준 이상에서
@@ -48,11 +48,11 @@ Nexus 펌웨어 이미지도 <a href="https://developers.google.com/android/nexu
<p>
실제 고객이 새로 보고된 이러한 문제로 인해 악용당했다는 신고는
접수되지 않았습니다. SafetyNet과 같이
-Android 플랫폼의
-보안을 개선하는 <a href="/security/enhancements/index.html">Android
-보안 플랫폼 보호</a>
-및 서비스 보호 기능에 관해 자세히 알아보려면
-<a href="#mitigations">Android 및 Google 서비스 완화</a> 섹션을 참조하세요.
+Android 플랫폼의 보안을 개선하는
+<a href="/security/enhancements/index.html">Android 보안 플랫폼 보호</a> 및 서비스 보호 기능에 관해
+자세히 알아보려면
+<a href="#mitigations">Android 및 Google 서비스 완화</a>
+섹션을 참조하세요.
</p>
<p>
모든 고객은 기기에서 이 업데이트를 수락하는 것이 좋습니다.
@@ -87,12 +87,12 @@ Android 플랫폼의
<li>Android 플랫폼 최신 버전의 향상된 기능으로 Android의 여러 문제를
악용하기가 더욱 어려워졌습니다. 가능하다면 모든 사용자는 최신 버전의 Android로
업데이트하는 것이 좋습니다.</li>
-<li>Android 보안팀에서는 <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_PHA_classifications.pdf">유해할 수 있는 애플리케이션</a>에 관해
-사용자에게 경고를 보내는 <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_2015_Report_Final.pdf">앱 인증 및 SafetyNet</a>을 사용하여
-악용사례를 적극적으로 모니터링합니다. 앱 인증은 <a href="http://www.android.com/gms">Google 모바일 서비스</a>가 적용된 기기에 기본적으로 사용 설정되어 있으며 Google Play 외부에서
+<li>Android 보안팀에서는 <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_PHA_classifications.pdf">유해할 수 있는 애플리케이션</a>에 관해 사용자에게
+경고를 보내는 <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_2015_Report_Final.pdf">앱 인증 및 SafetyNet</a>을 사용하여 악용사례를 적극적으로
+모니터링합니다. 앱 인증은 <a href="http://www.android.com/gms">Google 모바일 서비스</a>가 적용된 기기에 기본적으로 사용 설정되어 있으며 Google Play 외부에서 가져온
애플리케이션을 설치하는 사용자에게 특히 중요합니다. Google Play
내에서 기기 루팅 도구는 금지되어 있지만
-사용자가 출처에 상관없이 루팅 애플리케이션을 설치하려 하면
+사용자가 감지된 루팅 애플리케이션을 설치하려 하면 출처에 상관없이
앱 인증이 경고를 표시합니다. 또한 앱 인증은
권한 승격 취약성을 악용하는 것으로 알려진 악성 애플리케이션을
식별하고 차단합니다. 이러한 애플리케이션이 이미 설치된 경우 앱 인증에서 사용자에게
@@ -112,9 +112,10 @@ CVE-2016-2504</li>
<li><a href="http://c0reteam.org">C0RE Team</a>의 Chiachih Wu(<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>),
Mingjian Zhou(<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>),
Xuxian Jiang: CVE-2016-3844</li>
-<li><a href="http://c0reteam.org">C0RE Team</a>의 Chiachih Wu(<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>),
-Yuan-Tsung Lo(<a href="mailto:computernik@gmail.com">computernik@gmail.com)</a>,
-Xuxian Jiang: CVE-2016-3857</li>
+<li><a href="http://c0reteam.org">C0RE Team</a>의
+Chiachih Wu(<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>),
+Yuan-Tsung Lo(<a href="mailto:computernik@gmail.com">computernik@gmail.com)</a>, Xuxian Jiang
+: CVE-2016-3857</li>
<li>Google의 David Benjamin, Kenny Root: CVE-2016-3840</li>
<li><a href="http://jaq.alibaba.com">Alibaba 모바일 보안팀</a>의 Dawei Peng(<a href="http://weibo.com/u/5622360291">Vinc3nt4H</a>): CVE-2016-3822</li>
<li>Tencent KeenLab(<a href="https://twitter.com/keen_lab">@keen_lab</a>)의
@@ -148,13 +149,13 @@ Altaf Shaik: CVE-2016-3831</li>
<li>Vasily Vasiliev: CVE-2016-3819</li>
<li>Alibaba Inc.의 Weichao Sun(<a href="https://twitter.com/sunblate">@sunblate</a>)
: CVE-2016-3827, CVE-2016-3828, CVE-2016-3829</li>
-<li><a href="http://blog.trendmicro.com/trendlabs-security-intelligence/author/wishwu/">Trend Micro Inc</a>의 Wish Wu(<a href="http://weibo.com/wishlinux">吴潍浠</a>)
-(<a href="https://twitter.com/wish_wu">@wish_wu</a>): CVE-2016-3843</li>
+<li><a href="http://blog.trendmicro.com/trendlabs-security-intelligence/author/wishwu/">Trend Micro Inc</a>의
+Wish Wu(<a href="http://weibo.com/wishlinux">吴潍浠</a>)(<a href="https://twitter.com/wish_wu">@wish_wu</a>): CVE-2016-3843</li>
<li>Tencent's Xuanwu LAB의 Yongke Wang
(<a href="https://twitter.com/rudykewang">@Rudykewang</a>): CVE-2016-3836</li>
</ul>
<p>
-CVE-2016-3843 등과 같은 취약성을 완화할 수 있도록
+CVE-2016-3843과 같은 취약성 클래스를 완화할 수 있도록
플랫폼 수준 업데이트에 수고해주신 Copperhead Security의 Daniel Micay와 Google의 Jeff Vander Stoep, Yabin Cui에게 감사드립니다. 이번 완화는
Grsecurity의 Brad Spengler의 작업을 기반으로 합니다.
</p>
@@ -175,8 +176,7 @@ AOSP 변경사항 목록과 같이 문제를 해결한 공개 변경사항을
<p>
미디어 서버의 원격 코드 실행 취약성으로 인해 특별히 제작된 파일을
사용하는 공격자가 미디어 파일 및 데이터 처리 중에 메모리 손상을
-일으킬 수 있습니다. 이 문제는 미디어 서버 프로세스 내에서 원격 코드를 실행할 가능성이 있으므로
-심각도 심각으로 평가됩니다. 미디어 서버 프로세스는
+일으킬 수 있습니다. 이 문제는 미디어 서버 프로세스의 컨텍스트 내에서 원격 코드를 실행할 가능성이 있으므로 심각도 심각으로 평가됩니다. 미디어 서버 프로세스는
오디오와 동영상 스트림뿐 아니라 타사 앱이 일반적으로
액세스할 수 없는 권한에 액세스할 수 있습니다.
</p>
@@ -233,7 +233,7 @@ AOSP 변경사항 목록과 같이 문제를 해결한 공개 변경사항을
libjhead의 원격 코드 실행 취약성</h3>
<p>
libjhead의 원격 코드 실행 취약성으로 인해 특별히 제작된 파일을 사용하는
-공격자가 권한이 설정되지 않은 절차의 컨텍스트 내에서 임의의 코드를 실행할 수
+공격자가 권한이 설정되지 않은 프로세스의 컨텍스트 내에서 임의의 코드를 실행할 수
있습니다. 이 문제는 이 라이브러리를 사용하는 애플리케이션에서
원격 코드를 실행할 가능성이 있으므로 심각도 높음으로 평가됩니다.
</p>
@@ -267,8 +267,8 @@ libjhead의 원격 코드 실행 취약성으로 인해 특별히 제작된 파
미디어 서버의 권한 승격 취약성</h3>
<p>
미디어 서버의 권한 승격 취약성으로 인해 로컬 악성 애플리케이션이
-권한이 설정된 절차의 컨텍스트 내에서 임의의 코드를 실행할 수
-있습니다. 이 문제는 보통 타사 애플리케이션에 액세스할 수 없는 승격된
+권한이 설정된 프로세스의 컨텍스트 내에서 임의의 코드를 실행할 수
+있습니다. 이 문제는 보통 타사 애플리케이션이 액세스할 수 없는 승격된
권한으로의 로컬 액세스를 부여하는 데 사용될 수 있으므로 심각도 높음으로
평가됩니다.
</p>
@@ -422,7 +422,7 @@ libjhead의 원격 코드 실행 취약성으로 인해 특별히 제작된 파
프레임워크 API의 권한 승격 취약성</h3>
<p>
프레임워크 API의 권한 승격 취약성으로 인해 로컬 악성 애플리케이션이
-다른 애플리케이션의 애플리케이션 데이터를 분리하는 운영체제 보호를
+애플리케이션 데이터를 다른 애플리케이션으로부터 격리하는 운영체제 보호를
우회할 수 있습니다. 이 문제는 애플리케이션의 권한 수준을 벗어나는 데이터로의
액세스를 부여하는 데 사용될 수 있으므로 심각도 보통으로 평가됩니다.
</p>
@@ -519,7 +519,7 @@ OpenSSL의 정보 공개 취약성으로 인해 로컬 악성 애플리케이션
</tr>
</tbody></table>
<p>* 지원되는 Nexus 기기에 제공된 업데이트가 모두 설치되었다면 이러한
-취약성에 영향을 받지 않습니다.</p>
+취약성의 영향을 받지 않습니다.</p>
<h3 id="information-disclosure-vulnerability-in-camera-apis">
카메라 API의 정보 공개 취약성</h3>
@@ -660,7 +660,7 @@ Wi-Fi의 정보 공개 취약성으로 인해 로컬 악성 애플리케이션
<p>
시스템 UI의 서비스 거부 취약성으로 인해 로컬 악성 애플리케이션이
잠금 화면에서 119 전화를 걸지 못하게 할 수 있습니다. 이 문제는
-중요한 기능에 대한 원격 서비스 거부 가능성이 있으므로 심각도 보통으로
+중요한 기능에 대한 서비스 거부 가능성이 있으므로 심각도 보통으로
평가됩니다.
</p>
<table>
@@ -694,7 +694,7 @@ Wi-Fi의 정보 공개 취약성으로 인해 로컬 악성 애플리케이션
<p>
블루투스의 서비스 거부 취약성으로 인해 로컬 악성 애플리케이션이
블루투스 기기에서 119 전화를 걸지 못하게 할 수 있습니다. 이 문제는
-중요한 기능에 대한 원격 서비스 거부 가능성이 있으므로 심각도 보통으로
+중요한 기능에 대한 서비스 거부 가능성이 있으므로 심각도 보통으로
평가됩니다.
</p>
<table>
@@ -737,7 +737,7 @@ AOSP 변경사항 목록과 같이 문제를 해결한 공개 변경사항을
<h3 id="remote-code-execution-vulnerability-in-qualcomm-wi-fi-driver">
Qualcomm Wi-Fi 드라이버의 원격 코드 실행 취약성</h3>
<p>
-Qualcomm Wi-Fi 드라이버의 권한 승격 취약성으로 인해 원격 공격자가
+Qualcomm Wi-Fi 드라이버의 원격 코드 실행 취약성으로 인해 원격 공격자가
커널 컨텍스트 내에서 임의의 코드를 실행할 수 있습니다.
이 문제는
영구적인 로컬 기기 손상을 일으킬 가능성이 있으므로 심각도 심각으로
@@ -750,7 +750,7 @@ Qualcomm Wi-Fi 드라이버의 권한 승격 취약성으로 인해 원격 공
<col width="23%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>공통 취약성 및 노출</th>
+ <th>CVE</th>
<th>참조</th>
<th>심각도</th>
<th>업데이트된 Nexus 기기</th>
@@ -776,7 +776,7 @@ QC-CR#553941</a>
원격 코드 실행 취약성</h3>
<p>
Conscrypt의 원격 권한 실행 취약성으로 인해 원격 공격자가 권한이 설정된
-절차의 컨텍스트 내에서 임의의 코드를 실행할 수 있습니다.
+프로세스의 컨텍스트 내에서 임의의 코드를 실행할 수 있습니다.
이 문제는 원격 코드를 실행할 가능성이 있으므로 심각도 심각으로 평가됩니다.
</p>
<table>
@@ -787,7 +787,7 @@ Conscrypt의 원격 권한 실행 취약성으로 인해 원격 공격자가 권
<col width="17%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>공통 취약성 및 노출</th>
+ <th>CVE</th>
<th>참조</th>
<th>심각도</th>
<th>업데이트된 Nexus 기기</th>
@@ -808,8 +808,8 @@ Conscrypt의 원격 권한 실행 취약성으로 인해 원격 공격자가 권
<h3 id="elevation-of-privilege-vulnerability-in-qualcomm-components">
Qualcomm 구성요소의 권한 승격 취약성</h3>
<p>
-아래 표에는 부트로더, 카메라 드라이버, 캐릭터 드라이브, 네트워크,
-사운드 드라이버 및 동영상 드라이버를 비롯한 Qualcomm 구성요소에
+아래 표에는 부트로더, 카메라 드라이버, 캐릭터 드라이버, 네트워크,
+사운드 드라이버, 동영상 드라이버를 비롯한 Qualcomm 구성요소에
영향을 주는 보안 취약성이 포함되어 있습니다.
</p>
<p>
@@ -824,7 +824,7 @@ Qualcomm 구성요소의 권한 승격 취약성</h3>
<col width="23%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>공통 취약성 및 노출</th>
+ <th>CVE</th>
<th>참조</th>
<th>심각도</th>
<th>업데이트된 Nexus 기기</th>
@@ -1019,7 +1019,7 @@ QC-CR#547479</a>
</p>
</td>
<td>높음</td>
- <td>구글 넥서스 5</td>
+ <td>Nexus 5</td>
<td>2014년 4월 30일</td>
</tr>
<tr>
@@ -1172,7 +1172,7 @@ QC-CR#770548</a>
<a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=51c39420e3a49d1a7f05a77c64369b7623088238">
QC-CR#766022</a></p></td>
<td>높음</td>
- <td>구글 넥서스 6</td>
+ <td>Nexus 6</td>
<td>2015년 3월 31일</td>
</tr>
<tr>
@@ -1192,7 +1192,7 @@ QC-CR#779021</a></p></td>
<a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=e13ebd727d161db7003be6756e61283dce85fa3b">
QC-CR#792367</a></p></td>
<td>높음</td>
- <td>구글 넥서스 6</td>
+ <td>Nexus 6</td>
<td>2015년 4월 30일</td>
</tr>
<tr>
@@ -1212,7 +1212,7 @@ QC-CR#792473</a></p></td>
<a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=9ec380c06bbd79493828fcc3c876d8a53fd3369f">
QC-CR#803246</a></p></td>
<td>높음</td>
- <td>구글 넥서스 6</td>
+ <td>Nexus 6</td>
<td>2015년 6월 30일</td>
</tr>
<tr>
@@ -1225,7 +1225,7 @@ QC-CR#794217</a></p>
<a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=ad376e4053b87bd58f62f45b6df2c5544bc21aee">
QC-CR#836226</a></p></td>
<td>높음</td>
- <td>구글 넥서스 5</td>
+ <td>Nexus 5</td>
<td>2015년 9월 11일</td>
</tr>
<tr>
@@ -1235,7 +1235,7 @@ QC-CR#836226</a></p></td>
<a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=c10f03f191307f7114af89933f2d91b830150094">
QC-CR#550061</a></p></td>
<td>보통</td>
- <td>구글 넥서스 5</td>
+ <td>Nexus 5</td>
<td>2014년 3월 13일</td>
</tr>
<tr>
@@ -1266,7 +1266,7 @@ QC-CR#529177</a></p></td>
<col width="23%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>공통 취약성 및 노출</th>
+ <th>CVE</th>
<th>참조</th>
<th>심각도</th>
<th>업데이트된 Nexus 기기</th>
@@ -1310,7 +1310,7 @@ Qualcomm GPU 드라이버의 권한 승격 취약성으로 인해
<col width="23%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>공통 취약성 및 노출</th>
+ <th>CVE</th>
<th>참조</th>
<th>심각도</th>
<th>업데이트된 Nexus 기기</th>
@@ -1350,7 +1350,7 @@ Qualcomm 성능 구성요소의 권한 승격 취약성으로 인해
기기를 수리하려면 운영체제를 재설치해야 할 수도 있습니다.
</p>
<p class="note">
-<strong>참고:</strong> 이 게시판 A-29119870에 이 취약성을 완화하기 위해 제작된
+<strong>참고:</strong> 이 게시판 A-29119870에 이 취약성 클래스를 완화하기 위해 제작된
플랫폼 수준 업데이트가 있습니다.
</p>
<table>
@@ -1360,7 +1360,7 @@ Qualcomm 성능 구성요소의 권한 승격 취약성으로 인해
<col width="23%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>공통 취약성 및 노출</th>
+ <th>CVE</th>
<th>참조</th>
<th>심각도</th>
<th>업데이트된 Nexus 기기</th>
@@ -1398,7 +1398,7 @@ Qualcomm 성능 구성요소의 권한 승격 취약성으로 인해
<col width="23%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>공통 취약성 및 노출</th>
+ <th>CVE</th>
<th>참조</th>
<th>심각도</th>
<th>업데이트된 Nexus 기기</th>
@@ -1423,7 +1423,7 @@ Qualcomm 성능 구성요소의 권한 승격 취약성으로 인해
<p>
커널 메모리 시스템의 권한 승격 취약성으로 인해 로컬 악성 애플리케이션이
커널 컨텍스트 내에서 임의의 코드를 실행할 수
-있습니다. 이 문제는 먼저 권한이 설정된 절차에 침투해야만 실행
+있습니다. 이 문제는 먼저 권한이 설정된 프로세스에 침투해야만 실행
가능하므로 심각도 높음으로 평가됩니다.
</p>
<table>
@@ -1433,7 +1433,7 @@ Qualcomm 성능 구성요소의 권한 승격 취약성으로 인해
<col width="23%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>공통 취약성 및 노출</th>
+ <th>CVE</th>
<th>참조</th>
<th>심각도</th>
<th>업데이트된 Nexus 기기</th>
@@ -1446,7 +1446,7 @@ Qualcomm 성능 구성요소의 권한 승격 취약성으로 인해
<a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4e7c22d447bb6d7e37bfe39ff658486ae78e8d77">
업스트림 커널</a></p></td>
<td>높음</td>
- <td>넥서스 플레이어</td>
+ <td>Nexus Player</td>
<td>2015년 2월 13일</td>
</tr>
<tr>
@@ -1456,7 +1456,7 @@ Qualcomm 성능 구성요소의 권한 승격 취약성으로 인해
<a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b8addf891de8a00e4d39fc32f93f7c5eb8feceb">
업스트림 커널</a></p></td>
<td>높음</td>
- <td>넥서스 플레이어</td>
+ <td>Nexus Player</td>
<td>2016년 3월 25일</td>
</tr>
</tbody></table>
@@ -1466,7 +1466,7 @@ Qualcomm 성능 구성요소의 권한 승격 취약성으로 인해
<p>
커널 사운드 구성요소의 권한 승격 취약성으로 인해 로컬
악성 애플리케이션이 커널 컨텍스트 내에서 임의의 코드를
-실행할 수 있습니다. 이 문제는 먼저 권한이 설정된 절차에
+실행할 수 있습니다. 이 문제는 먼저 권한이 설정된 프로세스에
침투해야만 실행 가능하므로 심각도 높음으로 평가됩니다.
</p>
<table>
@@ -1476,7 +1476,7 @@ Qualcomm 성능 구성요소의 권한 승격 취약성으로 인해
<col width="23%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>공통 취약성 및 노출</th>
+ <th>CVE</th>
<th>참조</th>
<th>심각도</th>
<th>업데이트된 Nexus 기기</th>
@@ -1519,7 +1519,7 @@ Qualcomm 성능 구성요소의 권한 승격 취약성으로 인해
<p>
커널 파일 시스템의 권한 승격 취약성으로 인해 로컬 악성 애플리케이션이
커널 컨텍스트 내에서 임의의 코드를 실행할 수
-있습니다. 이 문제는 먼저 권한이 설정된 절차에 침투해야만 실행
+있습니다. 이 문제는 먼저 권한이 설정된 프로세스에 침투해야만 실행
가능하므로 심각도 높음으로 평가됩니다.
</p>
<table>
@@ -1529,7 +1529,7 @@ Qualcomm 성능 구성요소의 권한 승격 취약성으로 인해
<col width="23%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>공통 취약성 및 노출</th>
+ <th>CVE</th>
<th>참조</th>
<th>심각도</th>
<th>업데이트된 Nexus 기기</th>
@@ -1551,7 +1551,7 @@ Qualcomm 성능 구성요소의 권한 승격 취약성으로 인해
미디어 서버의 권한 승격 취약성</h3>
<p>
미디어 서버의 권한 승격 취약성으로 인해 로컬 악성
-애플리케이션이 권한이 설정된 절차의 컨텍스트 내에서 임의의
+애플리케이션이 권한이 설정된 프로세스의 컨텍스트 내에서 임의의
코드를 실행할 수 있습니다. 이 문제는 타사 애플리케이션이 액세스할 수 없는
승격된 권한으로의 로컬 액세스를 부여하는 데 사용될 수 있으므로
심각도 높음으로 평가됩니다.
@@ -1563,7 +1563,7 @@ Qualcomm 성능 구성요소의 권한 승격 취약성으로 인해
<col width="23%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>공통 취약성 및 노출</th>
+ <th>CVE</th>
<th>참조</th>
<th>심각도</th>
<th>업데이트된 Nexus 기기</th>
@@ -1589,7 +1589,7 @@ N-CVE-2016-3844</p></td>
<p>
커널 동영상 드라이버의 권한 승격 취약성으로 인해
로컬 악성 애플리케이션이 커널 컨텍스트 내에서 임의의
-코드를 실행할 수 있습니다. 이 문제는 먼저 권한이 설정된 절차에 침투해야만
+코드를 실행할 수 있습니다. 이 문제는 먼저 권한이 설정된 프로세스에 침투해야만
실행 가능하므로 심각도 높음으로 평가됩니다.
</p>
<table>
@@ -1599,7 +1599,7 @@ N-CVE-2016-3844</p></td>
<col width="23%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>공통 취약성 및 노출</th>
+ <th>CVE</th>
<th>참조</th>
<th>심각도</th>
<th>업데이트된 Nexus 기기</th>
@@ -1609,7 +1609,7 @@ N-CVE-2016-3844</p></td>
<td>CVE-2016-3845</td>
<td>A-28399876*</td>
<td>높음</td>
- <td>구글 넥서스 5</td>
+ <td>Nexus 5</td>
<td>2016년 4월 20일</td>
</tr>
</tbody></table>
@@ -1624,7 +1624,7 @@ N-CVE-2016-3844</p></td>
<p>
직렬 주변기기 인터페이스 드라이버의 권한 승격 취약성으로 인해
로컬 악성 애플리케이션이 커널 컨텍스트 내에서 임의의 코드를
-실행할 수 있습니다. 이 문제는 먼저 권한이 설정된 절차에 침투해야만
+실행할 수 있습니다. 이 문제는 먼저 권한이 설정된 프로세스에 침투해야만
실행 가능하므로 심각도 높음으로 평가됩니다.
</p>
<table>
@@ -1634,7 +1634,7 @@ N-CVE-2016-3844</p></td>
<col width="23%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>공통 취약성 및 노출</th>
+ <th>CVE</th>
<th>참조</th>
<th>심각도</th>
<th>업데이트된 Nexus 기기</th>
@@ -1659,7 +1659,7 @@ NVIDIA 미디어 드라이버의 권한 승격 취약성</h3>
<p>
NVIDIA 미디어 드라이버의 권한 승격 취약성으로 인해
로컬 악성 애플리케이션이 커널 컨텍스트 내에서 임의의
-코드를 실행할 수 있습니다. 이 문제는 먼저 권한이 설정된 절차에 침투해야만
+코드를 실행할 수 있습니다. 이 문제는 먼저 권한이 설정된 프로세스에 침투해야만
실행 가능하므로 심각도 높음으로 평가됩니다.
</p>
<table>
@@ -1669,7 +1669,7 @@ NVIDIA 미디어 드라이버의 권한 승격 취약성으로 인해
<col width="23%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>공통 취약성 및 노출</th>
+ <th>CVE</th>
<th>참조</th>
<th>심각도</th>
<th>업데이트된 Nexus 기기</th>
@@ -1681,7 +1681,7 @@ NVIDIA 미디어 드라이버의 권한 승격 취약성으로 인해
<p>
N-CVE-2016-3847</p></td>
<td>높음</td>
- <td>넥서스 9</td>
+ <td>Nexus 9</td>
<td>2016년 5월 19일</td>
</tr>
<tr>
@@ -1690,7 +1690,7 @@ N-CVE-2016-3847</p></td>
<p>
N-CVE-2016-3848</p></td>
<td>높음</td>
- <td>넥서스 9</td>
+ <td>Nexus 9</td>
<td>2016년 5월 19일</td>
</tr>
</tbody></table>
@@ -1705,7 +1705,7 @@ ION 드라이버의 권한 승격 취약성</h3>
<p>
ION 드라이버의 권한 승격 취약성으로 인해 로컬 악성
애플리케이션이 커널 컨텍스트 내에서 임의의 코드를
-실행할 수 있습니다. 이 문제는 먼저 권한이 설정된 절차에 침투해야만
+실행할 수 있습니다. 이 문제는 먼저 권한이 설정된 프로세스에 침투해야만
실행 가능하므로 심각도 높음으로 평가됩니다.
</p>
<table>
@@ -1715,7 +1715,7 @@ ION 드라이버의 권한 승격 취약성으로 인해 로컬 악성
<col width="23%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>공통 취약성 및 노출</th>
+ <th>CVE</th>
<th>참조</th>
<th>심각도</th>
<th>업데이트된 Nexus 기기</th>
@@ -1740,7 +1740,7 @@ ION 드라이버의 권한 승격 취약성으로 인해 로컬 악성
<p>
Qualcomm 부트로더의 권한 승격 취약성으로 인해 로컬
악성 애플리케이션이 커널 컨텍스트 내에서 임의의 코드를
-실행할 수 있습니다. 이 문제는 먼저 권한이 설정된 절차에 침투해야만 실행
+실행할 수 있습니다. 이 문제는 먼저 권한이 설정된 프로세스에 침투해야만 실행
가능하므로 심각도 높음으로 평가됩니다.
</p>
<table>
@@ -1750,7 +1750,7 @@ Qualcomm 부트로더의 권한 승격 취약성으로 인해 로컬
<col width="26%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>공통 취약성 및 노출</th>
+ <th>CVE</th>
<th>참조</th>
<th>심각도</th>
<th>업데이트된 Nexus 기기</th>
@@ -1788,7 +1788,7 @@ QC-CR#945164</a></p></td>
<col width="17%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>공통 취약성 및 노출</th>
+ <th>CVE</th>
<th>참조</th>
<th>심각도</th>
<th>업데이트된 Nexus 기기</th>
@@ -1815,8 +1815,7 @@ LG 전자 부트로더의 권한 승격 취약성</h3>
<p>
LG 전자 부트로더의 권한 승격 취약성으로 인해 공격자가
커널 컨텍스트 내에서 임의의 코드를 실행할 수 있습니다.
-이 문제는 먼저 권한이 설정된 절차에 침투해야만 실행 가능하므로 심각도 높음으로
-평가됩니다.
+이 문제는 먼저 권한이 설정된 프로세스에 침투해야만 실행 가능하므로 심각도 높음으로 평가됩니다.
</p>
<table>
<colgroup><col width="19%" />
@@ -1825,7 +1824,7 @@ LG 전자 부트로더의 권한 승격 취약성으로 인해 공격자가
<col width="23%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>공통 취약성 및 노출</th>
+ <th>CVE</th>
<th>참조</th>
<th>심각도</th>
<th>업데이트된 Nexus 기기</th>
@@ -1864,7 +1863,7 @@ Qualcomm 구성요소의 정보 공개 취약성</h3>
<col width="23%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>공통 취약성 및 노출</th>
+ <th>CVE</th>
<th>참조</th>
<th>심각도</th>
<th>업데이트된 Nexus 기기</th>
@@ -1897,7 +1896,7 @@ QC-CR#786116</a></p></td>
<a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=bfc6eee5e30a0c20bc37495233506f4f0cc4991d">
QC-CR#542223</a></p></td>
<td>보통</td>
- <td>구글 넥서스 5</td>
+ <td>Nexus 5</td>
<td>2014년 3월 27일</td>
</tr>
<tr>
@@ -1937,7 +1936,7 @@ QC-CR#551795</a></p></td>
<a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=46135d80765cb70a914f02a6e7b6abe64679ec86">
QC-CR#563752</a></p></td>
<td>보통</td>
- <td>구글 넥서스 5</td>
+ <td>Nexus 5</td>
<td>2014년 4월 30일</td>
</tr>
<tr>
@@ -1957,7 +1956,7 @@ QC-CR#554575</a></p></td>
<a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=8756624acb1e090b45baf07b2a8d0ebde114000e">
QC-CR#547910</a></p></td>
<td>보통</td>
- <td>구글 넥서스 5</td>
+ <td>Nexus 5</td>
<td>2014년 7월 3일</td>
</tr>
<tr>
@@ -1987,7 +1986,7 @@ QC-CR#570754</a></p></td>
<col width="23%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>공통 취약성 및 노출</th>
+ <th>CVE</th>
<th>참조</th>
<th>심각도</th>
<th>업데이트된 Nexus 기기</th>
@@ -2020,7 +2019,7 @@ MediaTek Wi-Fi 드라이버의 정보 공개 취약성으로 인해
<col width="23%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>공통 취약성 및 노출</th>
+ <th>CVE</th>
<th>참조</th>
<th>심각도</th>
<th>업데이트된 Nexus 기기</th>
@@ -2056,7 +2055,7 @@ USB 드라이버의 정보 공개 취약성으로 인해 로컬 악성 애플리
<col width="23%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>공통 취약성 및 노출</th>
+ <th>CVE</th>
<th>참조</th>
<th>심각도</th>
<th>업데이트된 Nexus 기기</th>
@@ -2126,7 +2125,7 @@ Google Play 서비스의 권한 승격 취약성으로 인해 로컬 공격자
<col width="17%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>공통 취약성 및 노출</th>
+ <th>CVE</th>
<th>참조</th>
<th>심각도</th>
<th>업데이트된 Nexus 기기</th>
@@ -2165,7 +2164,7 @@ Google Play 서비스의 권한 승격 취약성으로 인해 로컬 공격자
<col width="18%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>공통 취약성 및 노출</th>
+ <th>CVE</th>
<th>참조</th>
<th>심각도</th>
<th>업데이트된 Nexus 기기</th>
@@ -2187,7 +2186,7 @@ Google Play 서비스의 권한 승격 취약성으로 인해 로컬 공격자
커널 네트워크 구성요소의 정보 공개 취약성</h3>
<p>
커널 네트워크 구성요소의 정보 공개 취약성으로 인해 로컬 악성 애플리케이션이
-권한 수준을 벗어난 데이터에 액세스할 수 있습니다. 이 문제는 먼저 권한이 설정된 절차에 침투해야만
+권한 수준을 벗어난 데이터에 액세스할 수 있습니다. 이 문제는 먼저 권한이 설정된 프로세스에 침투해야만
실행 가능하므로 심각도 보통으로 평가됩니다.
</p>
<table>
@@ -2197,7 +2196,7 @@ Google Play 서비스의 권한 승격 취약성으로 인해 로컬 공격자
<col width="23%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>공통 취약성 및 노출</th>
+ <th>CVE</th>
<th>참조</th>
<th>심각도</th>
<th>업데이트된 Nexus 기기</th>
@@ -2219,7 +2218,7 @@ Google Play 서비스의 권한 승격 취약성으로 인해 로컬 공격자
커널 사운드 구성요소의 정보 공개 취약성</h3>
<p>
커널 사운드 구성요소의 정보 공개 취약성으로 인해 로컬 악성 애플리케이션이
-권한 수준을 벗어난 데이터에 액세스할 수 있습니다. 이 문제는 먼저 권한이 설정된 절차에 침투해야만
+권한 수준을 벗어난 데이터에 액세스할 수 있습니다. 이 문제는 먼저 권한이 설정된 프로세스에 침투해야만
실행 가능하므로 심각도 보통으로 평가됩니다.
</p>
<table>
@@ -2398,7 +2397,7 @@ Android One, Nexus Player, Pixel C</li>
<h2 id="revisions">수정 내역</h2>
<ul>
- <li>2016년 8월 1일: 게시판에 게시됨</li>
+ <li>2016년 8월 1일: 게시판이 게시됨</li>
<li>2016년 8월 2일: 게시판이 수정되어 AOSP 링크가 포함됨</li>
<li>2016년 8월 16일: CVE-2016-3856이 CVE-2016-2060으로 수정되고
참조 URL이 업데이트됨</li>
diff --git a/ko/security/bulletin/2016-10-01.html b/ko/security/bulletin/2016-10-01.html
index 419be69d..f75f7214 100644
--- a/ko/security/bulletin/2016-10-01.html
+++ b/ko/security/bulletin/2016-10-01.html
@@ -55,9 +55,9 @@ Android 오픈소스 프로젝트(AOSP) 저장소에 배포되었습니다. 이
접수되지 않았습니다. <a href="https://developer.android.com/training/safetynet/index.html">SafetyNet</a>과 같이
Android 플랫폼의 보안을 개선하는
<a href="/security/enhancements/index.html">Android
-보안 플랫폼 보호</a> 및 서비스 보호 기능에 관해 자세히 알아보려면
-<a href="#mitigations">Android 및 Google 서비스 완화</a>
-섹션을 참조하세요.
+보안 플랫폼 보호</a> 및 서비스 보호 기능에 관해
+자세히 알아보려면 <a href="#mitigations">Android 및 Google 서비스 완화</a>
+섹션을 참조하세요
</p>
<p>
모든 고객은 기기에서 이 업데이트를 수락하는 것이 좋습니다.
@@ -119,18 +119,18 @@ Android 플랫폼의 보안을 개선하는
CVE-2016-7117</li>
<li>dosomder: CVE-2016-3931</li>
<li>Trend Micro의 Ecular Xu(徐健): CVE-2016-3920</li>
- <li>Qihoo 360
- Technology Co. Ltd. IceSword Lab의
- Gengjia Chen(<a href="https://twitter.com/chengjia4574">@chengjia4574</a>), <a href="http://weibo.com/jfpan">pjf</a>: CVE-2016-6690, CVE-2016-3901, CVE-2016-6672,
- CVE-2016-3940, CVE-2016-3935</li>
+ <li>Qihoo 360 Technology Co. Ltd. IceSword Lab의
+ Gengjia Chen(<a href="https://twitter.com/chengjia4574">@chengjia4574</a>),
+ <a href="http://weibo.com/jfpan">pjf</a>: CVE-2016-6690, CVE-2016-3901, CVE-2016-6672, CVE-2016-3940,
+ CVE-2016-3935</li>
<li>UC Riverside의 <a href="mailto:hzhan033@ucr.edu">Hang Zhang</a>,
<a href="mailto:dshe002@ucr.edu">Dongdong She</a>,
<a href="mailto:zhiyunq@cs.ucr.edu">Zhiyun Qian</a>: CVE-2015-8950</li>
<li>Qihoo 360 Technology Co. Ltd. Alpha 팀의 Hao Chen: CVE-2016-3860</li>
<li>Google Project Zero의 Jann Horn: CVE-2016-3900, CVE-2016-3885</li>
<li><a href="http://keybase.io/jasonrogena">Jason Rogena</a>: CVE-2016-3917</li>
- <li>Qihoo 360 IceSword Lab의 Jianqiang Zhao(<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>),
- <a href="http://weibo.com/jfpan">pjf</a>: CVE-2016-6688,
+ <li>Qihoo 360 IceSword Lab의
+ Jianqiang Zhao(<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>), <a href="http://weibo.com/jfpan">pjf</a>: CVE-2016-6688,
CVE-2016-6677, CVE-2016-6673, CVE-2016-6687, CVE-2016-6686, CVE-2016-6681,
CVE-2016-6682, CVE-2016-3930</li>
<li>Joshua Drake(<a href="https://twitter.com/jduck">@jduck</a>):
@@ -139,9 +139,9 @@ Android 플랫폼의 보안을 개선하는
<li>Google Project Zero의 Mark Brand: CVE-2016-6689</li>
<li><a href="https://github.com/michalbednarski">Michał Bednarski</a>:
CVE-2016-3914, CVE-2016-6674, CVE-2016-3911, CVE-2016-3912</li>
- <li><a href="http://c0reteam.org">C0RE Team</a>의
- Mingjian Zhou(<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>),
- Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), Xuxian Jiang: CVE-2016-3933, CVE-2016-3932</li>
+ <li><a href="http://c0reteam.org">C0RE Team</a>의 Mingjian Zhou(<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>),
+ Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), Xuxian
+ Jiang: CVE-2016-3933, CVE-2016-3932</li>
<li>Nightwatch Cybersecurity Research
(<a href="https://twitter.com/nightwatchcyber">@nightwatchcyber</a>): CVE-2016-5348</li>
<li>IBM Security X-Force 연구원 Roee Hay: CVE-2016-6678</li>
@@ -153,19 +153,19 @@ Android 플랫폼의 보안을 개선하는
Seven Shen(<a href="https://twitter.com/lingtongshen">@lingtongshen</a>): CVE-2016-6685, CVE-2016-6683,
CVE-2016-6680, CVE-2016-6679, CVE-2016-3903, CVE-2016-6693, CVE-2016-6694,
CVE-2016-6695</li>
- <li><a href="http://c0reteam.org">C0RE Team</a>의
- <a href="mailto:vancouverdou@gmail.com">Wenke Dou</a>, Mingjian Zhou
+ <li><a href="http://c0reteam.org">C0RE Team</a>의 <a href="mailto:vancouverdou@gmail.com">Wenke Dou</a>, Mingjian Zhou
(<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), Chiachih Wu
- (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), Xuxian Jiang: CVE-2016-3909</li>
+ (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), Xuxian Jiang
+ : CVE-2016-3909</li>
<li>Qihoo 360 Technology Co. Ltd. Alpha 팀의
Wenlin Yang, Guang Gong(龚广)(<a href="https://twitter.com/oldfresher">@oldfresher</a>): CVE-2016-3918</li>
- <li><a href="http://blog.trendmicro.com/trendlabs-security-intelligence/author/wishwu/">Trend Micro Inc.</a>의
+ <li><a href="http://blog.trendmicro.com/trendlabs-security-intelligence/author/wishwu/">Trend
+ Micro Inc.</a>의
Wish Wu (<a href="http://weibo.com/wishlinux">吴潍浠</a>)
- (<a href="https://twitter.com/wish_wu">@wish_wu)</a>
- : CVE-2016-3924, CVE-2016-3915, CVE-2016-3916, CVE-2016-3910</li>
+ (<a href="https://twitter.com/wish_wu">@wish_wu)</a>: CVE-2016-3924, CVE-2016-3915, CVE-2016-3916, CVE-2016-3910</li>
<li>Huawei, SCC, Eagleye 팀의 Yong Shi: CVE-2016-3938</li>
<li><a href="http://www.cmcm.com">Cheetah Mobile</a> Security Research Lab의
- Zhanpeng Zhao(行之)(<a href="https://twitter.com/0xr0ot">@0xr0ot</a>):
+ Zhanpeng Zhao (行之) (<a href="https://twitter.com/0xr0ot">@0xr0ot</a>):
CVE-2016-3908</li>
</ul>
@@ -861,8 +861,9 @@ MediaTek 동영상 드라이버의 권한 승격 취약성으로 인해
</tbody></table>
<p>
* 이 문제를 해결하기 위한 패치는 공개되어 있지 않습니다. 업데이트는
-<a href="https://developers.google.com/android/nexus/drivers">Google 개발자 사이트</a>에서 제공되는 Nexus 기기용 최신 바이너리
-드라이버에 포함되어 있습니다.
+<a href="https://developers.google.com/android/nexus/drivers">Google 개발자
+사이트</a>에서 제공되는
+Nexus 기기용 최신 바이너리 드라이버에 포함되어 있습니다.
</p>
<h3 id="eopv-in-kernel-shared-memory-driver">커널 공유 메모리 드라이버의 권한 승격 취약성</h3>
<p>
@@ -898,7 +899,9 @@ MediaTek 동영상 드라이버의 권한 승격 취약성으로 인해
<h3 id="vulnerabilities-in-qc-components">
Qualcomm 구성요소의 취약성</h3>
<p>
-아래 표에는 Qualcomm 구성요소에 영향을 주는 보안 취약성이 포함되어 있으며 Qualcomm AMSS 2016년 3월 및 Qualcomm AMSS 2016년 4월 보안 게시판에 자세히 설명되어 있습니다.
+아래 표에는 Qualcomm 구성요소에 영향을 주는 보안 취약성이 포함되어 있으며
+Qualcomm AMSS 2016년 3월 및 Qualcomm AMSS 2016년 4월 보안 게시판에
+자세히 설명되어 있습니다.
</p>
<table>
<colgroup><col width="19%" />
@@ -937,8 +940,9 @@ Qualcomm 구성요소의 취약성</h3>
</tbody></table>
<p>
* 이 문제를 해결하기 위한 패치는 공개되어 있지 않습니다. 업데이트는
-<a href="https://developers.google.com/android/nexus/drivers">Google 개발자 사이트</a>에서 제공되는 Nexus 기기용 최신 바이너리
-드라이버에 포함되어 있습니다.
+<a href="https://developers.google.com/android/nexus/drivers">Google 개발자
+사이트</a>에서 제공되는
+Nexus 기기용 최신 바이너리 드라이버에 포함되어 있습니다.
</p>
<h3 id="eopv-in-qualcomm-networking-component">Qualcomm 네트워크 구성요소의 권한 승격 취약성</h3>
<p>
@@ -969,7 +973,8 @@ Qualcomm 네트워크 구성요소의 권한 승격 취약성으로 인해
<td>2016년 2월 4일</td>
</tr>
</tbody></table>
-<h3 id="eopv-in-nvidia-mmc-test-driver">NVIDIA MMC 테스트 드라이브의 권한 승격 취약성</h3>
+<h3 id="eopv-in-nvidia-mmc-test-driver">NVIDIA MMC 테스트 드라이브의
+권한 승격 취약성</h3>
<p>
NVIDIA MMC 테스트 드라이브의 권한 승격 취약성으로 인해
로컬 악성 애플리케이션이 커널의 컨텍스트 내에서 임의의 코드를
@@ -1000,8 +1005,9 @@ NVIDIA MMC 테스트 드라이브의 권한 승격 취약성으로 인해
</tbody></table>
<p>
* 이 문제를 해결하기 위한 패치는 공개되어 있지 않습니다. 업데이트는
-<a href="https://developers.google.com/android/nexus/drivers">Google 개발자 사이트</a>에서 제공되는 Nexus 기기용 최신 바이너리
-드라이버에 포함되어 있습니다.
+<a href="https://developers.google.com/android/nexus/drivers">Google 개발자
+사이트</a>에서 제공되는
+Nexus 기기용 최신 바이너리 드라이버에 포함되어 있습니다.
</p>
<h3 id="eopv-in-qsee-communicator-driver">Qualcomm QSEE 커뮤니케이터 드라이버의 권한 승격 취약성</h3>
<p>
@@ -1073,10 +1079,12 @@ Qualcomm QSEE 커뮤니케이터 드라이버의 권한 승격 취약성으로
</tbody></table>
<p>
* 이 문제를 해결하기 위한 패치는 공개되어 있지 않습니다. 업데이트는
-<a href="https://developers.google.com/android/nexus/drivers">Google 개발자 사이트</a>에서 제공되는 Nexus 기기용 최신 바이너리
-드라이버에 포함되어 있습니다.
+<a href="https://developers.google.com/android/nexus/drivers">Google 개발자
+사이트</a>에서 제공되는
+Nexus 기기용 최신 바이너리 드라이버에 포함되어 있습니다.
</p>
-<h3 id="eopv-in-qualcomm-camera-driver">Qualcomm 카메라 드라이버의 권한 승격 취약성</h3>
+<h3 id="eopv-in-qualcomm-camera-driver">Qualcomm 카메라 드라이버의
+권한 승격 취약성</h3>
<p>
Qualcomm 카메라 드라이버의 권한 승격 취약성으로 인해
로컬 악성 애플리케이션이 커널 컨텍스트 내에서 임의의 코드를
@@ -1113,7 +1121,8 @@ Qualcomm 카메라 드라이버의 권한 승격 취약성으로 인해
<td>2016년 7월 12일</td>
</tr>
</tbody></table>
-<h3 id="eopv-in-qualcomm-sound-driver">Qualcomm 사운드 드라이버의 권한 승격 취약성</h3>
+<h3 id="eopv-in-qualcomm-sound-driver">Qualcomm
+사운드 드라이버의 권한 승격 취약성</h3>
<p>
Qualcomm 사운드 드라이버의 권한 승격 취약성으로 인해
로컬 악성 애플리케이션이 커널 컨텍스트 내에서 임의의 코드를
@@ -1143,7 +1152,8 @@ Qualcomm 사운드 드라이버의 권한 승격 취약성으로 인해
<td>2016년 6월 20일</td>
</tr>
</tbody></table>
-<h3 id="eopv-in-qualcomm-crypto-engine-driver">Qualcomm 암호화 엔진 드라이버의 권한 승격 취약성</h3>
+<h3 id="eopv-in-qualcomm-crypto-engine-driver">Qualcomm
+암호화 엔진 드라이버의 권한 승격 취약성</h3>
<p>
Qualcomm 암호화 엔진 드라이버의 권한 승격 취약성으로 인해
로컬 악성 애플리케이션이 커널 컨텍스트 내에서 임의의 코드를
@@ -1220,10 +1230,12 @@ MediaTek 동영상 드라이버의 권한 승격 취약성으로 인해
</tbody></table>
<p>
* 이 문제를 해결하기 위한 패치는 공개되어 있지 않습니다. 업데이트는
-<a href="https://developers.google.com/android/nexus/drivers">Google 개발자 사이트</a>에서 제공되는 Nexus 기기용 최신 바이너리
-드라이버에 포함되어 있습니다.
+<a href="https://developers.google.com/android/nexus/drivers">Google 개발자
+사이트</a>에서 제공되는
+Nexus 기기용 최신 바이너리 드라이버에 포함되어 있습니다.
</p>
-<h3 id="eopv-in-qualcomm-video-driver">Qualcomm 동영상 드라이버의 권한 승격 취약성</h3>
+<h3 id="eopv-in-qualcomm-video-driver">Qualcomm
+동영상 드라이버의 권한 승격 취약성</h3>
<p>
Qualcomm 동영상 드라이버의 권한 승격 취약성으로 인해
로컬 악성 애플리케이션이 커널 컨텍스트 내에서 임의의 코드를
@@ -1298,8 +1310,9 @@ Synaptics 터치스크린 드라이버의 권한 승격 취약성으로 인해
</tbody></table>
<p>
* 이 문제를 해결하기 위한 패치는 공개되어 있지 않습니다. 업데이트는
-<a href="https://developers.google.com/android/nexus/drivers">Google 개발자 사이트</a>에서 제공되는 Nexus 기기용 최신 바이너리
-드라이버에 포함되어 있습니다.
+<a href="https://developers.google.com/android/nexus/drivers">Google 개발자
+사이트</a>에서 제공되는
+Nexus 기기용 최신 바이너리 드라이버에 포함되어 있습니다.
</p>
<h3 id="eopv-in-nvidia-camera-driver">NVIDIA
카메라 드라이버의 권한 승격 취약성</h3>
@@ -1333,8 +1346,9 @@ NVIDIA 카메라 드라이버의 권한 승격 취약성으로 인해
</tbody></table>
<p>
* 이 문제를 해결하기 위한 패치는 공개되어 있지 않습니다. 업데이트는
-<a href="https://developers.google.com/android/nexus/drivers">Google 개발자 사이트</a>에서 제공되는 Nexus 기기용 최신 바이너리
-드라이버에 포함되어 있습니다.
+<a href="https://developers.google.com/android/nexus/drivers">Google 개발자
+사이트</a>에서 제공되는
+Nexus 기기용 최신 바이너리 드라이버에 포함되어 있습니다.
</p>
<h3 id="eopv-in-system_server">시스템 서버의 권한 승격 취약성</h3>
<p>
@@ -1367,8 +1381,9 @@ NVIDIA 카메라 드라이버의 권한 승격 취약성으로 인해
</tbody></table>
<p>
* 이 문제를 해결하기 위한 패치는 공개되어 있지 않습니다. 업데이트는
-<a href="https://developers.google.com/android/nexus/drivers">Google 개발자 사이트</a>에서 제공되는 Nexus 기기용 최신 바이너리
-드라이버에 포함되어 있습니다.
+<a href="https://developers.google.com/android/nexus/drivers">Google 개발자
+사이트</a>에서 제공되는
+Nexus 기기용 최신 바이너리 드라이버에 포함되어 있습니다.
</p>
<h3 id="eopv-in-qualcomm-wi-fi-driver">Qualcomm
Wi-Fi 드라이버의 권한 승격 취약성</h3>
@@ -1454,7 +1469,8 @@ Qualcomm Wi-Fi 드라이버의 권한 승격 취약성으로 인해
<td>Google 사내용</td>
</tr>
</tbody></table>
-<h3 id="information-disclosure-vulnerability-in-kernel-ion-subsystem">커널 ION 하위 시스템의 정보 공개 취약성</h3>
+<h3 id="information-disclosure-vulnerability-in-kernel-ion-subsystem">커널 ION
+하위 시스템의 정보 공개 취약성</h3>
<p>
커널 ION 하위 시스템의 정보 공개 취약성으로 인해 로컬 악성 애플리케이션이
권한 수준을 벗어난 데이터에 액세스할 수 있습니다.
@@ -1515,8 +1531,9 @@ NVIDIA GPU 드라이버의 정보 공개 취약성으로 인해 로컬 악성
</tbody></table>
<p>
* 이 문제를 해결하기 위한 패치는 공개되어 있지 않습니다. 업데이트는
-<a href="https://developers.google.com/android/nexus/drivers">Google 개발자 사이트</a>에서 제공되는 Nexus 기기용 최신 바이너리
-드라이버에 포함되어 있습니다.
+<a href="https://developers.google.com/android/nexus/drivers">Google 개발자
+사이트</a>에서 제공되는
+Nexus 기기용 최신 바이너리 드라이버에 포함되어 있습니다.
</p>
<h3 id="eopv-in-qualcomm-character-driver">Qualcomm
캐릭터 드라이버의 권한 승격 취약성</h3>
@@ -1608,8 +1625,9 @@ Motorola USBNet 드라이버의 정보 공개 취약성으로 인해 로컬 악
</tbody></table>
<p>
* 이 문제를 해결하기 위한 패치는 공개되어 있지 않습니다. 업데이트는
-<a href="https://developers.google.com/android/nexus/drivers">Google 개발자 사이트</a>에서 제공되는 Nexus 기기용 최신 바이너리
-드라이버에 포함되어 있습니다.
+<a href="https://developers.google.com/android/nexus/drivers">Google 개발자
+사이트</a>에서 제공되는
+Nexus 기기용 최신 바이너리 드라이버에 포함되어 있습니다.
</p>
<h3 id="information-disclosure-vulnerability-in-qualcomm-components">Qualcomm
구성요소의 정보 공개 취약성</h3>
@@ -1676,8 +1694,9 @@ Motorola USBNet 드라이버의 정보 공개 취약성으로 인해 로컬 악
</tbody></table>
<p>
* 이 문제를 해결하기 위한 패치는 공개되어 있지 않습니다. 업데이트는
-<a href="https://developers.google.com/android/nexus/drivers">Google 개발자 사이트</a>에서 제공되는 Nexus 기기용 최신 바이너리
-드라이버에 포함되어 있습니다.
+<a href="https://developers.google.com/android/nexus/drivers">Google 개발자
+사이트</a>에서 제공되는
+Nexus 기기용 최신 바이너리 드라이버에 포함되어 있습니다.
</p>
<h3 id="information-disclosure-vulnerability-in-kernel-components">커널
구성요소의 정보 공개 취약성</h3>
@@ -1731,8 +1750,9 @@ Binder, 동기화, 블루투스, 사운드 드라이버를 포함한 커널 구
</tbody></table>
<p>
* 이 문제를 해결하기 위한 패치는 공개되어 있지 않습니다. 업데이트는
-<a href="https://developers.google.com/android/nexus/drivers">Google 개발자 사이트</a>에서 제공되는 Nexus 기기용 최신 바이너리
-드라이버에 포함되어 있습니다.
+<a href="https://developers.google.com/android/nexus/drivers">Google 개발자
+사이트</a>에서 제공되는
+Nexus 기기용 최신 바이너리 드라이버에 포함되어 있습니다.
</p>
<h3 id="information-disclosure-vulnerability-in-nvidia-profiler">NVIDIA
프로파일러의 정보 공개 취약성</h3>
@@ -1782,8 +1802,9 @@ NVIDIA 프로파일러의 정보 공개 취약성으로 인해 로컬 악성 애
</tbody></table>
<p>
* 이 문제를 해결하기 위한 패치는 공개되어 있지 않습니다. 업데이트는
-<a href="https://developers.google.com/android/nexus/drivers">Google 개발자 사이트</a>에서 제공되는 Nexus 기기용 최신 바이너리
-드라이버에 포함되어 있습니다.
+<a href="https://developers.google.com/android/nexus/drivers">Google 개발자
+사이트</a>에서 제공되는
+Nexus 기기용 최신 바이너리 드라이버에 포함되어 있습니다.
</p>
<h3 id="information-disclosure-vulnerability-in-kernel">커널의
정보 공개 취약성</h3>
@@ -1815,8 +1836,9 @@ NVIDIA 프로파일러의 정보 공개 취약성으로 인해 로컬 악성 애
</tbody></table>
<p>
* 이 문제를 해결하기 위한 패치는 공개되어 있지 않습니다. 업데이트는
-<a href="https://developers.google.com/android/nexus/drivers">Google 개발자 사이트</a>에서 제공되는 Nexus 기기용 최신 바이너리
-드라이버에 포함되어 있습니다.
+<a href="https://developers.google.com/android/nexus/drivers">Google 개발자
+사이트</a>에서 제공되는
+Nexus 기기용 최신 바이너리 드라이버에 포함되어 있습니다.
</p>
<h3 id="dosv-in-kernel-networking-subsystem">커널 네트워크 하위 시스템의
서비스 거부(DoS) 취약성</h3>
@@ -1879,8 +1901,9 @@ TCP 연결의 액세스를 차단하고 일시적인 원격 서비스 거부를
</tbody></table>
<p>
* 이 문제를 해결하기 위한 패치는 공개되어 있지 않습니다. 업데이트는
-<a href="https://developers.google.com/android/nexus/drivers">Google 개발자 사이트</a>에서 제공되는 Nexus 기기용 최신 바이너리
-드라이버에 포함되어 있습니다.
+<a href="https://developers.google.com/android/nexus/drivers">Google 개발자
+사이트</a>에서 제공되는
+Nexus 기기용 최신 바이너리 드라이버에 포함되어 있습니다.
</p>
<h3 id="vulnerabilities-in-qualcomm-components">Qualcomm 구성요소의 취약성</h3>
<p>
@@ -1958,7 +1981,7 @@ TCP 연결의 액세스를 차단하고 일시적인 원격 서비스 거부를
</tbody></table>
<h2 id="common-questions-and-answers">일반적인 질문 및 답변</h2>
<p>
-이 섹션에서는 게시판을 읽은 뒤 제기될 수 있는 일반적인 질문에 대한 답변을 제시합니다.
+이 섹션에서는 게시판을 읽은 뒤 제기될 수 있는 일반적인 질문의 답변을 제시합니다.
</p>
<p>
<strong>1. 내 기기가 업데이트되어 이 문제가 해결되었는지 어떻게 알 수 있나요?
@@ -2010,17 +2033,17 @@ TCP 연결의 액세스를 차단하고 일시적인 원격 서비스 거부를
<li><strong>일부 Nexus 기기</strong>: 문제가 일부 Nexus 기기에 영향을 미치는 경우,
영향을 받는 Nexus 기기가 <em>업데이트된 Nexus 기기</em> 열에
표시됩니다.</li>
- <li><strong>Nexus 기기 해당 없음</strong>: 문제가 Android 7.0 이상을 실행하는 Nexus 기기에
- 영향을 미치지 않는 경우, 표의 <em>업데이트된 Nexus 기기</em> 열에
- '없음'이라고 표시됩니다.</li>
+ <li><strong>Nexus 기기 해당 없음</strong>: 문제가 Android 7.0 이상을 실행하는
+ Nexus 기기에 영향을 미치지 않는 경우, 표의 <em>업데이트된 Nexus
+ 기기</em> 열에 '없음'이라고 표시됩니다.</li>
</ul>
<p>
<strong>4. 참조 열의 항목이 매핑하는 대상은 무엇인가요?</strong>
</p>
<p>
-취약성 세부정보 표의 <em>참조</em> 열에 있는 항목은 참조 값이 속한
-조직을 나타내는 접두어를 포함할 수 있습니다. 이러한 접두어는
-다음과 같이 매핑됩니다.
+취약성 세부정보 표의 <em>참조</em> 열에 있는 항목은
+참조 값이 속한 조직을 나타내는 접두어를 포함할 수
+있습니다. 이 접두어는 다음과 같이 매핑됩니다.
</p>
<table>
<tbody><tr>
diff --git a/ko/security/bulletin/2016.html b/ko/security/bulletin/2016.html
index 3c44aada..c6377136 100644
--- a/ko/security/bulletin/2016.html
+++ b/ko/security/bulletin/2016.html
@@ -37,9 +37,9 @@
<tr>
<td><a href="2016-12-01.html">2016년 12월</a></td>
<td>
- <a href="/security/bulletin/2016-12-01.html?hl=ko">한국어</a> /
+ <a href="/security/bulletin/2016-12-01.html">한국어</a> /
<a href="/security/bulletin/2016-12-01.html?hl=ja">日本語</a> /
- <a href="/security/bulletin/2016-12-01.html">English</a> /
+ <a href="/security/bulletin/2016-12-01.html?hl=ko">English</a> /
<a href="/security/bulletin/2016-12-01.html?hl=ru">ру́сский</a> /
<a href="/security/bulletin/2016-12-01.html?hl=zh-cn">中文 (中国)</a> /
<a href="/security/bulletin/2016-12-01.html?hl=zh-tw">中文 (台灣)</a>
@@ -51,9 +51,9 @@
<tr>
<td><a href="/security/bulletin/2016-11-01.html">2016년 11월</a></td>
<td>
- <a href="/security/bulletin/2016-11-01.html?hl=ko">한국어</a> /
+ <a href="/security/bulletin/2016-11-01.html">한국어</a> /
<a href="/security/bulletin/2016-11-01.html?hl=ja">日本語</a> /
- <a href="/security/bulletin/2016-11-01.html">English</a> /
+ <a href="/security/bulletin/2016-11-01.html?hl=ko">English</a> /
<a href="/security/bulletin/2016-11-01.html?hl=ru">ру́сский</a> /
<a href="/security/bulletin/2016-11-01.html?hl=zh-cn">中文 (中国)</a> /
<a href="/security/bulletin/2016-11-01.html?hl=zh-tw">中文 (台灣)</a>
@@ -66,9 +66,9 @@
<tr>
<td><a href="/security/bulletin/2016-10-01.html">2016년 10월</a></td>
<td>
- <a href="/security/bulletin/2016-10-01.html?hl=ko">한국어</a> /
+ <a href="/security/bulletin/2016-10-01.html">한국어</a> /
<a href="/security/bulletin/2016-10-01.html?hl=ja">日本語</a> /
- <a href="/security/bulletin/2016-10-01.html">English</a> /
+ <a href="/security/bulletin/2016-10-01.html?hl=ko">English</a> /
<a href="/security/bulletin/2016-10-01.html?hl=ru">ру́сский</a> /
<a href="/security/bulletin/2016-10-01.html?hl=zh-cn">中文 (中国)</a> /
<a href="/security/bulletin/2016-10-01.html?hl=zh-tw">中文 (台灣)</a>
@@ -80,9 +80,9 @@
<tr>
<td><a href="/security/bulletin/2016-09-01.html">2016년 9월</a></td>
<td>
- <a href="/security/bulletin/2016-09-01.html?hl=ko">한국어</a> /
+ <a href="/security/bulletin/2016-09-01.html">한국어</a> /
<a href="/security/bulletin/2016-09-01.html?hl=ja">日本語</a> /
- <a href="/security/bulletin/2016-09-01.html">English</a> /
+ <a href="/security/bulletin/2016-09-01.html?hl=ko">English</a> /
<a href="/security/bulletin/2016-09-01.html?hl=ru">ру́сский</a> /
<a href="/security/bulletin/2016-09-01.html?hl=zh-cn">中文 (中国)</a> /
<a href="/security/bulletin/2016-09-01.html?hl=zh-tw">中文 (台灣)</a>
@@ -95,9 +95,9 @@
<tr>
<td><a href="/security/bulletin/2016-08-01.html">2016년 8월</a></td>
<td>
- <a href="/security/bulletin/2016-08-01.html?hl=ko">한국어</a> /
+ <a href="/security/bulletin/2016-08-01.html">한국어</a> /
<a href="/security/bulletin/2016-08-01.html?hl=ja">日本語</a> /
- <a href="/security/bulletin/2016-08-01.html">English</a> /
+ <a href="/security/bulletin/2016-08-01.html?hl=ko">English</a> /
<a href="/security/bulletin/2016-08-01.html?hl=ru">ру́сский</a> /
<a href="/security/bulletin/2016-08-01.html?hl=zh-cn">中文 (中国)</a> /
<a href="/security/bulletin/2016-08-01.html?hl=zh-tw">中文 (台灣)</a>
@@ -109,9 +109,9 @@
<tr>
<td><a href="/security/bulletin/2016-07-01.html">2016년 7월</a></td>
<td>
- <a href="/security/bulletin/2016-07-01.html?hl=ko">한국어</a> /
+ <a href="/security/bulletin/2016-07-01.html">한국어</a> /
<a href="/security/bulletin/2016-07-01.html?hl=ja">日本語</a> /
- <a href="/security/bulletin/2016-07-01.html">English</a> /
+ <a href="/security/bulletin/2016-07-01.html?hl=ko">English</a> /
<a href="/security/bulletin/2016-07-01.html?hl=ru">ру́сский</a> /
<a href="/security/bulletin/2016-07-01.html?hl=zh-cn">中文 (中国)</a> /
<a href="/security/bulletin/2016-07-01.html?hl=zh-tw">中文 (台灣)</a>
@@ -123,9 +123,9 @@
<tr>
<td><a href="/security/bulletin/2016-06-01.html">2016년 6월</a></td>
<td>
- <a href="/security/bulletin/2016-06-01.html?hl=ko">한국어</a> /
+ <a href="/security/bulletin/2016-06-01.html">한국어</a> /
<a href="/security/bulletin/2016-06-01.html?hl=ja">日本語</a> /
- <a href="/security/bulletin/2016-06-01.html">English</a> /
+ <a href="/security/bulletin/2016-06-01.html?hl=ko">English</a> /
<a href="/security/bulletin/2016-06-01.html?hl=ru">ру́сский</a> /
<a href="/security/bulletin/2016-06-01.html?hl=zh-cn">中文 (中国)</a> /
<a href="/security/bulletin/2016-06-01.html?hl=zh-tw">中文 (台灣)</a>
@@ -136,9 +136,9 @@
<tr>
<td><a href="/security/bulletin/2016-05-01.html">2016년 5월</a></td>
<td>
- <a href="/security/bulletin/2016-05-01.html?hl=ko">한국어</a> /
+ <a href="/security/bulletin/2016-05-01.html">한국어</a> /
<a href="/security/bulletin/2016-05-01.html?hl=ja">日本語</a> /
- <a href="/security/bulletin/2016-05-01.html">English</a> /
+ <a href="/security/bulletin/2016-05-01.html?hl=ko">English</a> /
<a href="/security/bulletin/2016-05-01.html?hl=ru">ру́сский</a> /
<a href="/security/bulletin/2016-05-01.html?hl=zh-cn">中文 (中国)</a> /
<a href="/security/bulletin/2016-05-01.html?hl=zh-tw">中文 (台灣)</a>
@@ -149,9 +149,9 @@
<tr>
<td><a href="/security/bulletin/2016-04-02.html">2016년 4월</a></td>
<td>
- <a href="/security/bulletin/2016-04-01.html?hl=ko">한국어</a> /
+ <a href="/security/bulletin/2016-04-02.html">한국어</a> /
<a href="/security/bulletin/2016-04-01.html?hl=ja">日本語</a> /
- <a href="/security/bulletin/2016-04-02.html">English</a> /
+ <a href="/security/bulletin/2016-04-01.html?hl=ko">English</a> /
<a href="/security/bulletin/2016-04-01.html?hl=ru">ру́сский</a> /
<a href="/security/bulletin/2016-04-01.html?hl=zh-cn">中文 (中国)</a> /
<a href="/security/bulletin/2016-04-01.html?hl=zh-tw">中文 (台灣)</a>
@@ -162,9 +162,9 @@
<tr>
<td><a href="/security/bulletin/2016-03-01.html">2016년 3월</a></td>
<td>
- <a href="/security/bulletin/2016-03-01.html?hl=ko">한국어</a> /
+ <a href="/security/bulletin/2016-03-01.html">한국어</a> /
<a href="/security/bulletin/2016-03-01.html?hl=ja">日本語</a> /
- <a href="/security/bulletin/2016-03-01.html">English</a> /
+ <a href="/security/bulletin/2016-03-01.html?hl=ko">English</a> /
<a href="/security/bulletin/2016-03-01.html?hl=ru">ру́сский</a> /
<a href="/security/bulletin/2016-03-01.html?hl=zh-cn">中文 (中国)</a> /
<a href="/security/bulletin/2016-03-01.html?hl=zh-tw">中文 (台灣)</a>
@@ -175,9 +175,9 @@
<tr>
<td><a href="/security/bulletin/2016-02-01.html">2016년 2월</a></td>
<td>
- <a href="/security/bulletin/2016-02-01.html?hl=ko">한국어</a> /
+ <a href="/security/bulletin/2016-02-01.html">한국어</a> /
<a href="/security/bulletin/2016-02-01.html?hl=ja">日本語</a> /
- <a href="/security/bulletin/2016-02-01.html">English</a> /
+ <a href="/security/bulletin/2016-02-01.html?hl=ko">English</a> /
<a href="/security/bulletin/2016-02-01.html?hl=ru">ру́сский</a> /
<a href="/security/bulletin/2016-02-01.html?hl=zh-cn">中文 (中国)</a> /
<a href="/security/bulletin/2016-02-01.html?hl=zh-tw">中文 (台灣)</a>
@@ -188,9 +188,9 @@
<tr>
<td><a href="/security/bulletin/2016-01-01.html">2016년 1월</a></td>
<td>
- <a href="/security/bulletin/2016-01-01.html?hl=ko">한국어</a> /
+ <a href="/security/bulletin/2016-01-01.html">한국어</a> /
<a href="/security/bulletin/2016-01-01.html?hl=ja">日本語</a> /
- <a href="/security/bulletin/2016-01-01.html">English</a> /
+ <a href="/security/bulletin/2016-01-01.html?hl=ko">English</a> /
<a href="/security/bulletin/2016-01-01.html?hl=ru">ру́сский</a> /
<a href="/security/bulletin/2016-01-01.html?hl=zh-cn">中文 (中国)</a> /
<a href="/security/bulletin/2016-01-01.html?hl=zh-tw">中文 (台灣)</a>
diff --git a/ko/security/bulletin/2017-01-01.html b/ko/security/bulletin/2017-01-01.html
index 73e55bdd..051efdc9 100644
--- a/ko/security/bulletin/2017-01-01.html
+++ b/ko/security/bulletin/2017-01-01.html
@@ -38,23 +38,24 @@ Google 기기 보안 업데이트가 출시되었습니다. Google 기기 펌웨
<p>이 중 가장 심각한 문제는 미디어 파일을 처리할 때
이메일, 웹 탐색, MMS 등 여러 방법을 통해 대상 기기에서
-원격으로 코드를 실행할 수 있게 하는 심각한 보안 취약성입니다. <a href="/security/overview/updates-resources.html#severity">심각도 평가</a>는
+원격으로 코드를 실행할 수 있게 하는 심각한 보안 취약성입니다. <a href="/security/overview/updates-resources.html#severity">심각도
+평가</a>는
개발 목적으로 플랫폼 및 서비스 완화를 사용할 수 없거나
-우회에 성공한 경우 취약성 악용으로 인해 대상 기기가 받는 영향을
-기준으로 내려집니다.</p>
+우회에 성공한 경우 취약성 악용으로 인해 대상 기기가
+받는 영향을 기준으로 내려집니다.</p>
<p>실제 고객이 새로 보고된 이러한 문제로 인해 악용당했다는 신고는
-접수되지 않았습니다. <a href="https://developer.android.com/training/safetynet/index.html">SafetyNet</a>과 같이 Android 플랫폼의 보안을
-개선하는 <a href="/security/enhancements/index.html">Android 보안 플랫폼 보호</a> 및
-서비스 보호 기능에 관해 자세히 알아보려면
-<a href="#mitigations">Android 및 Google 서비스 완화</a> 섹션을 참조하세요.</p>
+접수되지 않았습니다. <a href="https://developer.android.com/training/safetynet/index.html">SafetyNet</a>과 같이 Android 플랫폼의 보안을 개선하는
+<a href="/security/enhancements/index.html">Android 보안 플랫폼 보호</a> 및 서비스 보호 기능에 관해 자세히 알아보려면
+<a href="#mitigations">Android 및 Google 서비스
+완화</a> 섹션을 참조하세요.</p>
<p>모든 고객은 기기에서 이 업데이트를 수락하는 것이 좋습니다.</p>
<h2 id="announcements">공지사항</h2>
<ul>
- <li>이 게시판에는 Android 파트너가 모든 Android 기기에서 유사하게 발생하는
- 취약성 문제의 일부를 더욱 빠르고 유연하게 해결하기 위한
+ <li>이 게시판에는 Android 파트너가 모든 Android 기기에서 유사하게
+ 발생하는 취약성 문제의 일부를 더욱 빠르고 유연하게 해결하기 위한
두 가지 보안 패치 수준 문자열이 포함되어 있습니다. 자세한 내용은 <a href="#common-questions-and-answers">일반적인 질문 및 답변</a>을
참조하세요.
<ul>
@@ -95,11 +96,11 @@ Google 기기 보안 업데이트가 출시되었습니다. Google 기기 펌웨
있으며 Google Play 외부에서 애플리케이션을 설치하는 사용자에게 특히 중요합니다. Google
Play 내에서 기기 루팅 도구는 금지되어 있지만
사용자가 감지된 루팅 애플리케이션을 설치하려 하면 출처에 상관없이
- 앱 인증이 경고를 표시합니다. 또한 앱 인증은
+ 앱 인증이 경고를 표시합니다. 또한 앱 인증에서는
권한 승격 취약성을 악용하는 것으로 알려진 악성 애플리케이션을
식별하고 차단합니다. 이러한 애플리케이션이 이미 설치된 경우 앱 인증에서 사용자에게
이를 알리고 감지된 애플리케이션을 삭제하려고 시도합니다.</li>
- <li>Google 행아웃과 메신저 애플리케이션은 미디어 서버와 같은 프로세스에
+ <li>Google 행아웃과 메신저 애플리케이션에서는 미디어 서버와 같은 프로세스에
미디어를 자동으로 전달하지 않습니다.</li>
</ul>
<h2 id="acknowledgements">감사의 말씀</h2>
@@ -111,7 +112,7 @@ Google 기기 보안 업데이트가 출시되었습니다. Google 기기 펌웨
Daxing Guo(<a href="https://twitter.com/freener0">@freener0</a>): CVE-2017-0386</li>
<li><a href="mailto:derrek.haxx@gmail.com">derrek</a>(<a href="https://twitter.com/derrekr6">@derrekr6</a>): CVE-2017-0392</li>
<li>Tencent KeenLab(<a href="https://twitter.com/keen_lab">@keen_lab</a>)의
- Di Shen (<a href="https://twitter.com/returnsme">@returnsme</a>): CVE-2016-8412,
+Di Shen(<a href="https://twitter.com/returnsme">@returnsme</a>): CVE-2016-8412,
CVE-2016-8444, CVE-2016-8427, CVE-2017-0403</li>
<li>Shellphish Grill Team의 donfos(Aravind Machiry), UC Santa Barbara:
CVE-2016-8448, CVE-2016-8470, CVE-2016-8471, CVE-2016-8472</li>
@@ -121,7 +122,7 @@ Google 기기 보안 업데이트가 출시되었습니다. Google 기기 펌웨
<a href="http://weibo.com/jfpan">pjf</a>: CVE-2016-8464</li>
<li>Google WebM팀: CVE-2017-0393</li>
<li><a href="http://www.360.com">Qihoo 360 Technology Co. Ltd.</a> Alpha Team의
- Guang Gong (龚广)(<a href="http://twitter.com/oldfresher">@oldfresher</a>):
+Guang Gong(龚广)(<a href="http://twitter.com/oldfresher">@oldfresher</a>):
CVE-2017-0387</li>
<li>Qihoo 360 Technology Co. Ltd Alpha Team의 Hao Chen, Guang Gong:
CVE-2016-8415, CVE-2016-8454, CVE-2016-8455, CVE-2016-8456, CVE-2016-8457,
@@ -140,12 +141,13 @@ Google 기기 보안 업데이트가 출시되었습니다. Google 기기 펌웨
<li>Trend Micro Mobile Threat Research Team의
Seven Shen(<a href="https://twitter.com/lingtongshen">@lingtongshen</a>): CVE-2016-8466</li>
<li>Stephen Morrow: CVE-2017-0389</li>
- <li><a href="http://www.trendmicro.com">Trend Micro</a> Mobile Threat
- Research Team의 V.E.O(<a href="https://twitter.com/vysea">@VYSEa</a>):
+ <li><a href="http://www.trendmicro.com">Trend Micro</a> Mobile Threat Research Team의
+ V.E.O(<a href="https://twitter.com/vysea">@VYSEa</a>):
CVE-2017-0381</li>
<li>Alibaba Inc.의 Weichao Sun(<a href="https://twitter.com/sunblate">@sunblate</a>):
CVE-2017-0391</li>
- <li><a href="http://c0reteam.org">C0RE Team</a>의 <a href="mailto:vancouverdou@gmail.com">Wenke Dou</a>, Chiachih Wu(<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), Xuxian Jiang: CVE-2017-0402, CVE-2017-0398</li>
+ <li><a href="http://c0reteam.org">C0RE Team</a>의 <a href="mailto:vancouverdou@gmail.com">Wenke Dou</a>, Chiachih Wu(<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>),
+Xuxian Jiang: CVE-2017-0402, CVE-2017-0398</li>
<li><a href="http://c0reteam.org">C0RE Team</a>의 <a href="mailto:vancouverdou@gmail.com">Wenke Dou</a>, <a href="mailto:arnow117@gmail.com">Hanxiang Wen</a>, Chiachih Wu(<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), Xuxian Jiang: CVE-2017-0400</li>
<li><a href="http://c0reteam.org">C0RE Team</a>의 <a href="mailto:vancouverdou@gmail.com">Wenke Dou</a>, <a href="mailto:hlhan@bupt.edu.cn">Hongli Han</a>, Chiachih Wu(<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), Xuxian Jiang: CVE-2017-0384, CVE-2017-0385</li>
<li><a href="http://c0reteam.org">C0RE Team</a>의 <a href="mailto:vancouverdou@gmail.com">Wenke Dou</a>, Yuqi Lu(<a href="https://twitter.com/nikos233__">@nikos233</a>), Chiachih Wu(<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), Xuxian Jiang: CVE-2017-0401</li>
@@ -159,7 +161,7 @@ Google 기기 보안 업데이트가 출시되었습니다. Google 기기 펌웨
<li>Tencent Security Platform Department의
Yuxiang Li(<a href="https://twitter.com/xbalien29">@Xbalien29</a>): CVE-2017-0395</li>
<li><a href="http://www.cmcm.com/">Cheetah Mobile</a> Security Research Lab의
- Zhanpeng Zhao (行之)(<a href="https://twitter.com/0xr0ot">@0xr0ot</a>):
+Zhanpeng Zhao(行之)(<a href="https://twitter.com/0xr0ot">@0xr0ot</a>):
CVE-2016-8451</li>
</ul>
<p>이 게시판 제작에 참여해 주신 다음 연구원분들께도
@@ -366,7 +368,7 @@ libnl 라이브러리의 권한 승격 취약성으로 인해 로컬 악성 애
<p>
미디어 서버의 권한 승격 취약성으로 인해 로컬 악성 애플리케이션이
권한이 설정된 절차의 컨텍스트 내에서 임의의 코드를 실행할 수
-있습니다. 이 문제는 보통 타사 애플리케이션이 액세스할 수 없는 승격된
+있습니다. 이 문제는 보통 타사 애플리케이션에 액세스할 수 없는 승격된
권한으로의 로컬 액세스를 부여하는 데 사용될 수 있으므로 심각도 높음으로
평가됩니다.
</p>
@@ -861,7 +863,7 @@ QC-CR#1000546</a></td>
권한 승격 취약성</h3>
<p>
NVIDIA GPU 드라이버의 권한 승격 취약성으로 인해
-로컬 악성 애플리케이션이 커널의 컨텍스트 내에서 임의의 코드를
+로컬 악성 애플리케이션이 커널 컨텍스트 내에서 임의의 코드를
실행할 수 있습니다. 이 문제는 영구적인
로컬 기기 손상을 일으킬 가능성이 있으므로 심각도 심각으로 평가되며,
기기를 수리하려면 운영체제를 재설치해야 할 수도 있습니다.
@@ -1047,7 +1049,7 @@ QC-CR#1081855</a></td>
권한 승격 취약성</h3>
<p>
NVIDIA GPU 드라이버의 권한 승격 취약성으로 인해
-로컬 악성 애플리케이션이 커널의 컨텍스트 내에서 임의의 코드를
+로컬 악성 애플리케이션이 커널 컨텍스트 내에서 임의의 코드를
실행할 수 있습니다. 이 문제는 영구적인
로컬 기기 손상을 일으킬 가능성이 있으므로 심각도 심각으로 평가되며,
기기를 수리하려면 운영체제를 재설치해야 할 수도 있습니다.
@@ -1342,9 +1344,9 @@ QC-CR#1071891</a></td>
권한 승격 취약성</h3>
<p>
Qualcomm Wi-Fi 드라이버의 권한 승격 취약성으로 인해
-로컬 악성 애플리케이션이 커널 컨텍스트 내에서 임의의 코드를 실행할 수
-있습니다. 이 문제는 먼저 권한이 설정된 프로세스에 침투해야만 실행
-가능하므로 심각도 높음으로 평가됩니다.
+로컬 악성 애플리케이션이 커널 컨텍스트 내에서 임의의 코드를
+실행할 수 있습니다. 이 문제는 먼저 권한이 설정된 프로세스에
+침투해야만 실행 가능하므로 심각도 높음으로 평가됩니다.
</p>
<table>
@@ -1414,7 +1416,7 @@ NVIDIA GPU 드라이버의 권한 승격 취약성으로 인해
<p>
Qualcomm 사운드 드라이버의 권한 승격 취약성으로 인해
로컬 악성 애플리케이션이 커널 컨텍스트 내에서 임의의 코드를
-실행할 수 있습니다. 이 문제는 먼저 권한이 설정된 절차에 침투해야만 실행
+실행할 수 있습니다. 이 문제는 먼저 권한이 설정된 프로세스에 침투해야만 실행
가능하므로 심각도 높음으로 평가됩니다.
</p>
@@ -1446,8 +1448,8 @@ QC-CR#880388</a></td>
권한 승격 취약성</h3>
<p>
Synaptics 터치스크린 드라이버의 권한 승격 취약성으로 인해
-로컬 악성 애플리케이션이 커널의 컨텍스트 내에서 임의의 코드를
-실행할 수 있습니다. 이 문제는 먼저 권한이 설정된 프로세스에 침투해야만 실행
+로컬 악성 애플리케이션이 커널 컨텍스트 내에서 임의의 코드를
+실행할 수 있습니다. 이 문제는 먼저 권한이 설정된 절차에 침투해야만 실행
가능하므로 심각도 높음으로 평가됩니다.
</p>
@@ -1520,7 +1522,7 @@ Synaptics 터치스크린 드라이버의 권한 승격 취약성으로 인해
권한 승격 취약성</h3>
<p>
커널 성능 하위 시스템의 권한 승격 취약성으로 인해 로컬 악성 애플리케이션이
-커널 컨텍스트 내에서 임의의 코드를 실행할 수 있습니다. 이 문제는 먼저 권한이 설정된 절차에 침투해야만 실행
+커널 컨텍스트 내에서 임의의 코드를 실행할 수 있습니다. 이 문제는 먼저 권한이 설정된 프로세스에 침투해야만 실행
가능하므로 심각도 높음으로 평가됩니다.
</p>
@@ -1558,8 +1560,8 @@ Player, Pixel, Pixel XL</td>
<p>
커널 사운드 하위 시스템의 권한 승격 취약성으로 인해
로컬 악성 애플리케이션이 커널 컨텍스트 내에서 임의의 코드를
-실행할 수 있습니다. 이 문제는 먼저 권한이 설정된 절차에 침투해야만 실행
-가능하므로 심각도 높음으로 평가됩니다.
+실행할 수 있습니다. 이 문제는 먼저 권한이 설정된
+프로세스에 침투해야만 실행 가능하므로 심각도 높음으로 평가됩니다.
</p>
<table>
@@ -1595,9 +1597,9 @@ XL</td>
권한 승격 취약성</h3>
<p>
Qualcomm Wi-Fi 드라이버의 권한 승격 취약성으로 인해
-로컬 악성 애플리케이션이 커널 컨텍스트 내에서 임의의 코드를 실행할 수
-있습니다. 이 문제는 먼저 권한이 설정된 프로세스에 침투해야만 실행
-가능하므로 심각도 높음으로 평가됩니다.
+로컬 악성 애플리케이션이 커널 컨텍스트 내에서 임의의 코드를
+실행할 수 있습니다. 이 문제는 먼저 권한이 설정된 프로세스에
+침투해야만 실행 가능하므로 심각도 높음으로 평가됩니다.
</p>
<table>
@@ -1696,7 +1698,7 @@ Player</td>
<p>
Broadcom Wi-Fi 드라이버의 권한 승격 취약성으로 인해
로컬 악성 애플리케이션이 커널 컨텍스트 내에서 임의의 코드를 실행할 수
-있습니다. 이 문제는 먼저 권한이 설정된 절차에 침투해야만 실행
+있습니다. 이 문제는 먼저 권한이 설정된 프로세스에 침투해야만 실행
가능하므로 심각도 높음으로 평가됩니다.
</p>
@@ -1766,8 +1768,8 @@ Broadcom Wi-Fi 드라이버의 권한 승격 취약성으로 인해
권한 승격 취약성</h3>
<p>
Synaptics 터치스크린 드라이버의 권한 승격 취약성으로 인해
-로컬 악성 애플리케이션이 커널의 컨텍스트 내에서 임의의 코드를
-실행할 수 있습니다. 이 문제는 먼저 권한이 설정된 프로세스에 침투해야만 실행
+로컬 악성 애플리케이션이 커널 컨텍스트 내에서 임의의 코드를
+실행할 수 있습니다. 이 문제는 먼저 권한이 설정된 절차에 침투해야만 실행
가능하므로 심각도 높음으로 평가됩니다.
</p>
@@ -1958,8 +1960,8 @@ QC-CR#586855</a></td>
권한 승격 취약성</h3>
<p>
Broadcom Wi-Fi 드라이버의 권한 승격 취약성으로 인해
-로컬 악성 애플리케이션이 커널 컨텍스트 내에서 임의의 코드를 실행할 수
-있습니다. 이 문제는 먼저 권한이 설정된 절차에 침투해야만
+로컬 악성 애플리케이션이 커널 컨텍스트 내에서 임의의 코드를
+실행할 수 있습니다. 이 문제는 먼저 권한이 설정된 절차에 침투해야만
실행 가능하며 현재 플랫폼 구성으로 완화할 수 있으므로
심각도 보통으로 평가됩니다.
</p>
@@ -2324,7 +2326,7 @@ HTC 인풋 드라이버의 정보 공개 취약성으로 인해 로컬 악성
</tbody></table>
<h2 id="common-questions-and-answers">일반적인 질문 및 답변</h2>
-<p>이 섹션에서는 게시판을 읽은 뒤 제기될 수 있는 일반적인 질문에 대한 답변을 제시합니다.</p>
+<p>이 섹션에서는 게시판을 읽은 뒤 제기될 수 있는 일반적인 질문의 답변을 제시합니다.</p>
<p><strong>1. 내 기기가 업데이트되어 이 문제가 해결되었는지 어떻게 알 수 있나요?
</strong></p>
@@ -2347,7 +2349,8 @@ HTC 인풋 드라이버의 정보 공개 취약성으로 인해 로컬 악성
<p><strong>2. 이 게시판에 두 가지 보안 패치 수준이 있는 이유가 무엇인가요?</strong></p>
<p>이 게시판에는 Android 파트너가 모든 Android 기기에서 유사하게 발생하는
-취약성 문제의 일부를 더욱 빠르고 유연하게 해결하도록 하기 위해 두 가지 보안 패치 수준이 포함되어 있습니다. Android 파트너는 이 게시판에 언급된 문제를 모두 수정하고
+취약성 문제의 일부를 더욱 빠르고 유연하게 해결하기 위한
+두 가지 보안 패치 수준이 포함되어 있습니다. Android 파트너는 이 게시판에 언급된 문제를 모두 수정하고
최신 보안 패치 수준을 사용하는 것이 좋습니다.</p>
<ul>
<li>2017년 1월 1일 보안 패치 수준을 사용하는 기기는 이 보안 패치 수준과
@@ -2369,9 +2372,9 @@ HTC 인풋 드라이버의 정보 공개 취약성으로 인해 로컬 악성
<ul>
<li><strong>모든 Google 기기</strong>: 문제가 모든 Google 기기 및 Pixel 기기에
영향을 미치는 경우, 표의 <em>업데이트된 Google 기기</em> 열에
- '모두'라고 표시됩니다. '모두'에는 다음과 같은 <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">지원되는 기기</a>가 포함됩니다.
- Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Android One, Nexus Player,
- Pixel C, Pixel, Pixel XL.</li>
+ '모두'라고 표시됩니다. '모두'에는 다음과 같은 <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">지원되는
+ 기기</a>가 포함됩니다. Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Android One,
+ Nexus Player, Pixel C, Pixel, Pixel XL</li>
<li><strong>일부 Google 기기</strong>: 문제가 일부 Google 기기에 영향을 미치는 경우,
영향을 받는 Google 기기가 <em>업데이트된 Google 기기</em> 열에
표시됩니다.</li>
@@ -2381,9 +2384,9 @@ HTC 인풋 드라이버의 정보 공개 취약성으로 인해 로컬 악성
</ul>
<p><strong>4. 참조 열의 항목이 매핑하는 대상은 무엇인가요?</strong></p>
-<p>취약성 세부정보 표의 <em>참조</em> 열에 있는 항목은 참조 값이 속한
-조직을 나타내는 접두어를 포함할 수 있습니다. 이러한 접두어는
-다음과 같이 매핑됩니다.</p>
+<p>취약성 세부정보 표의 <em>참조</em> 열에 있는 항목은
+참조 값이 속한 조직을 나타내는 접두어를 포함할 수
+있습니다. 이 접두어는 다음과 같이 매핑됩니다.</p>
<table>
<tbody><tr>
diff --git a/ko/security/bulletin/2017-03-01.html b/ko/security/bulletin/2017-03-01.html
index 5ccfa027..a1a5ec63 100644
--- a/ko/security/bulletin/2017-03-01.html
+++ b/ko/security/bulletin/2017-03-01.html
@@ -40,9 +40,9 @@ Android 오픈소스 프로젝트(AOSP) 저장소에 배포되었으며 이 게
받는 영향을 기준으로 내려집니다.</p>
<p>실제 고객이 새로 보고된 이러한 문제로 인해 악용당했다는 신고는
접수되지 않았습니다. <a href="https://developer.android.com/training/safetynet/index.html">SafetyNet</a>과 같이
-Android 플랫폼의 보안을 개선하는 <a href="/security/enhancements/index.html">Android
-보안 플랫폼 보호</a> 및 서비스 보호 기능에 관해 자세히 알아보려면
-<a href="#mitigations">Android 및 Google 서비스 완화</a> 섹션을 참조하세요.</p>
+Android 플랫폼의 보안을 개선하는 <a href="/security/enhancements/index.html">Android 보안 플랫폼 보호</a>
+및 서비스 보호 기능에 관해 자세히 알아보려면 <a href="#mitigations">
+Android 및 Google 서비스 완화</a> 섹션을 참조하세요.</p>
<p>모든 고객은 기기에서 이 업데이트를 수락하는 것이 좋습니다.</p>
<h2 id="announcements">공지사항</h2>
<ul>
@@ -72,9 +72,9 @@ Android 플랫폼의 보안을 개선하는 <a href="/security/enhancements/inde
<li>Android 플랫폼 최신 버전의 향상된 기능으로 Android의 여러 문제를
악용하기가 더욱 어려워졌습니다. 가능하다면 모든 사용자는 최신 버전의 Android로
업데이트하는 것이 좋습니다.</li>
-<li>Android 보안팀에서는 <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_PHA_classifications.pdf">유해할 수 있는 애플리케이션</a>에 관해
-사용자에게 경고를 보내는 <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_2015_Report_Final.pdf">앱 인증 및 SafetyNet</a>을 사용하여
-악용사례를 적극적으로 모니터링합니다. 앱 인증은 <a href="http://www.android.com/gms">Google 모바일 서비스</a>가 적용된 기기에 기본적으로 사용 설정되어 있으며 Google Play 외부에서
+<li>Android 보안팀에서는 <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_PHA_classifications.pdf">유해할 수 있는 애플리케이션</a>에 관해 사용자에게
+경고를 보내는 <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_2015_Report_Final.pdf">앱 인증 및 SafetyNet</a>을 사용하여 악용사례를 적극적으로
+모니터링합니다. 앱 인증은 <a href="http://www.android.com/gms">Google 모바일 서비스</a>가 적용된 기기에 기본적으로 사용 설정되어 있으며 Google Play 외부에서
애플리케이션을 설치하는 사용자에게 특히 중요합니다. Google
Play 내에서 기기 루팅 도구는 금지되어 있지만
사용자가 감지된 루팅 애플리케이션을 설치하려 하면 출처에 상관없이
@@ -99,10 +99,10 @@ CVE-2017-0460
CVE-2016-8477, CVE-2017-0531
</li><li><a href="mailto:derrek.haxx@gmail.com">derrek</a>(<a href="https://twitter.com/derrekr6">@derrekr6</a>), <a href="mailto:sbauer@plzdonthack.me">Scott Bauer</a>(<a href="https://twitter.com/ScottyBauer1">@ScottyBauer1</a>): CVE-2017-0521
</li><li>Tencent KeenLab(<a href="https://twitter.com/keen_lab">@keen_lab</a>)의
-Di Shen(<a href="https://twitter.com/returnsme">@returnsme</a>): CVE-2017-0334,
+Di Shen (<a href="https://twitter.com/returnsme">@returnsme</a>): CVE-2017-0334,
CVE-2017-0456, CVE-2017-0457, CVE-2017-0525
-</li><li><a href="http://www.ms509.com">MS509Team</a>의 En He(<a href="https://twitter.com/heeeeen4x">@heeeeen4x</a>),
-Bo Liu: CVE-2017-0490
+</li><li><a href="http://www.ms509.com">MS509Team</a>의
+En He(<a href="https://twitter.com/heeeeen4x">@heeeeen4x</a>), Bo Liu: CVE-2017-0490
</li><li>Qihoo 360 Technology Co. Ltd. IceSword Lab의
Gengjia Chen(<a href="https://twitter.com/chengjia4574">@chengjia4574</a>),
<a href="http://weibo.com/jfpan">pjf</a>: CVE-2017-0500, CVE-2017-0501, CVE-2017-0502, CVE-2017-0503,
@@ -145,7 +145,7 @@ Seven Shen(<a href="https://twitter.com/lingtongshen">@lingtongshen</a>): CVE-20
</li><li>Google의 Svetoslav Ganov: CVE-2017-0492
</li><li><a href="http://c0reteam.org">C0RE Team</a>의 <a href="mailto:segfault5514@gmail.com">Tong Lin</a>, <a href="mailto:computernik@gmail.com">Yuan-Tsung Lo</a>, Xuxian Jiang: CVE-2017-0333
</li><li><a href="http://www.trendmicro.com">Trend Micro</a> <a href="http://blog.trendmicro.com/trendlabs-security-intelligence/category/mobile">Mobile Threat Response Team</a>의
-V.E.O(<a href="https://twitter.com/vysea">@VYSEa</a>):
+V.E.O (<a href="https://twitter.com/vysea">@VYSEa</a>):
CVE-2017-0466, CVE-2017-0467, CVE-2017-0468, CVE-2017-0469, CVE-2017-0470,
CVE-2017-0471, CVE-2017-0472, CVE-2017-0473, CVE-2017-0482, CVE-2017-0484,
CVE-2017-0485, CVE-2017-0486, CVE-2017-0487, CVE-2017-0494, CVE-2017-0495
@@ -153,10 +153,10 @@ CVE-2017-0485, CVE-2017-0486, CVE-2017-0487, CVE-2017-0494, CVE-2017-0495
Wish Wu(吴潍浠 此彼)(<a href="https://twitter.com/wish_wu">@wish_wu</a>): CVE-2017-0477
</li><li>Qihoo 360 Technology Co. Ltd. Vulpecker Team의 Yu Pan: CVE-2017-0517,
CVE-2017-0532
-</li><li><a href="http://c0reteam.org">C0RE Team</a>의 <a href="mailto:computernik@gmail.com">Yuan-Tsung Lo</a>,
-Xuxian Jiang: CVE-2017-0526, CVE-2017-0527
-</li><li><a href="http://c0reteam.org">C0RE Team</a>의 Yuqi Lu(<a href="https://twitter.com/nikos233__">@nikos233</a>), <a href="mailto:vancouverdou@gmail.com">Wenke Dou</a>, <a href="mailto:shaodacheng2016@gmail.com">Dacheng Shao</a>, Mingjian Zhou(<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), Xuxian
-Jiang: CVE-2017-0483</li>
+</li><li><a href="http://c0reteam.org">C0RE Team</a>의
+<a href="mailto:computernik@gmail.com">Yuan-Tsung Lo</a>, Xuxian Jiang: CVE-2017-0526, CVE-2017-0527
+</li><li><a href="http://c0reteam.org">C0RE Team</a>의 Yuqi Lu(<a href="https://twitter.com/nikos233__">@nikos233</a>), <a href="mailto:vancouverdou@gmail.com">Wenke Dou</a>, <a href="mailto:shaodacheng2016@gmail.com">Dacheng Shao</a>, Mingjian Zhou(<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), Xuxian Jiang
+: CVE-2017-0483</li>
<li>Qihoo 360 Technology Co. Ltd. Chengdu Security Response Center의
Zinuo Han(<a href="https://weibo.com/ele7enxxh">weibo.com/ele7enxxh</a>):
CVE-2017-0475, CVE-2017-0497
@@ -482,11 +482,11 @@ CVE-2017-0475, CVE-2017-0497
<h3 id="eop-in-audioserver">오디오 서버의 권한 승격
취약성</h3>
-<p>오디오 서버의 권한 승격 취약성으로 인해 로컬 악성 애플리케이션이
-권한이 설정된 프로세스의 컨텍스트 내에서 임의의 코드를 실행할 수
-있습니다. 이 문제는 보통 타사 애플리케이션이 액세스할 수 없는 승격된
-권한으로의 로컬 액세스 권한을 확보하는 데 사용될 수 있으므로 심각도 높음으로
-평가됩니다.</p>
+<p>오디오 서버의 권한 승격 취약성으로 인해 로컬 악성
+애플리케이션이 권한이 설정된 절차의 컨텍스트 내에서 임의의
+코드를 실행할 수 있습니다. 이 문제는 보통 타사 애플리케이션이
+액세스할 수 없는 승격된 권한으로의 로컬 액세스 권한을 확보하는 데
+사용될 수 있으므로 심각도 높음으로 평가됩니다.</p>
<table>
<colgroup><col width="18%" />
@@ -852,11 +852,11 @@ CVE-2017-0475, CVE-2017-0497
<td>2016년 9월 14일</td>
</tr>
</tbody></table>
-<p>* 이 문제를 해결하기 위한 패치는 공개되지 않습니다. 업데이트는
+<p>* 이 문제를 해결하기 위한 패치는 공개되어 있지 않습니다. 업데이트는
<a href="https://developers.google.com/android/nexus/drivers">Google 개발자 사이트</a>에서 제공되는 Google 기기용 최신 바이너리
드라이버에 포함되어 있습니다.</p>
-<p>** 지원되는 Android 7.0 이상 Google 기기에 제공된 업데이트가 모두
-설치되었다면 이러한 취약성의 영향을 받지 않습니다</p>
+<p>** 지원되는 Android 7.0 이상 Google 기기에 제공된 업데이트가 모두 설치되었다면 이러한
+취약성의 영향을 받지 않습니다.</p>
<h3 id="dos-in-mediaserver-2">미디어 서버의 서비스 거부(DoS)
취약성</h3>
@@ -960,9 +960,8 @@ Google 계정 로그인을 요구하도록 설정할 수 있습니다. 이 문
<p>다음 섹션에서는 2017-03-05 패치 수준에 적용되는
각 보안 취약성에 관해 자세히 알아볼 수 있습니다. 여기에는 문제 설명,
심각도 근거 및 CVE, 관련 참조, 심각도, 업데이트된 Google 기기, 업데이트된
-AOSP 버전(해당하는 경우), 신고된 날짜가 포함된 표가 제시됩니다. 가능한 경우
-AOSP 변경사항 목록과 같이 문제를 해결한 공개 변경사항을 버그 ID에
-연결합니다. 하나의 버그와 관련된 변경사항이 여러 개인 경우 추가
+AOSP 버전(해당하는 경우), 신고된 날짜가 포함된 표가 제시됩니다. 가능한 경우 AOSP 변경사항 목록과 같이 문제를 해결한
+공개 변경사항을 버그 ID에 연결합니다. 하나의 버그와 관련된 변경사항이 여러 개인 경우 추가
참조가 버그 ID 다음에 오는 번호에 연결되어 있습니다.</p>
<h3 id="eop-in-mediatek-components">MediaTek 구성요소의 권한 승격
@@ -1044,7 +1043,7 @@ AOSP 변경사항 목록과 같이 문제를 해결한 공개 변경사항을
<td>2016년 10월 18일</td>
</tr>
</tbody></table>
-<p>* 이 문제를 해결하기 위한 패치는 공개되지 않습니다. 업데이트는
+<p>* 이 문제를 해결하기 위한 패치는 공개되어 있지 않습니다. 업데이트는
<a href="https://developers.google.com/android/nexus/drivers">Google 개발자 사이트</a>에서 제공되는 Nexus 기기용 최신 바이너리 드라이버에
포함되어 있습니다.</p>
@@ -1054,7 +1053,7 @@ AOSP 변경사항 목록과 같이 문제를 해결한 공개 변경사항을
<h3 id="eop-in-nvidia-gpu-driver">NVIDIA GPU 드라이버의
권한 승격 취약성</h3>
<p>NVIDIA GPU 드라이버의 권한 승격 취약성으로 인해
-로컬 악성 애플리케이션이 커널의 컨텍스트 내에서 임의의 코드를
+로컬 악성 애플리케이션이 커널 컨텍스트 내에서 임의의 코드를
실행할 수 있습니다. 이 문제는 영구적인
로컬 기기 손상을 일으킬 가능성이 있으므로 심각도 심각으로 평가되며,
기기를 수리하려면 운영체제를 재설치해야 할 수도 있습니다.</p>
@@ -1113,7 +1112,7 @@ AOSP 변경사항 목록과 같이 문제를 해결한 공개 변경사항을
<td>Google 사내용</td>
</tr>
</tbody></table>
-<p>* 이 문제를 해결하기 위한 패치는 공개되지 않습니다. 업데이트는
+<p>* 이 문제를 해결하기 위한 패치는 공개되어 있지 않습니다. 업데이트는
<a href="https://developers.google.com/android/nexus/drivers">Google 개발자 사이트</a>에서 제공되는 Nexus 기기용 최신 바이너리 드라이버에
포함되어 있습니다.</p>
@@ -1155,7 +1154,7 @@ C, Pixel, Pixel XL</td>
<td>2016년 12월 28일</td>
</tr>
</tbody></table>
-<p>* 이 문제를 해결하기 위한 패치는 공개되지 않습니다. 업데이트는
+<p>* 이 문제를 해결하기 위한 패치는 공개되어 있지 않습니다. 업데이트는
<a href="https://developers.google.com/android/nexus/drivers">Google 개발자 사이트</a>에서 제공되는 Nexus 기기용 최신 바이너리 드라이버에
포함되어 있습니다.</p>
@@ -1190,12 +1189,12 @@ C, Pixel, Pixel XL</td>
<td>2016년 10월 12일</td>
</tr>
</tbody></table>
-<p>* 이 문제를 해결하기 위한 패치는 공개되지 않습니다. 업데이트는
+<p>* 이 문제를 해결하기 위한 패치는 공개되어 있지 않습니다. 업데이트는
<a href="https://developers.google.com/android/nexus/drivers">Google 개발자 사이트</a>에서 제공되는 Nexus 기기용 최신 바이너리 드라이버에
포함되어 있습니다.</p>
-<p>** 지원되는 Android 7.0 이상 Google 기기에 제공된 업데이트가 모두
-설치되었다면 이러한 취약성의 영향을 받지 않습니다</p>
+<p>** 지원되는 Android 7.0 이상 Google 기기에 제공된 업데이트가 모두 설치되었다면 이러한
+취약성의 영향을 받지 않습니다.</p>
<h3 id="eop-in-kernel-fiq-debugger">커널 FIQ 디버거의
권한 승격 취약성</h3>
@@ -1226,7 +1225,7 @@ C, Pixel, Pixel XL</td>
<td>2016년 10월 25일</td>
</tr>
</tbody></table>
-<p>* 이 문제를 해결하기 위한 패치는 공개되지 않습니다. 업데이트는
+<p>* 이 문제를 해결하기 위한 패치는 공개되어 있지 않습니다. 업데이트는
<a href="https://developers.google.com/android/nexus/drivers">Google 개발자 사이트</a>에서 제공되는 Nexus 기기용 최신 바이너리 드라이버에
포함되어 있습니다.</p>
@@ -1261,7 +1260,7 @@ C, Pixel, Pixel XL</td>
<td>2016년 9월 29일</td>
</tr>
</tbody></table>
-<p>* 이 문제를 해결하기 위한 패치는 공개되지 않습니다. 업데이트는
+<p>* 이 문제를 해결하기 위한 패치는 공개되어 있지 않습니다. 업데이트는
<a href="https://developers.google.com/android/nexus/drivers">Google 개발자 사이트</a>에서 제공되는 Nexus 기기용 최신 바이너리 드라이버에
포함되어 있습니다.</p>
@@ -1362,7 +1361,7 @@ AMSS 2016년 9월 보안 게시판에 자세히 설명되어 있습니다.</p>
</tr>
</tbody></table>
<p>* 이 취약성의 심각도 등급은 공급업체에서 결정한 것입니다.</p>
-<p>* 이 문제를 해결하기 위한 패치는 공개되지 않습니다. 업데이트는
+<p>* 이 문제를 해결하기 위한 패치는 공개되어 있지 않습니다. 업데이트는
<a href="https://developers.google.com/android/nexus/drivers">Google 개발자 사이트</a>에서 제공되는 Nexus 기기용 최신 바이너리 드라이버에
포함되어 있습니다.</p>
@@ -1373,8 +1372,8 @@ AMSS 2016년 9월 보안 게시판에 자세히 설명되어 있습니다.</p>
하위 시스템의 권한 승격 취약성</h3>
<p>커널 네트워크 하위 시스템의 권한 승격 취약성으로 인해
로컬 악성 애플리케이션이 커널 컨텍스트 내에서 임의의 코드를
-실행할 수 있습니다. 이 문제는 먼저 권한이 설정된 프로세스에
-침투해야만 실행 가능하므로 심각도 높음으로 평가됩니다.</p>
+실행할 수 있습니다. 이 문제는 먼저 권한이 설정된 프로세스에 침투해야만 실행
+가능하므로 심각도 높음으로 평가됩니다.</p>
<table>
<colgroup><col width="19%" />
@@ -1440,7 +1439,7 @@ C, Pixel, Pixel XL</td>
<td>2016년 10월 21일</td>
</tr>
</tbody></table>
-<p>* 이 문제를 해결하기 위한 패치는 공개되지 않습니다. 업데이트는
+<p>* 이 문제를 해결하기 위한 패치는 공개되어 있지 않습니다. 업데이트는
<a href="https://developers.google.com/android/nexus/drivers">Google 개발자 사이트</a>에서 제공되는 Nexus 기기용 최신 바이너리 드라이버에
포함되어 있습니다.</p>
@@ -1474,7 +1473,7 @@ C, Pixel, Pixel XL</td>
<td>2016년 10월 22일</td>
</tr>
</tbody></table>
-<p>* 이 문제를 해결하기 위한 패치는 공개되지 않습니다. 업데이트는
+<p>* 이 문제를 해결하기 위한 패치는 공개되어 있지 않습니다. 업데이트는
<a href="https://developers.google.com/android/nexus/drivers">Google 개발자 사이트</a>에서 제공되는 Nexus 기기용 최신 바이너리 드라이버에
포함되어 있습니다.</p>
@@ -1485,8 +1484,8 @@ C, Pixel, Pixel XL</td>
권한 승격 취약성</h3>
<p>Qualcomm ADSPRPC 드라이버의 권한 승격 취약성으로 인해
로컬 악성 애플리케이션이 커널 컨텍스트 내에서 임의의 코드를
-실행할 수 있습니다. 이 문제는 먼저 권한이 설정된 프로세스에
-침투해야만 실행 가능하므로 심각도 높음으로 평가됩니다.</p>
+실행할 수 있습니다. 이 문제는 먼저 권한이 설정된 프로세스에 침투해야만 실행
+가능하므로 심각도 높음으로 평가됩니다.</p>
<table>
<colgroup><col width="19%" />
@@ -1511,7 +1510,7 @@ C, Pixel, Pixel XL</td>
<td>2016년 9월 22일</td>
</tr>
</tbody></table>
-<p>* 이 문제를 해결하기 위한 패치는 공개되지 않습니다. 업데이트는
+<p>* 이 문제를 해결하기 위한 패치는 공개되어 있지 않습니다. 업데이트는
<a href="https://developers.google.com/android/nexus/drivers">Google 개발자 사이트</a>에서 제공되는 Nexus 기기용 최신 바이너리 드라이버에
포함되어 있습니다.</p>
@@ -1553,7 +1552,7 @@ C, Pixel, Pixel XL</td>
<td>2016년 10월 24일</td>
</tr>
</tbody></table>
-<p>* 이 문제를 해결하기 위한 패치는 공개되지 않습니다. 업데이트는
+<p>* 이 문제를 해결하기 위한 패치는 공개되어 있지 않습니다. 업데이트는
<a href="https://developers.google.com/android/nexus/drivers">Google 개발자 사이트</a>에서 제공되는 Nexus 기기용 최신 바이너리 드라이버에
포함되어 있습니다.</p>
@@ -1562,8 +1561,8 @@ C, Pixel, Pixel XL</td>
엔진 드라이버의 권한 승격 취약성</h3>
<p>Qualcomm 암호화 엔진 드라이버의 권한 승격 취약성으로 인해
로컬 악성 애플리케이션이 커널 컨텍스트 내에서 임의의 코드를
-실행할 수 있습니다. 이 문제는 먼저 권한이 설정된 프로세스에
-침투해야만 실행 가능하므로 심각도 높음으로 평가됩니다.</p>
+실행할 수 있습니다. 이 문제는 먼저 권한이 설정된 프로세스에 침투해야만 실행
+가능하므로 심각도 높음으로 평가됩니다.</p>
<table>
<colgroup><col width="19%" />
@@ -1658,7 +1657,7 @@ QC-CR#1097709</a></td>
<td>2016년 11월 15일</td>
</tr>
</tbody></table>
-<p>* 이 문제를 해결하기 위한 패치는 공개되지 않습니다. 업데이트는
+<p>* 이 문제를 해결하기 위한 패치는 공개되어 있지 않습니다. 업데이트는
<a href="https://developers.google.com/android/nexus/drivers">Google 개발자 사이트</a>에서 제공되는 Nexus 기기용 최신 바이너리 드라이버에
포함되어 있습니다.</p>
@@ -1669,8 +1668,8 @@ QC-CR#1097709</a></td>
권한 승격 취약성</h3>
<p>Qualcomm Wi-Fi 드라이버의 권한 승격 취약성으로 인해
로컬 악성 애플리케이션이 커널 컨텍스트 내에서 임의의 코드를
-실행할 수 있습니다. 이 문제는 먼저 권한이 설정된 프로세스에
-침투해야만 실행 가능하므로 심각도 높음으로 평가됩니다.</p>
+실행할 수 있습니다. 이 문제는 먼저 권한이 설정된 프로세스에 침투해야만 실행
+가능하므로 심각도 높음으로 평가됩니다.</p>
<table>
<colgroup><col width="19%" />
@@ -1719,7 +1718,7 @@ QC-CR#1096945</a></td>
<h3 id="eop-in-synaptics-touchscreen-driver">Synaptics 터치스크린 드라이버의
권한 승격 취약성</h3>
<p>Synaptics 터치스크린 드라이버의 권한 승격 취약성으로 인해
-로컬 악성 애플리케이션이 커널의 컨텍스트 내에서 임의의 코드를
+로컬 악성 애플리케이션이 커널 컨텍스트 내에서 임의의 코드를
실행할 수 있습니다. 이 문제는 먼저 권한이 설정된 프로세스에 침투해야만 실행
가능하므로 심각도 높음으로 평가됩니다.</p>
@@ -1744,7 +1743,7 @@ QC-CR#1096945</a></td>
<td>2016년 11월 18일</td>
</tr>
</tbody></table>
-<p>* 이 문제를 해결하기 위한 패치는 공개되지 않습니다. 업데이트는
+<p>* 이 문제를 해결하기 위한 패치는 공개되어 있지 않습니다. 업데이트는
<a href="https://developers.google.com/android/nexus/drivers">Google 개발자 사이트</a>에서 제공되는 Nexus 기기용 최신 바이너리 드라이버에
포함되어 있습니다.</p>
@@ -1786,7 +1785,7 @@ QC-CR#1096945</a></td>
<td>2016년 11월 25일</td>
</tr>
</tbody></table>
-<p>* 이 문제를 해결하기 위한 패치는 공개되지 않습니다. 업데이트는
+<p>* 이 문제를 해결하기 위한 패치는 공개되어 있지 않습니다. 업데이트는
<a href="https://developers.google.com/android/nexus/drivers">Google 개발자 사이트</a>에서 제공되는 Nexus 기기용 최신 바이너리 드라이버에
포함되어 있습니다.</p>
@@ -1795,8 +1794,8 @@ QC-CR#1096945</a></td>
권한 승격 취약성</h3>
<p>HTC 센서 허브 드라이버의 권한 승격 취약성으로 인해
로컬 악성 애플리케이션이 커널의 컨텍스트 내에서 임의의 코드를
-실행할 수 있습니다. 이 문제는 먼저 권한이 설정된 프로세스에
-침투해야만 실행 가능하므로 심각도 높음으로 평가됩니다.</p>
+실행할 수 있습니다. 이 문제는 먼저 권한이 설정된 프로세스에 침투해야만 실행
+가능하므로 심각도 높음으로 평가됩니다.</p>
<table>
<colgroup><col width="19%" />
@@ -1826,7 +1825,7 @@ QC-CR#1096945</a></td>
<td>2016년 12월 25일</td>
</tr>
</tbody></table>
-<p>* 이 문제를 해결하기 위한 패치는 공개되지 않습니다. 업데이트는
+<p>* 이 문제를 해결하기 위한 패치는 공개되어 있지 않습니다. 업데이트는
<a href="https://developers.google.com/android/nexus/drivers">Google 개발자 사이트</a>에서 제공되는 Nexus 기기용 최신 바이너리 드라이버에
포함되어 있습니다.</p>
@@ -1834,7 +1833,7 @@ QC-CR#1096945</a></td>
<h3 id="eop-in-nvidia-gpu-driver-2">NVIDIA GPU 드라이버의
권한 승격 취약성</h3>
<p>NVIDIA GPU 드라이버의 권한 승격 취약성으로 인해
-로컬 악성 애플리케이션이 커널의 컨텍스트 내에서 임의의 코드를
+로컬 악성 애플리케이션이 커널 컨텍스트 내에서 임의의 코드를
실행할 수 있습니다. 이 문제는 영구적인
로컬 기기 손상을 일으킬 가능성이 있으므로 심각도 심각으로 평가되며,
기기를 수리하려면 운영체제를 재설치해야 할 수도 있습니다.</p>
@@ -1861,7 +1860,7 @@ QC-CR#1096945</a></td>
<td>2016년 11월 28일</td>
</tr>
</tbody></table>
-<p>* 이 문제를 해결하기 위한 패치는 공개되지 않습니다. 업데이트는
+<p>* 이 문제를 해결하기 위한 패치는 공개되어 있지 않습니다. 업데이트는
<a href="https://developers.google.com/android/nexus/drivers">Google 개발자 사이트</a>에서 제공되는 Nexus 기기용 최신 바이너리 드라이버에
포함되어 있습니다.</p>
@@ -1906,7 +1905,7 @@ QC-CR#1101792</a></td>
<td>Google 사내용</td>
</tr>
</tbody></table>
-<p>* 이 문제를 해결하기 위한 패치는 공개되지 않습니다. 업데이트는
+<p>* 이 문제를 해결하기 위한 패치는 공개되어 있지 않습니다. 업데이트는
<a href="https://developers.google.com/android/nexus/drivers">Google 개발자 사이트</a>에서 제공되는 Nexus 기기용 최신 바이너리 드라이버에
포함되어 있습니다.</p>
@@ -1939,7 +1938,7 @@ QC-CR#1101792</a></td>
<td>2016년 12월 4일</td>
</tr>
</tbody></table>
-<p>* 이 문제를 해결하기 위한 패치는 공개되지 않습니다. 업데이트는
+<p>* 이 문제를 해결하기 위한 패치는 공개되어 있지 않습니다. 업데이트는
<a href="https://developers.google.com/android/nexus/drivers">Google 개발자 사이트</a>에서 제공되는 Nexus 기기용 최신 바이너리 드라이버에
포함되어 있습니다.</p>
@@ -2046,7 +2045,7 @@ QC-CR#1094140</a></td>
<td>2016년 4월 27일</td>
</tr>
</tbody></table>
-<p>* 이 문제를 해결하기 위한 패치는 공개되지 않습니다. 업데이트는
+<p>* 이 문제를 해결하기 위한 패치는 공개되어 있지 않습니다. 업데이트는
<a href="https://developers.google.com/android/nexus/drivers">Google 개발자 사이트</a>에서 제공되는 Nexus 기기용 최신 바이너리 드라이버에
포함되어 있습니다.</p>
@@ -2153,7 +2152,7 @@ QC-CR#1035099</a></td>
<td>Google 사내용</td>
</tr>
</tbody></table>
-<p>* 이 문제를 해결하기 위한 패치는 공개되지 않습니다. 업데이트는
+<p>* 이 문제를 해결하기 위한 패치는 공개되어 있지 않습니다. 업데이트는
<a href="https://developers.google.com/android/nexus/drivers">Google 개발자 사이트</a>에서 제공되는 Nexus 기기용 최신 바이너리 드라이버에
포함되어 있습니다.</p>
@@ -2225,8 +2224,8 @@ QC-CR#1088824</a></td>
정보 공개 취약성</h3>
<p>Qualcomm Wi-Fi 드라이버의 정보 공개 취약성으로 인해
로컬 악성 애플리케이션이 권한 수준을 벗어난 데이터에
-액세스할 수 있습니다. 이 문제는 먼저
-권한이 설정된 프로세스에 침투해야만 실행 가능하므로 심각도 보통으로 평가됩니다.</p>
+액세스할 수 있습니다. 이 문제는 먼저 권한이 설정된 프로세스에 침투해야만
+실행 가능하므로 심각도 보통으로 평가됩니다.</p>
<table>
<colgroup><col width="19%" />
@@ -2299,7 +2298,7 @@ QC-CR#1087469</a></td>
<td>2016년 10월 22일</td>
</tr>
</tbody></table>
-<p>* 이 문제를 해결하기 위한 패치는 공개되지 않습니다. 업데이트는
+<p>* 이 문제를 해결하기 위한 패치는 공개되어 있지 않습니다. 업데이트는
<a href="https://developers.google.com/android/nexus/drivers">Google 개발자 사이트</a>에서 제공되는 Nexus 기기용 최신 바이너리 드라이버에
포함되어 있습니다.</p>
@@ -2433,7 +2432,7 @@ QC-CR#1090007</a>
<td>2016년 12월 11일</td>
</tr>
</tbody></table>
-<p>* 이 문제를 해결하기 위한 패치는 공개되지 않습니다. 업데이트는
+<p>* 이 문제를 해결하기 위한 패치는 공개되어 있지 않습니다. 업데이트는
<a href="https://developers.google.com/android/nexus/drivers">Google 개발자 사이트</a>에서 제공되는 Nexus 기기용 최신 바이너리 드라이버에
포함되어 있습니다.</p>
@@ -2442,7 +2441,7 @@ QC-CR#1090007</a>
드라이버의 정보 공개 취약성</h3>
<p>Synaptics 터치스크린 드라이버의 정보 공개 취약성으로 인해
로컬 악성 애플리케이션이 권한 수준을 벗어난 데이터에
-액세스할 수 있습니다. 이 문제는 먼저 권한이 설정된 프로세스에 침투해야만
+액세스할 수 있습니다. 이 문제는 먼저 권한이 설정된 절차에 침투해야만
실행 가능하므로 심각도 보통으로 평가됩니다.</p>
<table>
@@ -2466,7 +2465,7 @@ QC-CR#1090007</a>
<td>2016년 12월 12일</td>
</tr>
</tbody></table>
-<p>* 이 문제를 해결하기 위한 패치는 공개되지 않습니다. 업데이트는
+<p>* 이 문제를 해결하기 위한 패치는 공개되어 있지 않습니다. 업데이트는
<a href="https://developers.google.com/android/nexus/drivers">Google 개발자 사이트</a>에서 제공되는 Nexus 기기용 최신 바이너리 드라이버에
포함되어 있습니다.</p>
@@ -2499,7 +2498,7 @@ QC-CR#1090007</a>
<td>Google 사내용</td>
</tr>
</tbody></table>
-<p>* 이 문제를 해결하기 위한 패치는 공개되지 않습니다. 업데이트는
+<p>* 이 문제를 해결하기 위한 패치는 공개되어 있지 않습니다. 업데이트는
<a href="https://developers.google.com/android/nexus/drivers">Google 개발자 사이트</a>에서 제공되는 Nexus 기기용 최신 바이너리 드라이버에
포함되어 있습니다.</p>
@@ -2533,12 +2532,12 @@ QC-CR#1090007</a>
<td>2016년 11월 10일</td>
</tr>
</tbody></table>
-<p>* 이 문제를 해결하기 위한 패치는 공개되지 않습니다. 업데이트는
+<p>* 이 문제를 해결하기 위한 패치는 공개되어 있지 않습니다. 업데이트는
<a href="https://developers.google.com/android/nexus/drivers">Google 개발자 사이트</a>에서 제공되는 Nexus 기기용 최신 바이너리 드라이버에
포함되어 있습니다.</p>
<h2 id="common-questions-and-answers">일반적인 질문 및 답변</h2>
-<p>이 섹션에서는 게시판을 읽은 뒤 제기될 수 있는 일반적인 질문에 대한 답변을 제시합니다.</p>
+<p>이 섹션에서는 게시판을 읽은 뒤 제기될 수 있는 일반적인 질문의 답변을 제시합니다.</p>
<p><strong>1. 내 기기가 업데이트되어 이 문제가 해결되었는지 어떻게 알 수 있나요?
</strong></p>
<p>기기의 보안 패치 수준을 확인하는 방법을 알아보려면
@@ -2559,7 +2558,8 @@ QC-CR#1090007</a>
</ul>
<p><strong>2 이 게시판에 두 가지 보안 패치 수준이 있는 이유가 무엇인가요?</strong></p>
<p>이 게시판에는 Android 파트너가 모든 Android 기기에서 유사하게 발생하는
-취약성 문제의 일부를 더욱 빠르고 유연하게 해결하도록 하기 위해 두 가지 보안 패치 수준이 포함되어 있습니다. Android 파트너는 이 게시판에 언급된 문제를 모두 수정하고
+취약성 문제의 일부를 더욱 빠르고 유연하게 해결하기 위한
+두 가지 보안 패치 수준이 포함되어 있습니다. Android 파트너는 이 게시판에 언급된 문제를 모두 수정하고
최신 보안 패치 수준을 사용하는 것이 좋습니다.</p>
<ul>
<li>2017년 3월 1일 보안 패치 수준을 사용하는 기기는 이 보안 패치 수준과
@@ -2584,15 +2584,16 @@ QC-CR#1090007</a>
기기</a>가 포함됩니다. Nexus 5X, Nexus 6, Nexus 6P, Nexus 9,
Android One, Nexus Player, Pixel C, Pixel, Pixel XL</li>
<li><strong>일부 Google 기기</strong>: 문제가 일부 Google 기기에 영향을 미치는 경우,
-영향을 받는 Google 기기가 <em>업데이트된 Google 기기</em> 열에 표시됩니다.</li>
+영향을 받는 Google 기기가 <em>업데이트된 Google 기기</em> 열에
+표시됩니다.</li>
<li><strong>Google 기기 해당 없음</strong>: 문제가 Android 7.0을 실행하는 Google 기기에
영향을 미치지 않는 경우, 표의 <em>업데이트된 Google 기기</em> 열에 '없음'이라고
표시됩니다. </li>
</ul>
<p><strong>4. 참조 열의 항목이 매핑하는 대상은 무엇인가요?</strong></p>
-<p>취약성 세부정보 표의 <em>참조</em> 열에 있는 항목은 참조 값이 속한
-조직을 나타내는 접두어를 포함할 수 있습니다. 이러한 접두어는
-다음과 같이 매핑됩니다.</p>
+<p>취약성 세부정보 표의 <em>참조</em> 열에 있는 항목은
+참조 값이 속한 조직을 나타내는 접두어를 포함할 수
+있습니다. 이 접두어는 다음과 같이 매핑됩니다.</p>
<table>
<tbody><tr>
<th>접두어</th>
diff --git a/ko/security/bulletin/2017-05-01.html b/ko/security/bulletin/2017-05-01.html
index fc25af2e..834ee2d6 100644
--- a/ko/security/bulletin/2017-05-01.html
+++ b/ko/security/bulletin/2017-05-01.html
@@ -42,10 +42,10 @@ Android 오픈소스 프로젝트(AOSP) 저장소에 배포되었으며 이 게
기준으로 내려집니다.</p>
<p>실제 고객이 새로 보고된 이러한 문제로 인해 악용당했다는 신고는
-접수되지 않았습니다. <a href="https://developer.android.com/training/safetynet/index.html">SafetyNet</a>과 같이
-Android 플랫폼의 보안을 개선하는 <a href="/security/enhancements/index.html">Android
-보안 플랫폼 보호</a> 및 서비스 보호 기능에 관해 자세히 알아보려면
-<a href="#mitigations">Android 및 Google 서비스 완화</a> 섹션을 참조하세요.</p>
+접수되지 않았습니다. <a href="https://developer.android.com/training/safetynet/index.html">SafetyNet</a>과 같이 Android 플랫폼의 보안을 개선하는
+<a href="/security/enhancements/index.html">Android 보안 플랫폼 보호</a> 및 서비스 보호 기능에 관해 자세히 알아보려면
+<a href="#mitigations">Android 및 Google 서비스
+완화</a> 섹션을 참조하세요.</p>
<p>모든 고객은 기기에서 이 업데이트를 수락하는 것이 좋습니다.</p>
<h2 id="announcements">공지사항</h2>
@@ -101,8 +101,8 @@ Play 내에서 기기 루팅 도구는 금지되어 있지만
Di Shen(<a href="https://twitter.com/returnsme">@returnsme</a>):
CVE-2016-10287</li>
<li>Trend Micro의 Ecular Xu(徐健): CVE-2017-0599, CVE-2017-0635</li>
-<li><a href="http://www.ms509.com">MS509Team</a>의 En He(<a href="https://twitter.com/heeeeen4x">@heeeeen4x</a>),
-Bo Liu: CVE-2017-0601</li>
+<li><a href="http://www.ms509.com">MS509Team</a>의
+En He(<a href="https://twitter.com/heeeeen4x">@heeeeen4x</a>), Bo Liu: CVE-2017-0601</li>
<li><a href="https://twrp.me/">Team Win Recovery Project</a>의 Ethan Yonker:
CVE-2017-0493</li>
<li>Qihoo 360 Technology Co. Ltd
@@ -112,8 +112,9 @@ CVE-2017-0624, CVE-2017-0616, CVE-2017-0617, CVE-2016-10294, CVE-2016-10295,
CVE-2016-10296</li>
<li>Tencent PC Manager의 godzheng(郑文选 <a href="https://twitter.com/virtualseekers">@VirtualSeekers</a>):
CVE-2017-0602</li>
-<li><a href="http://tuncay2.web.engr.illinois.edu">University of Illinois at Urbana-Champaign</a>의
-<a href="https://www.linkedin.com/in/g%C3%BCliz-seray-tuncay-952a1b9/">Güliz Seray Tuncay</a>: CVE-2017-0593</li>
+<li><a href="http://tuncay2.web.engr.illinois.edu">University of Illinois atUrbana-Champaign</a>의
+<a href="https://www.linkedin.com/in/g%C3%BCliz-seray-tuncay-952a1b9/">Güliz
+Seray Tuncay</a>: CVE-2017-0593</li>
<li>Qihoo 360 Technology Co. Ltd. Alpha Team의 Hao Chen, Guang Gong:
CVE-2016-10283</li>
<li>Xiaomi Inc의 Juhu Nie, Yang Cheng, Nan Li, Qiwu Huang: CVE-2016-10276</li>
@@ -128,8 +129,8 @@ Chao Yang, Yang song: CVE-2016-10281, CVE-2016-10280</li>
<li><a href="mailto:sbauer@plzdonthack.me">Scott Bauer</a>(<a href="https://twitter.com/ScottyBauer1">@ScottyBauer1</a>): CVE-2016-10274</li>
<li><a href="http://c0reteam.org">C0RE Team</a>의 <a href="mailto:segfault5514@gmail.com">Tong Lin</a>, <a href="mailto:computernik@gmail.com">Yuan-Tsung Lo</a>, Xuxian Jiang: CVE-2016-10291</li>
<li>Vasily Vasiliev: CVE-2017-0589</li>
-<li><a href="http://www.trendmicro.com">Trend Micro</a> <a href="http://blog.trendmicro.com/trendlabs-security-intelligence/category/mobile">Mobile
-Threat Response Team</a>의 V.E.O(<a href="https://twitter.com/vysea">@VYSEa</a>):
+<li><a href="http://www.trendmicro.com">Trend Micro</a> <a href="http://blog.trendmicro.com/trendlabs-security-intelligence/category/mobile">Mobile Threat Response Team</a>의
+V.E.O(<a href="https://twitter.com/vysea">@VYSEa</a>):
CVE-2017-0590, CVE-2017-0587, CVE-2017-0600</li>
<li>Tencent Security Platform Department의 Xiling Gong: CVE-2017-0597</li>
<li>360 Marvel Team의 Xingyuan Lin: CVE-2017-0627</li>
@@ -169,7 +170,7 @@ AOSP 버전(해당하는 경우), 신고된 날짜가 포함된 표가 제시됩
<col width="18%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>공통 취약성 및 노출</th>
+ <th>CVE</th>
<th>참조</th>
<th>심각도</th>
<th>업데이트된 Google 기기</th>
@@ -180,7 +181,7 @@ AOSP 버전(해당하는 경우), 신고된 날짜가 포함된 표가 제시됩
<td>CVE-2017-0587</td>
<td><a href="https://android.googlesource.com/platform/external/libmpeg2/+/a86eb798d077b9b25c8f8c77e3c02c2f287c1ce7">A-35219737</a></td>
<td>심각</td>
- <td>전체</td>
+ <td>모두</td>
<td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
<td>2017년 1월 4일</td>
</tr>
@@ -204,7 +205,7 @@ AOSP 버전(해당하는 경우), 신고된 날짜가 포함된 표가 제시됩
<td>CVE-2017-0590</td>
<td><a href="https://android.googlesource.com/platform/external/libhevc/+/45c97f878bee15cd97262fe7f57ecea71990fed7">A-35039946</a></td>
<td>심각</td>
- <td>전체</td>
+ <td>모두</td>
<td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
<td>2017년 2월 6일</td>
</tr>
@@ -326,7 +327,7 @@ AOSP 버전(해당하는 경우), 신고된 날짜가 포함된 표가 제시됩
<col width="18%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>공통 취약성 및 노출</th>
+ <th>CVE</th>
<th>참조</th>
<th>심각도</th>
<th>업데이트된 Google 기기</th>
@@ -649,7 +650,7 @@ AOSP 버전(해당하는 경우), 신고된 날짜가 포함된 표가 제시됩
<td>CVE-2015-7555</td>
<td><a href="https://android.googlesource.com/platform/external/giflib/+/dc07290edccc2c3fc4062da835306f809cea1fdc">A-34697653</a></td>
<td>심각</td>
- <td>전체</td>
+ <td>모두</td>
<td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
<td>2016년 4월 13일</td>
</tr>
@@ -1124,7 +1125,7 @@ QC-CR#1090237</a></td>
권한 승격 취약성</h3>
<p>커널 성능 하위 시스템의 권한 승격 취약성으로 인해 로컬 악성 애플리케이션이
-커널 컨텍스트 내에서 임의의 코드를 실행할 수 있습니다. 이 문제는 먼저 권한이 설정된 절차에 침투해야만 실행
+커널 컨텍스트 내에서 임의의 코드를 실행할 수 있습니다. 이 문제는 먼저 권한이 설정된 프로세스에 침투해야만 실행
가능하므로 심각도 높음으로 평가됩니다.</p>
<table>
@@ -1157,7 +1158,7 @@ One, Nexus Player</td>
<p>Qualcomm 사운드 드라이버의 권한 승격 취약성으로 인해
로컬 악성 애플리케이션이 커널 컨텍스트 내에서 임의의 코드를
-실행할 수 있습니다. 이 문제는 먼저 권한이 설정된 절차에 침투해야만 실행
+실행할 수 있습니다. 이 문제는 먼저 권한이 설정된 프로세스에 침투해야만 실행
가능하므로 심각도 높음으로 평가됩니다.</p>
<table>
@@ -2390,8 +2391,8 @@ QC-CR#1093232</a></td>
<p>Qualcomm 사운드 드라이버의 정보 공개 취약성으로 인해
로컬 악성 애플리케이션이 권한 수준을 벗어난 데이터에
-액세스할 수 있습니다. 이 문제는 먼저 권한이 설정된 절차에 침투해야만
-실행 가능하므로 심각도 보통으로 평가됩니다.</p>
+액세스할 수 있습니다. 이 문제는 먼저
+권한이 설정된 프로세스에 침투해야만 실행 가능하므로 심각도 보통으로 평가됩니다.</p>
<table>
<colgroup><col width="19%" />
@@ -2822,8 +2823,8 @@ Qualcomm AMSS 보안 게시판을 통해 배포되었습니다. 각 취약성의
'모두'라고 표시됩니다. '모두'에는 다음과 같은 <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">지원되는 기기</a>가 포함됩니다. Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Android One,
Nexus Player, Pixel C, Pixel, Pixel XL</li>
<li><strong>일부 Google 기기</strong>: 문제가 모든 Google 기기에 영향을 미치는 것이
-아닌 경우, 영향을 받는 Google 기기가 <em>업데이트된 Google 기기</em> 열에
-표시됩니다.</li>
+아닌 경우, 영향을 받는 Google 기기가 <em>업데이트된 Google 기기 열에
+표시됩니다.</em></li>
<li><strong>Google 기기 해당 없음</strong>: 문제가 Android 7.0을 실행하는 Google 기기에
영향을 미치지 않는 경우, 표의 <em>업데이트된 Google 기기</em> 열에 '없음'이라고
표시됩니다. </li>
diff --git a/ko/security/bulletin/2017-11-01.html b/ko/security/bulletin/2017-11-01.html
index 0826c8fa..3ca693de 100644
--- a/ko/security/bulletin/2017-11-01.html
+++ b/ko/security/bulletin/2017-11-01.html
@@ -71,8 +71,8 @@ AOSP 외부의 패치 링크도 포함되어 있습니다.
</ul>
<h2 id="mitigations">Android 및 Google 서비스 완화</h2>
<p>
-다음은 <a href="/security/enhancements/index.html">Android 보안 플랫폼</a>
-및 <a href="//www.android.com/play-protect">Google Play 프로텍트</a>와 같은 서비스 보호 기능에서 제공하는 완화에 관한 요약입니다. 이러한
+다음은 <a href="/security/enhancements/index.html">Android 보안 플랫폼</a> 및 <a href="//www.android.com/play-protect">Google Play 프로텍트</a>와 같은
+서비스 보호 기능에서 제공하는 완화에 관한 요약입니다. 이러한
기능을 통해 Android에서 보안 취약성이 악용될 가능성을
줄입니다.
</p>
@@ -91,8 +91,8 @@ AOSP 외부의 패치 링크도 포함되어 있습니다.
<p>
다음 섹션에서는 2017-11-01 패치 수준에 적용되는
각 보안 취약성에 관해 자세히 알아볼 수 있습니다. 취약성은 영향을 받는
-구성요소 아래에 분류되어 있습니다. 여기에는 문제 설명 및
-CVE, 관련 참조, <a href="#type">취약성 유형</a>, <a href="/security/overview/updates-resources.html#severity">심각도</a>, 업데이트된 AOSP 버전(해당하는 경우)이
+구성요소 아래에 분류되어 있습니다. 여기에는 문제 설명 및 CVE,
+관련 참조, <a href="#type">취약성 유형</a>, <a href="/security/overview/updates-resources.html#severity">심각도</a>, 업데이트된 AOSP 버전(해당하는 경우)이
포함된 표가 제시됩니다. 가능한 경우 AOSP 변경사항 목록과 같이
문제를 해결한 공개 변경사항을 버그 ID에 연결합니다. 하나의
버그와 관련된 변경사항이 여러 개인 경우 추가 참조가 버그 ID 다음에 오는
@@ -566,7 +566,7 @@ Android 버전 확인 및 업데이트</a>를 참조하세요.
<li>2017-11-01 보안 패치 수준을 사용하는 기기는 이 보안 패치 수준과
관련된 모든 문제와 이전 보안 게시판에 보고된 모든 문제의 수정사항을
포함해야 합니다.</li>
- <li>2017-11-05 보안 패치 수준을 사용하는 기기는 2017-11-01 보안 패치 수준과
+ <li>2017-11-05 보안 패치 수준을 사용하는 기기는 이 보안 패치 수준 및 2017-11-01 보안 패치 수준과
관련된 모든 문제와 이전 보안 게시판에 보고된 모든 문제의 수정사항을
포함해야 합니다.</li>
<li>2017-11-06 이후의 보안 패치 수준을 사용하는 기기는 이 보안 게시판과
@@ -608,7 +608,7 @@ Android 버전 확인 및 업데이트</a>를 참조하세요.
<td>서비스 거부</td>
</tr>
<tr>
- <td>해당 없음</td>
+ <td>N/A</td>
<td>분류 없음</td>
</tr>
</tbody></table>
@@ -667,8 +667,7 @@ Android 버전 확인 및 업데이트</a>를 참조하세요.
Android 기기의 최신 보안 패치 수준을 선언하는 데 필요합니다.
기기/파트너 보안 게시판에 설명된 것과 같은 추가 보안 취약성은 보안 패치 수준을 선언하는 데
필요하지 않습니다.
-Android 기기 및 칩셋 제조업체는
-<a href="//security.samsungmobile.com/securityUpdate.smsb">삼성</a>, <a href="//lgsecurity.lge.com/security_updates.html">LGE</a>, 또는 <a href="/security/bulletin/pixel/">Pixel&amp;hairsp;/&amp;hairsp;Nexus</a>
+Android 기기 및 칩셋 제조업체는 <a href="//security.samsungmobile.com/securityUpdate.smsb">삼성</a>, <a href="//lgsecurity.lge.com/security_updates.html">LGE</a>, 또는 <a href="/security/bulletin/pixel/">Pixel&amp;hairsp;/&amp;hairsp;Nexus</a>
보안 게시판과 같은 자체 보안 웹사이트를 통해 기기의 다른 수정사항이
있는지를 설명하는 것이 좋습니다.
</p>
diff --git a/ko/security/bulletin/2018-01-01.html b/ko/security/bulletin/2018-01-01.html
index 46c9906a..8aa3a0ad 100644
--- a/ko/security/bulletin/2018-01-01.html
+++ b/ko/security/bulletin/2018-01-01.html
@@ -19,7 +19,7 @@
See the License for the specific language governing permissions and
limitations under the License.
-->
-<p><em>2018년 1월 2일에 게시됨</em></p>
+<p><em>2018년 1월 2일 게시됨 | 2018년 1월 29일 업데이트됨</em></p>
<p>
Android 보안 게시판에서는 Android 기기에 영향을 미치는 보안 취약성
@@ -29,12 +29,10 @@ Android 보안 게시판에서는 Android 기기에 영향을 미치는 보안
확인하세요.
</p>
<p>
-Android 파트너에게는 게시되기 최소 한 달 전에 모든 문제 관련 알림이
-전달되었습니다.
-이러한 문제의 해결을 위한 소스 코드 패치는 향후 48시간 동안
-Android 오픈소스 프로젝트(AOSP) 저장소에 배포됩니다. 패치를 사용할 수 있게 되면 AOSP
-링크와 함께 이 게시판을 수정하겠습니다.
-</p>
+Android 파트너에게는 게시되기 최소 한 달 전에 모든 문제 관련 알림이 전달되었습니다.
+이러한 문제를 해결하기 위한 소스 코드 패치는 Android 오픈소스
+프로젝트(AOSP) 저장소에 배포되었으며 이 게시판에도 링크되어 있습니다. 이 게시판에는
+AOSP 외부에 있는 패치로 연결되는 링크도 포함되어 있습니다.</p>
<p>
이러한 문제 중 가장 심각한 것은 미디어 프레임워크의 심각한 보안 취약성으로,
특별히 제작된 파일을 사용하는 원격 공격자가 권한이 설정된 프로세스의 컨텍스트
@@ -47,8 +45,8 @@ Android 오픈소스 프로젝트(AOSP) 저장소에 배포됩니다. 패치를
실제 고객이 새로 보고된 이러한 문제로 인해 악용당했다는 신고는
접수되지 않았습니다. Android 플랫폼의 보안을 개선하는
<a href="/security/enhancements/index.html">Android 보안 플랫폼 보호</a> 및 Google Play 프로텍트에 관해
-자세히 알아보려면 <a href="#mitigations">Android 및 Google Play 프로텍트 완화
-</a> 섹션을 참조하세요.
+자세히 알아보려면 <a href="#mitigations">Android 및 Google Play 프로텍트 완화</a>
+섹션을 참조하세요.
</p>
<p>
<strong>참고:</strong> Google 기기의 최신 무선 업데이트(OTA) 및 펌웨어 이미지 관련 정보는
@@ -56,6 +54,24 @@ Android 오픈소스 프로젝트(AOSP) 저장소에 배포됩니다. 패치를
보안 게시판을 참조하세요.
</p>
<h2 id="announcements">공지사항</h2>
+<aside class="note">
+<p><strong>참고:</strong> 프로세서의 추론적 실행과 관련된 일련의
+취약성 CVE-2017-5715, CVE-2017-5753, CVE-2017-5754가
+공개되었습니다 Android는 ARM 기반 Android 기기에서
+무단 정보 공개를 허용하는 이러한 취약성의 성공적인
+복제를 인식하지 못합니다.
+</p>
+<p>
+보호를 강화하기 위해 이 게시판에 포함된 CVE-2017-13218의
+업데이트는 고정밀 타이머로의 액세스를 줄이며,
+이를 통해 ARM 프로세서의 모든 알려진 변형의 사이드 채널 공격(예:
+CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)을 제한할 수 있습니다.
+</p>
+<p>Android 사용자는 기기에서 사용 가능한 보안 업데이트를 수락하는
+것이 좋습니다. 자세한 내용은
+<a href="https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html">Google
+보안 블로그</a>를 참조하세요.</p>
+</aside>
<p>
Google에서는 새로운
<a href="/security/bulletin/pixel/">Pixel&amp;hairsp;/&amp;hairsp;Nexus 보안
@@ -74,9 +90,9 @@ Google에서는 새로운
<li>Android 플랫폼 최신 버전의 향상된 기능으로 Android의 여러 문제를
악용하기가 더욱 어려워졌습니다. 가능하다면 모든 사용자는 최신 버전의 Android로
업데이트하는 것이 좋습니다.
-</li><li>Android 보안팀에서는 <a href="https://www.android.com/play-protect">Google Play 프로텍트</a>
-를 통해 악용사례를 적극적으로 모니터링하고 <a href="/security/reports/Google_Android_Security_PHA_classifications.pdf">잠재적으로 유해한 애플리케이션
-</a>에 관해 사용자에게 경고를 보냅니다. Google Play 프로텍트는
+</li><li>Android 보안팀에서는 <a href="https://www.android.com/play-protect">Google Play 프로텍트</a>를 통해
+악용사례를 적극적으로 모니터링하고 <a href="/security/reports/Google_Android_Security_PHA_classifications.pdf">유해할 수 있는
+애플리케이션</a>에 관해 사용자에게 경고를 보냅니다. Google Play 프로텍트는
<a href="http://www.android.com/gms">Google 모바일 서비스</a>가 적용된 기기에 기본적으로 사용 설정되어 있으며
Google Play 외부에서 가져온 앱을 설치하는 사용자에게 특히 중요합니다.</li></ul>
<h2 id="2018-01-01-security-patch-level—vulnerability-details">2018-01-01
@@ -85,10 +101,10 @@ Google Play 외부에서 가져온 앱을 설치하는 사용자에게 특히
다음 섹션에서는 2018-01-01 패치 수준에 적용되는 각 보안 취약성에 관해
자세히 알아볼 수 있습니다. 취약성은 영향을 받는
구성요소 아래에 분류되어 있습니다. 여기에는 문제 설명 및
-CVE, 관련 참조, <a href="#type">취약성 유형</a>, <a href="/security/overview/updates-resources.html#severity">심각도</a>, 업데이트된
-AOSP 버전(해당하는 경우)이
-포함된 표가
-제시됩니다. 가능한 경우 AOSP 변경사항 목록과 같이
+CVE, 관련 참조, <a href="#type">취약성
+유형</a>,
+<a href="/security/overview/updates-resources.html#severity">심각도</a>,
+업데이트된 AOSP 버전(해당하는 경우)이 포함된 표가 제시됩니다. 가능한 경우 AOSP 변경사항 목록과 같이
문제를 해결한 공개 변경사항을 버그 ID에 연결합니다. 하나의
버그와 관련된 변경사항이 여러 개인 경우 추가 참조가 버그 ID 다음에 오는
번호에 연결됩니다.
@@ -112,7 +128,8 @@ AOSP 버전(해당하는 경우)이
</tr>
<tr>
<td>CVE-2017-13176</td>
- <td>A-68341964</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/base/+/4afa0352d6c1046f9e9b67fbf0011bcd751fcbb5">
+ A-68341964</a></td>
<td>EoP</td>
<td>높음</td>
<td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
@@ -120,8 +137,8 @@ AOSP 버전(해당하는 경우)이
</tbody></table>
<h3 id="media-framework">미디어 프레임워크</h3>
-<p>이 섹션의 가장 심각한 취약성으로 인해 특별히 제작된 파일을 사용하는 원격 공격자가
-권한이 설정된 프로세스의 컨텍스트 내에서 임의의 코드를
+<p>이 섹션의 가장 심각한 취약성으로 인해 특별히 제작된 파일을 사용하는
+원격 공격자가 권한이 설정된 프로세스의 컨텍스트 내에서 임의의 코드를
실행할 수 있습니다.</p>
<table>
@@ -138,109 +155,124 @@ AOSP 버전(해당하는 경우)이
<th>업데이트된 AOSP 버전</th>
</tr>
<tr>
- <td>CVE-2017-13177</td>
- <td>A-68320413</td>
- <td>RCE</td>
- <td>심각</td>
- <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ <td>CVE-2017-13177</td>
+ <td><a href="https://android.googlesource.com/platform/external/libhevc/+/b686bb2df155fd1f55220d56f38cc0033afe278c">
+ A-68320413</a></td>
+ <td>RCE</td>
+ <td>심각</td>
+ <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
</tr>
<tr>
- <td>CVE-2017-13178</td>
- <td>A-66969281</td>
- <td>RCE</td>
- <td>심각</td>
- <td>6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ <td>CVE-2017-13178</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/av/+/646a18fef28d19ba5beb6a2e1c00ac4c2663a10b">
+ A-66969281</a></td>
+ <td>RCE</td>
+ <td>심각</td>
+ <td>6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
</tr>
<tr>
- <td>CVE-2017-13179</td>
- <td>A-66969193</td>
- <td>RCE</td>
- <td>심각</td>
- <td>6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ <td>CVE-2017-13179</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/av/+/47d4b33b504e14e98420943f771a9aecd6d09516">
+ A-66969193</a></td>
+ <td>RCE</td>
+ <td>심각</td>
+ <td>6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
</tr>
<tr>
- <td>CVE-2017-13180</td>
- <td>A-66969349</td>
- <td>EoP</td>
- <td>높음</td>
- <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ <td>CVE-2017-13180</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/av/+/cf1e36f93fc8776e3a8109149424babeee7f8382">
+ A-66969349</a></td>
+ <td>EoP</td>
+ <td>높음</td>
+ <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
</tr>
<tr>
- <td>CVE-2017-13181</td>
- <td>A-67864232</td>
- <td>EoP</td>
- <td>높음</td>
- <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ <td>CVE-2017-13181</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/base/+/d64e9594d3d73c613010ca9fafc7af9782e9225d">
+ A-67864232</a></td>
+ <td>EoP</td>
+ <td>높음</td>
+ <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
</tr>
<tr>
- <td>CVE-2017-13182</td>
- <td>A-67737022</td>
- <td>EoP</td>
- <td>높음</td>
- <td>8.0, 8.1</td>
+ <td>CVE-2017-13182</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/av/+/f1652e1b9f1d2840c79b6bf784d1befe40f4799e">
+ A-67737022</a></td>
+ <td>EoP</td>
+ <td>높음</td>
+ <td>8.0, 8.1</td>
</tr>
<tr>
- <td>CVE-2017-13184</td>
- <td>A-65483324</td>
- <td>EoP</td>
- <td>높음</td>
- <td>8.0, 8.1</td>
+ <td>CVE-2017-13184</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/native/+/16392a119661fd1da750d4d4e8e03442578bc543">
+ A-65483324</a></td>
+ <td>EoP</td>
+ <td>높음</td>
+ <td>8.0, 8.1</td>
</tr>
<tr>
- <td>CVE-2017-0855</td>
- <td>A-64452857</td>
- <td>DoS</td>
- <td>높음</td>
- <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0</td>
+ <td>CVE-2017-0855</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/av/+/d7d6df849cec9d0a9c1fd0d9957a1b8edef361b7">
+ A-64452857</a></td>
+ <td>DoS</td>
+ <td>높음</td>
+ <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0</td>
</tr>
<tr>
- <td>CVE-2017-13191</td>
- <td>A-64380403</td>
- <td>DoS</td>
- <td>높음</td>
- <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ <td>CVE-2017-13191</td>
+ <td><a href="https://android.googlesource.com/platform/external/libhevc/+/f5b2fa243b4c45a4cd885e85f49ae548ab88c264">
+ A-64380403</a></td>
+ <td>DoS</td>
+ <td>높음</td>
+ <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
</tr>
<tr>
- <td>CVE-2017-13192</td>
- <td>A-64380202</td>
- <td>DoS</td>
- <td>높음</td>
- <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ <td>CVE-2017-13192</td>
+ <td><a href="https://android.googlesource.com/platform/external/libhevc/+/52ca619511acbd542d843df1f92f858ce13048a5">
+ A-64380202</a></td>
+ <td>DoS</td>
+ <td>높음</td>
+ <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
</tr>
<tr>
- <td>CVE-2017-13193</td>
- <td>A-65718319</td>
- <td>DoS</td>
- <td>높음</td>
- <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ <td>CVE-2017-13193</td>
+ <td><a href="https://android.googlesource.com/platform/external/libhevc/+/b3f31e493ef6fa886989198da9787807635eaae2">
+ A-65718319</a></td>
+ <td>DoS</td>
+ <td>높음</td>
+ <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
</tr>
<tr>
- <td>CVE-2017-13195</td>
- <td>A-65398821</td>
- <td>DoS</td>
- <td>높음</td>
- <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ <td>CVE-2017-13195</td>
+ <td><a href="https://android.googlesource.com/platform/external/libhevc/+/066e3b1f9c954d95045bc9d33d2cdc9df419784f">
+ A-65398821</a></td>
+ <td>DoS</td>
+ <td>높음</td>
+ <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
</tr>
<tr>
- <td>CVE-2017-13196</td>
- <td>A-63522067</td>
- <td>DoS</td>
- <td>높음</td>
- <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ <td>CVE-2017-13196</td>
+ <td><a href="https://android.googlesource.com/platform/external/libhevc/+/f5b2fa243b4c45a4cd885e85f49ae548ab88c264">
+ A-63522067</a></td>
+ <td>DoS</td>
+ <td>높음</td>
+ <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
</tr>
<tr>
- <td>CVE-2017-13197</td>
- <td>A-64784973</td>
- <td>DoS</td>
- <td>높음</td>
- <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ <td>CVE-2017-13197</td>
+ <td><a href="https://android.googlesource.com/platform/external/libhevc/+/0a714d3a14d256c6a5675d6fbd975ca26e9bc471">
+ A-64784973</a></td>
+ <td>DoS</td>
+ <td>높음</td>
+ <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
</tr>
<tr>
- <td>CVE-2017-13199</td>
- <td>A-33846679</td>
- <td>DoS</td>
- <td>높음</td>
- <td>8.0, 8.1</td>
+ <td>CVE-2017-13199</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/base/+/42b2e419b48a26d2ba599d87e3a2a02c4aa625f4">
+ A-33846679</a></td>
+ <td>DoS</td>
+ <td>높음</td>
+ <td>8.0, 8.1</td>
</tr>
</tbody></table>
@@ -263,32 +295,38 @@ AOSP 버전(해당하는 경우)이
<th>업데이트된 AOSP 버전</th>
</tr>
<tr>
- <td>CVE-2017-13208</td>
- <td>A-67474440</td>
- <td>RCE</td>
- <td>심각</td>
- <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ <td>CVE-2017-13208</td>
+ <td><a href="https://android.googlesource.com/platform/system/core/+/b71335264a7c3629f80b7bf1f87375c75c42d868">
+ A-67474440</a></td>
+ <td>RCE</td>
+ <td>심각</td>
+ <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
</tr>
<tr>
- <td>CVE-2017-13209</td>
- <td>A-68217907</td>
- <td>EoP</td>
- <td>높음</td>
- <td>8.0, 8.1</td>
+ <td>CVE-2017-13209</td>
+ <td><a href="https://android.googlesource.com/platform/system/libhidl/+/a4d0252ab5b6f6cc52a221538e1536c5b55c1fa7">
+ A-68217907</a>
+[<a href="https://android.googlesource.com/platform/system/tools/hidl/+/8539fc8ac94d5c92ef9df33675844ab294f68d61">2</a>]
+[<a href="https://android.googlesource.com/platform/system/hwservicemanager/+/e1b4a889e8b84f5c13b76333d4de90dbe102a0de">3</a>]</td>
+ <td>EoP</td>
+ <td>높음</td>
+ <td>8.0, 8.1</td>
</tr>
<tr>
- <td>CVE-2017-13210</td>
- <td>A-67782345</td>
- <td>EoP</td>
- <td>높음</td>
- <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ <td>CVE-2017-13210</td>
+ <td><a href="https://android.googlesource.com/platform/system/media/+/e770e378dc8e2320679272234285456ca2244a62">
+ A-67782345</a></td>
+ <td>EoP</td>
+ <td>높음</td>
+ <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
</tr>
<tr>
- <td>CVE-2017-13211</td>
- <td>A-65174158</td>
- <td>DoS</td>
- <td>높음</td>
- <td>8.0</td>
+ <td>CVE-2017-13211</td>
+ <td><a href="https://android.googlesource.com/platform/system/bt/+/181144a50114c824cfe3cdfd695c11a074673a5e">
+ A-65174158</a></td>
+ <td>DoS</td>
+ <td>높음</td>
+ <td>8.0</td>
</tr>
</tbody></table>
@@ -333,7 +371,7 @@ AOSP 변경사항 목록과 같이 문제를 해결한 공개 변경사항을
<h3 id="kernel-components">커널 구성요소</h3>
<p>이 섹션의 가장 심각한 취약성으로 인해 로컬 악성 애플리케이션이
-권한이 설정된 프로세스 내에서 임의의 코드를 실행할 수
+권한이 설정된 프로세스의 컨텍스트 내에서 임의의 코드를 실행할 수
있습니다.</p>
<table>
@@ -379,7 +417,7 @@ AOSP 변경사항 목록과 같이 문제를 해결한 공개 변경사항을
<td>A-68266545<a href="#asterisk">*</a></td>
<td>ID</td>
<td>높음</td>
- <td>Timers</td>
+ <td>고정밀 타이머</td>
</tr>
</tbody></table>
@@ -437,37 +475,9 @@ AOSP 변경사항 목록과 같이 문제를 해결한 공개 변경사항을
</tr>
</tbody></table>
-<h3 id="mediatek-components">MediaTek 구성요소</h3>
-<p>이 섹션의 가장 심각한 취약성으로 인해 로컬 악성 애플리케이션이
-권한이 설정된 프로세스 내에서 임의의 코드를 실행할 수
-있습니다.</p>
-
-<table>
- <colgroup><col width="17%" />
- <col width="19%" />
- <col width="9%" />
- <col width="14%" />
- <col width="39%" />
- </colgroup><tbody><tr>
- <th>CVE</th>
- <th>참조</th>
- <th>유형</th>
- <th>심각도</th>
- <th>구성요소</th>
- </tr>
- <tr>
- <td>CVE-2017-13225</td>
- <td>A-38308024<a href="#asterisk">*</a><br />
- M-ALPS03495789</td>
- <td>EoP</td>
- <td>높음</td>
- <td>MTK 미디어</td>
- </tr>
-</tbody></table>
-
<h3 id="nvidia-components">NVIDIA 구성요소</h3>
<p>이 섹션의 가장 심각한 취약성으로 인해 로컬 악성 애플리케이션이
-권한이 설정된 프로세스 내에서 임의의 코드를 실행할 수
+권한이 설정된 프로세스의 컨텍스트 내에서 임의의 코드를 실행할 수
있습니다.</p>
<table>
@@ -534,8 +544,9 @@ QC-CR#2060780</a></td>
<h3 id="qualcomm-closed-source-components">Qualcomm 비공개 소스
구성요소</h3>
<p>다음 취약성은 Qualcomm 구성요소에 영향을 주며 Qualcomm AMSS
-보안 게시판 또는 보안 알람에 자세히 설명되어
-있습니다. 이러한 문제의 심각도 평가는 Qualcomm에서 직접 제공합니다.</p>
+보안 게시판 또는 보안 알림에 자세히 설명되어
+있습니다. 이러한 문제의 심각도 평가는 Qualcomm에서 직접
+제공합니다.</p>
<table>
<colgroup><col width="17%" />
@@ -603,7 +614,8 @@ QC-CR#2060780</a></td>
<h2 id="common-questions-and-answers">일반적인 질문 및 답변</h2>
<p>
-이 섹션에서는 게시판을 읽은 뒤 제기될 수 있는 일반적인 질문에 대한 답변을 제시합니다.
+이 섹션에서는 게시판을 읽은 뒤 제기될 수 있는 일반적인 질문의 답변을
+제시합니다.
</p>
<p>
<strong>1. 내 기기가 업데이트되어 이 문제가 해결되었는지 어떻게 알 수 있나요?
@@ -632,7 +644,8 @@ Android 버전 확인 및 업데이트</a>를 참조하세요.
</p>
<p>
이 게시판에는 Android 파트너가 모든 Android 기기에서 유사하게 발생하는
-취약성 문제의 일부를 더욱 빠르고 유연하게 해결하도록 하기 위해 두 가지 보안 패치 수준이 포함되어 있습니다. Android 파트너는 이 게시판에 언급된 문제를 모두 수정하고
+취약성 문제의 일부를 더욱 빠르고 유연하게 해결하기 위한
+두 가지 보안 패치 수준이 포함되어 있습니다. Android 파트너는 이 게시판에 언급된 문제를 모두 수정하고
최신 보안 패치 수준을 사용하는 것이 좋습니다.
</p>
<ul>
@@ -678,7 +691,7 @@ Android 버전 확인 및 업데이트</a>를 참조하세요.
<td>서비스 거부</td>
</tr>
<tr>
- <td>해당 없음</td>
+ <td>N/A</td>
<td>분류 없음</td>
</tr>
</tbody></table>
@@ -687,7 +700,8 @@ Android 버전 확인 및 업데이트</a>를 참조하세요.
</p>
<p>
취약성 세부정보 표의 <em>참조</em> 열에 있는 항목은 참조 값이 속한
-조직을 나타내는 접두어를 포함할 수 있습니다.
+조직을 나타내는 접두어를 포함할 수
+있습니다.
</p>
<table>
<colgroup><col width="25%" />
@@ -738,25 +752,40 @@ Android 기기의 최신 보안 패치 수준을 선언하는 데 필요합니
기기/파트너 보안 게시판에 설명된 것과 같은 추가 보안 취약성은 보안 패치 수준을 선언하는 데
필요하지 않습니다.
Android 기기 및 칩셋 제조업체는
-<a href="https://security.samsungmobile.com/securityUpdate.smsb">삼성</a>, <a href="https://lgsecurity.lge.com/security_updates.html">LGE</a>, 또는 <a href="/security/bulletin/pixel/">Pixel&amp;hairsp;/&amp;hairsp;Nexus</a>
-보안 게시판과 같은 각 업체의 보안 웹사이트를 통해 기기의 다른 수정사항이
+<a href="https://security.samsungmobile.com/securityUpdate.smsb">삼성</a>, <a href="https://lgsecurity.lge.com/security_updates.html">LGE</a> 또는 <a href="/security/bulletin/pixel/">Pixel&amp;hairsp;/&amp;hairsp;Nexus</a>
+보안 게시판과 같은 자체 보안 웹사이트를 통해 기기의 다른 수정사항이
있는지를 설명하는 것이 좋습니다.
</p>
<h2 id="versions">버전</h2>
<table>
- <colgroup><col width="25%" />
+ <colgroup><col width="15%" />
<col width="25%" />
- <col width="50%" />
+ <col width="60%" />
</colgroup><tbody><tr>
<th>버전</th>
<th>날짜</th>
- <th>참고사항</th>
+ <th>참고</th>
</tr>
<tr>
<td>1.0</td>
<td>2018년 1월 2일</td>
<td>게시판이 게시됨</td>
</tr>
-</tbody></table>
+ <tr>
+ <td>1.1</td>
+ <td>2018년 1월 3일</td>
+ <td>게시판이 업데이트되어 CVE-2017-13218에 관한 공지사항이 포함됨</td>
+ </tr>
+ <tr>
+ <td>1.2</td>
+ <td>2018년 1월 5일</td>
+ <td>게시판이 수정되어 AOSP 링크 포함됨</td>
+ </tr>
+ <tr>
+ <td>1.3</td>
+ <td>2018년 1월 29일</td>
+ <td>CVE-2017-13225가 <a href="/security/bulletin/pixel/">Pixel / Nexus
+ 보안 게시판</a>으로 이동함</td>
+</tr></tbody></table>
</body></html> \ No newline at end of file
diff --git a/ko/security/bulletin/pixel/2017-10-01.html b/ko/security/bulletin/pixel/2017-10-01.html
index 823c28d2..11235348 100644
--- a/ko/security/bulletin/pixel/2017-10-01.html
+++ b/ko/security/bulletin/pixel/2017-10-01.html
@@ -21,7 +21,8 @@
-->
<p><em>2017년 10월 2일 게시됨 | 2017년 10월 3일 업데이트됨</em></p>
-<p>Pixel&amp;hairsp;/&amp;hairsp;Nexus 보안 게시판에서는
+<p>Pixel&amp;hairsp;/&amp;hairsp;Nexus
+보안 게시판에서는
<a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">지원되는 Google Pixel 및 Nexus 기기</a>(Google 기기)에 영향을 미치는
보안 취약성 세부정보를 다룹니다. Google 기기의 경우
@@ -544,7 +545,8 @@ QC-CR#2016076</a></td>
<p>이번 달에는 기능 패치는 포함되지 않았습니다.</p>
<h2 id="questions">일반적인 질문 및 답변</h2>
-<p>이 섹션에서는 게시판을 읽은 뒤 제기될 수 있는 일반적인 질문에 대한 답변을 제시합니다.</p>
+<p>이 섹션에서는 게시판을 읽은 뒤 제기될 수 있는 일반적인 질문의 답변을
+제시합니다.</p>
<p><strong>1. 내 기기가 업데이트되어 이 문제가 해결되었는지 어떻게 알 수 있나요?
</strong></p>
@@ -585,14 +587,15 @@ QC-CR#2016076</a></td>
<td>서비스 거부</td>
</tr>
<tr>
- <td>해당 없음</td>
+ <td>N/A</td>
<td>분류 없음</td>
</tr>
</tbody></table>
<p><strong>3. <em>참조</em> 열의 항목은 무엇을 의미하나요?</strong></p>
<p>취약성 세부정보 표의 <em>참조</em> 열에 있는 항목은 참조 값이 속한
-조직을 나타내는 접두어를 포함할 수 있습니다.</p>
+조직을 나타내는 접두어를 포함할 수
+있습니다.</p>
<table>
<colgroup><col width="25%" />
@@ -626,8 +629,10 @@ QC-CR#2016076</a></td>
<p id="asterisk"><strong>4. <em>참조</em> 열에서 Android 버그 ID 옆에 있는 * 표시는
무엇을 의미하나요?</strong></p>
-<p>공개되지 않은 문제는 <em>참조</em> 열의 Android 버그 ID 옆에 * 표시가 있습니다. 일반적으로 해당 문제의 업데이트는 <a href="https://developers.google.com/android/nexus/drivers">Google 개발자 사이트</a>에서
-제공하는 Nexus 기기용 최신 바이너리 드라이버에 포함되어 있습니다.</p>
+<p>공개되지 않은 문제는 <em>참조</em> 열의 Android 버그 ID 옆에 * 표시가
+있습니다. 일반적으로 이러한 문제에 관한 업데이트는 <a href="https://developers.google.com/android/nexus/drivers">Google 개발자 사이트</a>에서
+제공되는 Nexus 기기용 최신 바이너리 드라이버에 포함되어
+있습니다.</p>
<p id="split">
<strong>5 보안 취약성이 이 게시판과 Android 보안 게시판에
@@ -648,7 +653,7 @@ Android 기기의 최신 보안 패치 수준을 선언하는 데 필요합니
</colgroup><tbody><tr>
<th>버전</th>
<th>날짜</th>
- <th>메모</th>
+ <th>참고</th>
</tr>
<tr>
<td>1.0</td>
diff --git a/ko/security/bulletin/pixel/2018-03-01.html b/ko/security/bulletin/pixel/2018-03-01.html
new file mode 100644
index 00000000..ba333b85
--- /dev/null
+++ b/ko/security/bulletin/pixel/2018-03-01.html
@@ -0,0 +1,694 @@
+<html devsite><head>
+ <title>Pixel / Nexus 보안 게시판—2018년 3월</title>
+ <meta name="project_path" value="/_project.yaml"/>
+ <meta name="book_path" value="/_book.yaml"/>
+ </head>
+ <body>
+ <!--
+ Copyright 2018 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ //www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<p><em>2018년 3월 5일 게시됨</em></p>
+
+<p>
+Pixel&amp;hairsp;/&amp;hairsp;Nexus 보안 게시판에서는
+<a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">지원되는 Google Pixel 및 Nexus 기기</a>(Google 기기)에 영향을 미치는
+보안 취약성 및 기능 개선을
+자세히 다룹니다. Google 기기의 경우
+2018-03-05 보안 패치 수준 이상에서
+이 게시판에 언급된 모든 문제와 <a href="/security/bulletin/2018-03-01">2018년
+3월 Android 보안 게시판</a>의 모든 문제를 해결했습니다. 기기의 보안 패치 수준을
+확인하는 방법은 <a href="https://support.google.com/pixelphone/answer/4457705">Android
+버전 확인 및 업데이트</a>를 참조하세요.</p>
+<p>
+지원되는 모든 Google 기기는 2018-03-05 패치 수준으로
+업데이트됩니다. 모든 고객은 기기에서 이 업데이트를 수락하는 것이 좋습니다.
+</p>
+<p class="note">
+<strong>참고:</strong> Google 기기 펌웨어 이미지는
+<a href="https://developers.google.com/android/nexus/images">Google 개발자
+사이트</a>에 있습니다.
+</p>
+
+<h2 id="announcements">공지사항</h2>
+<p><a href="/security/bulletin/2018-03-01">2018년 3월 Android 보안 게시판</a>
+에 설명된 보안 취약성 외에도
+Google 기기에는 아래 설명된 보안 취약성과 관련된 패치도
+포함되어 있습니다. 파트너에게는 적어도 1개월 전에 이러한 문제와 관련해 알림이 전송되었으며
+이러한 패치를 기기 업데이트의 일부로 포함하도록 선택할 수 있습니다.</p>
+
+<h2 id="security-patches">보안 패치</h2>
+<p>
+취약성은 영향을 받는 구성요소 아래에 분류되어 있습니다. 여기에는
+문제 설명 및 CVE, 관련 참조,
+<a href="#type">취약성 유형</a>,
+<a href="https://source.android.com/security/overview/updates-resources.html#severity">심각도</a>,
+업데이트된 AOSP 버전(해당하는 경우)이 포함된 표가 제시됩니다. 가능한 경우
+AOSP 변경사항 목록과 같이 문제를 해결한 공개 변경사항을
+버그 ID에 연결합니다. 하나의 버그와 관련된 변경사항이 여러 개인 경우 추가
+참조가 버그 ID 다음에 오는 번호에 연결됩니다.
+</p>
+
+<h3 id="framework">프레임워크</h3>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>참조</th>
+ <th>유형</th>
+ <th>심각도</th>
+ <th>업데이트된 AOSP 버전</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-13263</td>
+ <td>A-69383160</td>
+ <td>EoP</td>
+ <td>보통</td>
+ <td>8.0, 8.1</td>
+ </tr>
+</tbody></table>
+
+<h3 id="media-framework">미디어 프레임워크</h3>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>참조</th>
+ <th>유형</th>
+ <th>심각도</th>
+ <th>업데이트된 AOSP 버전</th>
+ </tr>
+ <tr>
+ <td rowspan="2">CVE-2017-13264</td>
+ <td rowspan="2">A-70294343</td>
+ <td>NSI</td>
+ <td>NSI</td>
+ <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ </tr>
+ <tr>
+ <td>DoS</td>
+ <td>높음</td>
+ <td>6.0, 6.0.1</td>
+ </tr>
+ <tr>
+ <td rowspan="2">CVE-2017-13254</td>
+ <td rowspan="2">A-70239507</td>
+ <td>NSI</td>
+ <td>NSI</td>
+ <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ </tr>
+ <tr>
+ <td>DoS</td>
+ <td>높음</td>
+ <td>5.1.1, 6.0, 6.0.1</td>
+ </tr>
+</tbody></table>
+
+<h3 id="system">시스템</h3>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>참조</th>
+ <th>유형</th>
+ <th>심각도</th>
+ <th>업데이트된 AOSP 버전</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-13265</td>
+ <td>A-36232423</td>
+ <td>EoP</td>
+ <td>보통</td>
+ <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-13266</td>
+ <td>A-69478941</td>
+ <td>EoP</td>
+ <td>보통</td>
+ <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-13268</td>
+ <td>A-67058064</td>
+ <td>ID</td>
+ <td>보통</td>
+ <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-13269</td>
+ <td>A-68818034</td>
+ <td>ID</td>
+ <td>보통</td>
+ <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ </tr>
+</tbody></table>
+
+<h3 id="kernel-components">커널 구성요소</h3>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>참조</th>
+ <th>유형</th>
+ <th>심각도</th>
+ <th>구성요소</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-5754</td>
+ <td>A-69856074<a href="#asterisk">*</a></td>
+ <td>ID</td>
+ <td>높음</td>
+ <td>메모리 매핑</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-13270</td>
+ <td>A-69474744<a href="#asterisk">*</a></td>
+ <td>EoP</td>
+ <td>보통</td>
+ <td>Mnh_sm 드라이버</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-13271</td>
+ <td>A-69006799<a href="#asterisk">*</a></td>
+ <td>EoP</td>
+ <td>보통</td>
+ <td>Mnh_sm 드라이버</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-16527</td>
+ <td>A-69051382<br />
+<a href="https://github.com/torvalds/linux/commit/124751d5e63c823092060074bd0abaae61aaa9c4">
+업스트림 커널</a></td>
+ <td>EoP</td>
+ <td>보통</td>
+ <td>USB 사운드 드라이버</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-15649</td>
+ <td>A-69160446<br />
+<a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=008ba2a13f2d04c947adc536d19debb8fe66f110">
+업스트림 커널</a>
+[<a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4971613c1639d8e5f102c4e797c3bf8f83a5a69e">2</a>]</td>
+ <td>EoP</td>
+ <td>보통</td>
+ <td>네트워크 드라이버</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-1000111</td>
+ <td>A-68806121<br />
+<a href="http://patchwork.ozlabs.org/patch/800274/">업스트림 커널</a></td>
+ <td>EoP</td>
+ <td>보통</td>
+ <td>네트워크 드라이버</td>
+ </tr>
+</tbody></table>
+
+<h3 id="nvidia-components">NVIDIA 구성요소</h3>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>참조</th>
+ <th>유형</th>
+ <th>심각도</th>
+ <th>구성요소</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-6287</td>
+ <td>A-64893264<a href="#asterisk">*</a><br />
+ N-CVE-2017-6287</td>
+ <td>ID</td>
+ <td>보통</td>
+ <td>미디어 프레임워크</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-6285</td>
+ <td>A-64893156<a href="#asterisk">*</a><br />
+ N-CVE-2017-6285</td>
+ <td>ID</td>
+ <td>보통</td>
+ <td>미디어 프레임워크</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-6288</td>
+ <td>A-65482562<a href="#asterisk">*</a><br />
+ N-CVE-2017-6288</td>
+ <td>ID</td>
+ <td>보통</td>
+ <td>미디어 프레임워크</td>
+ </tr>
+</tbody></table>
+
+<h3 id="qualcomm-components">Qualcomm 구성요소</h3>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>참조</th>
+ <th>유형</th>
+ <th>심각도</th>
+ <th>구성요소</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-18061</td>
+ <td>A-70237701<br />
+<a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=b65cf2a007e88fe86dbd6d3269682fc585a4130f">
+QC-CR#2117246</a></td>
+ <td>EoP</td>
+ <td>보통</td>
+ <td>Wil6210</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18050</td>
+ <td>A-70237697<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=63b57442d65dfdb4b4634ff32059b1bca8c72fb7">
+QC-CR#2119443</a></td>
+ <td>EoP</td>
+ <td>보통</td>
+ <td>Wma 관리</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18054</td>
+ <td>A-70237694<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=6eefc756612e39fab49ff719b3dc9b94def53396">
+QC-CR#2119432</a></td>
+ <td>EoP</td>
+ <td>보통</td>
+ <td>Wma</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18055</td>
+ <td>A-70237693<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=50a0554d12cff58b3ffbd51d3194304244b87023">
+QC-CR#2119430</a></td>
+ <td>EoP</td>
+ <td>보통</td>
+ <td>Wma</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18065</td>
+ <td>A-70237685<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=a8bc0f90ef49ea0aee90047a17772e4eebff259a">
+QC-CR#2113423</a></td>
+ <td>EoP</td>
+ <td>보통</td>
+ <td>Wma</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18066</td>
+ <td>A-70235107<br />
+<a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=ff11f44c0c10c94170f03a8698f73f7e08b74625">
+QC-CR#2107976</a></td>
+ <td>EoP</td>
+ <td>보통</td>
+ <td>전원 드라이버</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18062</td>
+ <td>A-68992451<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=d7927eb7c9c2d79a3e24cddd1e9447ab98bf6700">
+QC-CR#2115375</a></td>
+ <td>EoP</td>
+ <td>보통</td>
+ <td>Wma</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-3561</td>
+ <td>A-68870904<a href="#asterisk">*</a><br />
+ QC-CR#2068569</td>
+ <td>EoP</td>
+ <td>보통</td>
+ <td>Diagchar</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-3560</td>
+ <td>A-68664502<a href="#asterisk">*</a><br />
+ QC-CR#2142216</td>
+ <td>EoP</td>
+ <td>보통</td>
+ <td>Qdsp6v2 사운드 드라이버</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-15834</td>
+ <td>A-70237704<br />
+<a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=2e1b54e38f1516e70d9f6581c4f1ee935effb903">
+QC-CR#2111858</a></td>
+ <td>EoP</td>
+ <td>보통</td>
+ <td>Diagchar</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-15833</td>
+ <td>A-70237702<br />
+<a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=51ce6aec73d80e1f1fcc9c7fa71e9c2fcbdbc0fd">
+QC-CR#2059835</a></td>
+ <td>EoP</td>
+ <td>보통</td>
+ <td>전원 드라이버</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-15831</td>
+ <td>A-70237687<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=31e6a657320e4299c659e3d57d38a89afe8c1ce1">
+QC-CR#2114255</a></td>
+ <td>EoP</td>
+ <td>보통</td>
+ <td>Wma</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-15830</td>
+ <td>A-70237719<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=8a7a2a9c5d203e3395811963061c79d3bc257ebe">
+QC-CR#2120725</a></td>
+ <td>EoP</td>
+ <td>보통</td>
+ <td>sme 드라이버</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-14889</td>
+ <td>A-70237700<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=e11e9dc8298dc0632050cacce96e9652d017f755">
+QC-CR#2119803</a></td>
+ <td>EoP</td>
+ <td>보통</td>
+ <td>Wma</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-14887</td>
+ <td>A-70237715<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=4ce28e7c85f89e2c3555ec840b6adda47bd5dab0">
+QC-CR#2119673</a></td>
+ <td>EoP</td>
+ <td>보통</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-14879</td>
+ <td>A-63851638<a href="#asterisk">*</a><br />
+ QC-CR#2056307</td>
+ <td>EoP</td>
+ <td>보통</td>
+ <td>IPA</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-11082</td>
+ <td>A-66937387<br />
+<a href="https://www.codeaurora.org/gitweb/quic/la/?p=kernel/msm-3.10.git;a=commit;h=2d4f8cd8d11f8fb1491a20d7e316cc0fd03eeb59">
+QC-CR#2071560</a></td>
+ <td>EoP</td>
+ <td>보통</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-11074</td>
+ <td>A-68940798<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=f5ae7b35c90f14b7e66b3a91d4fb247563a8a22b">
+QC-CR#2049138</a></td>
+ <td>EoP</td>
+ <td>보통</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18052</td>
+ <td>A-70237712<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=c04c4870bd86a5f878553d7acf207388f3d6c3bd">
+QC-CR#2119439</a></td>
+ <td>ID</td>
+ <td>보통</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18057</td>
+ <td>A-70237709<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=24d41d2bd3d98325b3800345f4ba27a334b3894b">
+QC-CR#2119403</a></td>
+ <td>ID</td>
+ <td>보통</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18059</td>
+ <td>A-70237708<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=217705da7726002ffe61dad51a6c9cc97c52f649">
+QC-CR#2119399</a></td>
+ <td>ID</td>
+ <td>보통</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18060</td>
+ <td>A-70237707<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=f3d81bd0b3cb992c214d94196b33168b02589c6b">
+QC-CR#2119394</a></td>
+ <td>ID</td>
+ <td>보통</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18051</td>
+ <td>A-70237696<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=38fba6a9f6ca3c7bf0c4c1bd84fa2b89fbcaeb93">
+QC-CR#2119442</a></td>
+ <td>ID</td>
+ <td>보통</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18053</td>
+ <td>A-70237695<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=da1c6e996ac7635c202296e31118f088f9427947">
+QC-CR#2119434</a></td>
+ <td>ID</td>
+ <td>보통</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18058</td>
+ <td>A-70237690<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=d6d42a10d4abf09299cdfacdd8aed5c26731b5ff">
+QC-CR#2119401</a></td>
+ <td>ID</td>
+ <td>보통</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-15855</td>
+ <td>A-38232131<a href="#asterisk">*</a><br />
+ QC-CR#2139514</td>
+ <td>ID</td>
+ <td>보통</td>
+ <td>Camera_v2 드라이버</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-15814</td>
+ <td>A-64836865<a href="#asterisk">*</a><br />
+ QC-CR#2092793</td>
+ <td>ID</td>
+ <td>보통</td>
+ <td>Camera_v2 드라이버</td>
+ </tr>
+</tbody></table>
+
+<h2 id="functional-updates">기능 업데이트</h2>
+<p>
+다음 업데이트는 영향을 받은 Pixel 기기에서 Pixel 기기의 보안과
+관련되지 않은 기능 문제를 해결하기 위해 포함되었습니다. 표에는 블루투스나
+모바일 데이터 등 영향을 받은 카테고리 및 문제 요약 등 관련 참조 사항이
+포함되어 있습니다.
+</p>
+
+<table>
+ <tbody><tr>
+ <th>참조</th>
+ <th>카테고리</th>
+ <th>개선 사항</th>
+ <th>기기</th>
+ </tr>
+ <tr>
+ <td>A-70491468</td>
+ <td>성능</td>
+ <td>지문으로 잠금 해제 시 절전 모드 해제 성능 개선</td>
+ <td>Pixel 2, Pixel 2 XL</td>
+ </tr>
+ <tr>
+ <td>A-69307875</td>
+ <td>오디오</td>
+ <td>동영상 녹화 시 오디오 성능 개선</td>
+ <td>Pixel 2 XL</td>
+ </tr>
+ <tr>
+ <td>A-70641186</td>
+ <td>보고서</td>
+ <td>오류 보고 개선</td>
+ <td>Pixel 2, Pixel 2 XL</td>
+ </tr>
+</tbody></table>
+
+<h2 id="common-questions-and-answers">일반적인 질문 및 답변</h2>
+<p>
+이 섹션에서는 게시판을 읽은 뒤 제기될 수 있는 일반적인 질문의 답변을
+제시합니다.
+</p>
+<p>
+<strong>1. 내 기기가 업데이트되어 이 문제가 해결되었는지 어떻게 알 수 있나요?
+</strong>
+</p>
+<p>
+2018-03-05 보안 패치 수준 및 그 이전의 모든 패치 수준과 관련된
+모든 문제는 2018-03-05 보안 패치 수준 이상에서 해결되었습니다. 기기의 보안 패치 수준을 확인하는
+방법을
+알아보려면 <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel 및 Nexus 업데이트 일정</a>의
+안내를 참조하세요.
+</p>
+<p id="type">
+<strong>2. <em>유형</em> 열의 항목은 무엇을 의미하나요?</strong>
+</p>
+<p>
+취약성 세부정보 표의 <em>유형</em> 열에 있는 항목은
+보안 취약성 분류를 참조합니다.
+</p>
+<table>
+ <colgroup><col width="25%" />
+ <col width="75%" />
+ </colgroup><tbody><tr>
+ <th>약어</th>
+ <th>정의</th>
+ </tr>
+ <tr>
+ <td>RCE</td>
+ <td>원격 코드 실행</td>
+ </tr>
+ <tr>
+ <td>EoP</td>
+ <td>권한 승격</td>
+ </tr>
+ <tr>
+ <td>ID</td>
+ <td>정보 공개</td>
+ </tr>
+ <tr>
+ <td>DoS</td>
+ <td>서비스 거부</td>
+ </tr>
+ <tr>
+ <td>N/A</td>
+ <td>분류 없음</td>
+ </tr>
+</tbody></table>
+<p>
+<strong>3. <em>참조</em> 열의 항목은 무엇을 의미하나요?</strong>
+</p>
+<p>
+취약성 세부정보 표의 <em>참조</em> 열에 있는 항목은 참조 값이 속한
+조직을 나타내는 접두어를 포함할 수
+있습니다.
+</p>
+<table>
+ <colgroup><col width="25%" />
+ <col width="75%" />
+ </colgroup><tbody><tr>
+ <th>접두어</th>
+ <th>참조</th>
+ </tr>
+ <tr>
+ <td>A-</td>
+ <td>Android 버그 ID</td>
+ </tr>
+ <tr>
+ <td>QC-</td>
+ <td>Qualcomm 참조 번호</td>
+ </tr>
+ <tr>
+ <td>M-</td>
+ <td>MediaTek 참조 번호</td>
+ </tr>
+ <tr>
+ <td>N-</td>
+ <td>NVIDIA 참조 번호</td>
+ </tr>
+ <tr>
+ <td>B-</td>
+ <td>Broadcom 참조 번호</td>
+ </tr>
+</tbody></table>
+<p id="asterisk">
+<strong>4. <em>참조</em> 열에서 Android 버그 ID 옆에 있는 * 표시는
+무엇을 의미하나요?</strong>
+</p>
+<p>
+공개되지 않은 문제는 <em>참조</em> 열의 Android 버그 ID 옆에 * 표시가
+있습니다. 일반적으로 이러한 문제에 관한 업데이트는 <a href="https://developers.google.com/android/nexus/drivers">Google 개발자 사이트</a>에서
+제공되는 Nexus 기기용 최신 바이너리 드라이버에 포함되어
+있습니다.
+</p>
+<p>
+<strong>5 보안 취약성이 이 게시판과 Android 보안 게시판에 나뉘어져 있는 이유가
+무엇인가요?</strong>
+</p>
+<p>
+Android 보안 게시판에 설명되어 있는 보안 취약성은
+Android 기기의 최신 보안 패치 수준을 선언하는 데
+필요합니다. 이 게시판에 설명된 것과 같은 추가적인 보안 취약성은
+보안 패치 수준을 선언하는 데 필요하지 않습니다.
+</p>
+<h2 id="versions">버전</h2>
+<table>
+ <colgroup><col width="25%" />
+ <col width="25%" />
+ <col width="50%" />
+ </colgroup><tbody><tr>
+ <th>버전</th>
+ <th>날짜</th>
+ <th>참고</th>
+ </tr>
+ <tr>
+ <td>1.0</td>
+ <td>2018년 3월 5일</td>
+ <td>게시판이 게시됨</td>
+ </tr>
+</tbody></table>
+
+</body></html> \ No newline at end of file
diff --git a/ko/security/bulletin/pixel/2018.html b/ko/security/bulletin/pixel/2018.html
index 5f020470..4d0336a5 100644
--- a/ko/security/bulletin/pixel/2018.html
+++ b/ko/security/bulletin/pixel/2018.html
@@ -37,17 +37,43 @@
<th>보안 패치 수준</th>
</tr>
<tr>
- <td><a href="/security/bulletin/pixel/2018-01-01.html">2018년 1월</a></td>
+ <td><a href="/security/bulletin/pixel/2018-03-01.html">2018년 3월</a></td>
<td>출시 예정
<!--
- <a href="/security/bulletin/pixel/2018-01-01.html">English</a>&nbsp;/
- <a href="/security/bulletin/pixel/2018-01-01.html?hl=ja">日本語</a>&nbsp;/
- <a href="/security/bulletin/pixel/2018-01-01.html?hl=ko">한국어</a>&nbsp;/
- <a href="/security/bulletin/pixel/2018-01-01.html?hl=ru">ру́сский</a>&nbsp;/
- <a href="/security/bulletin/pixel/2018-01-01.html?hl=zh-cn">中文&nbsp;(中国)</a>&nbsp;/
- <a href="/security/bulletin/pixel/2018-01-01.html?hl=zh-tw">中文&nbsp;(台灣)</a>
+ <a href="/security/bulletin/pixel/2018-03-01.html">English</a>&nbsp;/
+ <a href="/security/bulletin/pixel/2018-03-01.html?hl=ja">日本語</a>&nbsp;/
+ <a href="/security/bulletin/pixel/2018-03-01.html?hl=ko">한국어</a>&nbsp;/
+ <a href="/security/bulletin/pixel/2018-03-01.html?hl=ru">ру́сский</a>&nbsp;/
+ <a href="/security/bulletin/pixel/2018-03-01.html?hl=zh-cn">中文&nbsp;(中国)</a>&nbsp;/
+ <a href="/security/bulletin/pixel/2018-03-01.html?hl=zh-tw">中文&nbsp;(台灣)</a>
-->
</td>
+ <td>2018년 3월</td>
+ <td>2018-03-05</td>
+ </tr>
+ <tr>
+ <td><a href="/security/bulletin/pixel/2018-02-01.html">2018년 2월</a></td>
+ <td>
+ <a href="/security/bulletin/pixel/2018-02-01.html">한국어</a> /
+ <a href="/security/bulletin/pixel/2018-02-01.html?hl=ja">日本語</a> /
+ <a href="/security/bulletin/pixel/2018-02-01.html?hl=ko">English</a> /
+ <a href="/security/bulletin/pixel/2018-02-01.html?hl=ru">ру́сский</a> /
+ <a href="/security/bulletin/pixel/2018-02-01.html?hl=zh-cn">中文 (中国)</a> /
+ <a href="/security/bulletin/pixel/2018-02-01.html?hl=zh-tw">中文 (台灣)</a>
+ </td>
+ <td>2018년 2월</td>
+ <td>2018-02-05</td>
+ </tr>
+ <tr>
+ <td><a href="/security/bulletin/pixel/2018-01-01.html">2018년 1월</a></td>
+ <td>
+ <a href="/security/bulletin/pixel/2018-01-01.html">한국어</a> /
+ <a href="/security/bulletin/pixel/2018-01-01.html?hl=ja">日本語</a> /
+ <a href="/security/bulletin/pixel/2018-01-01.html?hl=ko">English</a> /
+ <a href="/security/bulletin/pixel/2018-01-01.html?hl=ru">ру́сский</a> /
+ <a href="/security/bulletin/pixel/2018-01-01.html?hl=zh-cn">中文 (中国)</a> /
+ <a href="/security/bulletin/pixel/2018-01-01.html?hl=zh-tw">中文 (台灣)</a>
+ </td>
<td>2018년 1월</td>
<td>2018-01-05</td>
</tr>
diff --git a/ru/security/bulletin/2015-12-01.html b/ru/security/bulletin/2015-12-01.html
index f42d05f5..ff6f478a 100644
--- a/ru/security/bulletin/2015-12-01.html
+++ b/ru/security/bulletin/2015-12-01.html
@@ -100,7 +100,7 @@ mediaserver.</p>
<th>CVE</th>
<th>Ошибки со ссылками на AOSP</th>
<th>Уровень серьезности</th>
- <th>Версии, получившие обновление системы безопасности</th>
+ <th>Обновленные версии</th>
<th>Дата сообщения об ошибке</th>
</tr>
<tr>
@@ -138,17 +138,13 @@ mediaserver.</p>
<h3 id="remote_code_execution_vulnerability_in_skia">Удаленное выполнение кода через Skia</h3>
-<p>Уязвимость Skia позволяет во время обработки специально созданного медиафайла
-нарушить целостность информации в памяти и удаленно выполнить код
-в привилегированном процессе. Уязвимости присвоен критический уровень,
-поскольку она позволяет удаленно выполнять код на пораженном устройстве (например, при работе с электронной почтой, просмотре сайтов в Интернете
-или обработке медиафайлов MMS).</p>
+<p>Уязвимость позволяет во время обработки специально созданного медиафайла нарушить целостность информации в памяти и удаленно выполнить код в привилегированном процессе. Проблеме присвоен критический уровень, поскольку из-за нее можно удаленно выполнять код на пораженном устройстве (например, при просмотре сайтов в Интернете, обработке медиафайлов MMS и работе с электронной почтой).</p>
<table>
<tbody><tr>
<th>CVE</th>
<th>Ошибки со ссылками на AOSP</th>
<th>Уровень серьезности</th>
- <th>Версии, получившие обновление системы безопасности</th>
+ <th>Обновленные версии</th>
<th>Дата сообщения об ошибке</th>
</tr>
<tr>
@@ -171,7 +167,7 @@ mediaserver.</p>
<th>CVE</th>
<th>Ошибки со ссылками на AOSP</th>
<th>Уровень серьезности</th>
- <th>Версии, получившие обновление системы безопасности</th>
+ <th>Обновленные версии</th>
<th>Дата сообщения об ошибке</th>
</tr>
<tr>
@@ -198,7 +194,7 @@ mediaserver.</p>
<th>CVE</th>
<th>Ошибки со ссылками на AOSP</th>
<th>Уровень серьезности</th>
- <th>Версии, получившие обновление системы безопасности</th>
+ <th>Обновленные версии</th>
<th>Дата сообщения об ошибке</th>
</tr>
<tr>
@@ -234,7 +230,7 @@ mediaserver.</p>
<th>CVE</th>
<th>Ошибка </th>
<th>Уровень серьезности</th>
- <th>Версии, получившие обновление системы безопасности</th>
+ <th>Обновленные версии</th>
<th>Дата сообщения об ошибке</th>
</tr>
<tr>
@@ -257,7 +253,7 @@ mediaserver.</p>
<th>CVE</th>
<th>Ошибки со ссылками на AOSP</th>
<th>Уровень серьезности</th>
- <th>Версии, получившие обновление системы безопасности</th>
+ <th>Обновленные версии</th>
<th>Дата сообщения об ошибке</th>
</tr>
<tr>
@@ -286,7 +282,7 @@ mediaserver.</p>
<th>CVE</th>
<th>Ошибки со ссылками на AOSP</th>
<th>Уровень серьезности</th>
- <th>Версии, получившие обновление системы безопасности</th>
+ <th>Обновленные версии</th>
<th>Дата сообщения об ошибке</th>
</tr>
<tr>
@@ -302,13 +298,13 @@ mediaserver.</p>
<p>Уязвимость библиотеки фреймворков Android позволяет обойти защиту,
предотвращающую атаки на платформу, и раскрыть конфиденциальную
-информацию. Проблеме присвоен высокий уровень серьезности, поскольку с ее помощью можно также получить разрешения, недоступные сторонним приложениям (например, <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> и <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a>).</p>
+информацию. Проблеме присвоен высокий уровень серьезности, поскольку из-за нее можно также получить разрешения, недоступные сторонним приложениям (например, <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> и <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a>).</p>
<table>
<tbody><tr>
<th>CVE</th>
<th>Ошибки со ссылками на AOSP</th>
<th>Уровень серьезности</th>
- <th>Версии, получившие обновление системы безопасности</th>
+ <th>Обновленные версии</th>
<th>Дата сообщения об ошибке</th>
</tr>
<tr>
@@ -330,7 +326,7 @@ mediaserver.</p>
<th>CVE</th>
<th>Ошибки со ссылками на AOSP</th>
<th>Уровень серьезности</th>
- <th>Версии, получившие обновление системы безопасности</th>
+ <th>Обновленные версии</th>
<th>Дата сообщения об ошибке</th>
</tr>
<tr>
@@ -351,7 +347,7 @@ mediaserver.</p>
<th>CVE</th>
<th>Ошибки со ссылками на AOSP</th>
<th>Уровень серьезности</th>
- <th>Версии, получившие обновление системы безопасности</th>
+ <th>Обновленные версии</th>
<th>Дата сообщения об ошибке</th>
</tr>
<tr>
@@ -374,7 +370,7 @@ mediaserver.</p>
<th>CVE</th>
<th>Ошибки со ссылками на AOSP</th>
<th>Уровень серьезности</th>
- <th>Версии, получившие обновление системы безопасности</th>
+ <th>Обновленные версии</th>
<th>Дата сообщения об ошибке</th>
</tr>
<tr>
@@ -409,7 +405,7 @@ mediaserver.</p>
<th>CVE</th>
<th>Ошибки со ссылками на AOSP</th>
<th>Уровень серьезности</th>
- <th>Версии, получившие обновление системы безопасности</th>
+ <th>Обновленные версии</th>
<th>Дата сообщения об ошибке</th>
</tr>
<tr>
@@ -431,7 +427,7 @@ mediaserver.</p>
<th>CVE</th>
<th>Ошибки со ссылками на AOSP</th>
<th>Уровень серьезности</th>
- <th>Версии, получившие обновление системы безопасности</th>
+ <th>Обновленные версии</th>
<th>Дата сообщения об ошибке</th>
</tr>
<tr>
@@ -452,7 +448,7 @@ mediaserver.</p>
<th>CVE</th>
<th>Ошибки со ссылками на AOSP</th>
<th>Уровень серьезности</th>
- <th>Версии, получившие обновление системы безопасности</th>
+ <th>Обновленные версии</th>
<th>Дата сообщения об ошибке</th>
</tr>
<tr>
@@ -473,7 +469,7 @@ mediaserver.</p>
<th>CVE</th>
<th>Ошибки со ссылками на AOSP</th>
<th>Уровень серьезности</th>
- <th>Версии, получившие обновление системы безопасности</th>
+ <th>Обновленные версии</th>
<th>Дата сообщения об ошибке</th>
</tr>
<tr>
@@ -494,7 +490,7 @@ mediaserver.</p>
<th>CVE</th>
<th>Ошибки со ссылками на AOSP</th>
<th>Уровень серьезности</th>
- <th>Версии, получившие обновление системы безопасности</th>
+ <th>Обновленные версии</th>
<th>Дата сообщения об ошибке</th>
</tr>
<tr>
diff --git a/ru/security/bulletin/2016-07-01.html b/ru/security/bulletin/2016-07-01.html
index 8da4bd08..dae33788 100644
--- a/ru/security/bulletin/2016-07-01.html
+++ b/ru/security/bulletin/2016-07-01.html
@@ -96,14 +96,8 @@
<h3 id="remote-code-execution-vulnerability-in-mediaserver">
Удаленное выполнение кода через mediaserver</h3>
-<p>Уязвимость позволяет злоумышленнику нарушить целостность информации
-в памяти при обработке медиафайлов и данных в специально созданном файле. Проблеме присвоен критический уровень серьезности из-за возможности
-удаленного выполнения кода в контексте процесса mediaserver. У него есть доступ
-к аудио- и видеопотокам, а также к привилегиям, закрытым для сторонних
-приложений.</p>
-<p>Уязвимая функция является основной составляющей ОС. Многие приложения
-позволяют контенту, особенно MMS-сообщениям и воспроизводимым
-в браузере медиафайлам, дистанционно обращаться к ней.</p>
+<p>Уязвимость позволяет злоумышленнику с помощью специально созданного файла нарушить целостность информации в памяти при обработке медиафайлов и данных. Проблеме присвоен критический уровень серьезности из-за возможности удаленного выполнения кода в контексте процесса mediaserver. У него есть доступ к аудио- и видеопотокам, а также к привилегиям, закрытым для сторонних приложений.</p>
+<p>Уязвимая функция является основной составляющей ОС. Многие приложения позволяют контенту, особенно MMS-сообщениям и воспроизводимым в браузере медиафайлам, дистанционно обращаться к ней.</p>
<table>
<colgroup><col width="19%" />
@@ -951,8 +945,7 @@
<h3 id="elevation-of-privilege-vulnerability-in-qualcomm-gpu-driver">
Повышение привилегий через драйвер Qualcomm для графического процессора</h3>
-<p>Уязвимость позволяет локальному вредоносному ПО выполнять произвольный
-код в контексте ядра. Ей присвоен критический уровень серьезности, поскольку из-за нее нарушается работа системы безопасности. Возможно, для устранения проблемы потребуется переустановить ОС.</p>
+<p>Уязвимость позволяет локальному вредоносному ПО выполнять произвольный код в контексте ядра. Ей присвоен критический уровень серьезности, поскольку из-за нее нарушается работа системы безопасности. Возможно, для устранения проблемы потребуется переустановить ОС.</p>
<table>
<colgroup><col width="19%" />
@@ -1494,8 +1487,7 @@
<h3 id="elevation-of-privilege-vulnerability-in-qualcomm-wi-fi-driver">
Повышение привилегий через Wi-Fi-драйвер Qualcomm</h3>
-<p>Уязвимость позволяет локальному вредоносному ПО выполнять произвольный
-код в контексте ядра. Проблеме присвоен высокий уровень серьезности, поскольку уязвимость требует сначала нарушить защиту привилегированного процесса.</p>
+<p>Уязвимость позволяет локальному вредоносному ПО выполнять произвольный код в контексте ядра. Проблеме присвоен высокий уровень серьезности, поскольку уязвимость требует сначала нарушить защиту привилегированного процесса.</p>
<table>
<colgroup><col width="19%" />
@@ -1522,8 +1514,7 @@
<h3 id="elevation-of-privilege-vulnerability-in-qualcomm-camera-driver">
Повышение привилегий через драйвер Qualcomm для камеры</h3>
-<p>Уязвимость позволяет локальному вредоносному ПО выполнять произвольный
-код в контексте ядра. Проблеме присвоен высокий уровень серьезности, поскольку уязвимость требует сначала нарушить защиту привилегированного процесса.</p>
+<p>Уязвимость позволяет локальному вредоносному ПО выполнять произвольный код в контексте ядра. Проблеме присвоен высокий уровень серьезности, поскольку уязвимость требует сначала нарушить защиту привилегированного процесса.</p>
<table>
<colgroup><col width="19%" />
@@ -1552,8 +1543,7 @@
<h3 id="elevation-of-privilege-vulnerability-in-nvidia-camera-driver">
Повышение привилегий через драйвер NVIDIA для камеры</h3>
<p>Уязвимость позволяет локальному вредоносному ПО выполнять произвольный
-код в контексте ядра. Проблеме присвоен высокий уровень серьезности, поскольку
-уязвимость требует сначала нарушить защиту привилегированного процесса.</p>
+код в контексте ядра. Проблеме присвоен высокий уровень серьезности, поскольку уязвимость требует сначала нарушить защиту привилегированного процесса.</p>
<table>
<colgroup><col width="19%" />
@@ -1603,7 +1593,7 @@
<td>A-28085222*<br />
M-ALPS02677244</td>
<td>Высокий</td>
- <td>Android One</td>
+ <td>Android One</td>
<td>7 апреля 2016 г.</td>
</tr>
<tr>
@@ -1611,7 +1601,7 @@
<td>A-29008443*<br />
M-ALPS02677244</td>
<td>Высокий</td>
- <td>Android One</td>
+ <td>Android One</td>
<td>7 апреля 2016 г.</td>
</tr>
</tbody></table>
@@ -1619,8 +1609,7 @@
<h3 id="elevation-of-privilege-vulnerability-in-qualcomm-wi-fi-driver-2">
Повышение привилегий через Wi-Fi-драйвер Qualcomm</h3>
-<p>Уязвимость позволяет локальному вредоносному ПО выполнять произвольный
-код в контексте ядра. Проблеме присвоен высокий уровень серьезности, поскольку уязвимость требует сначала нарушить защиту привилегированного процесса.</p>
+<p>Уязвимость позволяет локальному вредоносному ПО выполнять произвольный код в контексте ядра. Проблеме присвоен высокий уровень серьезности, поскольку уязвимость требует сначала нарушить защиту привилегированного процесса.</p>
<table>
<colgroup><col width="19%" />
@@ -1670,7 +1659,7 @@
<td>A-28174490*<br />
M-ALPS02703105</td>
<td>Высокий</td>
- <td>Android One</td>
+ <td>Android One</td>
<td>11 апреля 2016 г.</td>
</tr>
</tbody></table>
@@ -1699,7 +1688,7 @@
<td>A-28175025*<br />
M-ALPS02693738</td>
<td>Высокий</td>
- <td>Android One</td>
+ <td>Android One</td>
<td>11 апреля 2016 г.</td>
</tr>
<tr>
@@ -1707,7 +1696,7 @@
<td>A-28175027*<br />
M-ALPS02693739</td>
<td>Высокий</td>
- <td>Android One</td>
+ <td>Android One</td>
<td>11 апреля 2016 г.</td>
</tr>
</tbody></table>
@@ -1745,9 +1734,7 @@
<h3 id="elevation-of-privilege-vulnerability-in-kernel-file-system-2">
Повышение привилегий через файловую систему ядра</h3>
-<p>Уязвимость позволяет локальному вредоносному ПО выполнять произвольный
-код в контексте ядра. Проблеме присвоен высокий уровень серьезности, поскольку
-уязвимость требует сначала нарушить защиту привилегированного процесса.</p>
+<p>Уязвимость позволяет локальному вредоносному ПО выполнять произвольный код в контексте ядра. Проблеме присвоен высокий уровень серьезности, поскольку уязвимость требует сначала нарушить защиту привилегированного процесса.</p>
<table>
<colgroup><col width="19%" />
@@ -1996,7 +1983,7 @@
<td>A-28175522*<br />
M-ALPS02694389</td>
<td>Высокий</td>
- <td>Android One</td>
+ <td>Android One</td>
<td>12 апреля 2016 г.</td>
</tr>
</tbody></table>
diff --git a/ru/security/bulletin/2016-08-01.html b/ru/security/bulletin/2016-08-01.html
index a51723a7..212a2136 100644
--- a/ru/security/bulletin/2016-08-01.html
+++ b/ru/security/bulletin/2016-08-01.html
@@ -56,8 +56,7 @@
</p>
<ul>
<li>Использование многих уязвимостей затрудняется в новых
-версиях Android, поэтому мы рекомендуем всем пользователям
-своевременно обновлять систему.</li>
+версиях Android, поэтому мы рекомендуем всем пользователям своевременно обновлять систему.</li>
<li>Команда, отвечающая за безопасность Android, активно отслеживает злоупотребления с помощью <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_2015_Report_Final.pdf">Проверки приложений и SafetyNet</a>. Эти сервисы предупреждают пользователя об установке <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_PHA_classifications.pdf">потенциально опасных приложений</a>. Проверка приложений включена по умолчанию на всех устройствах с <a href="http://www.android.com/gms">мобильными сервисами Google</a>. Она особенно важна, если пользователь устанавливает ПО из сторонних источников. Хотя в
Google Play инструменты для рутинга запрещены,
они могут встречаться в других магазинах. Если пользователь решает
@@ -114,8 +113,7 @@ Mobile Security Group: CVE-2016-3845.</li>
<h3 id="remote-code-execution-vulnerability-in-mediaserver">
Удаленное выполнение кода через mediaserver</h3>
<p>
-Уязвимость позволяет злоумышленнику нарушить целостность информации
-в памяти при обработке медиафайлов и данных в специально созданном файле. Проблеме присвоен критический уровень серьезности из-за возможности удаленного выполнения кода в контексте процесса mediaserver. У него есть доступ к аудио- и видеопотокам, а также к привилегиям, закрытым для сторонних приложений.
+Уязвимость позволяет злоумышленнику с помощью специально созданного файла нарушить целостность информации в памяти при обработке медиафайлов и данных. Проблеме присвоен критический уровень серьезности из-за возможности удаленного выполнения кода в контексте процесса mediaserver. У него есть доступ к аудио- и видеопотокам, а также к привилегиям, закрытым для сторонних приложений.
</p>
<p>
Уязвимая функция является основной составляющей ОС. Многие приложения позволяют контенту, особенно MMS-сообщениям и воспроизводимым в браузере медиафайлам, дистанционно обращаться к ней.
@@ -128,7 +126,7 @@ Mobile Security Group: CVE-2016-3845.</li>
<col width="17%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>Common Vulnerabilities and Exposures</th>
+ <th>CVE</th>
<th>Ссылки</th>
<th>Уровень серьезности</th>
<th>Обновленные устройства Nexus</th>
@@ -177,7 +175,7 @@ Mobile Security Group: CVE-2016-3845.</li>
<col width="17%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>Common Vulnerabilities and Exposures</th>
+ <th>CVE</th>
<th>Ссылки</th>
<th>Уровень серьезности</th>
<th>Обновленные устройства Nexus</th>
@@ -208,7 +206,7 @@ Mobile Security Group: CVE-2016-3845.</li>
<col width="17%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>Common Vulnerabilities and Exposures</th>
+ <th>CVE</th>
<th>Ссылки</th>
<th>Уровень серьезности</th>
<th>Обновленные устройства Nexus</th>
@@ -266,7 +264,7 @@ Mobile Security Group: CVE-2016-3845.</li>
<col width="17%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>Common Vulnerabilities and Exposures</th>
+ <th>CVE</th>
<th>Ссылки</th>
<th>Уровень серьезности</th>
<th>Обновленные устройства Nexus</th>
@@ -324,7 +322,7 @@ Mobile Security Group: CVE-2016-3845.</li>
<col width="17%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>Common Vulnerabilities and Exposures</th>
+ <th>CVE</th>
<th>Ссылки</th>
<th>Уровень серьезности</th>
<th>Обновленные устройства Nexus</th>
@@ -356,7 +354,7 @@ Mobile Security Group: CVE-2016-3845.</li>
<col width="18%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>Common Vulnerabilities and Exposures</th>
+ <th>CVE</th>
<th>Ссылки</th>
<th>Уровень серьезности</th>
<th>Обновленные устройства Nexus</th>
@@ -388,7 +386,7 @@ Mobile Security Group: CVE-2016-3845.</li>
<col width="17%" />
<col width="18%" />
</colgroup><tbody><tr>
- <th>Common Vulnerabilities and Exposures</th>
+ <th>CVE</th>
<th>Ссылки</th>
<th>Уровень серьезности</th>
<th>Обновленные устройства Nexus</th>
@@ -419,7 +417,7 @@ Mobile Security Group: CVE-2016-3845.</li>
<col width="17%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>Common Vulnerabilities and Exposures</th>
+ <th>CVE</th>
<th>Ссылки</th>
<th>Уровень серьезности</th>
<th>Обновленные устройства Nexus</th>
@@ -450,7 +448,7 @@ Mobile Security Group: CVE-2016-3845.</li>
<col width="18%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>Common Vulnerabilities and Exposures</th>
+ <th>CVE</th>
<th>Ссылки</th>
<th>Уровень серьезности</th>
<th>Обновленные устройства Nexus</th>
@@ -512,7 +510,7 @@ Mobile Security Group: CVE-2016-3845.</li>
<col width="17%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>Common Vulnerabilities and Exposures</th>
+ <th>CVE</th>
<th>Ссылки</th>
<th>Уровень серьезности</th>
<th>Обновленные устройства Nexus</th>
@@ -543,7 +541,7 @@ Mobile Security Group: CVE-2016-3845.</li>
<col width="17%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>Common Vulnerabilities and Exposures</th>
+ <th>CVE</th>
<th>Ссылки</th>
<th>Уровень серьезности</th>
<th>Обновленные устройства Nexus</th>
@@ -574,8 +572,8 @@ Mobile Security Group: CVE-2016-3845.</li>
<col width="17%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>Common Vulnerabilities and Exposures</th>
- <th>Референт</th>
+ <th>CVE</th>
+ <th>Ссылки</th>
<th>Уровень серьезности</th>
<th>Обновленные устройства Nexus</th>
<th>Обновленные версии AOSP</th>
@@ -605,8 +603,8 @@ Mobile Security Group: CVE-2016-3845.</li>
<col width="18%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>Common Vulnerabilities and Exposures</th>
- <th>Референт</th>
+ <th>CVE</th>
+ <th>Ссылки</th>
<th>Уровень серьезности</th>
<th>Обновленные устройства Nexus</th>
<th>Обновленные версии AOSP</th>
@@ -676,7 +674,7 @@ QC-CR#553941</a>
<col width="17%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>Common Vulnerabilities and Exposures</th>
+ <th>CVE</th>
<th>Ссылки</th>
<th>Уровень серьезности</th>
<th>Обновленные устройства Nexus</th>
@@ -830,7 +828,7 @@ QC-CR#590721</a>
</p>
</td>
<td>Высокий</td>
- <td>Google Nexus 5</td>
+ <td>Nexus 5</td>
<td>31 марта 2014 г.</td>
</tr>
<tr>
@@ -902,7 +900,7 @@ QC-CR#547479</a>
</p>
</td>
<td>Высокий</td>
- <td>Google Nexus 5</td>
+ <td>Nexus 5</td>
<td>30 апреля 2014 г.</td>
</tr>
<tr>
@@ -914,7 +912,7 @@ QC-CR#524490</a>
</p>
</td>
<td>Высокий</td>
- <td>Google Nexus 5</td>
+ <td>Nexus 5</td>
<td>30 апреля 2014 г.</td>
</tr>
<tr>
@@ -984,7 +982,7 @@ QC-CR#562261</a>
</p>
</td>
<td>Высокий</td>
- <td>Google Nexus 5</td>
+ <td>Nexus 5</td>
<td>30 апреля 2014 г.</td>
</tr>
<tr>
@@ -1031,7 +1029,7 @@ QC-CR#642735</a>
QC-CR#674712</a>
</p></td>
<td>Высокий</td>
- <td>Google Nexus 5</td>
+ <td>Nexus 5</td>
<td>31 октября 2014 г.</td>
</tr>
<tr>
@@ -1053,7 +1051,7 @@ QC-CR#770548</a>
<a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=51c39420e3a49d1a7f05a77c64369b7623088238">
QC-CR#766022</a></p></td>
<td>Высокий</td>
- <td>Google Nexus 6</td>
+ <td>Nexus 6</td>
<td>31 марта 2015 г.</td>
</tr>
<tr>
@@ -1073,7 +1071,7 @@ QC-CR#779021</a></p></td>
<a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=e13ebd727d161db7003be6756e61283dce85fa3b">
QC-CR#792367</a></p></td>
<td>Высокий</td>
- <td>Google Nexus 6</td>
+ <td>Nexus 6</td>
<td>30 апреля 2015 г.</td>
</tr>
<tr>
@@ -1093,7 +1091,7 @@ QC-CR#792473</a></p></td>
<a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=9ec380c06bbd79493828fcc3c876d8a53fd3369f">
QC-CR#803246</a></p></td>
<td>Высокий</td>
- <td>Google Nexus 6</td>
+ <td>Nexus 6</td>
<td>30 июня 2015 г.</td>
</tr>
<tr>
@@ -1106,7 +1104,7 @@ QC-CR#794217</a></p>
<a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=ad376e4053b87bd58f62f45b6df2c5544bc21aee">
QC-CR#836226</a></p></td>
<td>Высокий</td>
- <td>Google Nexus 5</td>
+ <td>Nexus 5</td>
<td>11 сентября 2015 г.</td>
</tr>
<tr>
@@ -1116,7 +1114,7 @@ QC-CR#836226</a></p></td>
<a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=c10f03f191307f7114af89933f2d91b830150094">
QC-CR#550061</a></p></td>
<td>Средний</td>
- <td>Google Nexus 5</td>
+ <td>Nexus 5</td>
<td>13 марта 2014 г.</td>
</tr>
<tr>
@@ -1143,8 +1141,8 @@ QC-CR#529177</a></p></td>
<col width="23%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>Common Vulnerabilities and Exposures</th>
- <th>Референт</th>
+ <th>CVE</th>
+ <th>Ссылки</th>
<th>Уровень серьезности</th>
<th>Обновленные устройства Nexus</th>
<th>Дата сообщения об ошибке</th>
@@ -1183,8 +1181,8 @@ Upstream kernel</a></p></td>
<col width="23%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>Common Vulnerabilities and Exposures</th>
- <th>Референт</th>
+ <th>CVE</th>
+ <th>Ссылки</th>
<th>Уровень серьезности</th>
<th>Обновленные устройства Nexus</th>
<th>Дата сообщения об ошибке</th>
@@ -1226,8 +1224,8 @@ Upstream kernel</a></p></td>
<col width="23%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>Common Vulnerabilities and Exposures</th>
- <th>Референт</th>
+ <th>CVE</th>
+ <th>Ссылки</th>
<th>Уровень серьезности</th>
<th>Обновленные устройства Nexus</th>
<th>Дата сообщения об ошибке</th>
@@ -1247,7 +1245,7 @@ Upstream kernel</a></p></td>
</p>
<h3 id="elevation-of-privilege-vulnerability-in-kernel">
-Повышение привилегий через Ядро операционной системы</h3>
+Повышение привилегий через ядро</h3>
<p>
Уязвимость позволяет локальному вредоносному ПО выполнять произвольный код в контексте ядра. Ей присвоен критический уровень серьезности, поскольку из-за нее нарушается работа системы безопасности. Возможно, для устранения проблемы потребуется переустановить ОС.
</p>
@@ -1258,8 +1256,8 @@ Upstream kernel</a></p></td>
<col width="23%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>Common Vulnerabilities and Exposures</th>
- <th>Референт</th>
+ <th>CVE</th>
+ <th>Ссылки</th>
<th>Уровень серьезности</th>
<th>Обновленные устройства Nexus</th>
<th>Дата сообщения об ошибке</th>
@@ -1328,8 +1326,8 @@ Upstream kernel</a></p></td>
<col width="23%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>Common Vulnerabilities and Exposures</th>
- <th>Референт</th>
+ <th>CVE</th>
+ <th>Ссылки</th>
<th>Уровень серьезности</th>
<th>Обновленные устройства Nexus</th>
<th>Дата сообщения об ошибке</th>
@@ -1378,8 +1376,8 @@ Upstream kernel</a></p></td>
<col width="23%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>Common Vulnerabilities and Exposures</th>
- <th>Референт</th>
+ <th>CVE</th>
+ <th>Ссылки</th>
<th>Уровень серьезности</th>
<th>Обновленные устройства Nexus</th>
<th>Дата сообщения об ошибке</th>
@@ -1408,8 +1406,8 @@ Upstream kernel</a></p></td>
<col width="23%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>Common Vulnerabilities and Exposures</th>
- <th>Референт</th>
+ <th>CVE</th>
+ <th>Ссылки</th>
<th>Уровень серьезности</th>
<th>Обновленные устройства Nexus</th>
<th>Дата сообщения об ошибке</th>
@@ -1428,7 +1426,7 @@ N-CVE-2016-3844</p></td>
*Исправление не опубликовано. Обновление содержится в последних бинарных драйверах для устройств Nexus, которые можно скачать на <a href="https://developers.google.com/android/nexus/drivers">сайте для разработчиков</a>.
</p>
-<h3>Повышение привилегий через видеодрайвер Ядро операционной системы</h3>
+<h3>Повышение привилегий через видеодрайвер ядра</h3>
<p>
Уязвимость позволяет локальному вредоносному ПО выполнять произвольный код в контексте ядра. Проблеме присвоен высокий уровень серьезности, поскольку уязвимость требует сначала нарушить защиту привилегированного процесса.
</p>
@@ -1439,8 +1437,8 @@ N-CVE-2016-3844</p></td>
<col width="23%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>Common Vulnerabilities and Exposures</th>
- <th>Референт</th>
+ <th>CVE</th>
+ <th>Ссылки</th>
<th>Уровень серьезности</th>
<th>Обновленные устройства Nexus</th>
<th>Дата сообщения об ошибке</th>
@@ -1449,7 +1447,7 @@ N-CVE-2016-3844</p></td>
<td>CVE-2016-3845</td>
<td>A-28399876*</td>
<td>Высокий</td>
- <td>Google Nexus 5</td>
+ <td>Nexus 5</td>
<td>20 апреля 2016 г.</td>
</tr>
</tbody></table>
@@ -1469,8 +1467,8 @@ N-CVE-2016-3844</p></td>
<col width="23%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>Common Vulnerabilities and Exposures</th>
- <th>Референт</th>
+ <th>CVE</th>
+ <th>Ссылки</th>
<th>Уровень серьезности</th>
<th>Обновленные устройства Nexus</th>
<th>Дата сообщения об ошибке</th>
@@ -1499,8 +1497,8 @@ N-CVE-2016-3844</p></td>
<col width="23%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>Common Vulnerabilities and Exposures</th>
- <th>Референт</th>
+ <th>CVE</th>
+ <th>Ссылки</th>
<th>Уровень серьезности</th>
<th>Обновленные устройства Nexus</th>
<th>Дата сообщения об ошибке</th>
@@ -1540,8 +1538,8 @@ N-CVE-2016-3848</p></td>
<col width="23%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>Common Vulnerabilities and Exposures</th>
- <th>Референт</th>
+ <th>CVE</th>
+ <th>Ссылки</th>
<th>Уровень серьезности</th>
<th>Обновленные устройства Nexus</th>
<th>Дата сообщения об ошибке</th>
@@ -1569,8 +1567,8 @@ N-CVE-2016-3848</p></td>
<col width="26%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>Common Vulnerabilities and Exposures</th>
- <th>Референт</th>
+ <th>CVE</th>
+ <th>Ссылки</th>
<th>Уровень серьезности</th>
<th>Обновленные устройства Nexus</th>
<th>Дата сообщения об ошибке</th>
@@ -1603,7 +1601,7 @@ QC-CR#945164</a></p></td>
<col width="17%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>Common Vulnerabilities and Exposures</th>
+ <th>CVE</th>
<th>Ссылки</th>
<th>Уровень серьезности</th>
<th>Обновленные устройства Nexus</th>
@@ -1702,7 +1700,7 @@ QC-CR#786116</a></p></td>
<a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=bfc6eee5e30a0c20bc37495233506f4f0cc4991d">
QC-CR#542223</a></p></td>
<td>Средний</td>
- <td>Google Nexus 5</td>
+ <td>Nexus 5</td>
<td>27 марта 2014 г.</td>
</tr>
<tr>
diff --git a/ru/security/bulletin/2016-10-01.html b/ru/security/bulletin/2016-10-01.html
index 7c3a30e1..7580c70c 100644
--- a/ru/security/bulletin/2016-10-01.html
+++ b/ru/security/bulletin/2016-10-01.html
@@ -24,17 +24,14 @@
</p>
<p>
В этом бюллетене содержится информация об уязвимостях в защите
-устройств Android. К его выходу мы выпустили автоматическое обновление
-системы безопасности для устройств Nexus и опубликовали образы встроенного ПО Nexus на <a href="https://developers.google.com/android/nexus/images">сайте для разработчиков</a>. Все актуальные проблемы,
+устройств Android. К его выходу мы выпустили автоматическое обновление системы безопасности для устройств Nexus и опубликовали образы встроенного ПО Nexus на <a href="https://developers.google.com/android/nexus/images">сайте для разработчиков</a>. Все актуальные проблемы,
перечисленные здесь, устранены в исправлении от 5 октября 2016 года
или более новом. Информацию о том, как проверить обновления системы безопасности, можно найти в <a href="https://support.google.com/nexus/answer/4457705#nexus_devices">Справочном центре</a>. На поддерживаемые устройства Nexus
будет установлено единое автоматическое обновление системы безопасности
от 5 октября 2016 года.
</p>
<p>
-Мы сообщили партнерам об уязвимостях 6 сентября 2016 года или ранее.
- Исправления проблем загружены в хранилище Android Open Source Project (AOSP).
-В этом бюллетене также приведены ссылки на исправления вне AOSP.
+Мы сообщили партнерам об уязвимостях 6 сентября 2016 года или ранее. Исправления проблем загружены в хранилище Android Open Source Project (AOSP). В этом бюллетене также приведены ссылки на исправления вне AOSP.
</p>
<p>
Наиболее серьезные из уязвимостей имеют критический уровень и позволяют удаленно выполнять код в контексте ядра, из-за чего нарушается работа системы безопасности. Возможно, для устранения таких проблем потребуется переустановить ОС. <a href="/security/overview/updates-resources.html#severity">Уровень серьезности</a> зависит от того, какой ущерб будет нанесен устройству при атаке с использованием уязвимости, если средства защиты будут отключены разработчиком или взломаны.
@@ -65,11 +62,7 @@
<ul>
<li>Использование многих уязвимостей затрудняется в новых
версиях Android, поэтому мы рекомендуем всем пользователям своевременно обновлять систему.</li>
- <li>Команда, отвечающая за безопасность Android, активно отслеживает злоупотребления с помощью <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_2015_Report_Final.pdf">Проверки приложений и SafetyNet</a>. Эти сервисы предупреждают пользователя об установке <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_PHA_classifications.pdf">потенциально опасных приложений</a>. Проверка приложений включена по умолчанию на всех устройствах с <a href="http://www.android.com/gms">мобильными сервисами Google</a>. Она особенно важна, если пользователь устанавливает ПО из сторонних источников. Хотя в
- Google Play инструменты для рутинга запрещены,
- они могут встречаться в других магазинах. Если пользователь решает
- установить такое приложение. Проверка предупреждает об этом.
- Кроме того, она пытается идентифицировать известное вредоносное ПО, использующее уязвимость для повышения привилегий, и блокировать его установку. Если подобное ПО уже есть на устройстве, система уведомит об этом пользователя и попытается удалить приложение.</li>
+ <li>Команда, отвечающая за безопасность Android, активно отслеживает злоупотребления с помощью <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_2015_Report_Final.pdf">Проверки приложений и SafetyNet</a>. Эти сервисы предупреждают пользователя об установке <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_PHA_classifications.pdf">потенциально опасных приложений</a>. Проверка приложений включена по умолчанию на всех устройствах с <a href="http://www.android.com/gms">мобильными сервисами Google</a>. Она особенно важна, если пользователь устанавливает ПО из сторонних источников. Хотя в Google Play инструменты для рутинга запрещены, они могут встречаться в других магазинах. Если пользователь решает установить такое приложение, Проверка предупреждает об этом. Кроме того, она пытается идентифицировать известное вредоносное ПО, использующее уязвимость для повышения привилегий, и блокировать его установку. Если подобное ПО уже есть на устройстве, система уведомит об этом пользователя и попытается удалить приложение.</li>
<li>Приложения Google Hangouts и Messenger не передают медиафайлы таким процессам, как mediaserver, автоматически.</li>
</ul>
<h2 id="acknowledgements">Благодарности</h2>
@@ -108,14 +101,12 @@
<h2 id="2016-10-01-details">Описание уязвимостей (обновление системы безопасности 2016-10-01)</h2>
<p>
-В этом разделе вы найдете подробную информацию обо всех уязвимостях, устраненных в обновлении системы безопасности 2016-10-01: описание и обоснование серьезности, таблицу с CVE, ссылками, уровнем серьезности, уязвимыми устройствами Nexus и версиями AOSP (при наличии), а также датой сообщения об ошибке. Где возможно, мы приведем основную ссылку на опубликованное
-изменение, связанное с идентификатором ошибки (например, список AOSP), и дополнительные ссылки в квадратных скобках.
+В этом разделе вы найдете подробную информацию обо всех уязвимостях, устраненных в обновлении системы безопасности 2016-10-01: описание и обоснование серьезности, таблицу с CVE, ссылками, уровнем серьезности, уязвимыми устройствами Nexus и версиями AOSP (при наличии), а также датой сообщения об ошибке. Где возможно, мы приведем основную ссылку на опубликованное изменение, связанное с идентификатором ошибки (например, список AOSP), и дополнительные ссылки в квадратных скобках.
</p>
<h3 id="eopv-in-servicemanager">Повышение привилегий через ServiceManager</h3>
<p>
Уязвимость позволяет локальному вредоносному ПО регистрировать произвольные
-сервисы от имени привилегированного процесса, такого как system_server. Уязвимости присвоен высокий уровень
-серьезности из-за возможности подмены сервисов.
+сервисы от имени привилегированного процесса, такого как system_server. Уязвимости присвоен высокий уровень серьезности из-за возможности подмены сервисов.
</p>
<table>
<colgroup><col width="18%" />
@@ -249,7 +240,7 @@
</tbody></table>
<h3 id="eopv-in-framework-apis">Повышение привилегий через Framework API</h3>
<p>
-Уязвимость позволяет локальному вредоносному ПО выполнять произвольный код в контексте привилегированного процесса. Проблеме присвоен высокий уровень серьезности, поскольку из-за нее можно получить разрешения, недоступные сторонним приложениям.
+Уязвимость позволяет локальному вредоносному ПО выполнять произвольный код в контексте привилегированного процесса. Проблеме присвоен высокий уровень серьезности, поскольку с ее помощью можно получить привилегии, недоступные сторонним приложениям.
</p>
<table>
<colgroup><col width="18%" />
@@ -276,9 +267,9 @@
<td>17 июля 2016 г.</td>
</tr>
</tbody></table>
-<h3 id="eopv-in-telephony">Повышение привилегий через телефонную связь</h3>
+<h3 id="eopv-in-telephony">Повышение привилегий через поставщик телефонной связи</h3>
<p>
-Уязвимость позволяет локальному вредоносному ПО выполнять произвольный код в контексте привилегированного процесса. Проблеме присвоен высокий уровень серьезности, поскольку из-за нее можно получить разрешения, недоступные сторонним приложениям.
+Уязвимость позволяет локальному вредоносному ПО выполнять произвольный код в контексте привилегированного процесса. Проблеме присвоен высокий уровень серьезности, поскольку с ее помощью можно получить привилегии, недоступные сторонним приложениям.
</p>
<table>
<colgroup><col width="18%" />
@@ -307,7 +298,7 @@
</tbody></table>
<h3 id="eopv-in-camera-service">Повышение привилегий через сервис камеры</h3>
<p>
-Уязвимость позволяет локальному вредоносному ПО выполнять произвольный код в контексте привилегированного процесса. Проблеме присвоен высокий уровень серьезности, поскольку из-за нее можно получить разрешения, недоступные сторонним приложениям.
+Уязвимость позволяет локальному вредоносному ПО выполнять произвольный код в контексте привилегированного процесса. Проблеме присвоен высокий уровень серьезности, поскольку с ее помощью можно получить привилегии, недоступные сторонним приложениям.
</p>
<table>
<colgroup><col width="18%" />
@@ -372,9 +363,9 @@
<td>5 августа 2016 г.</td>
</tr>
</tbody></table>
-<h3 id="information-disclosure-vulnerability-in-aosp-mail">Раскрытие информации через почтового клиента AOSP</h3>
+<h3 id="information-disclosure-vulnerability-in-aosp-mail">Раскрытие информации через почтовый клиент AOSP</h3>
<p>
-Уязвимость позволяет локальному вредоносному ПО обходить защиту ОС, обеспечивающую раздельное хранение данных приложений. Из-за этого проблеме присвоен высокий уровень серьезности.
+Уязвимость позволяет локальному вредоносному ПО обходить защиту ОС, обеспечивающую раздельное хранение данных приложений. Проблеме присвоен высокий уровень серьезности, поскольку из-за нее можно получить несанкционированный доступ к информации.
</p>
<table>
<colgroup><col width="18%" />
@@ -403,7 +394,7 @@
</tbody></table>
<h3 id="dosv-in-wi-fi">Отказ в обслуживании в Wi-Fi</h3>
<p>
-Уязвимость позволяет находящемуся поблизости злоумышленнику использовать устройство для создания точки доступа и вызывать его перезагрузку. Проблеме присвоен высокий уровень серьезности, поскольку она приводит к временному отказу в обслуживании.
+Уязвимость вызывает перезагрузку устройства, находящегося в зоне действия специально созданной точки доступа. Проблеме присвоен высокий уровень серьезности, поскольку она приводит к временному отказу в обслуживании.
</p>
<table>
<colgroup><col width="18%" />
@@ -517,7 +508,7 @@
<td>25 июня 2016 г.</td>
</tr>
</tbody></table>
-<h3 id="eopv-in-telephony-2">Повышение привилегий через телефонную связь</h3>
+<h3 id="eopv-in-telephony-2">Повышение привилегий через поставщик телефонной связи</h3>
<p>
Уязвимость позволяет локальному вредоносному ПО выполнять произвольный код в контексте привилегированного процесса. Проблеме присвоен средний уровень серьезности, поскольку уязвимость требует сначала нарушить защиту привилегированного процесса.
</p>
@@ -548,7 +539,7 @@
</tbody></table>
<h3 id="eopv-in-accessibility-services">Повышение привилегий через сервис специальных возможностей</h3>
<p>
-Уязвимость позволяет локальному вредоносному ПО создавать события касаний экрана. Из-за этого можно получать разрешения в диалоговом окне без согласия пользователя. Проблеме присвоен средний уровень серьезности, поскольку из-за нее можно обойти обязательные требования к взаимодействию с пользователем (например, связанные с получением доступа к функциям, которые обычно требуют разрешения или должны быть запущены пользователем).
+Уязвимость позволяет локальному вредоносному ПО создавать события касаний экрана. Из-за этого можно получать разрешения в диалоговых окнах без явного согласия пользователя. Проблеме присвоен средний уровень серьезности, поскольку из-за нее можно обойти требования к взаимодействию с пользователем (связанные с получением доступа к функциям, которые обычно должны быть разрешены или запущены пользователем).
</p>
<table>
<colgroup><col width="18%" />
@@ -635,15 +626,11 @@
</tbody></table>
<h2 id="2016-10-05-details">Описание уязвимостей (обновление системы безопасности 2016-10-05)</h2>
<p>
-В этом разделе вы найдете подробную информацию обо всех уязвимостях, устраненных в обновлении системы безопасности 2016-10-05: описание и обоснование серьезности, таблицу с CVE, ссылками, уровнем серьезности, уязвимыми устройствами Nexus и версиями AOSP (при наличии), а также датой сообщения об ошибке. Где возможно, мы приведем основную ссылку на опубликованное
-изменение, связанное с идентификатором ошибки (например, список AOSP), и дополнительные ссылки в квадратных скобках.
+В этом разделе вы найдете подробную информацию обо всех уязвимостях, устраненных в обновлении системы безопасности 2016-10-05: описание и обоснование серьезности, таблицу с CVE, ссылками, уровнем серьезности, уязвимыми устройствами Nexus и версиями AOSP (при наличии), а также датой сообщения об ошибке. Где возможно, мы приведем основную ссылку на опубликованное изменение, связанное с идентификатором ошибки (например, список AOSP), и дополнительные ссылки в квадратных скобках.
</p>
<h3 id="remote-code-execution-vulnerability-in-kernel-asn-1-decoder">Удаленное выполнение кода через декодер ASN.1 ядра</h3>
<p>
-Уязвимость позволяет локальному вредоносному ПО выполнять произвольный
-код в контексте ядра. Ей присвоен критический уровень серьезности, поскольку
-из-за нее нарушается работа системы безопасности. Возможно, для устранения
-проблемы потребуется переустановить ОС.
+Уязвимость позволяет локальному вредоносному ПО выполнять произвольный код в контексте ядра. Ей присвоен критический уровень серьезности, поскольку из-за нее нарушается работа системы безопасности. Возможно, для устранения проблемы потребуется переустановить ОС.
</p>
<table>
<colgroup><col width="19%" />
@@ -696,10 +683,7 @@
</tbody></table>
<h3 id="eopv-in-mediatek-video-driver">Повышение привилегий через видеодрайвер MediaTek</h3>
<p>
-Уязвимость позволяет локальному вредоносному ПО выполнять произвольный
-код в контексте ядра. Ей присвоен критический уровень серьезности, поскольку
-из-за нее нарушается работа системы безопасности. Возможно, для устранения
-проблемы потребуется переустановить ОС.
+Уязвимость позволяет локальному вредоносному ПО выполнять произвольный код в контексте ядра. Ей присвоен критический уровень серьезности, поскольку из-за нее нарушается работа системы безопасности. Возможно, для устранения проблемы потребуется переустановить ОС.
</p>
<table>
<colgroup><col width="19%" />
@@ -728,10 +712,7 @@
</p>
<h3 id="eopv-in-kernel-shared-memory-driver">Повышение привилегий через драйвер разделения памяти ядра</h3>
<p>
-Уязвимость позволяет локальному вредоносному ПО выполнять произвольный
-код в контексте ядра. Ей присвоен критический уровень серьезности, поскольку
-из-за нее нарушается работа системы безопасности. Возможно, для устранения
-проблемы потребуется переустановить ОС.
+Уязвимость позволяет локальному вредоносному ПО выполнять произвольный код в контексте ядра. Ей присвоен критический уровень серьезности, поскольку из-за нее нарушается работа системы безопасности. Возможно, для устранения проблемы потребуется переустановить ОС.
</p>
<table>
<colgroup><col width="19%" />
@@ -759,9 +740,7 @@
<h3 id="vulnerabilities-in-qc-components">
Уязвимости в компонентах Qualcomm</h3>
<p>
-В таблице ниже перечислены уязвимости системы безопасности, затрагивающие
-компоненты Qualcomm, которые детально описаны в бюллетенях по безопасности
-Qualcomm AMSS за март и апрель 2016 года.
+В таблице ниже перечислены уязвимости системы безопасности, затрагивающие компоненты Qualcomm, которые детально описаны в бюллетенях по безопасности Qualcomm AMSS за март и апрель 2016 года.
</p>
<table>
<colgroup><col width="19%" />
@@ -803,9 +782,7 @@ Qualcomm AMSS за март и апрель 2016 года.
</p>
<h3 id="eopv-in-qualcomm-networking-component">Повышение привилегий через сетевой компонент Qualcomm</h3>
<p>
-Уязвимость позволяет локальному вредоносному ПО выполнять произвольный
-код в контексте ядра. Проблеме присвоен высокий уровень серьезности, поскольку
-уязвимость требует сначала нарушить защиту привилегированного процесса.
+Уязвимость позволяет локальному вредоносному ПО выполнять произвольный код в контексте ядра. Проблеме присвоен высокий уровень серьезности, поскольку уязвимость требует сначала нарушить защиту привилегированного процесса.
</p>
<table>
<colgroup><col width="19%" />
@@ -831,9 +808,7 @@ Qualcomm AMSS за март и апрель 2016 года.
</tbody></table>
<h3 id="eopv-in-nvidia-mmc-test-driver">Повышение привилегий через драйвер NVIDIA для тестирования MMC</h3>
<p>
-Уязвимость позволяет локальному вредоносному ПО выполнять произвольный
-код в контексте ядра. Проблеме присвоен высокий уровень серьезности, поскольку
-уязвимость требует сначала нарушить защиту привилегированного процесса.
+Уязвимость позволяет локальному вредоносному ПО выполнять произвольный код в контексте ядра. Проблеме присвоен высокий уровень серьезности, поскольку уязвимость требует сначала нарушить защиту привилегированного процесса.
</p>
<table>
<colgroup><col width="19%" />
@@ -862,9 +837,7 @@ Qualcomm AMSS за март и апрель 2016 года.
</p>
<h3 id="eopv-in-qsee-communicator-driver">Повышение привилегий через драйвер Qualcomm для QSEE Communicator</h3>
<p>
-Уязвимость позволяет локальному вредоносному ПО выполнять произвольный
-код в контексте ядра. Проблеме присвоен высокий уровень серьезности, поскольку
-уязвимость требует сначала нарушить защиту привилегированного процесса.
+Уязвимость позволяет локальному вредоносному ПО выполнять произвольный код в контексте ядра. Проблеме присвоен высокий уровень серьезности, поскольку уязвимость требует сначала нарушить защиту привилегированного процесса.
</p>
<table>
<colgroup><col width="19%" />
@@ -961,8 +934,7 @@ Qualcomm AMSS за март и апрель 2016 года.
</tbody></table>
<h3 id="eopv-in-qualcomm-sound-driver">Повышение привилегий через аудиодрайвер Qualcomm</h3>
<p>
-Уязвимость позволяет локальному вредоносному ПО выполнять произвольный
-код в контексте ядра. Проблеме присвоен высокий уровень серьезности, поскольку уязвимость требует сначала нарушить защиту привилегированного процесса.
+Уязвимость позволяет локальному вредоносному ПО выполнять произвольный код в контексте ядра. Проблеме присвоен высокий уровень серьезности, поскольку уязвимость требует сначала нарушить защиту привилегированного процесса.
</p>
<table>
<colgroup><col width="19%" />
@@ -987,11 +959,9 @@ Qualcomm AMSS за март и апрель 2016 года.
<td>20 июня 2016 г.</td>
</tr>
</tbody></table>
-<h3 id="eopv-in-qualcomm-crypto-engine-driver">Повышение привилегий через драйвер Qualcomm для шифрования</h3>
+<h3 id="eopv-in-qualcomm-crypto-engine-driver">Повышение привилегий через драйвер шифрования Qualcomm</h3>
<p>
-Уязвимость позволяет локальному вредоносному ПО выполнять произвольный
-код в контексте ядра. Проблеме присвоен высокий уровень серьезности, поскольку
-уязвимость требует сначала нарушить защиту привилегированного процесса.
+Уязвимость позволяет локальному вредоносному ПО выполнять произвольный код в контексте ядра. Проблеме присвоен высокий уровень серьезности, поскольку уязвимость требует сначала нарушить защиту привилегированного процесса.
</p>
<table>
<colgroup><col width="19%" />
@@ -1025,8 +995,7 @@ Qualcomm AMSS за март и апрель 2016 года.
</tbody></table>
<h3 id="eopv-in-mediatek-video-driver-2">Повышение привилегий через видеодрайвер MediaTek</h3>
<p>
-Уязвимость позволяет локальному вредоносному ПО выполнять произвольный
-код в контексте ядра. Проблеме присвоен высокий уровень серьезности, поскольку уязвимость требует сначала нарушить защиту привилегированного процесса.
+Уязвимость позволяет локальному вредоносному ПО выполнять произвольный код в контексте ядра. Проблеме присвоен высокий уровень серьезности, поскольку уязвимость требует сначала нарушить защиту привилегированного процесса.
</p>
<table>
<colgroup><col width="19%" />
@@ -1063,8 +1032,7 @@ Qualcomm AMSS за март и апрель 2016 года.
</p>
<h3 id="eopv-in-qualcomm-video-driver">Повышение привилегий через видеодрайвер Qualcomm</h3>
<p>
-Уязвимость позволяет локальному вредоносному ПО выполнять произвольный
-код в контексте ядра. Проблеме присвоен высокий уровень серьезности, поскольку уязвимость требует сначала нарушить защиту привилегированного процесса.
+Уязвимость позволяет локальному вредоносному ПО выполнять произвольный код в контексте ядра. Проблеме присвоен высокий уровень серьезности, поскольку уязвимость требует сначала нарушить защиту привилегированного процесса.
</p>
<table>
<colgroup><col width="19%" />
@@ -1098,8 +1066,7 @@ Qualcomm AMSS за март и апрель 2016 года.
</tbody></table>
<h3 id="eopv-in-synaptics-touchscreen-driver">Повышение привилегий через драйвер сенсорного экрана Synaptics</h3>
<p>
-Уязвимость позволяет локальному вредоносному ПО выполнять произвольный
-код в контексте ядра. Проблеме присвоен высокий уровень серьезности, поскольку уязвимость требует сначала нарушить защиту привилегированного процесса.
+Уязвимость позволяет локальному вредоносному ПО выполнять произвольный код в контексте ядра. Проблеме присвоен высокий уровень серьезности, поскольку уязвимость требует сначала нарушить защиту привилегированного процесса.
</p>
<table>
<colgroup><col width="19%" />
@@ -1163,10 +1130,7 @@ Qualcomm AMSS за март и апрель 2016 года.
</p>
<h3 id="eopv-in-system_server">Повышение привилегий через system_server</h3>
<p>
-Уязвимость позволяет локальному вредоносному ПО выполнять произвольный
-код в контексте привилегированного процесса. Проблеме присвоен высокий
-уровень серьезности, поскольку с ее помощью можно получить привилегии,
-недоступные сторонним приложениям.
+Уязвимость позволяет локальному вредоносному ПО выполнять произвольный код в контексте привилегированного процесса. Проблеме присвоен высокий уровень серьезности, поскольку с ее помощью можно получить привилегии, недоступные сторонним приложениям.
</p>
<table>
<colgroup><col width="19%" />
@@ -1327,10 +1291,7 @@ Qualcomm AMSS за март и апрель 2016 года.
</p>
<h3 id="eopv-in-qualcomm-character-driver">Повышение привилегий через символьный драйвер Qualcomm</h3>
<p>
-Уязвимость позволяет локальному вредоносному ПО выполнять произвольный
-код в контексте ядра. Проблеме присвоен средний уровень серьезности, поскольку
-уязвимость требует сначала нарушить защиту привилегированного процесса.
-Также уязвимый код в текущий момент недоступен.
+Уязвимость позволяет локальному вредоносному ПО выполнять произвольный код в контексте ядра. Проблеме присвоен средний уровень серьезности, поскольку уязвимость требует сначала нарушить защиту привилегированного процесса, а уязвимый код в текущий момент недоступен.
</p>
<table>
<colgroup><col width="19%" />
@@ -1410,7 +1371,7 @@ Qualcomm AMSS за март и апрель 2016 года.
</p>
<h3 id="information-disclosure-vulnerability-in-qualcomm-components">Раскрытие информации через компоненты Qualcomm</h3>
<p>
-Уязвимость позволяет локальному вредоносному ПО получать несанкционированный доступ к данным. Проблеме присвоен средний уровень серьезности, поскольку уязвимость требует сначала нарушить защиту привилегированного процесса.
+Уязвимость в компонентах Qualcomm (в том числе аудиодрайвере, драйвере IPA и Wi-Fi-драйвере) позволяет локальному вредоносному ПО получать несанкционированный доступ к данным. Проблеме присвоен средний уровень серьезности, поскольку уязвимость требует сначала нарушить защиту привилегированного процесса.
</p>
<table>
<colgroup><col width="19%" />
@@ -1471,10 +1432,7 @@ Qualcomm AMSS за март и апрель 2016 года.
</p>
<h3 id="information-disclosure-vulnerability-in-kernel-components">Раскрытие информации через компоненты ядра</h3>
<p>
-Уязвимость позволяет локальному вредоносному ПО получать
-несанкционированный доступ к данным. Проблеме присвоен средний уровень
-серьезности, поскольку уязвимость требует сначала нарушить защиту
-привилегированного процесса.
+Уязвимость позволяет локальному вредоносному ПО получать несанкционированный доступ к данным. Проблеме присвоен средний уровень серьезности, поскольку уязвимость требует сначала нарушить защиту привилегированного процесса.
</p>
<table>
<colgroup><col width="19%" />
@@ -1523,11 +1481,8 @@ Qualcomm AMSS за март и апрель 2016 года.
</p>
<h3 id="information-disclosure-vulnerability-in-nvidia-profiler">Раскрытие информации через профилировщик NVIDIA</h3>
<p>
-Уязвимость позволяет локальному вредоносному ПО получать
-несанкционированный доступ к данным.
-Проблеме присвоен средний
-уровень серьезности, поскольку уязвимость требует сначала
-нарушить защиту привилегированного процесса.
+Уязвимость позволяет локальному вредоносному ПО получать несанкционированный доступ к данным.
+Проблеме присвоен средний уровень серьезности, поскольку уязвимость требует сначала нарушить защиту привилегированного процесса.
</p>
<table>
<colgroup><col width="19%" />
@@ -1572,10 +1527,7 @@ Qualcomm AMSS за март и апрель 2016 года.
</p>
<h3 id="information-disclosure-vulnerability-in-kernel">Раскрытие информации через ядро</h3>
<p>
-Уязвимость позволяет локальному вредоносному ПО получать
-несанкционированный доступ к данным. Проблеме присвоен средний
-уровень серьезности, поскольку уязвимость требует сначала
-нарушить защиту привилегированного процесса.
+Уязвимость позволяет локальному вредоносному ПО получать несанкционированный доступ к данным. Проблеме присвоен средний уровень серьезности, поскольку уязвимость требует сначала нарушить защиту привилегированного процесса.
</p>
<table>
<colgroup><col width="19%" />
@@ -1603,9 +1555,7 @@ Qualcomm AMSS за март и апрель 2016 года.
</p>
<h3 id="dosv-in-kernel-networking-subsystem">Отказ в обслуживании в сетевой подсистеме ядра</h3>
<p>
-Уязвимость позволяет злоумышленнику заблокировать доступ к соединениям по TCP,
-а также вызвать временный отказ в обслуживании. Из-за этого проблеме присвоен
-средний уровень серьезности.
+Уязвимость позволяет злоумышленнику блокировать доступ к соединениям по TCP, а также вызывать временный отказ в обслуживании. Из-за этого проблеме присвоен средний уровень серьезности.
</p>
<table>
<colgroup><col width="19%" />
@@ -1632,9 +1582,7 @@ Qualcomm AMSS за март и апрель 2016 года.
</tbody></table>
<h3 id="dosv-in-kernel-sound-driver">Отказ в обслуживании в аудиодрайвере ядра</h3>
<p>
-Уязвимость позволяет локальному вредоносному ПО выполнять перезагрузку
-устройства. Ей присвоен низкий уровень серьезности, поскольку она приводит
-к временному отказу в обслуживании.
+Уязвимость позволяет локальному вредоносному ПО выполнять перезагрузку устройства. Ей присвоен низкий уровень серьезности, поскольку она приводит к временному отказу в обслуживании.
</p>
<table>
<colgroup><col width="19%" />
@@ -1736,8 +1684,7 @@ Qualcomm AMSS за март и апрель 2016 года.
</tbody></table>
<h2 id="common-questions-and-answers">Часто задаваемые вопросы</h2>
<p>
-В этом разделе мы отвечаем на вопросы, которые могут возникнуть
-после прочтения бюллетеня.
+В этом разделе мы отвечаем на вопросы, которые могут возникнуть после прочтения бюллетеня.
</p>
<p>
<strong>1. Как определить, установлено ли на устройство обновление, в котором устранены перечисленные проблемы?
@@ -1746,11 +1693,7 @@ Qualcomm AMSS за март и апрель 2016 года.
<p>
В исправлении от 1 октября 2016 года устранены все проблемы, связанные
с обновлением 2016-10-01. В исправлении от 5 октября 2016 года или более новом
-устранены все проблемы, связанные с обновлением 2016-10-05. Информацию о том, как узнать дату последнего обновления системы безопасности, можно найти в <a href="https://support.google.com/nexus/answer/4457705">Справочном центре</a>.
-Производители устройств, позволяющие установить эти обновления, должны
-присвоить им уровень
-[ro.build.version.security_patch]:[2016-10-01] или
-[ro.build.version.security_patch]:[2016-10-05].
+устранены все проблемы, связанные с обновлением 2016-10-05. Информацию о том, как узнать дату последнего обновления системы безопасности, можно найти в <a href="https://support.google.com/nexus/answer/4457705">Справочном центре</a>. Производители устройств, позволяющие установить эти обновления, должны присвоить им уровень [ro.build.version.security_patch]:[2016-10-01] или [ro.build.version.security_patch]:[2016-10-05].
</p>
<p>
<strong>2. Почему в этом бюллетене говорится о двух обновлениях системы безопасности?</strong>
diff --git a/ru/security/bulletin/2017-01-01.html b/ru/security/bulletin/2017-01-01.html
index c8a55695..b32525df 100644
--- a/ru/security/bulletin/2017-01-01.html
+++ b/ru/security/bulletin/2017-01-01.html
@@ -259,7 +259,7 @@
</tbody></table>
<h3 id="eop-in-mediaserver">Повышение привилегий через mediaserver</h3>
<p>
-Уязвимость позволяет локальному вредоносному ПО выполнять произвольный код в контексте привилегированного процесса. Проблеме присвоен высокий уровень серьезности, поскольку с ее помощью можно получить привилегии, недоступные сторонним приложениям.
+Уязвимость позволяет локальному вредоносному ПО выполнять произвольный код в контексте привилегированного процесса. Проблеме присвоен высокий уровень серьезности, поскольку из-за нее можно получить разрешения, недоступные сторонним приложениям.
</p>
<table>
<colgroup><col width="18%" />
@@ -1955,8 +1955,7 @@ Upstream kernel</a></td>
</tbody></table>
<h2 id="common-questions-and-answers">Часто задаваемые вопросы</h2>
-<p>В этом разделе мы отвечаем на вопросы, которые могут возникнуть
-после прочтения бюллетеня.</p>
+<p>В этом разделе мы отвечаем на вопросы, которые могут возникнуть после прочтения бюллетеня.</p>
<p><strong>1. Как определить, установлено ли на устройство обновление, в котором устранены перечисленные проблемы?
</strong></p>
diff --git a/ru/security/bulletin/2017-03-01.html b/ru/security/bulletin/2017-03-01.html
index 8e2667d5..f1034a18 100644
--- a/ru/security/bulletin/2017-03-01.html
+++ b/ru/security/bulletin/2017-03-01.html
@@ -121,8 +121,7 @@
<h3 id="rce-in-mediaserver-">Удаленное выполнение кода через mediaserver
</h3>
-<p>Уязвимость позволяет злоумышленнику нарушить целостность информации
-в памяти при обработке медиафайлов и данных в специально созданном файле. Проблеме присвоен критический уровень серьезности из-за возможности удаленного выполнения кода в контексте процесса mediaserver.</p>
+<p>Уязвимость позволяет злоумышленнику с помощью специально созданного файла нарушить целостность информации в памяти при обработке медиафайлов и данных. Проблеме присвоен критический уровень серьезности из-за возможности удаленного выполнения кода в контексте процесса mediaserver.</p>
<table>
<colgroup><col width="18%" />
@@ -369,7 +368,7 @@
</tbody></table>
<h3 id="eop-in-audioserver">Повышение привилегий через audioserver</h3>
-<p>Уязвимость позволяет локальному вредоносному ПО выполнять произвольный код в контексте привилегированного процесса. Проблеме присвоен высокий уровень серьезности, поскольку с ее помощью можно получить привилегии, недоступные сторонним приложениям.</p>
+<p>Уязвимость позволяет локальному вредоносному ПО выполнять произвольный код в контексте привилегированного процесса. Проблеме присвоен высокий уровень серьезности, поскольку из-за нее можно получить разрешения, недоступные сторонним приложениям.</p>
<table>
<colgroup><col width="18%" />
@@ -2104,8 +2103,7 @@ QC-CR#518731</a></td>
</tbody></table>
<p>*Исправление не опубликовано. Обновление содержится в последних бинарных драйверах для устройств Nexus, которые можно скачать на <a href="https://developers.google.com/android/nexus/drivers">сайте для разработчиков</a>.</p>
<h2 id="common-questions-and-answers">Часто задаваемые вопросы</h2>
-<p>В этом разделе мы отвечаем на вопросы, которые могут возникнуть
-после прочтения бюллетеня.</p>
+<p>В этом разделе мы отвечаем на вопросы, которые могут возникнуть после прочтения бюллетеня.</p>
<p><strong>1. Как определить, установлено ли на устройство обновление, в котором устранены перечисленные проблемы?
</strong></p>
<p>Информацию о том, как проверить обновления системы безопасности, можно найти в <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Справочном центре</a>.</p>
diff --git a/ru/security/bulletin/2017-05-01.html b/ru/security/bulletin/2017-05-01.html
index 1b19b005..bf05a039 100644
--- a/ru/security/bulletin/2017-05-01.html
+++ b/ru/security/bulletin/2017-05-01.html
@@ -32,7 +32,7 @@
<p>У нас нет информации о том, что обнаруженные уязвимости эксплуатировались. В разделе <a href="#mitigations">Предотвращение атак</a> описывается, как <a href="/security/enhancements/index.html">платформа безопасности</a> и средства защиты сервисов, например <a href="https://developer.android.com/training/safetynet/index.html">SafetyNet</a>, помогают снизить вероятность атак на Android.</p>
<p>Мы рекомендуем всем пользователям установить перечисленные здесь обновления.</p>
-<h2 id="announcements">Уведомления</h2>
+<h2 id="announcements">Объявления</h2>
<ul>
<li>Мы включили в этот бюллетень сведения о двух обновлениях, чтобы помочь нашим партнерам как можно скорее устранить уязвимости, затрагивающие все устройства Android. Дополнительную информацию вы найдете в разделе <a href="#common-questions-and-answers">Часто задаваемые вопросы</a>.
<ul>
@@ -49,8 +49,7 @@
<ul>
<li>Использование многих уязвимостей затрудняется в новых
-версиях Android, поэтому мы рекомендуем всем пользователям
-своевременно обновлять систему.</li>
+версиях Android, поэтому мы рекомендуем всем пользователям своевременно обновлять систему.</li>
<li>Команда, отвечающая за безопасность Android, активно отслеживает злоупотребления с помощью <a href="/security/reports/Google_Android_Security_2016_Report_Final.pdf">Проверки приложений и SafetyNet</a>. Эти сервисы предупреждают пользователя об установке <a href="/security/reports/Google_Android_Security_PHA_classifications.pdf">потенциально опасных приложений</a>. Проверка приложений включена по умолчанию на всех устройствах с <a href="http://www.android.com/gms">мобильными сервисами Google</a>. Она особенно важна, если пользователь устанавливает ПО из сторонних источников. Хотя в Google Play инструменты для рутинга запрещены, они могут встречаться в других магазинах. Если пользователь решает установить такое приложение, Проверка предупреждает об этом. Кроме того, она пытается идентифицировать известное вредоносное ПО, использующее уязвимость для повышения привилегий, и блокировать его установку. Если подобное ПО уже есть на устройстве, система уведомит об этом пользователя и попытается удалить приложение.</li>
<li>Приложения Google Hangouts и Messenger не передают медиафайлы таким процессам, как mediaserver, автоматически.</li>
</ul>
@@ -102,7 +101,7 @@
<col width="18%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>Common Vulnerabilities and Exposures</th>
+ <th>CVE</th>
<th>Ссылки</th>
<th>Уровень серьезности</th>
<th>Обновленные устройства Google</th>
@@ -171,8 +170,8 @@
<col width="18%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>Common Vulnerabilities and Exposures</th>
- <th>Референт</th>
+ <th>CVE</th>
+ <th>Ссылки</th>
<th>Уровень серьезности</th>
<th>Обновленные устройства Google</th>
<th>Обновленные версии AOSP</th>
@@ -200,8 +199,8 @@
<col width="18%" />
<col width="17%" />
</colgroup><tbody><tr>
- <th>Common Vulnerabilities and Exposures</th>
- <th>Референт</th>
+ <th>CVE</th>
+ <th>Ссылки</th>
<th>Уровень серьезности</th>
<th>Обновленные устройства Google</th>
<th>Обновленные версии AOSP</th>
@@ -235,7 +234,7 @@
<h3 id="eop-in-audioserver">Повышение привилегий через audioserver</h3>
-<p>Уязвимость позволяет локальному вредоносному ПО выполнять произвольный код в контексте привилегированного процесса. Проблеме присвоен высокий уровень серьезности, поскольку с ее помощью можно получить привилегии, недоступные сторонним приложениям.</p>
+<p>Уязвимость позволяет локальному вредоносному ПО выполнять произвольный код в контексте привилегированного процесса. Проблеме присвоен высокий уровень серьезности, поскольку из-за нее можно получить разрешения, недоступные сторонним приложениям.</p>
<table>
<colgroup><col width="18%" />
@@ -2411,8 +2410,8 @@ QC-CR#832915</a></td>
<table>
<tbody><tr>
- <th>Приставка</th>
- <th>Референт</th>
+ <th>Префикс</th>
+ <th>Значение</th>
</tr>
<tr>
<td>A-</td>
diff --git a/ru/security/bulletin/2017-11-01.html b/ru/security/bulletin/2017-11-01.html
index f2948d45..2985c4d9 100644
--- a/ru/security/bulletin/2017-11-01.html
+++ b/ru/security/bulletin/2017-11-01.html
@@ -47,7 +47,7 @@
</p>
<ul>
<li>В новых версиях Android сложнее использовать многие уязвимости, поэтому мы рекомендуем всем пользователям своевременно обновлять систему.</li>
- <li>Команда, отвечающая за безопасность Android, активно отслеживает злоупотребления с помощью <a href="//www.android.com/play-protect">Google Play Защиты</a> и предупреждает пользователей об установке <a href="/security/reports/Google_Android_Security_PHA_classifications.pdf">потенциально опасных приложений</a>. Google Play Защита включена по умолчанию на всех устройствах с <a href="//www.android.com/gms">сервисами Google для мобильных устройств</a>. Она особенно важна, если пользователь устанавливает ПО из сторонних источников.</li>
+ <li>Команда, отвечающая за безопасность Android, с помощью <a href="//www.android.com/play-protect">Google Play Защиты</a> активно отслеживает злоупотребления и предупреждает пользователей об установке <a href="/security/reports/Google_Android_Security_PHA_classifications.pdf">потенциально опасных приложений</a>. Google Play Защита включена по умолчанию на всех устройствах с <a href="//www.android.com/gms">сервисами Google для мобильных устройств</a>. Она особенно важна, если пользователь устанавливает ПО из сторонних источников.</li>
</ul>
<h2 id="2017-11-01-details">Описание уязвимостей (обновление системы безопасности 2017-11-01)</h2>
<p>
@@ -484,7 +484,7 @@ QC-CR#2055629</a></td>
<strong>3. Что означают сокращения в столбце <em>Тип</em>?</strong>
</p>
<p>
-В этом столбце указан<em></em> тип уязвимости по следующей классификации:
+В этом столбце указан тип уязвимости по следующей классификации:<em></em>
</p>
<table>
<colgroup><col width="25%" />
@@ -549,10 +549,10 @@ QC-CR#2055629</a></td>
</tr>
</tbody></table>
<p id="asterisk">
-<strong>5. Что означает значок * рядом с идентификатором ошибки Android в столбце <em>Ссылки</em>?</strong>
+<strong>5. Что означает символ * рядом с идентификатором ошибки Android в столбце <em>Ссылки</em>?</strong>
</p>
<p>
-Значок * говорит о том, что исправление для уязвимости не опубликовано<em></em>. Необходимое обновление содержится в последних бинарных драйверах для устройств Nexus, которые можно скачать на <a href="//developers.google.com/android/nexus/drivers">сайте для разработчиков</a>.
+Символ * означает, что исправление для уязвимости не опубликовано.<em></em> Необходимое обновление содержится в последних бинарных драйверах для устройств Nexus, которые можно скачать на <a href="//developers.google.com/android/nexus/drivers">сайте для разработчиков</a>.
</p>
<p>
<strong>6. Почему теперь одни уязвимости описываются в этих бюллетенях, а другие – в бюллетенях по безопасности Pixel  и Nexus, а также в остальных бюллетенях партнеров?</strong>
diff --git a/ru/security/bulletin/2018-01-01.html b/ru/security/bulletin/2018-01-01.html
index ab0097c3..e0293a81 100644
--- a/ru/security/bulletin/2018-01-01.html
+++ b/ru/security/bulletin/2018-01-01.html
@@ -19,15 +19,14 @@
See the License for the specific language governing permissions and
limitations under the License.
-->
-<p><em>Опубликовано 2 января 2018 г.</em></p>
+<p><em>Опубликовано 2 января 2018 г. | Обновлено 29 января 2018 г.</em></p>
<p>
В этом бюллетене содержится информация об уязвимостях в защите устройств Android. Все актуальные проблемы, перечисленные здесь, устранены в исправлении от 5 января 2018 года или более новом. Информацию о том, как проверить обновления системы безопасности, можно найти в <a href="https://support.google.com/pixelphone/answer/4457705">Справочном центре</a>.
</p>
<p>
Мы сообщили партнерам обо всех проблемах по крайней мере за месяц до выхода бюллетеня.
-Исправления уязвимостей будут добавлены в хранилище Android Open Source Project (AOSP) в течение 48 часов. Ссылки на AOSP появятся в этом бюллетене позже.
-</p>
+Исправления уязвимостей доступны в хранилище Android Open Source Project (AOSP). В этом бюллетене также приведены ссылки на исправления вне AOSP.</p>
<p>
Самая серьезная из этих проблем – критическая уязвимость в Media Framework, которая позволяет злоумышленнику выполнять произвольный код в контексте привилегированного процесса с помощью специально созданного файла. <a href="/security/overview/updates-resources.html#severity">Уровень серьезности</a> зависит от того, какой ущерб будет нанесен устройству при атаке с использованием уязвимости, если средства защиты будут отключены разработчиком или взломаны.
</p>
@@ -38,6 +37,14 @@
<strong>Примечание.</strong> Информация о последних автоматических обновлениях (OTA) и образах встроенного ПО для устройств Google приведена в бюллетене по безопасности Pixel  и Nexus за январь 2018 года.
</p>
<h2 id="announcements">Объявления</h2>
+<aside class="note">
+<p><strong>Примечание.</strong> Опубликована информация об уязвимостях CVE-2017-5715, CVE-2017-5753 и CVE-2017-5754, которые связаны с упреждающим исполнением команд в процессорах. У нас нет информации об успешном воспроизведении этих уязвимостей, которое привело бы к несанкционированному раскрытию информации на устройствах Android с процессором ARM.
+</p>
+<p>
+Чтобы обеспечить дополнительную защиту, мы включили в этот бюллетень обновление, связанное с уязвимостью CVE-2017-13218. Оно ограничивает доступ к высокоточным таймерам, что препятствует атакам по сторонним каналам (например, при использовании уязвимостей CVE-2017-5715, CVE-2017-5753 и CVE-2017-5754) на всех известных процессорах ARM.
+</p>
+<p>Мы рекомендуем всем пользователям установить доступные обновления системы безопасности. <a href="https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html">Подробнее…</a></p>
+</aside>
<p>
Мы начали выпускать новый <a href="/security/bulletin/pixel/">бюллетень по безопасности Pixel  и Nexus</a>, в котором содержится информация о дополнительных уязвимостях в защите и улучшениях функциональных возможностей устройств Pixel и Nexus. Производители могут включить их в обновления для своих устройств Android. Дополнительную информацию вы найдете в разделе <a href="#common-questions-and-answers">Часто задаваемые вопросы</a>.
</p>
@@ -70,7 +77,8 @@
</tr>
<tr>
<td>CVE-2017-13176</td>
- <td>A-68341964</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/base/+/4afa0352d6c1046f9e9b67fbf0011bcd751fcbb5">
+ A-68341964</a></td>
<td>ПП</td>
<td>Высокий</td>
<td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
@@ -94,109 +102,124 @@
<th>Обновленные версии AOSP</th>
</tr>
<tr>
- <td>CVE-2017-13177</td>
- <td>A-68320413</td>
- <td>УВК</td>
- <td>Критический</td>
- <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ <td>CVE-2017-13177</td>
+ <td><a href="https://android.googlesource.com/platform/external/libhevc/+/b686bb2df155fd1f55220d56f38cc0033afe278c">
+ A-68320413</a></td>
+ <td>УВК</td>
+ <td>Критический</td>
+ <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
</tr>
<tr>
- <td>CVE-2017-13178</td>
- <td>A-66969281</td>
- <td>УВК</td>
- <td>Критический</td>
- <td>6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ <td>CVE-2017-13178</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/av/+/646a18fef28d19ba5beb6a2e1c00ac4c2663a10b">
+ A-66969281</a></td>
+ <td>УВК</td>
+ <td>Критический</td>
+ <td>6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
</tr>
<tr>
- <td>CVE-2017-13179</td>
- <td>A-66969193</td>
- <td>УВК</td>
- <td>Критический</td>
- <td>6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ <td>CVE-2017-13179</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/av/+/47d4b33b504e14e98420943f771a9aecd6d09516">
+ A-66969193</a></td>
+ <td>УВК</td>
+ <td>Критический</td>
+ <td>6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
</tr>
<tr>
- <td>CVE-2017-13180</td>
- <td>A-66969349</td>
- <td>ПП</td>
- <td>Высокий</td>
- <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ <td>CVE-2017-13180</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/av/+/cf1e36f93fc8776e3a8109149424babeee7f8382">
+ A-66969349</a></td>
+ <td>ПП</td>
+ <td>Высокий</td>
+ <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
</tr>
<tr>
- <td>CVE-2017-13181</td>
- <td>A-67864232</td>
- <td>ПП</td>
- <td>Высокий</td>
- <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ <td>CVE-2017-13181</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/base/+/d64e9594d3d73c613010ca9fafc7af9782e9225d">
+ A-67864232</a></td>
+ <td>ПП</td>
+ <td>Высокий</td>
+ <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
</tr>
<tr>
- <td>CVE-2017-13182</td>
- <td>A-67737022</td>
- <td>ПП</td>
- <td>Высокий</td>
- <td>8.0, 8.1</td>
+ <td>CVE-2017-13182</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/av/+/f1652e1b9f1d2840c79b6bf784d1befe40f4799e">
+ A-67737022</a></td>
+ <td>ПП</td>
+ <td>Высокий</td>
+ <td>8.0, 8.1</td>
</tr>
<tr>
- <td>CVE-2017-13184</td>
- <td>A-65483324</td>
- <td>ПП</td>
- <td>Высокий</td>
- <td>8.0, 8.1</td>
+ <td>CVE-2017-13184</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/native/+/16392a119661fd1da750d4d4e8e03442578bc543">
+ A-65483324</a></td>
+ <td>ПП</td>
+ <td>Высокий</td>
+ <td>8.0, 8.1</td>
</tr>
<tr>
- <td>CVE-2017-0855</td>
- <td>A-64452857</td>
- <td>ОО</td>
- <td>Высокий</td>
- <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0</td>
+ <td>CVE-2017-0855</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/av/+/d7d6df849cec9d0a9c1fd0d9957a1b8edef361b7">
+ A-64452857</a></td>
+ <td>ОО</td>
+ <td>Высокий</td>
+ <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0</td>
</tr>
<tr>
- <td>CVE-2017-13191</td>
- <td>A-64380403</td>
- <td>ОО</td>
- <td>Высокий</td>
- <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ <td>CVE-2017-13191</td>
+ <td><a href="https://android.googlesource.com/platform/external/libhevc/+/f5b2fa243b4c45a4cd885e85f49ae548ab88c264">
+ A-64380403</a></td>
+ <td>ОО</td>
+ <td>Высокий</td>
+ <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
</tr>
<tr>
- <td>CVE-2017-13192</td>
- <td>A-64380202</td>
- <td>ОО</td>
- <td>Высокий</td>
- <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ <td>CVE-2017-13192</td>
+ <td><a href="https://android.googlesource.com/platform/external/libhevc/+/52ca619511acbd542d843df1f92f858ce13048a5">
+ A-64380202</a></td>
+ <td>ОО</td>
+ <td>Высокий</td>
+ <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
</tr>
<tr>
- <td>CVE-2017-13193</td>
- <td>A-65718319</td>
- <td>ОО</td>
- <td>Высокий</td>
- <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ <td>CVE-2017-13193</td>
+ <td><a href="https://android.googlesource.com/platform/external/libhevc/+/b3f31e493ef6fa886989198da9787807635eaae2">
+ A-65718319</a></td>
+ <td>ОО</td>
+ <td>Высокий</td>
+ <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
</tr>
<tr>
- <td>CVE-2017-13195</td>
- <td>A-65398821</td>
- <td>ОО</td>
- <td>Высокий</td>
- <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ <td>CVE-2017-13195</td>
+ <td><a href="https://android.googlesource.com/platform/external/libhevc/+/066e3b1f9c954d95045bc9d33d2cdc9df419784f">
+ A-65398821</a></td>
+ <td>ОО</td>
+ <td>Высокий</td>
+ <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
</tr>
<tr>
- <td>CVE-2017-13196</td>
- <td>A-63522067</td>
- <td>ОО</td>
- <td>Высокий</td>
- <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ <td>CVE-2017-13196</td>
+ <td><a href="https://android.googlesource.com/platform/external/libhevc/+/f5b2fa243b4c45a4cd885e85f49ae548ab88c264">
+ A-63522067</a></td>
+ <td>ОО</td>
+ <td>Высокий</td>
+ <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
</tr>
<tr>
- <td>CVE-2017-13197</td>
- <td>A-64784973</td>
- <td>ОО</td>
- <td>Высокий</td>
- <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ <td>CVE-2017-13197</td>
+ <td><a href="https://android.googlesource.com/platform/external/libhevc/+/0a714d3a14d256c6a5675d6fbd975ca26e9bc471">
+ A-64784973</a></td>
+ <td>ОО</td>
+ <td>Высокий</td>
+ <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
</tr>
<tr>
- <td>CVE-2017-13199</td>
- <td>A-33846679</td>
- <td>ОО</td>
- <td>Высокий</td>
- <td>8.0, 8.1</td>
+ <td>CVE-2017-13199</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/base/+/42b2e419b48a26d2ba599d87e3a2a02c4aa625f4">
+ A-33846679</a></td>
+ <td>ОО</td>
+ <td>Высокий</td>
+ <td>8.0, 8.1</td>
</tr>
</tbody></table>
@@ -217,32 +240,35 @@
<th>Обновленные версии AOSP</th>
</tr>
<tr>
- <td>CVE-2017-13208</td>
- <td>A-67474440</td>
- <td>УВК</td>
- <td>Критический</td>
- <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ <td>CVE-2017-13208</td>
+ <td><a href="https://android.googlesource.com/platform/system/core/+/b71335264a7c3629f80b7bf1f87375c75c42d868">
+ A-67474440</a></td>
+ <td>УВК</td>
+ <td>Критический</td>
+ <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
</tr>
<tr>
- <td>CVE-2017-13209</td>
- <td>A-68217907</td>
- <td>ПП</td>
- <td>Высокий</td>
- <td>8.0, 8.1</td>
+ <td>CVE-2017-13209</td>
+ <td><a href="https://android.googlesource.com/platform/system/libhidl/+/a4d0252ab5b6f6cc52a221538e1536c5b55c1fa7">A-68217907</a> [<a href="https://android.googlesource.com/platform/system/tools/hidl/+/8539fc8ac94d5c92ef9df33675844ab294f68d61">2</a>] [<a href="https://android.googlesource.com/platform/system/hwservicemanager/+/e1b4a889e8b84f5c13b76333d4de90dbe102a0de">3</a>]</td>
+ <td>ПП</td>
+ <td>Высокий</td>
+ <td>8.0, 8.1</td>
</tr>
<tr>
- <td>CVE-2017-13210</td>
- <td>A-67782345</td>
- <td>ПП</td>
- <td>Высокий</td>
- <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ <td>CVE-2017-13210</td>
+ <td><a href="https://android.googlesource.com/platform/system/media/+/e770e378dc8e2320679272234285456ca2244a62">
+ A-67782345</a></td>
+ <td>ПП</td>
+ <td>Высокий</td>
+ <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
</tr>
<tr>
- <td>CVE-2017-13211</td>
- <td>A-65174158</td>
- <td>ОО</td>
- <td>Высокий</td>
- <td>8.0</td>
+ <td>CVE-2017-13211</td>
+ <td><a href="https://android.googlesource.com/platform/system/bt/+/181144a50114c824cfe3cdfd695c11a074673a5e">
+ A-65174158</a></td>
+ <td>ОО</td>
+ <td>Высокий</td>
+ <td>8.0</td>
</tr>
</tbody></table>
@@ -322,7 +348,7 @@ Upstream kernel</a></td>
<td>A-68266545<a href="#asterisk">*</a></td>
<td>РИ</td>
<td>Высокий</td>
- <td>Таймеры</td>
+ <td>Высокоточные таймеры</td>
</tr>
</tbody></table>
@@ -376,32 +402,6 @@ Upstream kernel</a></td>
</tr>
</tbody></table>
-<h3 id="mediatek-components">Компоненты MediaTek</h3>
-<p>Самая серьезная уязвимость позволяет локальному вредоносному ПО выполнять произвольный код в контексте привилегированного процесса.</p>
-
-<table>
- <colgroup><col width="17%" />
- <col width="19%" />
- <col width="9%" />
- <col width="14%" />
- <col width="39%" />
- </colgroup><tbody><tr>
- <th>CVE</th>
- <th>Ссылки</th>
- <th>Тип</th>
- <th>Уровень серьезности</th>
- <th>Компонент</th>
- </tr>
- <tr>
- <td>CVE-2017-13225</td>
- <td>A-38308024<a href="#asterisk">*</a><br />
- M-ALPS03495789</td>
- <td>ПП</td>
- <td>Высокий</td>
- <td>MTK Media</td>
- </tr>
-</tbody></table>
-
<h3 id="nvidia-components">Компоненты NVIDIA</h3>
<p>Самая серьезная уязвимость позволяет локальному вредоносному ПО выполнять произвольный код в контексте привилегированного процесса.</p>
@@ -650,9 +650,9 @@ QC-CR#2060780</a></td>
</p>
<h2 id="versions">Версии</h2>
<table>
- <colgroup><col width="25%" />
+ <colgroup><col width="15%" />
<col width="25%" />
- <col width="50%" />
+ <col width="60%" />
</colgroup><tbody><tr>
<th>Версия</th>
<th>Дата</th>
@@ -663,6 +663,20 @@ QC-CR#2060780</a></td>
<td>2 января 2018 г.</td>
<td>Бюллетень опубликован.</td>
</tr>
-</tbody></table>
+ <tr>
+ <td>1.1</td>
+ <td>3 января 2018 г.</td>
+ <td>В раздел объявлений добавлена информация об уязвимости CVE-2017-13218.</td>
+ </tr>
+ <tr>
+ <td>1.2</td>
+ <td>5 января 2018 г.</td>
+ <td>Добавлены ссылки на AOSP.</td>
+ </tr>
+ <tr>
+ <td>1.3</td>
+ <td>29 января 2018 г.</td>
+ <td>Сведения об уязвимости CVE-2017-13225 перенесены в <a href="/security/bulletin/pixel/">бюллетень по безопасности Pixel  и Nexus</a>.</td>
+</tr></tbody></table>
</body></html> \ No newline at end of file
diff --git a/ru/security/bulletin/pixel/2017-10-01.html b/ru/security/bulletin/pixel/2017-10-01.html
index f6996bc2..b7df3e76 100644
--- a/ru/security/bulletin/pixel/2017-10-01.html
+++ b/ru/security/bulletin/pixel/2017-10-01.html
@@ -528,7 +528,7 @@ QC-CR#2016076</a></td>
<p id="type">
<strong>2. Что означают сокращения в столбце <em>Тип</em>?</strong></p>
-<p>В этом столбце указан<em></em> тип уязвимости по следующей классификации:</p>
+<p>В этом столбце указан тип уязвимости по следующей классификации:<em></em></p>
<table>
<colgroup><col width="25%" />
@@ -593,7 +593,7 @@ QC-CR#2016076</a></td>
<p id="asterisk"><strong>4. Что означает значок * рядом с идентификатором ошибки Android в столбце <em>Ссылки</em>?</strong></p>
-<p>Значок * означает, что исправление для уязвимости не опубликовано<em></em>. Необходимое обновление содержится в последних бинарных драйверах для устройств Nexus, которые можно скачать на <a href="https://developers.google.com/android/nexus/drivers">сайте для разработчиков</a>.</p>
+<p>Символ * означает, что исправление для уязвимости не опубликовано.<em></em> Необходимое обновление содержится в последних бинарных драйверах для устройств Nexus, которые можно скачать на <a href="https://developers.google.com/android/nexus/drivers">сайте для разработчиков</a>.</p>
<p id="split">
<strong>5. Почему теперь одни уязвимости описываются в этом бюллетене, а другие – в бюллетенях по безопасности Android?</strong>
diff --git a/ru/security/bulletin/pixel/2018-03-01.html b/ru/security/bulletin/pixel/2018-03-01.html
new file mode 100644
index 00000000..92510f82
--- /dev/null
+++ b/ru/security/bulletin/pixel/2018-03-01.html
@@ -0,0 +1,651 @@
+<html devsite><head>
+ <title>Бюллетень по безопасности Pixel и Nexus – март 2018 г.</title>
+ <meta name="project_path" value="/_project.yaml"/>
+ <meta name="book_path" value="/_book.yaml"/>
+ </head>
+ <body>
+ <!--
+ Copyright 2018 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ //www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<p><em>Опубликовано 5 марта 2018 г.</em></p>
+
+<p>
+В этом бюллетене содержится информация об уязвимостях в защите и об улучшениях функциональных возможностей <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">поддерживаемых устройств Pixel и Nexus</a> (устройства Google). Все проблемы, перечисленные здесь и в <a href="/security/bulletin/2018-03-01">бюллетене по безопасности Android</a> за март 2018 года, устранены в исправлении от 5 марта 2018 года или более новом. Информацию о том, как проверить обновления системы безопасности, можно найти в <a href="https://support.google.com/pixelphone/answer/4457705">Справочном центре</a>.</p>
+<p>
+Поддерживаемые устройства Google получат обновление системы безопасности 2018-03-05. Мы рекомендуем всем пользователям установить перечисленные здесь обновления.
+</p>
+<p class="note">
+<strong>Примечание.</strong> Образы встроенного ПО для устройств Google находятся на <a href="https://developers.google.com/android/nexus/images">сайте для разработчиков</a>.
+</p>
+
+<h2 id="announcements">Объявления</h2>
+<p>Помимо исправлений уязвимостей, описанных в <a href="/security/bulletin/2018-03-01">бюллетене по безопасности Android</a> за март 2018 года, обновления для устройств Google содержат также исправления проблем, перечисленных ниже. Мы сообщили партнерам об этих проблемах по крайней мере месяц назад. Они могут включить их исправления в свои обновления безопасности.</p>
+
+<h2 id="security-patches">Обновления системы безопасности</h2>
+<p>
+Уязвимости сгруппированы по компонентам, которые они затрагивают. Для каждого приведены описание и таблица с CVE, ссылками, <a href="#type">типом</a>, <a href="https://source.android.com/security/overview/updates-resources.html#severity">уровнем серьезности</a>, а также версиями AOSP (при наличии). Где возможно, мы приводим основную ссылку на опубликованное изменение, связанное с идентификатором ошибки (например, список AOSP), и дополнительные ссылки в квадратных скобках.
+</p>
+
+<h3 id="framework">Framework</h3>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>Ссылки</th>
+ <th>Тип</th>
+ <th>Уровень серьезности</th>
+ <th>Обновленные версии AOSP</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-13263</td>
+ <td>A-69383160</td>
+ <td>ПП</td>
+ <td>Средний</td>
+ <td>8.0, 8.1</td>
+ </tr>
+</tbody></table>
+
+<h3 id="media-framework">Media Framework</h3>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>Ссылки</th>
+ <th>Тип</th>
+ <th>Уровень серьезности</th>
+ <th>Обновленные версии AOSP</th>
+ </tr>
+ <tr>
+ <td rowspan="2">CVE-2017-13264</td>
+ <td rowspan="2">A-70294343</td>
+ <td>NSI</td>
+ <td>NSI</td>
+ <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ </tr>
+ <tr>
+ <td>ОО</td>
+ <td>Высокий</td>
+ <td>6.0, 6.0.1</td>
+ </tr>
+ <tr>
+ <td rowspan="2">CVE-2017-13254</td>
+ <td rowspan="2">A-70239507</td>
+ <td>NSI</td>
+ <td>NSI</td>
+ <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ </tr>
+ <tr>
+ <td>ОО</td>
+ <td>Высокий</td>
+ <td>5.1.1, 6.0, 6.0.1</td>
+ </tr>
+</tbody></table>
+
+<h3 id="system">Система</h3>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>Ссылки</th>
+ <th>Тип</th>
+ <th>Уровень серьезности</th>
+ <th>Обновленные версии AOSP</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-13265</td>
+ <td>A-36232423</td>
+ <td>ПП</td>
+ <td>Средний</td>
+ <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-13266</td>
+ <td>A-69478941</td>
+ <td>ПП</td>
+ <td>Средний</td>
+ <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-13268</td>
+ <td>A-67058064</td>
+ <td>РИ</td>
+ <td>Средний</td>
+ <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-13269</td>
+ <td>A-68818034</td>
+ <td>РИ</td>
+ <td>Средний</td>
+ <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ </tr>
+</tbody></table>
+
+<h3 id="kernel-components">Компоненты ядра</h3>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>Ссылки</th>
+ <th>Тип</th>
+ <th>Уровень серьезности</th>
+ <th>Компонент</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-5754</td>
+ <td>A-69856074<a href="#asterisk">*</a></td>
+ <td>РИ</td>
+ <td>Высокий</td>
+ <td>Отображение файлов в память</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-13270</td>
+ <td>A-69474744<a href="#asterisk">*</a></td>
+ <td>ПП</td>
+ <td>Средний</td>
+ <td>Драйвер Mnh_sm</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-13271</td>
+ <td>A-69006799<a href="#asterisk">*</a></td>
+ <td>ПП</td>
+ <td>Средний</td>
+ <td>Драйвер Mnh_sm</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-16527</td>
+ <td>A-69051382<br />
+<a href="https://github.com/torvalds/linux/commit/124751d5e63c823092060074bd0abaae61aaa9c4">
+Upstream kernel</a></td>
+ <td>ПП</td>
+ <td>Средний</td>
+ <td>USB-аудиодрайвер</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-15649</td>
+ <td>A-69160446<br />
+<a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=008ba2a13f2d04c947adc536d19debb8fe66f110">Upstream kernel</a> [<a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4971613c1639d8e5f102c4e797c3bf8f83a5a69e">2</a>]</td>
+ <td>ПП</td>
+ <td>Средний</td>
+ <td>Сетевой драйвер</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-1000111</td>
+ <td>A-68806121<br />
+<a href="http://patchwork.ozlabs.org/patch/800274/">Upstream kernel</a></td>
+ <td>ПП</td>
+ <td>Средний</td>
+ <td>Сетевой драйвер</td>
+ </tr>
+</tbody></table>
+
+<h3 id="nvidia-components">Компоненты NVIDIA</h3>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>Ссылки</th>
+ <th>Тип</th>
+ <th>Уровень серьезности</th>
+ <th>Компонент</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-6287</td>
+ <td>A-64893264<a href="#asterisk">*</a><br />
+ N-CVE-2017-6287</td>
+ <td>РИ</td>
+ <td>Средний</td>
+ <td>Media Framework</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-6285</td>
+ <td>A-64893156<a href="#asterisk">*</a><br />
+ N-CVE-2017-6285</td>
+ <td>РИ</td>
+ <td>Средний</td>
+ <td>Media Framework</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-6288</td>
+ <td>A-65482562<a href="#asterisk">*</a><br />
+ N-CVE-2017-6288</td>
+ <td>РИ</td>
+ <td>Средний</td>
+ <td>Media Framework</td>
+ </tr>
+</tbody></table>
+
+<h3 id="qualcomm-components">Компоненты Qualcomm</h3>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>Ссылки</th>
+ <th>Тип</th>
+ <th>Уровень серьезности</th>
+ <th>Компонент</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-18061</td>
+ <td>A-70237701<br />
+<a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=b65cf2a007e88fe86dbd6d3269682fc585a4130f">
+QC-CR#2117246</a></td>
+ <td>ПП</td>
+ <td>Средний</td>
+ <td>Wil6210</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18050</td>
+ <td>A-70237697<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=63b57442d65dfdb4b4634ff32059b1bca8c72fb7">
+QC-CR#2119443</a></td>
+ <td>ПП</td>
+ <td>Средний</td>
+ <td>Управление wma</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18054</td>
+ <td>A-70237694<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=6eefc756612e39fab49ff719b3dc9b94def53396">
+QC-CR#2119432</a></td>
+ <td>ПП</td>
+ <td>Средний</td>
+ <td>Wma</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18055</td>
+ <td>A-70237693<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=50a0554d12cff58b3ffbd51d3194304244b87023">
+QC-CR#2119430</a></td>
+ <td>ПП</td>
+ <td>Средний</td>
+ <td>Wma</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18065</td>
+ <td>A-70237685<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=a8bc0f90ef49ea0aee90047a17772e4eebff259a">
+QC-CR#2113423</a></td>
+ <td>ПП</td>
+ <td>Средний</td>
+ <td>Wma</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18066</td>
+ <td>A-70235107<br />
+<a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=ff11f44c0c10c94170f03a8698f73f7e08b74625">
+QC-CR#2107976</a></td>
+ <td>ПП</td>
+ <td>Средний</td>
+ <td>Драйвер питания</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18062</td>
+ <td>A-68992451<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=d7927eb7c9c2d79a3e24cddd1e9447ab98bf6700">
+QC-CR#2115375</a></td>
+ <td>ПП</td>
+ <td>Средний</td>
+ <td>Wma</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-3561</td>
+ <td>A-68870904<a href="#asterisk">*</a><br />
+ QC-CR#2068569</td>
+ <td>ПП</td>
+ <td>Средний</td>
+ <td>Diagchar</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-3560</td>
+ <td>A-68664502<a href="#asterisk">*</a><br />
+ QC-CR#2142216</td>
+ <td>ПП</td>
+ <td>Средний</td>
+ <td>Аудиодрайвер Qdsp6v2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-15834</td>
+ <td>A-70237704<br />
+<a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=2e1b54e38f1516e70d9f6581c4f1ee935effb903">
+QC-CR#2111858</a></td>
+ <td>ПП</td>
+ <td>Средний</td>
+ <td>Diagchar</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-15833</td>
+ <td>A-70237702<br />
+<a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=51ce6aec73d80e1f1fcc9c7fa71e9c2fcbdbc0fd">
+QC-CR#2059835</a></td>
+ <td>ПП</td>
+ <td>Средний</td>
+ <td>Драйвер питания</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-15831</td>
+ <td>A-70237687<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=31e6a657320e4299c659e3d57d38a89afe8c1ce1">
+QC-CR#2114255</a></td>
+ <td>ПП</td>
+ <td>Средний</td>
+ <td>Wma</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-15830</td>
+ <td>A-70237719<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=8a7a2a9c5d203e3395811963061c79d3bc257ebe">
+QC-CR#2120725</a></td>
+ <td>ПП</td>
+ <td>Средний</td>
+ <td>Драйвер sme</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-14889</td>
+ <td>A-70237700<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=e11e9dc8298dc0632050cacce96e9652d017f755">
+QC-CR#2119803</a></td>
+ <td>ПП</td>
+ <td>Средний</td>
+ <td>Wma</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-14887</td>
+ <td>A-70237715<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=4ce28e7c85f89e2c3555ec840b6adda47bd5dab0">
+QC-CR#2119673</a></td>
+ <td>ПП</td>
+ <td>Средний</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-14879</td>
+ <td>A-63851638<a href="#asterisk">*</a><br />
+ QC-CR#2056307</td>
+ <td>ПП</td>
+ <td>Средний</td>
+ <td>IPA</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-11082</td>
+ <td>A-66937387<br />
+<a href="https://www.codeaurora.org/gitweb/quic/la/?p=kernel/msm-3.10.git;a=commit;h=2d4f8cd8d11f8fb1491a20d7e316cc0fd03eeb59">
+QC-CR#2071560</a></td>
+ <td>ПП</td>
+ <td>Средний</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-11074</td>
+ <td>A-68940798<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=f5ae7b35c90f14b7e66b3a91d4fb247563a8a22b">
+QC-CR#2049138</a></td>
+ <td>ПП</td>
+ <td>Средний</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18052</td>
+ <td>A-70237712<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=c04c4870bd86a5f878553d7acf207388f3d6c3bd">
+QC-CR#2119439</a></td>
+ <td>РИ</td>
+ <td>Средний</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18057</td>
+ <td>A-70237709<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=24d41d2bd3d98325b3800345f4ba27a334b3894b">
+QC-CR#2119403</a></td>
+ <td>РИ</td>
+ <td>Средний</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18059</td>
+ <td>A-70237708<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=217705da7726002ffe61dad51a6c9cc97c52f649">
+QC-CR#2119399</a></td>
+ <td>РИ</td>
+ <td>Средний</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18060</td>
+ <td>A-70237707<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=f3d81bd0b3cb992c214d94196b33168b02589c6b">
+QC-CR#2119394</a></td>
+ <td>РИ</td>
+ <td>Средний</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18051</td>
+ <td>A-70237696<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=38fba6a9f6ca3c7bf0c4c1bd84fa2b89fbcaeb93">
+QC-CR#2119442</a></td>
+ <td>РИ</td>
+ <td>Средний</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18053</td>
+ <td>A-70237695<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=da1c6e996ac7635c202296e31118f088f9427947">
+QC-CR#2119434</a></td>
+ <td>РИ</td>
+ <td>Средний</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18058</td>
+ <td>A-70237690<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=d6d42a10d4abf09299cdfacdd8aed5c26731b5ff">
+QC-CR#2119401</a></td>
+ <td>РИ</td>
+ <td>Средний</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-15855</td>
+ <td>A-38232131<a href="#asterisk">*</a><br />
+ QC-CR#2139514</td>
+ <td>РИ</td>
+ <td>Средний</td>
+ <td>Драйвер Camera_v2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-15814</td>
+ <td>A-64836865<a href="#asterisk">*</a><br />
+ QC-CR#2092793</td>
+ <td>РИ</td>
+ <td>Средний</td>
+ <td>Драйвер Camera_v2</td>
+ </tr>
+</tbody></table>
+
+<h2 id="functional-updates">Улучшения функциональных возможностей</h2>
+<p>
+В эти обновления включены исправления проблем, касающихся функциональных возможностей устройств Pixel. Они не связаны с уязвимостями в защите. В таблице приведены ссылки, категория обновления, например Bluetooth или мобильный Интернет, и описание улучшения.
+</p>
+
+<table>
+ <tbody><tr>
+ <th>Ссылки</th>
+ <th>Категория</th>
+ <th>Описание</th>
+ <th>Устройства</th>
+ </tr>
+ <tr>
+ <td>A-70491468</td>
+ <td>Производительность</td>
+ <td>Улучшено включение экрана при разблокировке с помощью отпечатка пальца.</td>
+ <td>Pixel 2, Pixel 2XL</td>
+ </tr>
+ <tr>
+ <td>A-69307875</td>
+ <td>Аудио</td>
+ <td>Улучшено качество аудиозаписи при видеосъемке.</td>
+ <td>Pixel 2XL</td>
+ </tr>
+ <tr>
+ <td>A-70641186</td>
+ <td>Отчеты</td>
+ <td>Улучшены отчеты о сбоях.</td>
+ <td>Pixel 2, Pixel 2XL</td>
+ </tr>
+</tbody></table>
+
+<h2 id="common-questions-and-answers">Часто задаваемые вопросы</h2>
+<p>
+В этом разделе мы отвечаем на вопросы, которые могут возникнуть после прочтения бюллетеня.
+</p>
+<p>
+<strong>1. Как определить, установлено ли на устройство обновление, в котором устранены перечисленные проблемы?
+</strong>
+</p>
+<p>
+В исправлении от 5 марта 2018 года или более новом устранены все проблемы, связанные с обновлением 2018-03-05. Информацию о том, как проверить обновления системы безопасности, можно найти в <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Справочном центре</a>.
+</p>
+<p id="type">
+<strong>2. Что означают сокращения в столбце <em>Тип</em>?</strong>
+</p>
+<p>
+В этом столбце указан тип уязвимости по следующей классификации:<em></em>
+</p>
+<table>
+ <colgroup><col width="25%" />
+ <col width="75%" />
+ </colgroup><tbody><tr>
+ <th>Сокращение</th>
+ <th>Описание</th>
+ </tr>
+ <tr>
+ <td>УВК</td>
+ <td>Удаленное выполнение кода</td>
+ </tr>
+ <tr>
+ <td>ПП</td>
+ <td>Повышение привилегий</td>
+ </tr>
+ <tr>
+ <td>РИ</td>
+ <td>Раскрытие информации</td>
+ </tr>
+ <tr>
+ <td>ОО</td>
+ <td>Отказ в обслуживании</td>
+ </tr>
+ <tr>
+ <td>Н/Д</td>
+ <td>Классификация недоступна</td>
+ </tr>
+</tbody></table>
+<p>
+<strong>3. На что указывают записи в столбце <em>Ссылки</em>?</strong>
+</p>
+<p>
+В таблицах с описанием уязвимостей есть столбец <em>Ссылки</em>. Каждая запись в нем может содержать префикс, указывающий на источник ссылки, а именно:
+</p>
+<table>
+ <colgroup><col width="25%" />
+ <col width="75%" />
+ </colgroup><tbody><tr>
+ <th>Префикс</th>
+ <th>Значение</th>
+ </tr>
+ <tr>
+ <td>A-</td>
+ <td>Идентификатор ошибки Android</td>
+ </tr>
+ <tr>
+ <td>QC-</td>
+ <td>Ссылочный номер Qualcomm</td>
+ </tr>
+ <tr>
+ <td>M-</td>
+ <td>Ссылочный номер MediaTek</td>
+ </tr>
+ <tr>
+ <td>N-</td>
+ <td>Ссылочный номер NVIDIA</td>
+ </tr>
+ <tr>
+ <td>B-</td>
+ <td>Ссылочный номер Broadcom</td>
+ </tr>
+</tbody></table>
+<p id="asterisk">
+<strong>4. Что означает значок * рядом с идентификатором ошибки Android в столбце <em>Ссылки</em>?</strong>
+</p>
+<p>
+Символ * означает, что исправление для уязвимости не опубликовано.<em></em> Необходимое обновление содержится в последних бинарных драйверах для устройств Nexus, которые можно скачать на <a href="https://developers.google.com/android/nexus/drivers">сайте для разработчиков</a>.
+</p>
+<p>
+<strong>5. Почему теперь одни уязвимости описываются в этом бюллетене, а другие – в бюллетенях по безопасности Android?</strong>
+</p>
+<p>
+В бюллетене по безопасности Android описаны уязвимости, которые необходимо устранить в последнем обновлении системы безопасности для устройств Android. Решать дополнительные проблемы, перечисленные здесь, для этого не требуется.
+</p>
+<h2 id="versions">Версии</h2>
+<table>
+ <colgroup><col width="25%" />
+ <col width="25%" />
+ <col width="50%" />
+ </colgroup><tbody><tr>
+ <th>Версия</th>
+ <th>Дата</th>
+ <th>Примечания</th>
+ </tr>
+ <tr>
+ <td>1.0</td>
+ <td>5 марта 2018 г.</td>
+ <td>Бюллетень опубликован.</td>
+ </tr>
+</tbody></table>
+
+</body></html> \ No newline at end of file
diff --git a/ru/security/bulletin/pixel/2018.html b/ru/security/bulletin/pixel/2018.html
index e969c997..36a4edba 100644
--- a/ru/security/bulletin/pixel/2018.html
+++ b/ru/security/bulletin/pixel/2018.html
@@ -34,16 +34,42 @@
<th>Обновление системы безопасности</th>
</tr>
<tr>
- <td><a href="/security/bulletin/pixel/2018-01-01.html">Январь 2018 г.</a></td>
+ <td><a href="/security/bulletin/pixel/2018-03-01.html">Март 2018 г.</a></td>
<td>Готовится к публикации <!--
- <a href="/security/bulletin/pixel/2018-01-01.html">English</a>&nbsp;/
- <a href="/security/bulletin/pixel/2018-01-01.html?hl=ja">日本語</a>&nbsp;/
- <a href="/security/bulletin/pixel/2018-01-01.html?hl=ko">한국어</a>&nbsp;/
- <a href="/security/bulletin/pixel/2018-01-01.html?hl=ru">ру́сский</a>&nbsp;/
- <a href="/security/bulletin/pixel/2018-01-01.html?hl=zh-cn">中文&nbsp;(中国)</a>&nbsp;/
- <a href="/security/bulletin/pixel/2018-01-01.html?hl=zh-tw">中文&nbsp;(台灣)</a>
+ <a href="/security/bulletin/pixel/2018-03-01.html">English</a>&nbsp;/
+ <a href="/security/bulletin/pixel/2018-03-01.html?hl=ja">日本語</a>&nbsp;/
+ <a href="/security/bulletin/pixel/2018-03-01.html?hl=ko">한국어</a>&nbsp;/
+ <a href="/security/bulletin/pixel/2018-03-01.html?hl=ru">ру́сский</a>&nbsp;/
+ <a href="/security/bulletin/pixel/2018-03-01.html?hl=zh-cn">中文&nbsp;(中国)</a>&nbsp;/
+ <a href="/security/bulletin/pixel/2018-03-01.html?hl=zh-tw">中文&nbsp;(台灣)</a>
-->
</td>
+ <td>Март 2018 г.</td>
+ <td>2018-03-05</td>
+ </tr>
+ <tr>
+ <td><a href="/security/bulletin/pixel/2018-02-01.html">Февраль 2018 г.</a></td>
+ <td>
+ <a href="/security/bulletin/pixel/2018-02-01.html">English</a> /
+<a href="/security/bulletin/pixel/2018-02-01.html?hl=ja">日本語</a> /
+<a href="/security/bulletin/pixel/2018-02-01.html?hl=ko">한국어</a> /
+<a href="/security/bulletin/pixel/2018-02-01.html?hl=ru">русский</a> /
+<a href="/security/bulletin/pixel/2018-02-01.html?hl=zh-cn">中文 (中国)</a> /
+<a href="/security/bulletin/pixel/2018-02-01.html?hl=zh-tw">中文 (台灣)</a>
+ </td>
+ <td>Февраль 2018 г.</td>
+ <td>2018-02-05</td>
+ </tr>
+ <tr>
+ <td><a href="/security/bulletin/pixel/2018-01-01.html">Январь 2018 г.</a></td>
+ <td>
+ <a href="/security/bulletin/pixel/2018-01-01.html">English</a> /
+<a href="/security/bulletin/pixel/2018-01-01.html?hl=ja">日本語</a> /
+<a href="/security/bulletin/pixel/2018-01-01.html?hl=ko">한국어</a> /
+<a href="/security/bulletin/pixel/2018-01-01.html?hl=ru">русский</a> /
+<a href="/security/bulletin/pixel/2018-01-01.html?hl=zh-cn">中文 (中国)</a> /
+<a href="/security/bulletin/pixel/2018-01-01.html?hl=zh-tw">中文 (台灣)</a>
+ </td>
<td>Январь 2018 г.</td>
<td>2018-01-05</td>
</tr>
diff --git a/zh-cn/_book.yaml b/zh-cn/_book.yaml
index 3a319893..b17b73a1 100644
--- a/zh-cn/_book.yaml
+++ b/zh-cn/_book.yaml
@@ -2,70 +2,70 @@ upper_tabs:
- lower_tabs:
other:
- contents:
+ - path: /setup/
+ title: 概览
- section:
- - path: /setup/
- title: 概览
- - path: /setup/code-lines
+ - path: /setup/start/codelines
title: 代码行、分支和版本
- - path: /setup/build-numbers
+ - path: /setup/start/build-numbers
title: 代号、标签和版本号
- - path: /setup/roles
+ - path: /setup/start/roles
title: 项目角色
- - path: /setup/brands
+ - path: /setup/start/brands
title: 品牌使用准则
- - path: /setup/licenses
+ - path: /setup/start/licenses
title: 许可
- - path: /setup/faqs
+ - path: /setup/start/faqs
title: 常见问题解答
- - path: /setup/site-updates
+ - path: /setup/start/site-updates
title: 网站动态
title: 开始使用
- section:
- - path: /setup/requirements
+ - path: /setup/build/requirements
title: 要求
- - path: /setup/initializing
+ - path: /setup/build/initializing
title: 搭建编译环境
- - path: /setup/downloading
+ - path: /setup/build/downloading
title: 下载源代码
- - path: /setup/building
+ - path: /setup/build/building
title: 准备编译
- - path: /setup/jack
+ - path: /setup/build/jack
title: 使用 Jack 编译
- - path: /setup/devices
+ - path: /setup/build/devices
title: 使用参考开发板
- - path: /setup/running
+ - path: /setup/build/running
title: 运行版本
- - path: /setup/building-kernels
+ - path: /setup/build/building-kernels
title: 编译内核
- - path: /setup/known-issues
+ - path: /setup/build/known-issues
title: 已知问题
title: 下载和编译
- section:
- - path: /setup/developing
+ - path: /setup/develop/
title: 概览
- - path: /setup/using-repo
+ - path: /setup/develop/repo
title: 使用 Repo
- - path: /setup/add-device
+ - path: /setup/develop/new-device
title: 添加新设备
- - path: /setup/64-bit-builds
+ - path: /setup/develop/64-bit-builds
title: 了解 64 位版本
title: 开发
- section:
- - path: /setup/contributing
+ - path: /setup/contribute/
title: 概览
- - path: /setup/life-of-a-patch
+ - path: /setup/contribute/life-of-a-patch
title: 补丁程序的生命周期
- - path: /setup/submit-patches
+ - path: /setup/contribute/submit-patches
title: 提交补丁程序
- - path: /setup/view-patches
+ - path: /setup/contribute/view-patches
title: 查看补丁程序
- - path: /setup/life-of-a-bug
+ - path: /setup/contribute/life-of-a-bug
title: Bug 的生命周期
- - path: /setup/report-bugs
+ - path: /setup/contribute/report-bugs
title: 报告 Bug
- - path: /setup/read-bug-reports
+ - path: /setup/contribute/read-bug-reports
title: 阅读 Bug 报告
- - path: /setup/code-style
+ - path: /setup/contribute/code-style
title: Java 代码样式规则
title: 做出贡献
- path: /setup/community
@@ -85,6 +85,8 @@ upper_tabs:
title: 实现安全性
- path: /security/overview/updates-resources
title: 更新和资源
+ - path: /security/overview/reports
+ title: 报告
- section:
- path: /security/enhancements/
title: 概览
@@ -976,21 +978,7 @@ upper_tabs:
- path: /reference/tradefed/
title: 软件包索引
title: 测试基础架构
- - section:
- - path: /devices/tech/vts/
- title: 概览
- - path: /devices/tech/test_infra/tradefed/fundamentals/vts
- title: 使用 VTS 进行系统测试
- - path: /devices/tech/vts/setup
- title: VTS 信息中心设置
- - path: /devices/tech/vts/database
- title: VTS 信息中心数据库
- - path: /devices/tech/vts/ui
- title: VTS 信息中心界面
- - path: /devices/tech/vts/performance
- title: 性能测试
- title: 供应商测试套件 (VTS)
- name: 调整
+ name: 微调
name: 调整
- lower_tabs:
other:
@@ -1043,6 +1031,20 @@ upper_tabs:
title: 兼容性测试套件
- path: /compatibility/contact-us
title: 与我们联系
+ - section:
+ - path: /compatibility/vts/
+ title: 概览
+ - path: /compatibility/vts/systems
+ title: 使用 VTS 进行系统测试
+ - path: /compatibility/vts/setup
+ title: VTS 信息中心设置
+ - path: /compatibility/vts/database
+ title: VTS 信息中心数据库
+ - path: /compatibility/vts/ui
+ title: VTS 信息中心界面
+ - path: /compatibility/vts/performance
+ title: 性能测试
+ title: 供应商测试套件 (VTS)
name: 兼容性
name: 兼容性
- lower_tabs:
diff --git a/zh-cn/_index.yaml b/zh-cn/_index.yaml
index ff30e0de..1a4025d6 100644
--- a/zh-cn/_index.yaml
+++ b/zh-cn/_index.yaml
@@ -54,6 +54,12 @@ landing_page:
image_path: /images/android_stack.png
- heading: 新闻
items:
+ - heading: 2017 年 Android 年度回顾
+ description: >
+ 2017 年 Android 安全年度回顾介绍了 2017 年 Android 安全方面所发生的一切。
+ buttons:
+ - label: 2018 年 3 月 15 日
+ path: /security/overview/reports
- heading: 3 月安全公告
description: >
2018 年 3 月的 Android 和 Pixel/Nexus 安全公告已经发布,其中提供了与 3 月安全更新补丁相关的信息。
@@ -67,12 +73,6 @@ landing_page:
buttons:
- label: 2018 年 1 月 19 日
path: /devices/tech/dalvik/dalvik-bytecode
- - heading: Android 8.1 版说明
- description: >
- Android 8.1 版现已推出,其中提供了许多面向设备制造商以及个人用户的新功能。
- buttons:
- - label: 2017 年 12 月 5 日
- path: /setup/site-updates#Dec-2017
- classname: devsite-landing-row-100 tf-row-centered
items:
- buttons:
diff --git a/zh-cn/compatibility/cts/audio-framework.html b/zh-cn/compatibility/cts/audio-framework.html
index a592cbe7..f4e17252 100644
--- a/zh-cn/compatibility/cts/audio-framework.html
+++ b/zh-cn/compatibility/cts/audio-framework.html
@@ -20,7 +20,7 @@
limitations under the License.
-->
-<p>这套新测试需要人为干预,并会用到一些外部硬件,包括<a href="#loopback_latency">回环插头</a>、<a href="#audio_frequency_speaker_test">USB 参照麦克风</a>和<a href="#audio_frequency_microphone_test">外部扬声器</a>。对于没有 3.5 毫米 (⅛") 耳机端口的设备,用户将能够跳过测试并将其标记为成功。有关详情,请参阅以下部分。</p>
+<p>这套新测试需要人为干预,并会用到一些外部硬件(包括<a href="#loopback_latency">回环插头</a>、<a href="#audio_frequency_speaker_test">USB 参照麦克风</a>和<a href="#audio_frequency_microphone_test">外部扬声器</a>)。对于没有 3.5 毫米 (⅛") 耳机端口的设备,用户将能够跳过测试并将其标记为成功。有关详情,请参阅以下部分。</p>
<h2 id="loopback_latency">回环插头延迟测试</h2>
@@ -330,8 +330,7 @@
</td>
</tr>
<tr>
- <td>按通过(仅在成功时可用)或失败按钮以记录结果。
-如果 DUT 未定义音频频响未处理功能,则需要运行测试,但不强制要求在所有测量中均成功。
+ <td>按通过(仅在成功时可用)或失败按钮以记录结果。如果 DUT 未定义音频频响未处理功能,则需要运行测试,但不强制要求在所有测量中均成功。
</td>
<td>
<img src="/compatibility/cts/images/audio-framework53.png" alt="测试已通过" title="测试已通过"/>
diff --git a/zh-cn/compatibility/cts/setup.html b/zh-cn/compatibility/cts/setup.html
index 33826948..874127f7 100644
--- a/zh-cn/compatibility/cts/setup.html
+++ b/zh-cn/compatibility/cts/setup.html
@@ -140,7 +140,7 @@ ro.product.first_api_level=21
<p class="warning"><strong>警告:</strong>这将清空设备中的所有用户数据。</p>
</li><li>将设备的语言设置为英语(<strong>美国</strong>):<strong>设置 &gt; 语言和输入法 &gt; 语言</strong>
</li><li>如果设备具有 GPS 或 WLAN/移动网络功能,则打开位置信息设置:<strong>设置 &gt; 位置信息 &gt; 开启</strong>
- </li><li>连接到满足以下要求的 WLAN 网络:支持 IPv6,可以将被测设备 (DUT) 视为隔离的客户端(请参阅上文的<a href="#physical_environment">物理环境</a>部分),并可以连接到互联网:<strong>设置 &gt; WLAN</strong><em></em>
+ </li><li>连接到满足以下要求的 WLAN 网络:支持 IPv6,可以将被测设备 (DUT) 视为隔离的客户端<em></em>(请参阅上文的<a href="#physical_environment">物理环境</a>部分),并可连接到互联网:<strong>设置 &gt; WLAN</strong>
</li><li>确保设备上未设置锁定图案或密码:<strong>设置 &gt; 安全 &gt; 屏幕锁定 &gt; 无</strong>
</li><li>在设备上启用 <strong>USB 调试</strong>:<strong>设置 &gt; 开发者选项 &gt; USB 调试</strong>。
<p class="note"><strong>注意:</strong>在 Android 4.2 及更高版本中,默认情况下会隐藏<strong>开发者选项</strong>。要显示这些选项,请依次转到<strong>设置 &gt; 关于手机</strong>,然后点按<strong>版本号</strong>七次。返回上一屏幕以查找<strong>开发者选项</strong>。要查看其他详细信息,请参阅<a href="http://developer.android.com/studio/run/device.html#developer-device-options">启用设备上的开发者选项</a>。</p>
@@ -156,7 +156,7 @@ ro.product.first_api_level=21
<p class="note"><strong>注意:</strong>对于 CTS 版本 2.1 R2 至 4.2 R4,请通过以下命令设置您的设备(或模拟器),以便执行无障碍测试:<br />
<code>adb install -r android-cts/repository/testcases/CtsDelegatingAccessibilityService.apk</code><br />
在设备上,依次启用:<strong>设置 &gt; 无障碍 &gt; 无障碍 &gt; Delegating Accessibility Service</strong></p>
-<p class="note"><strong>注意</strong>:对于 7.0 之前的 CTS 版本,请在声明 <code>android.software.device_admin</code> 的设备上,使用以下命令设置您的设备,以便执行设备管理测试:<br />
+<p class="note"><strong>注意:</strong>对于 7.0 之前的 CTS 版本,请在声明 <code>android.software.device_admin</code> 的设备上,使用以下命令设置您的设备,以便执行设备管理测试:<br />
<code>adb install -r android-cts/repository/testcases/CtsDeviceAdmin.apk</code><br />
</p><p>
依次选择“设置”&gt;“安全”&gt;“设备管理器”,然后启用两个 <code>android.deviceadmin.cts.CtsDeviceAdminReceiver*</code> 设备管理器。确保 <code>android.deviceadmin.cts.CtsDeviceAdminDeactivatedReceiver</code> 和任何其他预加载的设备管理器均保持停用状态。
diff --git a/zh-cn/compatibility/vts/database.html b/zh-cn/compatibility/vts/database.html
new file mode 100644
index 00000000..f3370fe7
--- /dev/null
+++ b/zh-cn/compatibility/vts/database.html
@@ -0,0 +1,118 @@
+<html devsite><head>
+ <title>VTS 信息中心数据库</title>
+ <meta name="project_path" value="/_project.yaml"/>
+ <meta name="book_path" value="/_book.yaml"/>
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<p>
+要想为一个可扩展、性能卓越且高度灵活的持续集成信息中心提供支持,就必须在充分了解数据库功能的前提下精心设计 VTS 信息中心后端。
+<a href="https://cloud.google.com/datastore/docs/" class="external">Google Cloud Datastore</a> 是一个 NoSQL 数据库,提供事务性 ACID 保证,可确保最终一致性以及实体组内的高一致性。不过,其结构与 SQL 数据库(甚至是 Cloud Bigtable)大相径庭,因为它使用的是种类、实体和属性(而非表格、行和单元格)。
+</p>
+<p>
+以下部分将概要介绍用于为 VTS 信息中心网络服务创建高效后端的数据结构和查询模式。
+</p>
+
+<h2 id="entities">实体</h2>
+<p>
+以下实体会存储来自 VTS 测试运行的摘要和资源:
+</p>
+<ul>
+<li><strong>测试实体</strong>。测试实体会存储与特定测试的测试运行相关的元数据。测试实体的键是测试名称,其属性包括自警报作业对其进行更新以来的失败计数、通过计数和测试用例中断情况列表。</li>
+<li><strong>测试运行实体</strong>。测试运行实体包含由特定测试的运行产生的元数据。它必须存储以下信息:测试的开始时间戳和结束时间戳、测试版本号、通过及失败的测试用例数、运行类型(如提交前、提交后或本地)、日志链接列表、主机名称以及覆盖率摘要计数。</li>
+<li><strong>设备信息实体</strong>。设备信息实体包含有关测试运行期间所用设备的详细信息。具体而言,它包含设备版本号、产品名称、编译目标、分支和 ABI 信息。系统会将该实体与测试运行实体分开存储,以便通过一对多的方式支持多设备测试运行。</li>
+<li><strong>分析点运行实体</strong>。分析点运行实体会汇总在测试运行中针对特定分析点收集的数据。它会阐明分析数据的轴标签、分析点名称、值、类型和回归模式。</li>
+<li><strong>覆盖率实体</strong>。覆盖率实体会阐明针对一个文件收集的覆盖率数据。它包含 GIT 项目信息、文件路径以及源文件中每行的覆盖率计数列表。</li>
+<li><strong>测试用例运行实体</strong>。测试用例运行实体会阐明来自测试运行的特定测试用例的结果,包括测试用例名称及其结果。</li>
+<li><strong>用户收藏实体</strong>。每份用户订阅都可采用以下实体表示:包含对测试的引用以及由 App 引擎用户服务生成的用户 ID。这样便可实现高效的双向查询(即:查询订阅某项测试的所有用户以及某个用户收藏的所有测试)。</li>
+</ul>
+
+<h2 id="entity-grouping">实体分组</h2>
+<p>
+每个测试模块都表示一个实体组的根。测试运行实体既是该组的子项,也是与各自的测试和测试运行祖先实体相关的设备实体、分析点实体和覆盖率实体的父项。
+</p>
+
+<img src="images/treble_vts_dash_entity_ancestry.png"/>
+<figcaption><strong>图 1</strong>. 测试实体祖先树状图。</figcaption>
+
+<p class="key-point"><strong>要点</strong>:设计祖先实体关系时,您必须在提供高效且一致的查询机制与遵守由数据库强制实施的限制之间取得平衡。
+</p>
+
+<h3 id="benefits">优势</h3>
+<p>
+对一致性的要求既可确保后续的操作在事务提交之前无法得知其影响,也可确保当前的操作可以了解过去的事务。在 Cloud Datastore 中,实体分组可在组内创建具有很高的读写一致性的岛(在这种情况下,即是与测试模块相关的所有测试运行和数据)。实体分组具有以下优势:
+</p>
+<ul>
+<li>可将警报作业对测试模块状态的读取和更新视为原子操作</li>
+<li>可在测试模块中以有保证的一致视图呈现测试用例结果</li>
+<li>可在祖先实体树中更快速地查询</li>
+</ul>
+
+<h3 id="limitations">限制</h3>
+<p>
+不建议以超过每秒 1 个实体的速度向实体组写入实体,因为过快的写入操作可能会被拒绝。只要警报作业和上传操作以不超过每秒 1 次写入的速度发生,结构就是稳定的,并且可以保证很高的一致性。
+</p>
+<p>
+归根结底,每个测试模块每秒 1 次写入的上限是合理的,因为测试运行通常都需要至少 1 分钟的时间(包括 VTS 框架的开销);除非同时在超过 60 台不同的主机上一致地执行某项测试,否则不会出现写入瓶颈问题。此外,鉴于每个模块都是测试计划(通常需要运行 1 小时以上)的一部分,瓶颈问题就更不可能会出现了。即使因多台主机同时运行测试而导致对相同主机的写入操作短时暴增,也能轻松处理相关异常情况(例如,通过捕获写入错误并重试)。
+</p>
+
+<h3 id="scaling">扩展规模时的注意事项</h3>
+<p>
+测试运行并不一定需要将测试作为父项(例如,它可以使用其他键,并将测试名称和测试开始时间作为属性);虽然这仍会实现最终一致性,却牺牲了高一致性。例如,警报作业可能无法查看测试模块中最近执行的各项测试运行的相互一致快照;这意味着,全局状态可能无法完全准确地描述测试运行的序列。这也可能会影响测试运行在单个测试模块中的显示(未必是运行序列的一致快照)。最终,快照会是一致的,但无法保证最新数据亦是如此。
+</p>
+
+<h2 id="test-cases">测试用例</h2>
+<p>
+另一个潜在瓶颈是具有很多测试用例的大型测试。两项操作限制分别是:实体组内的写入吞吐量上限为每秒 1 个,事务大小上限为 500 个实体。
+</p>
+<p>
+一种方法是指定一个将测试运行作为祖先实体的测试用例(类似于覆盖率数据、分析数据和设备信息的存储方式):
+</p>
+<img src="images/treble_vts_descend_not.png"/>
+<figcaption><strong>图 2</strong>. 源自测试运行的测试用例(不推荐)。</figcaption>
+
+<p>虽然这种方法可以提供原子性和一致性,但也会对测试施加诸多强硬限制:如果事务的上限是 500 个实体,则测试的测试用例数不得超过 498 个(假设无覆盖率数据或分析数据)。如果测试要超过这一限制,单个事务便无法一次性写入所有测试用例结果,而如果将测试用例分到不同的事务中,则可能会超出每秒 1 次迭代的实体组写入吞吐量上限。由于这种解决方案无法在不影响性能的前提下很好地扩展,因此不建议使用。
+</p>
+
+<p>
+不过,您可以单独存储测试用例并将其键提供给测试运行,而无需将测试用例结果作为测试运行的子项进行存储(测试运行包含其测试用例实体的标识符列表):
+</p>
+
+<img src="images/treble_vts_descend.png"/>
+<figcaption><strong>图 3</strong>. 单独存储的测试用例(推荐)。</figcaption>
+
+<p>
+乍一看,这似乎破坏了对较高一致性的保证。不过,如果客户端具有测试运行实体和测试用例标识符列表,则无需构建查询;它可以直接按标识符获取测试用例,而这种方法始终都能保证一致性。这种方法大大减轻了对测试运行可具有的测试用例数的限制,同时也可在不会导致实体组内过多写入的情况下获得很高的一致性。
+</p>
+
+<h2 id="patterns">数据访问模式</h2>
+<p>
+VTS 信息中心采用以下数据访问模式:
+</p>
+<ul>
+<li><strong>用户收藏</strong>。您可通过以下方式查询用户收藏:在将特定 App Engine 用户对象作为属性的用户收藏实体上使用等式过滤器。</li>
+<li><strong>测试列表</strong>。测试列表是对测试实体的简单查询。要想减少呈现首页所需的带宽,您可使用估测值来体现通过计数和失败计数,以便略过包含失败的测试用例 ID 以及警报作业所用的其他元数据的潜在长列表。</li>
+<li><strong>测试运行</strong>。要想查询测试运行实体,除了需要对键(时间戳)进行排序,您可能还需要对测试运行属性(如版本号、通过计数等)进行过滤。使用测试实体键执行祖先查询会使读取结果具有很高的一致性。此时,所有测试用例结果均可通过使用存储在测试运行属性中的 ID 列表进行检索;数据存储区获取操作的性质亦可保证相关结果会具有很高的一致性。</li>
+<li><strong>分析数据和覆盖率数据</strong>。查询与某项测试相关的分析数据或覆盖率数据时,您无需检索任何其他测试运行数据(例如,其他分析/覆盖率数据、测试用例数据等)。您既可借助使用测试和测试运行实体键的祖先查询来检索测试运行期间记录的所有分析点,也可通过按分析点名称或文件名过滤来检索单个分析实体或覆盖率实体。鉴于祖先查询的性质,这种操作可确保很高的一致性。</li>
+</ul>
+
+<p>
+有关这些数据模式的实际界面和屏幕截图的详细信息,请参阅 <a href="ui.html">VTS 信息中心界面</a>。
+</p>
+
+</body></html> \ No newline at end of file
diff --git a/zh-cn/compatibility/vts/index.html b/zh-cn/compatibility/vts/index.html
new file mode 100644
index 00000000..c995465c
--- /dev/null
+++ b/zh-cn/compatibility/vts/index.html
@@ -0,0 +1,37 @@
+<html devsite><head>
+ <title>供应商测试套件 (VTS) 和基础架构</title>
+ <meta name="project_path" value="/_project.yaml"/>
+ <meta name="book_path" value="/_book.yaml"/>
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<p>Android 供应商测试套件 (VTS) 提供了大量用于 Android 测试的新功能,对由测试驱动的开发流程起到了促进作用。为帮助 Android 开发社区与测试数据进行交互,Android O 提供了以下测试资源:</p>
+<ul>
+<li><a href="systems.html">使用 VTS 进行系统测试</a>。介绍如何使用 VTS 来测试 Android 原生系统的实现情况、设置测试环境,然后使用 VTS 方案来测试补丁程序。</li>
+<li><strong>VTS 信息中心</strong>。基于网页的界面,用于查看 VTS 结果,具体包括:<ul>
+ <li><a href="database.html">信息中心数据库</a>。一个可为持续集成信息中心提供支持的可扩展后端。</li>
+ <li><a href="ui.html">信息中心界面</a>。一个利用 Material Design 有效显示与测试结果、分析和覆盖率相关的信息的统一界面。</li>
+ <li><a href="setup.html">信息中心设置</a>。有关如何设置和配置 VTS 信息中心的说明。</li>
+ </ul>
+</li>
+<li><a href="performance.html">binder 和 hwbinder 性能测试</a>。用于衡量吞吐量和延迟的工具。</li>
+</ul>
+
+<p>如需了解详情,请参阅 developer.android.com 上的 <a href="https://codelabs.developers.google.com/codelabs/android-vts/#0" class="external">Android VTS v8.0 Codelab</a> 和 Google Developers 提供的 <a href="https://www.youtube.com/watch?v=7BX7oSHc7nk&list=PLWz5rJ2EKKc9JOMtoWWMJHFHgvXDoThva" class="external">Android VTS 产品视频</a>。</p>
+
+</body></html> \ No newline at end of file
diff --git a/zh-cn/compatibility/vts/performance.html b/zh-cn/compatibility/vts/performance.html
new file mode 100644
index 00000000..cd62aff1
--- /dev/null
+++ b/zh-cn/compatibility/vts/performance.html
@@ -0,0 +1,363 @@
+<html devsite><head>
+ <title>性能测试</title>
+ <meta name="project_path" value="/_project.yaml"/>
+ <meta name="book_path" value="/_book.yaml"/>
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<p>Android 8.0 中包含用于测试吞吐量和延迟的 binder 和 hwbinder 性能测试。虽然有很多场景都可用于检测可察觉的性能问题,但运行此类场景可能会比较耗时,而且相应结果通常要到集成完系统之后才可获得。借助 Android O 中提供的性能测试,您可更轻松地在开发过程中进行测试、及早发现严重问题以及改善用户体验。</p>
+
+<p>性能测试包括以下四个类别:</p>
+<ul>
+<li>binder 吞吐量(在 <code>system/libhwbinder/vts/performance/Benchmark_binder.cpp</code> 中提供)</li>
+<li>binder 延迟(在 <code>frameworks/native/libs/binder/tests/schd-dbg.cpp</code> 中提供)</li>
+<li>hwbinder 吞吐量(在 <code>system/libhwbinder/vts/performance/Benchmark.cpp</code> 中提供)</li>
+<li>hwbinder 延迟(在 <code>system/libhwbinder/vts/performance/Latency.cpp</code> 中提供)</li>
+</ul>
+
+<h2 id="about">关于 binder 和 hwbinder</h2>
+<p>binder 和 hwbinder 都是 Android 进程间通信 (IPC) 基础架构,它们共用同一个 Linux 驱动程序,但在本质上具有以下不同之处:</p>
+
+<table>
+<tbody><tr>
+<th>方面</th>
+<th>binder</th>
+<th>hwbinder</th>
+</tr>
+
+<tr>
+<td>用途</td>
+<td>为框架提供通用型 IPC 方案</td>
+<td>与硬件通信</td>
+</tr>
+
+<tr>
+<td>属性</td>
+<td>专门针对 Android 框架使用情景做了优化</td>
+<td>开销少,延迟低</td>
+</tr>
+
+<tr>
+<td>更改前台/后台的调度策略</td>
+<td>会</td>
+<td>不会</td>
+</tr>
+
+<tr>
+<td>传递参数</td>
+<td>使用由 Parcel 对象支持的序列化</td>
+<td>使用分散缓冲区,避免因复制 Parcel 序列化所需数据而产生开销</td>
+</tr>
+
+<tr>
+<td>继承优先级</td>
+<td>不会</td>
+<td>会</td>
+</tr>
+
+</tbody></table>
+
+<h3 id="transactions">binder 和 hwbinder 进程</h3>
+<p>Systrace 可视化工具会以如下方式显示事务:</p>
+<img src="images/treble_systrace_binder_processes.png"/>
+<figcaption><strong>图 1.</strong> binder 进程的 Systrace 可视化。</figcaption>
+
+<p>在上述示例中:</p>
+<ul>
+<li>四 (4) 个 schd-dbg 进程是客户端进程。</li>
+<li>四 (4) 个 binder 进程是服务器进程(名称以 <strong>Binder</strong> 开头,且以序列号结尾)。</li>
+<li>每个客户端进程始终都会与某个服务器进程(供其客户端专用)配对。</li>
+<li>所有客户端-服务器进程对均由内核同时单独调度。</li>
+</ul>
+
+<p>在 CPU 1 中,操作系统内核会运行客户端以发出请求。然后,它会尽可能地使用同一 CPU 唤醒服务器进程、处理请求,并会在处理完请求后切换回原环境。</p>
+
+<h3 id="throughput-diffs">吞吐量和延迟</h3>
+<p>在理想的事务中,由于客户端进程和服务器进程可以无缝切换,吞吐量测试和延迟测试在生成的信息方面不会有很大差异。不过,如果操作系统内核在处理来自硬件的中断请求 (IRQ)、等待锁定,或只是选择不立即处理信息,则可能会形成延迟气泡。</p>
+
+<img src="images/treble_latency_bubble.png"/>
+<figcaption><strong>图 2.</strong> 因吞吐量测试结果和延迟测试结果之间的差异而形成的延迟气泡。</figcaption>
+
+<p>吞吐量测试会生成很多具有不同有效负荷量的事务,因此可以很好地估算常规事务时间(在最理想的情况下)以及 binder 可达到的最大吞吐量。</p>
+
+<p>相比之下,延迟测试不会对有效负荷执行任何操作,以最大限度地减少常规事务时间。我们可以利用事务时间来估算 binder 开销、对最坏的情况进行信息统计,并计算那些在延迟方面达到指定截止时间的事务所占的比例。</p>
+
+<h3 id="priority-inversions">处理优先级倒置</h3>
+<p>如果优先级较高的线程在逻辑上需要等待优先级较低的线程,就会出现优先级倒置的问题。实时 (RT) 应用存在优先级倒置问题:</p>
+
+<img src="images/treble_priority_inv_rta.png"/>
+<figcaption><strong>图 3.</strong> 实时应用中的优先级倒置。</figcaption>
+
+<p>如果某个线程使用 Linux 完全公平的调度程序 (CFS) 进行调度,则即使其他线程的优先级较高,该线程也总会有机会运行。因此,采用 CFS 调度的应用会将优先级倒置作为一种预期行为(而非问题)来处理。不过,如果 Android 框架需要使用 RT 调度,以保证优先级较高的线程的权限,则必须先解决优先级倒置问题。</p>
+
+<p>binder 事务中的优先级倒置示例(RT 线程在等待 binder 线程提供服务时在逻辑上被其他 CFS 线程阻塞):</p>
+<img src="images/treble_priority_inv_rta_blocked.png"/>
+<figcaption><strong>图 4.</strong> 优先级倒置;被阻塞的实时线程。</figcaption>
+
+<p>要避免出现阻塞情况,您可以在 binder 线程处理来自 RT 客户端的请求时,使用优先级继承暂时将 binder 线程升级到 RT 线程。请注意,RT 调度的资源有限,应谨慎使用。在具有 N 个 CPU 的系统中,当前 RT 线程的数量上限也为 N;如果所有 CPU 均已被其他 RT 线程占用,则额外的 RT 线程可能需要等待(因此将超出其截止时间)。<em></em><em></em></p>
+
+<p>要解决所有可能出现的优先级倒置问题,您可以针对 binder 和 hwbinder 使用优先级继承。不过,由于 binder 广泛用于整个系统,因此为 binder 事务启用优先级继承可能会使系统中的 RT 线程数超过其所能处理的线程数。</p>
+
+<h2 id="throughput">运行吞吐量测试</h2>
+<p>吞吐量测试是针对 binder/hwbinder 事务吞吐量而运行的。在未过载的系统中,延迟气泡很少,而且只要迭代的次数足够多,就可以消除其影响。</p>
+
+<ul>
+<li><strong>binder</strong> 吞吐量测试位于 <code>system/libhwbinder/vts/performance/Benchmark_binder.cpp</code> 下。</li>
+<li><strong>hwbinder</strong> 吞吐量测试位于 <code>system/libhwbinder/vts/performance/Benchmark.cpp</code> 下。</li>
+</ul>
+
+<h3 id="throughput-results">测试结果</h3>
+<p>针对使用不同有效负荷量的事务的吞吐量测试结果示例:</p>
+
+<pre class="prettyprint">
+Benchmark Time CPU Iterations
+---------------------------------------------------------------------
+BM_sendVec_binderize/4 70302 ns 32820 ns 21054
+BM_sendVec_binderize/8 69974 ns 32700 ns 21296
+BM_sendVec_binderize/16 70079 ns 32750 ns 21365
+BM_sendVec_binderize/32 69907 ns 32686 ns 21310
+BM_sendVec_binderize/64 70338 ns 32810 ns 21398
+BM_sendVec_binderize/128 70012 ns 32768 ns 21377
+BM_sendVec_binderize/256 69836 ns 32740 ns 21329
+BM_sendVec_binderize/512 69986 ns 32830 ns 21296
+BM_sendVec_binderize/1024 69714 ns 32757 ns 21319
+BM_sendVec_binderize/2k 75002 ns 34520 ns 20305
+BM_sendVec_binderize/4k 81955 ns 39116 ns 17895
+BM_sendVec_binderize/8k 95316 ns 45710 ns 15350
+BM_sendVec_binderize/16k 112751 ns 54417 ns 12679
+BM_sendVec_binderize/32k 146642 ns 71339 ns 9901
+BM_sendVec_binderize/64k 214796 ns 104665 ns 6495
+</pre>
+
+<ul>
+<li><strong>时间</strong>表示实时测量的往返延迟时间。
+</li>
+<li><strong>CPU</strong> 表示调度 CPU 以进行测试的累计时间。</li>
+<li><strong>迭代</strong>表示执行测试函数的次数。</li>
+</ul>
+
+<p>以 8 字节的有效负荷为例:</p>
+
+<pre class="prettyprint">
+BM_sendVec_binderize/8 69974 ns 32700 ns 21296
+</pre>
+<p>… binder 可以达到的最大吞吐量的计算公式为:</p>
+<p><em>8 字节有效负荷的最大吞吐量 = (8 * 21296)/69974 ~= 2.423 b/ns ~= 2.268 Gb/s</em></p>
+
+<h3 id="throughput-options">测试选项</h3>
+<p>要获得 .json 格式的结果,请使用 <code>--benchmark_format=json</code> 参数运行测试:</p>
+
+<pre class="prettyprint">
+<code class="devsite-terminal">libhwbinder_benchmark --benchmark_format=json</code>
+{
+ "context": {
+ "date": "2017-05-17 08:32:47",
+ "num_cpus": 4,
+ "mhz_per_cpu": 19,
+ "cpu_scaling_enabled": true,
+ "library_build_type": "release"
+ },
+ "benchmarks": [
+ {
+ "name": "BM_sendVec_binderize/4",
+ "iterations": 32342,
+ "real_time": 47809,
+ "cpu_time": 21906,
+ "time_unit": "ns"
+ },
+ ….
+}
+</pre>
+
+<h2 id="latency">运行延迟测试</h2>
+<p>延迟测试可测量以下事项所花费的时间:客户端开始初始化事务、切换到服务器进程进行处理,以及接收结果。此外,该测试还会查找可对事务延迟产生负面影响的已知不良调度程序行为,例如,调度程序不支持优先级继承或不接受同步标记。</p>
+
+<ul>
+<li>binder 延迟测试位于 <code>frameworks/native/libs/binder/tests/schd-dbg.cpp</code> 下。</li>
+<li>hwbinder 延迟测试位于 <code>system/libhwbinder/vts/performance/Latency.cpp</code> 下。</li>
+</ul>
+
+<h3 id="latency-results">测试结果</h3>
+<p>测试结果(.json 格式)将显示有关平均/最佳/最差延迟以及超出截止时间的次数的统计信息。</p>
+
+<h3 id="latency-options">测试选项</h3>
+<p>延迟测试采用以下选项:</p>
+
+<table>
+<tbody><tr>
+<th>命令</th>
+<th>说明</th>
+</tr>
+
+<tr>
+<td><code>-i <em>value</em></code></td>
+<td>指定迭代次数。</td>
+</tr>
+
+<tr>
+<td><code>-pair <em>value</em></code></td>
+<td>指定进程对的数量。</td>
+</tr>
+
+<tr>
+<td><code>-deadline_us 2500</code></td>
+<td>指定截止时间(以微秒为单位)。</td>
+</tr>
+
+<tr>
+<td><code>-v</code></td>
+<td>获取详细的(调试)输出。</td>
+</tr>
+
+<tr>
+<td><code>-trace</code></td>
+<td>在达到截止时间时暂停跟踪。</td>
+</tr>
+
+</tbody></table>
+
+<p>以下几个部分会详细介绍每个选项,说明相关使用情况,并提供示例结果。</p>
+
+<h4 id="iterations">指定迭代</h4>
+<p>具有大量迭代次数并停用了详细输出功能的结果示例:</p>
+
+<pre class="prettyprint">
+<code class="devsite-terminal">libhwbinder_latency -i 5000 -pair 3</code>
+{
+"cfg":{"pair":3,"iterations":5000,"deadline_us":2500},
+"P0":{"SYNC":"GOOD","S":9352,"I":10000,"R":0.9352,
+ "other_ms":{ "avg":0.2 , "wst":2.8 , "bst":0.053, "miss":2, "meetR":0.9996},
+ "fifo_ms": { "avg":0.16, "wst":1.5 , "bst":0.067, "miss":0, "meetR":1}
+},
+"P1":{"SYNC":"GOOD","S":9334,"I":10000,"R":0.9334,
+ "other_ms":{ "avg":0.19, "wst":2.9 , "bst":0.055, "miss":2, "meetR":0.9996},
+ "fifo_ms": { "avg":0.16, "wst":3.1 , "bst":0.066, "miss":1, "meetR":0.9998}
+},
+"P2":{"SYNC":"GOOD","S":9369,"I":10000,"R":0.9369,
+ "other_ms":{ "avg":0.19, "wst":4.8 , "bst":0.055, "miss":6, "meetR":0.9988},
+ "fifo_ms": { "avg":0.15, "wst":1.8 , "bst":0.067, "miss":0, "meetR":1}
+},
+"inheritance": "PASS"
+}
+</pre>
+<p>这些测试结果会显示以下信息:</p>
+
+<dl>
+<dt><strong><code>"pair":3</code></strong></dt>
+<dd>创建一个客户端和服务器对。</dd>
+
+<dt><strong><code>"iterations": 5000</code></strong></dt>
+<dd>包括 5000 次迭代。</dd>
+
+<dt><strong><code>"deadline_us":2500</code></strong></dt>
+<dd>截止时间为 2500 微秒(2.5 毫秒);大多数事务都应达到该值。</dd>
+
+<dt><strong><code>"I": 10000</code></strong></dt>
+<dd>单次测试迭代包括两 (2) 项事务:<ul>
+ <li>一项按照正常优先级 (<code>CFS other</code>) 处理的事务</li>
+ <li>一项按照实时优先级 (<code>RT-fifo</code>) 处理的事务</li>
+</ul>5000 次迭代相当于共计 10000 项事务。</dd>
+
+<dt><strong><code>"S": 9352</code></strong></dt>
+<dd>9352 项事务会在同一个 CPU 中进行同步。</dd>
+
+<dt><strong><code>"R": 0.9352</code></strong></dt>
+<dd>表示客户端和服务器在同一个 CPU 中一起同步的比例。</dd>
+
+<dt><strong><code>"other_ms":{ "avg":0.2 , "wst":2.8 , "bst":0.053, "miss":2,
+"meetR":0.9996}</code></strong></dt>
+<dd>由正常优先级调用程序分发的所有事务的平均 (<code>avg</code>)、最差 (<code>wst</code>) 和最佳 (<code>bst</code>) 情况。两个事务 <code>miss</code> 截止时间,使得达标率为 (<code>meetR</code>) 0.9996。</dd>
+
+<dt><strong><code>"fifo_ms": { "avg":0.16, "wst":1.5 , "bst":0.067, "miss":0,
+"meetR":1}</code></strong></dt>
+<dd>类似于 <code>other_ms</code>,但适用于由具有 <code>rt_fifo</code> 优先级的客户端分发的事务。<code>fifo_ms</code> 的结果很可能(但不需要)优于 <code>other_ms</code>,且 <code>avg</code> 和 <code>wst</code> 值较低,而 <code>meetR</code> 则较高(如果考虑后台中的负荷,其差异可能会更大)。</dd>
+
+</dl>
+
+<p class="note"><strong>注意</strong>:后台负荷可能会影响延迟测试中的吞吐量结果和 <code>other_ms</code> 元组。只要后台负荷的优先级低于 <code>RT-fifo</code>,就可能只有 <code>fifo_ms</code> 会显示类似的结果。</p>
+
+<h4 id="pair-values">指定对值</h4>
+<p>每个客户端进程都会与其专用的服务器进程配对,且每一对都可能会独立调度到任何 CPU。不过,只要同步标记是 <code>honor</code>,事务期间应该就不会出现 CPU 迁移的情况。</p>
+
+<p>确保系统没有过载!虽然过载系统中延迟较高是正常现象,但是针对过载系统的测试结果并不能提供有用的信息。要测试压力较高的系统,请使用 <code>-pair
+#cpu-1</code>(或谨慎使用 <code>-pair #cpu</code>)。使用 <code>-pair <em>n</em></code> 和 <code><em>n</em> &gt; #cpu</code> 进行测试会使系统过载,并生成无用信息。</p>
+
+<h4 id="deadline-values">指定截止时间值</h4>
+<p>经过大量用户场景测试(在合格产品上运行延迟测试),我们决定将 2.5 毫秒定为需要满足的截止时间要求。对于具有更高要求的新应用(如每秒 1000 张照片),此截止时间值将发生变化。</p>
+
+<h4 id="verbose">指定详细输出</h4>
+<p>使用 <code>-v</code> 选项显示详细输出。例如:</p>
+
+<pre class="devsite-click-to-copy">
+<code class="devsite-terminal">libhwbinder_latency -i 1 -v</code>
+
+<div style="color: orange">--------------------------------------------------
+service pid: 8674 tid: 8674 cpu: 1
+SCHED_OTHER 0</div>
+--------------------------------------------------
+main pid: 8673 tid: 8673 cpu: 1
+
+--------------------------------------------------
+client pid: 8677 tid: 8677 cpu: 0
+SCHED_OTHER 0
+
+<div style="color: blue">--------------------------------------------------
+fifo-caller pid: 8677 tid: 8678 cpu: 0
+SCHED_FIFO 99
+
+--------------------------------------------------
+hwbinder pid: 8674 tid: 8676 cpu: 0
+??? 99</div>
+<div style="color: green">--------------------------------------------------
+other-caller pid: 8677 tid: 8677 cpu: 0
+SCHED_OTHER 0
+
+--------------------------------------------------
+hwbinder pid: 8674 tid: 8676 cpu: 0
+SCHED_OTHER 0</div>
+</pre>
+
+<ul>
+<li><font style="color:orange">服务线程</font>使用 <code>SCHED_OTHER</code> 优先级创建,且与 <code>pid
+8674</code> 一起在 <code>CPU:1</code> 中运行。</li>
+<li>随后,<font style="color:blue">第一个事务</font>由 <code>fifo-caller</code> 启动。为处理该事务,hwbinder 会将服务器 (<code>pid: 8674 tid: 8676</code>) 的优先级升级到 99,并使用瞬态调度类别(输出为 <code>???</code>)对其进行标记。接下来,调度程序会将服务器进程置于 <code>CPU:0</code> 中,以运行该进程并将它与其客户端使用的同一 CPU 进行同步。</li>
+<li><font style="color:green">第二个事务</font>调用程序的优先级为 <code>SCHED_OTHER</code>。服务器自行降级并为优先级为 <code>SCHED_OTHER</code> 的调用程序提供服务。</li>
+</ul>
+
+<h4 id="trace">使用跟踪记录进行调试</h4>
+<p>您可以指定 <code>-trace</code> 选项来调试延迟问题。使用该选项时,延迟测试会在检测到不良延迟时停止跟踪日志记录。例如:</p>
+
+<pre class="prettyprint">
+<code class="devsite-terminal">atrace --async_start -b 8000 -c sched idle workq binder_driver sync freq</code>
+<code class="devsite-terminal">libhwbinder_latency -deadline_us 50000 -trace -i 50000 -pair 3</code>
+deadline triggered: halt &amp;mp; stop trace
+log:/sys/kernel/debug/tracing/trace
+</pre>
+
+<p>以下组件可能会影响延迟:</p>
+
+<ul>
+<li><strong>Android 编译模式</strong>。Eng 模式通常比 Userdebug 模式速度慢。</li>
+<li><strong>框架</strong>。框架服务如何使用 <code>ioctl</code> 来配置 binder?</li>
+<li><strong>binder 驱动程序</strong>。驱动程序是否支持精细锁定?驱动程序是否包含所有性能调整补丁程序?</li>
+<li><strong>内核版本</strong>。内核的实时性能越好,结果就越好。</li>
+<li><strong>内核配置</strong>。内核配置是否包含 <code>DEBUG_PREEMPT</code> 和 <code>DEBUG_SPIN_LOCK</code> 等 <code>DEBUG</code> 配置?</li>
+<li><strong>内核调度程序</strong>。内核中是否具有 Energy-Aware 调度程序 (EAS) 或异构多处理 (HMP) 调度程序?有没有内核驱动程序(<code>cpu-freq</code> 驱动程序、<code>cpu-idle</code> 驱动程序、<code>cpu-hotplug</code> 等)会影响调度程序?</li>
+</ul>
+
+</body></html> \ No newline at end of file
diff --git a/zh-cn/compatibility/vts/setup.html b/zh-cn/compatibility/vts/setup.html
new file mode 100644
index 00000000..d6d6bfaa
--- /dev/null
+++ b/zh-cn/compatibility/vts/setup.html
@@ -0,0 +1,126 @@
+<html devsite><head>
+ <title>VTS 信息中心设置</title>
+ <meta name="project_path" value="/_project.yaml"/>
+ <meta name="book_path" value="/_book.yaml"/>
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<p>
+VTS 信息中心提供了用于查看来自 VTS 持续集成系统的测试结果的用户后端和界面 (UI)。它利用测试状态通知等工具为由测试驱动的开发提供支持,帮助开发者在开发周期中找出存在回归问题的方面并加以预防(包括测试监控和分类支持)。
+</p>
+
+<p>
+VTS 信息中心的界面支持 VTS 基础架构提供的功能(如原生代码覆盖),并通过持续的性能监控,协助开发经过优化且性能卓越的工具。
+</p>
+
+<h2 id="requirements">要求</h2>
+<p>
+要使用 VTS 信息中心,您必须使用以下服务:
+</p>
+<ul>
+<li><a href="https://maven.apache.org/" class="external">Apache Maven</a>,用于编译和部署</li>
+<li><a href="https://cloud.google.com/appengine" class="external">Google Cloud App Engine</a>,用于网络服务托管</li>
+<li><a href="https://cloud.google.com/datastore/docs/" class="external">Google Cloud Datastore</a>,用于存储</li>
+<li><a href="http://www.stackdriver.com/" class="external">Google Stackdriver</a>,用于监控</li>
+</ul>
+
+<p>
+要查看<a href="ui.html#coverage">测试覆盖率</a>,您需要使用一个与源代码服务器(如 Gerrit)对接的 REST API,这样网络服务就可以根据现有访问控制列表提取原始源代码。
+</p>
+
+<h2 id="arch">架构</h2>
+<p>VTS 信息中心采用以下架构:</p>
+<img src="images/treble_vts_dash_arch.png" title="VTS 信息中心架构"/>
+<figcaption><strong>图 1</strong>. VTS 信息中心架构。</figcaption>
+
+<p>测试状态结果通过 REST 接口持续上传到 Cloud Datastore 数据库。VTS 运行程序会自动处理结果并利用 Protobuf 格式将它们序列化。
+</p>
+<p>网络 servlet 是用户的主要访问点,可传送和处理来自 Datastore 数据库的数据。servlet 包括:用于传送所有测试的主要 servlet;用于管理用户收藏的偏好 servlet;用于填充测试表的结果 servlet;用于准备分析数据的图表 servlet;以及用于准备客户端的覆盖率数据的覆盖率 servlet。
+</p>
+<p>每个测试模块都有各自的 Datastore 祖先实体树,且测试结果会根据测试开始时间的 Unix 时间戳编入索引。数据库中的覆盖率数据会作为计数矢量(即原始源代码文件中的每一行的计数矢量)以及用于从源代码服务器提前源代码的识别信息随测试结果一起存储。
+</p>
+<p>通知服务运行时会使用任务队列、识别测试用例状态变化以及向订阅者发出通知。状态信息存储在状态表中,以跟踪数据新鲜度和现有故障。这样一来,通知服务便可以提供有关各个测试用例故障和修复情况的丰富信息。
+</p>
+
+<h2 id="code-structure">代码结构</h2>
+<p>VTS 信息中心基本组件包括在 Java 中实现的 servlet、前端 JSP、CSS 样式表和配置文件。以下列表详细介绍了这些组件的位置和说明(所有路径均指相对于 <code>test/vts/web/dashboard</code> 的路径):</p>
+<ul>
+<li><code>pom.xml</code><br />其中定义了环境变量和依赖关系的设置文件。</li>
+<li><code>src/main/java/com/android/vts/api/</code><br />包含通过 REST 与数据进行交互的端点。</li>
+<li><code>src/main/java/com/android/vts/entity/</code><br />包含 Datastore 实体的 Java 模型。</li>
+<li><code>src/main/java/com/android/vts/proto/</code><br />包含用于 Protobuf 的 Java 文件,其中包括 <code>VtsReportMessage.java</code>(用于说明 VTS 测试结果的 Protobuf 类型的 Java 实现)。</li>
+<li><code>src/main/java/com/android/vts/servlet/</code><br />包含用于 servlet 的 Java 文件。</li>
+<li><code>src/main/java/com/android/vts/util/</code><br />包含用于 servlet 所用实用函数和类的 Java 文件。</li>
+<li><code>src/test/java/com/android/vts/</code><br />包含 servlet 和 utils 的界面测试。</li>
+<li><code>src/main/webapp/</code><br />包含与界面相关的文件(JSP、CSS、XML):<ul>
+ <li><code>js/</code>:包含网页使用的 JavaScript 文件。</li>
+ <li><code>WEB-INF/</code>:包含配置和界面文件。</li>
+ <li><code>jsp/</code>:包含每个网页的 JSP 文件。</li>
+ </ul>
+</li>
+<li><code>appengine-web.xml</code><br />环境变量在其中加载到变量中的设置文件。</li>
+<li><code>web.xml</code><br />其中定义了 servlet 映射和安全限制的设置文件。</li>
+<li><code>cron.xml</code><br />用于定义预定任务(即通知服务)的设置文件。</li>
+</ul>
+
+<h2 id="setup">设置信息中心</h2>
+<p>要设置 VTS 信息中心,请执行以下操作:</p>
+<ol>
+<li>创建 Google Cloud App Engine 项目,然后通过安装以下各项来设置部署主机:
+ <ul>
+ <li>Java 8</li>
+ <li>Google App Engine SDK</li>
+ <li>Maven</li>
+ </ul>
+</li>
+<li>在 Google Cloud API Manager 中生成 OAuth 2.0 客户端 ID。</li>
+<li>创建服务帐号和密钥文件。</li>
+<li>将电子邮件地址添加到 App Engine Email API 授权发件人列表。
+</li>
+<li>设置 Google Analytics(分析)帐号。</li>
+<li>在信息中心 <code>pom.xml</code> 中指定环境变量:
+ <ul>
+ <li>使用 OAuth 2.0 ID(在第 2 步中生成)设置客户端 ID。</li>
+ <li>使用密钥文件(在第 3 步中创建)中包含的标识符设置服务客户端 ID。</li>
+ <li>指定用于发送提醒的发件人电子邮件地址(在第 4 步中添加)。</li>
+ <li>指定将向其发送所有电子邮件的电子邮件域名。</li>
+ <li>指定 Gerrit REST 服务器的地址。</li>
+ <li>指定要用于 Gerrit REST 服务器的 OAuth 2.0 范围。</li>
+ <li>指定 Google Analytics(分析)ID(在第 5 步中设置)。</li>
+ <li>编译和部署项目。</li>
+ </ul>
+</li>
+<li>在终端运行 <code>mvn clean appengine:update</code>。</li>
+</ol>
+
+<p>
+要详细了解信息中心设置和配置,请参阅 <a href="https://codelabs.developers.google.com/codelabs/android-vts" class="external">Android VTS 代码实验室</a>。
+</p>
+
+<h2 id="security">安全注意事项</h2>
+<p>要获取全面的覆盖率信息,需要用到原始源代码。
+不过,部分代码可能属于敏感信息,向其添加额外的网关可能会导致现有访问控制列表遭到利用。
+</p>
+<p>
+为了消除这种隐患,信息中心会直接处理覆盖率矢量(即执行计数的矢量;该矢量会映射到源代码文件中的相应行),而不是提供包含覆盖率信息的源代码。除了覆盖率矢量,信息中心还会接收 Git 项目名称和路径,以便客户端可以通过外部源代码 API 提取代码。客户端浏览器收到这些信息后,会使用 JavaScript 的跨源资源共享 (CORS) 来查询源代码服务器是否有相应的原始源代码;收到的代码会与覆盖率矢量结合使用以便在浏览器中显示这种信息。
+</p>
+<p>
+这种直接的方法不会扩大受攻击面,因为信息中心会利用用户的 Cookie 对外部服务进行身份验证(这意味着无权直接访问源代码的用户将无法利用信息中心来查看敏感信息)。
+</p>
+
+</body></html> \ No newline at end of file
diff --git a/zh-cn/compatibility/vts/systems.html b/zh-cn/compatibility/vts/systems.html
new file mode 100644
index 00000000..cf8a9dfd
--- /dev/null
+++ b/zh-cn/compatibility/vts/systems.html
@@ -0,0 +1,96 @@
+<html devsite><head>
+ <title>使用 VTS 进行系统测试</title>
+ <meta name="project_path" value="/_project.yaml"/>
+ <meta name="book_path" value="/_book.yaml"/>
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<p>供应商测试套件 (VTS) 会自动执行 HAL 和 OS 内核测试。要使用 VTS 测试 Android 原生系统的实现情况,请设置一个测试环境,然后使用 VTS 计划测试相应补丁。</p>
+
+<h2 id="establish">建立测试环境</h2>
+<p>要设置测试环境,请按以下步骤操作:</p>
+<ol>
+<li>安装 Python 开发工具包:
+<pre class="devsite-terminal devsite-click-to-copy">
+sudo apt-get install python-dev
+</pre>
+</li>
+<li>安装协议缓冲区工具(适用于 Python):
+<pre class="devsite-click-to-copy">
+<code class="devsite-terminal">sudo apt-get install python-protobuf</code>
+<code class="devsite-terminal">sudo apt-get install protobuf-compiler</code>
+</pre>
+</li>
+<li>安装 Python 虚拟环境相关工具:
+<pre class="devsite-click-to-copy">
+<code class="devsite-terminal">sudo apt-get install python-virtualenv</code>
+<code class="devsite-terminal">sudo apt-get install python-pip</code>
+</pre>
+</li>
+</ol>
+
+<h2 id="test">测试补丁</h2>
+<p>要测试补丁,请按以下步骤操作:</p>
+<ol>
+<li>构建 VTS 主机端软件包:
+<pre class="devsite-click-to-copy">
+<code class="devsite-terminal">. build/envsetup.sh</code>
+<code class="devsite-terminal">lunch aosp_arm64-userdebug</code>
+<code class="devsite-terminal">make vts -j</code>
+</pre>
+</li>
+<li>运行默认的 VTS 测试:
+<pre class="devsite-click-to-copy">
+<code class="devsite-terminal">vts-tradefed</code>
+tf&gt; run vts // where vts is the test plan name
+</pre>
+</li>
+</ol>
+
+<h2 id="plans">VTS 计划</h2>
+<p>可用的 VTS 测试计划包括:</p>
+
+<table>
+<thead>
+<tr>
+<th>命令</th>
+<th>说明</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>&gt; run vts</td>
+<td>适用于默认的 VTS 测试</td>
+</tr>
+<tr>
+<td>&gt; run vts-hal</td>
+<td>适用于默认的 VTS HAL(硬件抽象层)测试</td>
+</tr>
+<tr>
+<td>&gt; run vts-kernel</td>
+<td>适用于默认的 VTS 内核测试</td>
+</tr>
+</tbody>
+</table>
+
+<p>要查看所有计划的列表,请参阅 <code><a href="https://android.googlesource.com/platform/test/vts/+/master/tools/vts-tradefed/res/config/plans.md">/test/vts/tools/vts-tradefed/res/config.md</a></code>。</p>
+
+<h2 id="support">支持</h2>
+<p>您可以在 <code><a href=" https://android.googlesource.com/platform/test/vts/+/master/README.md">/test/vts/doc</a></code> 下查看用户手册。有关 VTS 的问题,请加入 <a href="https://groups.google.com/forum/#!forum/android-vts">android-vts@googlegroups.com</a> 网上论坛。</p>
+
+</body></html> \ No newline at end of file
diff --git a/zh-cn/compatibility/vts/ui.html b/zh-cn/compatibility/vts/ui.html
new file mode 100644
index 00000000..7b976ec2
--- /dev/null
+++ b/zh-cn/compatibility/vts/ui.html
@@ -0,0 +1,113 @@
+<html devsite><head>
+ <title>VTS 信息中心界面</title>
+ <meta name="project_path" value="/_project.yaml"/>
+ <meta name="book_path" value="/_book.yaml"/>
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<p>
+VTS 信息中心提供了一个利用 Material Design 有效显示与测试结果、分析和覆盖率相关的信息的统一界面。信息中心样式使用 Materialize CSS 和 jQueryUI 等开放源代码 JavaScript 库来处理由 Google App 引擎中的 Java Servlet 传送的数据。
+</p>
+
+<h2>信息中心首页</h2>
+<p>
+信息中心首页会显示相应用户已向收藏夹中添加的一系列测试套件。
+</p>
+<img src="images/treble_vts_ui_main.png" title="VTS 信息中心着陆页"/>
+<figcaption><strong>图 1.</strong> VTS 信息中心 - 首页。</figcaption>
+
+<p>
+用户可在此列表中执行以下操作:
+</p>
+<ul>
+<li>选择某个测试套件以查看该套件的结果。
+</li><li>点击<strong>全部显示</strong>以查看所有 VTS 测试名称。
+</li><li>选择<strong>编辑</strong>图标以修改“收藏夹”列表。<br />
+<img src="images/treble_vts_ui_favorites.png" title="VTS 信息中心收藏夹"/>
+<figcaption><strong>图 2.</strong> VTS 信息中心 - 编辑“收藏夹”页面。</figcaption></li>
+</ul>
+
+<h2 id="test-results">测试结果</h2>
+<p>
+测试结果会显示有关所选测试套件的最新信息,其中包括分析点列表、测试用例结果(按时间顺序排列)表格,以及用来显示最新运行结果细分的饼图(用户可通过向右翻页来加载先前的数据)。
+</p>
+
+<img src="images/treble_vts_ui_results.png" title="VTS 信息中心结果"/>
+<figcaption><strong>图 3.</strong> VTS 信息中心 - 测试结果。</figcaption>
+
+<p>
+用户可通过使用查询或修改测试类型(提交前和/或提交后)来过滤数据。搜索查询支持通用令牌和特定于字段的限定符;受支持的搜索字段包括:设备版本号、分支、目标名称、设备名称和测试版本号。这些字段均需使用以下格式进行指定:FIELD-ID<var></var>="SEARCH QUERY<var></var>"。引号用于将多个字词作为单个令牌与列中的相应数据匹配。
+</p>
+
+<h2 id="profiling">数据分析</h2>
+<p>
+用户可通过选择一个分析点,在<strong>线形图</strong>或<strong>直方图</strong>(示例如下)中查看该点对应的量化数据的交互式视图。默认情况下,该视图会显示最新信息;用户可以使用日期选择器加载特定时间范围内的信息。
+</p>
+<img src="images/treble_vts_ui_performance.png" title="VTS 信息中心性能"/>
+<figcaption><strong>图 4.</strong> VTS 信息中心 - 性能线形图。
+</figcaption>
+<p>
+线形图会显示某个无序性能值集合中的数据;当某项性能测试生成一个与性能值(会随另一个变量(如吞吐量或信息大小)而变化并与之形成函数关系)对应的矢量时,该图会非常有用。
+</p>
+<img src="images/treble_vts_ui_histogram.png" title="VTS 信息中心直方图"/>
+<figcaption><strong>图 5.</strong> VTS 信息中心 - 性能直方图。</figcaption>
+
+<h2 id="coverage">测试覆盖率</h2>
+<p>
+用户可通过测试结果中的覆盖率百分比链接查看覆盖率信息。
+</p>
+<img src="images/treble_vts_ui_coverage.png" title="VTS 信息中心覆盖率"/>
+<figcaption>
+<strong>图 6.</strong> VTS 信息中心 - 覆盖率百分比。</figcaption>
+
+<p>
+对于每个测试用例和源文件,用户都可根据所选测试提供的覆盖率,查看一个包含用不同颜色标识的源代码的可扩展元素:
+</p>
+<img src="images/treble_vts_ui_coverage_source.png" title="VTS 信息中心覆盖率源代码"/>
+<figcaption>
+<strong>图 7.</strong> VTS 信息中心 - 覆盖率源代码。</figcaption>
+
+<ul>
+<li>未覆盖的行用<font style="color:red">红色</font>突出显示。</li>
+<li>已覆盖的行用<font style="color:green">绿色</font>突出显示。</li>
+<li>不可执行的行<strong>未着色</strong>。</li>
+</ul>
+
+<p>
+覆盖率信息可分为不同的部分,具体取决于其在运行时的提供方式。测试可通过以下方式上传覆盖率信息:
+</p>
+<ul>
+<li><strong>按函数</strong>。各部分的标题均采用“Coverage: FUNCTION-NAME<var></var>”格式。</li>
+<li><strong>总计</strong>(在测试运行结束时提供)。只显示 1 个标题:“Coverage: All”。</li>
+</ul>
+
+<p>
+信息中心会从使用开放源代码 <a href="https://gerrit-review.googlesource.com/Documentation/rest-api.html" class="external">Gerrit REST API</a> 的服务器处获取源代码客户端。
+</p>
+
+<h2 id="monitor">监控和测试</h2>
+<p>
+VTS 信息中心提供以下监控和单元测试。
+</p>
+<ul>
+<li><strong>测试电子邮件警报</strong>。警报均是在以两 (2) 分钟的固定时间间隔执行的 Cron 作业中进行配置。该作业会读取 VTS 状态表,以确定新数据是否已上传到每个表格中 - 方法是:检查测试的原始数据上传时间戳是否比上次状态更新时间戳新。如果上传时间戳较新,该作业便会查询当前原始数据上传中包含的新数据(与上次原始数据上传相较而言)。系统会确定新的测试用例失败、持续的测试用例失败、瞬态测试用例失败、测试用例修复和无效的测试,然后将这些信息以电子邮件的格式发送给各项测试的订阅者。</li>
+<li><strong>网络服务运行状况</strong>。Google Stackdriver 集成了 Google App 引擎,可轻松监控 VTS 信息中心。您既可使用简单的运行时间检查来验证网页能否被访问,也可创建其他测试来检查每个网页、servlet 或数据库中的延迟情况。这些检查可确保信息中心始终处于可访问的状态(否则将通知管理员)。</li>
+<li><strong>Google Cloud Analytics</strong>。通过在页面配置(pom.xml 文件)中指定有效的 Google Cloud Analytics ID,您可以将 VTS 信息中心页面与 Google Cloud Analytics 集成。集成后,您便能够更全面地分析网页用途、用户互动、位置、会话统计信息等。</li>
+</ul>
+
+</body></html> \ No newline at end of file
diff --git a/zh-cn/devices/architecture/dto/multiple.html b/zh-cn/devices/architecture/dto/multiple.html
index 2f1a9a26..aea67172 100644
--- a/zh-cn/devices/architecture/dto/multiple.html
+++ b/zh-cn/devices/architecture/dto/multiple.html
@@ -20,7 +20,7 @@
limitations under the License.
-->
-<p>很多 SoC 供应商和原始设计制造商 (ODM) 都支持在一台设备上使用多个 DT,从而使一个映像能够为多个 SKU/配置提供支持。在这种情况下,引导加载程序会在运行时识别硬件,并加载相应的 DT:</p>
+<p>很多 SoC 供应商和 ODM 都支持在一台设备上使用多个 DT,从而使一个映像能够为多个 SKU/配置提供支持。在这种情况下,引导加载程序会在运行时识别硬件,并加载相应的 DT:</p>
<p><img src="../images/treble_dto_multiple_dt.png"/></p>
<figcaption><strong>图 1</strong> 引导加载程序中的多个设备树叠加层。</figcaption>
@@ -36,11 +36,12 @@
<p>引导加载程序应该能够:</p>
<ul>
-<li>读取 SoC ID 并选择相应的主 DT,并</li>
-<li>读取板 ID 并选择相应的叠加 DT。</li>
+<li>读取 SoC ID 并选择相应的主设备树,并</li>
+<li>读取板 ID 并选择相应的叠加设备树。
+</li>
</ul>
-<p>仅选择一个主 DT 和一个叠加 DT 以便在运行时使用,并且所选择的对必须是兼容的。</p>
+<p>只能选择一个主 DT 供在运行时使用。可选择多个叠加 DT,但它们必须与选定的主 DT 兼容。使用多个叠加层有助于避免 DTBO 分区内的每块板上都存储一个叠加层,并能让引导加载程序根据板 ID 或通过探测外设来确定所需叠加层的子集。例如,板 A 可能需要通过叠加层 1、3 和 5 添加的设备,而板 B 可能需要通过叠加层 1、4 和 5 添加的设备。</p>
<h2 id="partition">分区</h2>
<p>要进行分区,请在闪存中确定引导加载程序在运行时可访问和可信的位置,以存储 DTB 和 DTBO(引导加载程序必须能够在匹配的进程中找到这些文件)。请记住,DTB 和 DTBO 不能存在于同一个分区中。如果您的 DTB/DTBO 位于 <code>dtb</code>/<code>dtbo</code> 分区中,请使用 <a href="/devices/architecture/dto/partitions.html">DTB/DTBO 分区格式</a>中详细列出的表结构和头文件格式。</p>
diff --git a/zh-cn/devices/architecture/hidl-cpp/functions.html b/zh-cn/devices/architecture/hidl-cpp/functions.html
index 841fcabe..af7e3aba 100644
--- a/zh-cn/devices/architecture/hidl-cpp/functions.html
+++ b/zh-cn/devices/architecture/hidl-cpp/functions.html
@@ -55,7 +55,7 @@ Return&lt;uint32_t&gt; someMethod() {
};
</pre>
-<p>另外,您还可以使用 <code>Return&lt;*&gt;::withDefault</code> 方法。此方法会在返回值为 <code>! isOk()</code> 的情况下提供一个值。此方法还会自动将返回对象标记为正常,以免客户端进程遭到终止。</p>
+<p>另外,您还可以使用 <code>Return&lt;*&gt;::withDefault</code> 方法。此方法会在返回值为 <code>!isOk()</code> 的情况下提供一个值。此方法还会自动将返回对象标记为正常,以免客户端进程遭到终止。</p>
<h3 id="return-callback">使用回调参数返回</h3>
<p>回调可以将 HIDL 函数的返回值回传给调用方。回调的原型是 <code>std::function</code> 对象,其参数(从 <code>generates</code> 语句中获取)会映射到 C++ 类型。它的返回值为 void(回调本身并不会返回任何值)。</p>
diff --git a/zh-cn/devices/architecture/hidl-java/index.html b/zh-cn/devices/architecture/hidl-java/index.html
index c1905a05..2d8820d5 100644
--- a/zh-cn/devices/architecture/hidl-java/index.html
+++ b/zh-cn/devices/architecture/hidl-java/index.html
@@ -20,7 +20,7 @@
limitations under the License.
-->
-<p>Android O 对 Android 操作系统进行了重新架构,在独立于设备的 Android 平台与特定于设备和供应商的代码之间定义了清晰的接口。
+<p>Android O 对 Android 操作系统的架构重新进行了设计,以在独立于设备的 Android 平台与特定于设备和供应商的代码之间定义清晰的接口。
Android 已经以 HAL 接口的形式(在 <code>hardware/libhardware</code> 中定义为 C 标头)定义了许多此类接口。HIDL 将这些 HAL 接口替换为稳定的带版本接口,可以采用 Java(如下所述),也可以是采用 <a href="/devices/architecture/hidl-cpp/index.html">C++</a> 的客户端和服务器端 HIDL 接口。</p>
<p>HIDL 接口主要通过本机代码使用,因此 HIDL 专注于自动生成高效的 C++ 代码。不过,HIDL 接口也必须能够直接通过 Java 使用,因为有些 Android 子系统(如 Telephony)很可能具有 Java HIDL 接口。</p>
@@ -97,7 +97,7 @@ hidl-gen -o /tmp -Ljava \
import android.hardware.foo.V1_0.IFoo;
import android.hardware.foo.V1_0.IFooCallback.Stub;
....
-class FooCallback extends IFoo.Stub {
+class FooCallback extends IFooCallback.Stub {
// implement methods
}
....
diff --git a/zh-cn/devices/architecture/hidl/hashing.html b/zh-cn/devices/architecture/hidl/hashing.html
index f9565eb4..e5f475f4 100644
--- a/zh-cn/devices/architecture/hidl/hashing.html
+++ b/zh-cn/devices/architecture/hidl/hashing.html
@@ -45,7 +45,7 @@ c84da9f5...f8ea2648 vendor.awesome.foo@1.0::types
822998d7...74d63b8c vendor.awesome.foo@1.0::IFoo
</pre>
-<p class="note"><strong>注意</strong>:为了便于跟踪各个哈希的来源,Google 将 HIDL <code>current.txt</code> 文件分为不同的部分:第一部分列出在 Android O 中发布的接口文件;第二部分列出在 Android O MR1 中发布的接口文件。<em></em><em></em>我们强烈建议在您的 <code>current.txt</code> 文件中使用类似布局。</p>
+<p class="note"><strong>注意</strong>:为了便于跟踪各个哈希的来源,Google 将 HIDL <code>current.txt</code> 文件分为不同的部分:第一部分列出在 Android O 中发布的接口文件,第二部分列出在 Android O MR1 中发布的接口文件。<em></em><em></em>我们强烈建议在您的 <code>current.txt</code> 文件中使用类似布局。</p>
<h2 id="hidl-gen">使用 hidl-gen 添加哈希</h2>
<p>您可以手动将哈希添加到 <code>current.txt</code> 文件中,也可以使用 <code>hidl-gen</code> 添加。以下代码段提供了可与 <code>hidl-gen</code> 搭配使用来管理 <code>current.txt</code> 文件的命令示例(哈希已缩短):</p>
diff --git a/zh-cn/devices/architecture/hidl/services.html b/zh-cn/devices/architecture/hidl/services.html
index 8e4d0f1f..b12d24ab 100644
--- a/zh-cn/devices/architecture/hidl/services.html
+++ b/zh-cn/devices/architecture/hidl/services.html
@@ -57,7 +57,7 @@ V1_1.IFooService; alternateService = 1_1.IFooService.getService("another", true
<li>替换其 <code>serviceDied()</code> 方法。</li>
<li>实例化 <code>hidl_death_recipient</code> 子类的对象。
</li>
-<li>在要监控的服务上调用 <code>linkToDeath()</code> 方法,并传入 <code>IDeathRecipient</code> 的接口对象。</li>
+<li>在要监控的服务上调用 <code>linkToDeath()</code> 方法,并传入 <code>IDeathRecipient</code> 的接口对象。请注意,此方法并不具备在其上调用它的终止接收方或代理的所有权。</li>
</ol>
<p>伪代码示例(C++ 和 Java 类似):</p>
diff --git a/zh-cn/devices/architecture/hidl/versioning.html b/zh-cn/devices/architecture/hidl/versioning.html
index f43c2f0a..78b7c5c2 100644
--- a/zh-cn/devices/architecture/hidl/versioning.html
+++ b/zh-cn/devices/architecture/hidl/versioning.html
@@ -130,7 +130,7 @@ interface IQuux {
<p><code>Bar</code> 的完全限定名称为 <code>android.hardware.example@1.0::IQuux.Foo.Bar</code>。</p>
-<p>在上述两种情况下,只有在 <code>Foo</code> 的声明范围内才能使用 <code>Bar</code> 来引用 <code>Bar</code>。在软件包级或接口级,必须通过 <code>Bar</code>:<code>Foo</code><code>Foo. 来引用 Bar</code>,如上述方法 <code>doSomething</code> 的声明中所示。或者,您可以更详细地将该方法声明为:</p>
+<p>在上述两种情况下,只有在 <code>Foo</code> 的声明范围内才能使用 <code>Bar</code> 来引用 <code>Bar</code>。在软件包级或接口级,必须通过 <code>Foo</code>:<code>Foo.<code>Bar</code> 来引用 Bar</code>,如上述方法 <code>doSomething</code> 的声明中所示。或者,您可以更详细地将该方法声明为:</p>
<pre class="prettyprint">
// IQuux.hal
@@ -210,8 +210,7 @@ struct ExtendedNfcData {
</pre>
<h3 id="rule3">规则 3</h3>
-<p>如果规则 2 未能生成匹配项(UDT 未在当前软件包中定义),HIDL 编译器会扫描所有导入的软件包,查找是否有匹配项。
-以上面的示例来说,假设 <code>ExtendedNfcData</code> 是在 <code>1.1</code> 版本的软件包 <code>android.hardware.nfc</code> 中声明的,<code>1.1</code> 按预期导入 <code>1.0</code>(请参阅<a href="#package-ext">软件包级扩展</a>),且定义仅指定 UDT 名称:</p>
+<p>如果规则 2 未能生成匹配项(UDT 未在当前软件包中定义),HIDL 编译器会扫描所有导入的软件包,查找是否有匹配项。以上面的示例来说,假设 <code>ExtendedNfcData</code> 是在 <code>1.1</code> 版本的软件包 <code>android.hardware.nfc</code> 中声明的,<code>1.1</code> 按预期导入 <code>1.0</code>(请参阅<a href="#package-ext">软件包级扩展</a>),且定义仅指定 UDT 名称:</p>
<pre class="prettyprint">
struct ExtendedNfcData {
@@ -329,7 +328,7 @@ interface IQuux {
<td><p>以下各项均为 true:</p>
<ol>
-<li>“以前的 minor 版本有效”:<code>package@major.(minor-1)</code> 必须已定义,并且遵循相同的规则 A(从 <code>package@major.0</code> 到 <code>package@major.(major-2)</code> 均未定义)或规则 B(如果它是从 <code>@major.(major-2)</code> 升级而来);
+<li>“以前的 minor 版本有效”:<code>package@major.(minor-1)</code> 必须已定义,并且遵循相同的规则 A(从 <code>package@major.0</code> 到 <code>package@major.(minor-2)</code> 均未定义)或规则 B(如果它是从 <code>@major.(minor-2)</code> 升级而来);
<br /><br />
<br /><br />
@@ -405,8 +404,7 @@ enum Color : @1.0::Brightness { HW_GREEN, RAINBOW };
<p>不过,有一种类型的关系经过严格定义,且必须强制执行,即软件包级向后兼容的继承。<em></em>在这种情况下,父级软件包是被继承的软件包,而子软件包是扩展父级的软件包。<em></em><em></em>软件包级向后兼容的继承规则如下:</p>
<ol>
-<li>父级软件包的所有接口都会被子软件包中的接口继承。</li>
-<li>父级软件包中的所有数据类型均会包含在新软件包中,并且可由来自旧软件包中的方法(可能经过了重新实现)来处理。</li>
+<li>父级软件包的所有顶级接口都会被子级软件包中的接口继承。</li>
<li>新接口也可以添加到新软件包中(与其他软件包中其他接口的关系不受限制)。</li>
<li>新数据类型也可以添加到新软件包中,以供升级的现有接口的新方法使用,或供新接口使用。</li>
</ol>
diff --git a/zh-cn/devices/architecture/kernel/modular-kernels.html b/zh-cn/devices/architecture/kernel/modular-kernels.html
index d473c9a0..7145d2a4 100644
--- a/zh-cn/devices/architecture/kernel/modular-kernels.html
+++ b/zh-cn/devices/architecture/kernel/modular-kernels.html
@@ -56,7 +56,7 @@ CONFIG_MODULE_SIG=y
CONFIG_MODULE_SIG_FORCE=y
</pre>
-<p>在需要支持验证启动的设备上,Android 要求内核模块位于启用 dm-verity 的分区中。模块签名并非强制性要求,也不会进行测试;不过,如有需要,ODM 也可以启用模块签名,但前提是 ODM 拥有可确保未来独立内核和文件系统 OTA 更新的密钥签名以及所需的其他基础架构。</p>
+<p>在需要支持验证启动的设备上,Android 要求内核模块位于启用 dm-verity 的分区中。模块签名并非强制性要求,也不会进行测试;不过,如有需要,ODM 也可以启用模块签名,但前提是 ODM 拥有所需的密钥签名及其他基础架构,以确保未来可进行独立的内核和文件系统 OTA 更新。</p>
<h3 id="file-locations">文件位置</h3>
<p>Android 7.x 及更早版本对内核模块(包括对 <code>insmod</code> 和 <code>rmmod</code> 的支持)没有强制要求,而 Android 8.0 建议在生态系统中使用内核模块。下表显示了 Android 的 3 种启动模式所需的板专用外设设备支持:</p>
@@ -194,7 +194,7 @@ on early-init
<h3 id="early-mounting-partitions-vboot-1-0">提前装载分区 (VBoot 1.0)</h3>
<p>使用 VBoot 1.0 提前装载分区的要求包括:</p>
<ol>
-<li>设备节点路径必须在 <em>fstab</em> 和设备树条目中使用其 by-name 符号链接。<code>fstab</code>例如,确保对分区进行命名且设备节点为 <code>/dev/block/…./by-name/{system,vendor,odm}</code>,而不是使用 <code>/dev/block/mmcblk0pX</code> 指定分区。
+<li>设备节点路径必须在 <code>fstab</code> 和设备树条目中使用其 by-name 符号链接。<em></em>例如,确保对分区进行命名且设备节点为 <code>/dev/block/…./by-name/{system,vendor,odm}</code>,而不是使用 <code>/dev/block/mmcblk0pX</code> 指定分区。
</li>
<li>在产品的设备配置中(即 <code>device/<em>oem</em>/<em>project</em>/device.mk</code> 中)为产品 <code>PRODUCT_{SYSTEM,VENDOR}_VERITY_PARTITION</code> 和 <code>CUSTOM_IMAGE_VERITY_BLOCK_DEVICE</code> 指定的路径必须与 <code>fstab</code>/设备树条目中指定 by-name 的相应块设备节点相匹配。<em></em>例如:<pre class="prettyprint">
PRODUCT_SYSTEM_VERITY_PARTITION := /dev/block/…./by-name/system
@@ -389,7 +389,7 @@ fstab 条目采取以下形式:</p>
<h2 id="device-tree-overlay-support-bootloader">设备树叠加层支持(引导加载程序)</h2>
<p>
-<a href="/devices/architecture/dto/">设备树叠加层</a> (DTO) 旨在扩展现有<a href="https://events.linuxfoundation.org/sites/events/files/slides/petazzoni-device-tree-dummies.pdf" class="external">扁平化设备树 (FDT)</a> 的实现,以便在运行时用户空间可通过加载修改了原始数据的额外叠加层 FDT 来修改内核中的初始设备树数据。Android 不需要来自用户空间的 DT Blob 运行时更新,而是建议供应商借助 <code>libfdt</code>/<code>libufdt</code> 在引导加载程序中添加设备树补丁程序。</p>
+<a href="/devices/architecture/dto/">设备树叠加层</a> (DTO) 旨在扩展现有<a href="https://events.linuxfoundation.org/sites/events/files/slides/petazzoni-device-tree-dummies.pdf" class="external">扁平化设备树 (FDT)</a> 的实现,以便用户空间(在运行时)可通过加载修改了原始数据的额外叠加层 FDT 来修改内核中的初始设备树数据。Android 不需要来自用户空间的 DT Blob 运行时更新,而是建议供应商借助 <code>libfdt</code>/<code>libufdt</code> 在引导加载程序中添加设备树补丁程序。</p>
<p>在 Android 7.x 及更早版本中,Android 不要求提供设备树支持,同时,没有针对供应商如何将 DT Blob 传递给内核或在何处存储这些 Blob 提供相关建议。不过,Android 8.0 建议提供此类支持,以将内核的板专属部分和仅限 SoC 访问的部分区分开来。</p>
diff --git a/zh-cn/devices/audio/latency_measurements.html b/zh-cn/devices/audio/latency_measurements.html
index 8edee0ad..28d6f195 100644
--- a/zh-cn/devices/audio/latency_measurements.html
+++ b/zh-cn/devices/audio/latency_measurements.html
@@ -1,5 +1,5 @@
<html devsite><head>
- <title>音频延迟时间测量</title>
+ <title>音频延迟衡量</title>
<meta name="project_path" value="/_project.yaml"/>
<meta name="book_path" value="/_book.yaml"/>
</head>
@@ -20,7 +20,7 @@
limitations under the License.
-->
-<p><a href="http://en.wikipedia.org/wiki/Latency_%28engineering%29">延迟时间</a>是一项重要的系统性能指标。<a href="latency.html">音频延迟时间</a>指标有多种类型,其中一个很实用且易于理解的指标是<a href="latency_measure.html#measuringRoundTrip">往返延迟时间</a>。根据该指标的定义,音频延迟时间是指音频信号进入移动设备的输入设备,由应用处理器上运行的应用进行处理,然后退出输出设备,这整个过程所花费的时间。</p>
+<p><a href="http://en.wikipedia.org/wiki/Latency_%28engineering%29">延迟时间</a>是一项重要的系统性能指标。<a href="latency.html">音频延迟时间</a>指标有多种类型,其中一个很实用且易于理解的指标是<a href="latency_measure.html#measuringRoundTrip">往返延迟时间</a>。根据该指标的定义,往返延迟时间是指音频信号进入移动设备的输入组件,由应用处理器上运行的应用进行处理,然后从输出组件传出,这整个过程所花费的时间。</p>
<img src="images/round_trip_on_device.png" alt="设备上的往返音频延迟时间" id="figure1"/>
<p class="img-caption"><strong>图 1. </strong> 设备上的往返音频延迟时间:T<sub>output</sub> - T<sub>input</sub></p>
@@ -41,7 +41,7 @@
<h2 id="how">如何测量</h2>
-<p>我们使用 <a href="loopback.html">Dr. Rick O'Rang 音频环回软件狗</a>和<a href="latency_measure.html#larsenTest">音频反馈(拉尔森效应)测试</a>得出了本页列出的测量结果。测量假设应用信号处理技术增加了零算法延迟时间和近零计算延迟时间。</p>
+<p>我们使用 <a href="loopback.html">Dr. Rick O'Rang 音频环回软件狗</a>和<a href="latency_measure.html#larsenTest">音频反馈(拉尔森效应)测试</a>得出了本页列出的测量结果。测量假设应用信号处理技术的算法延迟时间为零,并且计算延迟时间接近零。</p>
<p>我们通过耳机连接器来测量往返延迟时间有以下几个原因:</p>
<img src="images/round_trip_via_headset_connector.png" alt="通过耳机连接器测量的往返延迟时间" id="figure2"/>
@@ -54,7 +54,7 @@
<p>在有些情况下,设备上的麦克风和扬声器延迟时间确实会带来影响,但这通常是针对单向延迟而不是往返延迟。<em></em><a href="latency_measure.html#measuringOutput">测量输出设备延迟时间</a>和<a href="latency_measure.html#measuringInput">测量输入设备延迟时间</a>中介绍了测量单向延迟时间的相关技巧。</p>
-<h2 id="measurements">测量结果示例</h2>
+<h2 id="examples">测量结果示例</h2>
<p>下面列出的是特定于某个<a href="/setup/build-numbers.html">版本号</a>的测量结果。设备按初始版本和平台版本的大致顺序列出;您也可以<a href="#chart">查看图表中的延迟时间</a>。测试应用会使用 Android 原生音频 API(基于 OpenSL ES)。</p>
diff --git a/zh-cn/devices/audio/terminology.html b/zh-cn/devices/audio/terminology.html
index 910c1415..e0e3f4ac 100644
--- a/zh-cn/devices/audio/terminology.html
+++ b/zh-cn/devices/audio/terminology.html
@@ -447,7 +447,7 @@ Android 声音服务器实现用例。AudioFlinger 在 mediaserver 进程中运
<dt>音频焦点</dt>
<dd>
-跨多个独立应用管理音频互动的 API 集。如需了解详情,请参阅<a href="http://developer.android.com/training/managing-audio/audio-focus.html">管理音频焦点</a>以及与焦点相关的方法和 <a href="http://developer.android.com/reference/android/media/AudioManager.html">android.media.AudioManager</a> 的常量。
+跨多个独立应用管理音频互动的 API 集。如需了解详情,请参阅<a href="http://developer.android.com/training/managing-audio/audio-focus.html">管理音频焦点</a>以及 <a href="http://developer.android.com/reference/android/media/AudioManager.html">android.media.AudioManager</a> 的与焦点相关的方法和常量。
</dd>
<dt>AudioMixer</dt>
diff --git a/zh-cn/devices/camera/index.html b/zh-cn/devices/camera/index.html
index f2855c55..6bb05251 100644
--- a/zh-cn/devices/camera/index.html
+++ b/zh-cn/devices/camera/index.html
@@ -100,7 +100,8 @@ PRODUCT_COPY_FILES += \
&lt;device&gt;/&lt;company&gt;/&lt;device&gt;/media_codecs.xml:system/etc/media_codecs.xml
</pre></li>
-<li>要将相机应用包含在您设备的系统映像中,请在设备的 <code>device/&lt;company&gt;/&lt;device&gt;/device.mk</code> Makefile 中的 <code>PRODUCT_PACKAGES</code> 变量中指定该应用:<pre class="devsite-click-to-copy">
+<li>要将相机应用包含在您设备的系统映像中,请在设备的 <code>device/&lt;company&gt;/&lt;device&gt;/device.mk</code> Makefile 中的 <code>PRODUCT_PACKAGES</code> 变量中指定该应用:
+<pre class="devsite-click-to-copy">
PRODUCT_PACKAGES := \
Gallery2 \
...
diff --git a/zh-cn/devices/camera/versioning.html b/zh-cn/devices/camera/versioning.html
index 7e2a92c9..600606b2 100644
--- a/zh-cn/devices/camera/versioning.html
+++ b/zh-cn/devices/camera/versioning.html
@@ -119,7 +119,7 @@
<ul>
<li>若在 HAL1 上,则不受 cameraservice 移动的影响,并且<strong>不需要供应商更新</strong>。</li>
-<li>若在 HAL3 上,则受到 cameraservice 移动的影响,但<strong>不需要供应商更新</strong>:<em></em>
+<li>若在 HAL3 上,则会受到 cameraservice 移动的影响,但<strong>不需要供应商更新</strong>:<em></em>
<p><img src="images/ape_camera_n_api2_hal3.png" alt="HAL2 上 API2 中的 Android 7.0 相机和媒体堆栈" id="figure1"/></p>
<p class="img-caption"><strong>图 3. </strong>HAL3 上 API2 中的 Android 7.0 相机和媒体堆栈。</p>
</li>
@@ -131,7 +131,7 @@
<ul>
<li><strong>常规</strong>。由于 IPC,设备需要额外带宽,这可能会影响对时间敏感的相机使用情况,例如高速视频录制。供应商可以通过运行 <code>android.hardware.camera2.cts.PerformanceTest</code> 和 Google 相机应用进行 120/240 FPS 高速视频录制,以衡量实际影响。设备还需要少量额外的 RAM 来创建新进程。</li>
<li><strong>在视频缓冲区中传递元数据</strong>(仅限 HAL1)。<em></em>如果 HAL1 在视频缓冲区中存储元数据而非实际的 YUV 帧数据,则 HAL 必须使用 <code>kMetadataBufferTypeNativeHandleSource</code> 作为元数据缓冲区类型,并在视频缓冲区中传递 <code>VideoNativeHandleMetadata</code>(<code>kMetadataBufferTypeCameraSource</code> 在 Android 7.0 中不再受支持)。通过 <code>VideoNativeHandleMetadata</code>,相机和媒体框架能够正确地对原生句柄进行序列化和反序列化,从而在进程之间传递视频缓冲区。</li>
-<li><strong>缓冲区句柄地址不一定始终存储相同的缓冲区</strong>(仅限 HAL3)。<em></em>对于每个捕获请求,HAL3 会获取缓冲区句柄的地址。HAL 不能使用地址来识别缓冲区,因为地址可能会在 HAL 返回缓冲区之后存储另一个缓冲区句柄。您必须更新 HAL,以便使用缓冲区句柄来标识缓冲区。例如:HAL 接收缓冲区句柄地址 A,该地址存储缓冲区句柄 A。在 HAL 返回缓冲区句柄 A 之后,缓冲区句柄地址 A 可能在 HAL 下次接收到它时存储缓冲区句柄 B。</li>
+<li><strong>缓冲区句柄地址并不总是存储相同的缓冲区</strong>(仅限 HAL3)。<em></em>对于每个捕获请求,HAL3 会获取缓冲区句柄的地址。HAL 不能使用地址来识别缓冲区,因为地址可能会在 HAL 返回缓冲区之后存储另一个缓冲区句柄。您必须更新 HAL,以便使用缓冲区句柄来标识缓冲区。例如:HAL 接收缓冲区句柄地址 A,该地址存储缓冲区句柄 A。在 HAL 返回缓冲区句柄 A 之后,缓冲区句柄地址 A 可能在 HAL 下次接收到它时存储缓冲区句柄 B。</li>
<li><strong>更新用于 cameraserver 的 SELinux 策略</strong>。如果设备特定的 SELinux 策略向 mediaserver 授予运行相机的权限,则您必须更新 SELinux 策略,以授予 cameraserver 正确的权限。我们建议不要为 cameraserver 复制 mediaserver 的 SELinux 策略(因为 mediaserver 和 cameraserver 通常需要系统中的不同资源)。Cameraserver 应仅具有执行相机功能所需的权限,并且 mediaserver 中任何不必要的相机相关权限均应被移除。<p></p>
<h3 id="hardening_validation">验证</h3>
diff --git a/zh-cn/devices/media/oem.html b/zh-cn/devices/media/oem.html
index 02f2d34d..da274f4c 100644
--- a/zh-cn/devices/media/oem.html
+++ b/zh-cn/devices/media/oem.html
@@ -97,7 +97,8 @@ following codecs' concurrent instances limit in /etc/media_codecs.xml:
<ol>
<li>首先使用 cts-tradefed 运行测试。鉴于 Android 性能的波动性,建议多次运行测试以获得更准确的最小值和最大值。
</li><li>使用提供的 <a href="https://android.googlesource.com/platform/cts/+/marshmallow-cts-dev/tools/cts-media/get_achievable_rates.py">get_achievable_rates.py</a> 脚本生成 XML 文件。
- </li><li>将 XML 文件放置在以下位置:<code>/etc/media_codecs_performance.xml</code><br />通常通过将 XML 文件放置在设备项目 (device/&lt;vendor&gt;/&lt;product&gt;) 中并将 <code>PRODUCT_COPY_FILES</code> 行添加到 <code>device.mk</code> 来完成此过程,如下所示:<em></em><em></em>
+ </li><li>将 XML 文件放置在以下位置:<code>/etc/media_codecs_performance.xml</code><br />
+为了完成此过程,您通常需要将 XML 文件放置在设备项目 (device/&lt;vendor&gt;&lt;product&gt;) 中并将 <code>PRODUCT_COPY_FILES</code> 行添加到 <code>device.mk</code> 中,如下所示:<em></em><em></em>
<pre class="devsite-click-to-copy">
PRODUCT_COPY_FILES += \
...
diff --git a/zh-cn/devices/sensors/batching.html b/zh-cn/devices/sensors/batching.html
index 13bee9bd..52efd81c 100644
--- a/zh-cn/devices/sensors/batching.html
+++ b/zh-cn/devices/sensors/batching.html
@@ -68,7 +68,7 @@
在挂起模式下,<code>max_report_latency</code> 对非唤醒 FIFO 没有影响。</p>
<p>当唤醒 FIFO 存满时,或者当其中一个唤醒传感器的 <code>max_report_latency</code> 已过时,硬件必须唤醒 SoC 并报告数据。</p>
<p>在这两种情况下(唤醒和非唤醒),只要 SoC 退出挂起模式,即使一些传感器的 <code>max_report_latency</code> 未过,也会产生一个包含所有 FIFO 内容的批处理。这样可最大限度地降低 SoC 再次挂起而必须重新将其唤醒的风险。这进而可以最大限度地降低功耗。</p>
-<p>*不允许驱动程序持有唤醒锁定的一个明显例外情况是,在 <code>max_report_latency</code> 小于 1 秒时,启用<a href="report-modes.html#continuous">连续报告模式</a>的唤醒传感器。在此情况下,驱动程序可以持有唤醒锁,这是因为 SoC 在进入挂起模式前会被唤醒事件唤醒,因此没有机会进入挂起模式。</p>
+<p>*不允许驱动程序持有唤醒锁定的一个明显例外情况是,在 <code>max_report_latency</code> 小于 1 秒的情况下启用使用<a href="report-modes.html#continuous">连续报告模式</a>的唤醒传感器。在此情况下,驱动程序可以持有唤醒锁,这是因为 SoC 在进入挂起模式前会被唤醒事件唤醒,因此没有机会进入挂起模式。</p>
<h2 id="precautions_to_take_when_batching_wake-up_sensors">批处理唤醒传感器时的注意事项</h2>
<p>根据设备不同,SoC 可能需要几毫秒才能完全退出挂起模式并开始刷新 FIFO。因此必须在 FIFO 中分配足够的头空间,才能让设备完全退出挂起状态,而不造成唤醒 FIFO 溢出。不得丢失任何事件,并且必须遵照 <code>max_report_latency</code>。</p>
<h2 id="precautions_to_take_when_batching_non-wake-up_on-change_sensors">批处理采用 On-change 触发方式的非唤醒传感器时的注意事项</h2>
diff --git a/zh-cn/devices/sensors/hal-interface.html b/zh-cn/devices/sensors/hal-interface.html
index 89c05590..3891ffd5 100644
--- a/zh-cn/devices/sensors/hal-interface.html
+++ b/zh-cn/devices/sensors/hal-interface.html
@@ -131,7 +131,7 @@ int (*setDelay)(
<p>刷写异步发生(即该函数必须立即返回)。如果实现将一个 FIFO 用于多个传感器,则刷写该 FIFO,并且仅为指定传感器添加刷写完成事件。</p>
<p>如果指定传感器没有 FIFO(无法缓冲),或者如果 FIFO 在调用时为空,则 <code>flush</code> 仍必须操作成功并为该传感器发送刷写完成事件。这适用于除单次传感器以外的所有传感器。</p>
<p>当调用 <code>flush</code> 时,即使该传感器的 FIFO 中已经存在刷写事件,也必须另外创建一个刷写事件并将其添加到 FIFO 的末尾,并且必须刷写 FIFO。<code>flush</code> 调用的次数必须等于创建的刷写完成事件数。</p>
-<p><code>flush</code> 不适用于<a href="report-modes.html#one-shot">单次</a>传感器。如果 <code>sensor_handle</code> 指向的是单次传感器,则 <code>flush</code> 必须返回 <code>-EINVAL</code>,并且不生成任何刷写完成元数据事件。</p>
+<p><code>flush</code> 不适用于<a href="report-modes.html#one-shot">单次</a>传感器。如果 <code>sensor_handle</code> 引用的是单次传感器,则 <code>flush</code> 必须返回 <code>-EINVAL</code>,并且不生成任何刷写完成元数据事件。</p>
<p>如果操作成功,该函数返回 0;如果指定的传感器是单次传感器或未启用,则返回 <code>-EINVAL</code>;其他情况,返回表示错误的负数。</p>
<h2 id="poll">poll()</h2>
<pre class="prettyprint">int (*poll)(struct sensors_poll_device_t *dev, sensors_event_t* data, int
@@ -164,9 +164,9 @@ int (*setDelay)(
<p><strong>power</strong>:启用传感器的功耗成本,以毫安为单位。该字段值几乎始终大于底层传感器的相关数据表中报告的功耗。要了解详情,请参阅<a href="sensor-types.html#base_sensors_=_not_equal_to_physical_sensors">基础传感器不等于物理传感器</a>这篇文章;要详细了解如何测量传感器的功耗,请参阅<a href="power-use.html#power_measurement_process">功率测量过程</a>。如果传感器的功耗取决于设备是否正在移动,则 <code>power</code> 字段中报告的值是移动时的功耗。</p>
<p><strong>minDelay</strong>:对于连续传感器,指对应于传感器支持的最快速率的采样周期(以微秒为单位)。要详细了解该值是如何使用的,请参阅 <a href="#sampling_period_ns">sampling_period_ns</a>。请注意,<code>minDelay</code> 以微秒为单位,而 <code>sampling_period_ns</code> 以纳秒为单位。对于变化和特殊报告模式传感器,除非另行指定,否则 <code>minDelay</code> 必须为 0。对于单次传感器,该值必须为 -1。</p>
<p><strong>maxDelay</strong>:对于连续和变化模式传感器,指对应于传感器支持的最慢速率的采样周期(以微秒为单位)。要详细了解该值是如何使用的,请参阅 <a href="#sampling_period_ns">sampling_period_ns</a>。请注意,<code>maxDelay</code> 以微秒为单位,而 <code>sampling_period_ns</code> 以纳秒为单位。对于特殊和单次传感器,<code>maxDelay</code> 必须为 0。</p>
-<p><strong>fifoReservedEventCount</strong>:硬件 FIFO 中为该传感器保留的事件数。如果该传感器有专属的 FIFO,则 <code>fifoReservedEventCount</code> 是该专属 FIFO 的大小。如果该 FIFO 与其他传感器共用,则 <code>fifoReservedEventCount</code> 是为该传感器保留的 FIFO 部分的大小。对于大多数共享 FIFO 的系统以及没有硬件 FIFO 的系统,该值为 0。</p>
+<p><strong>fifoReservedEventCount</strong>:硬件 FIFO 中为该传感器保留的事件数。如果该传感器有专属的 FIFO,则 <code>fifoReservedEventCount</code> 是该专属 FIFO 的大小。如果该传感器与其他传感器共用 FIFO,则 <code>fifoReservedEventCount</code> 是为该传感器保留的 FIFO 部分的大小。对于大多数共享 FIFO 的系统以及没有硬件 FIFO 的系统,该值为 0。</p>
<p><strong>fifoMaxEventCount</strong>:FIFO 中可为该传感器存储的最大事件数。该值总是大于或等于 <code>fifoReservedEventCount</code>。该值用于估计在假设不激活任何其他传感器的情况下,以特定速率注册到传感器时 FIFO 多快会被填满。对于没有硬件 FIFO 的系统,<code>fifoMaxEventCount</code> 为 0。要了解详情,请参阅<a href="batching.html">批量处理</a>。</p>
-<p>对于官方传感器类型的传感器,一些字段会被框架覆盖。例如,<a href="sensor-types.html#accelerometer">加速度计</a>传感器被强制使用连续报告模式,而<a href="sensor-types.html#heart_rate">心率</a>监测器则被强制受 <code>SENSOR_PERMISSION_BODY_SENSORS</code> 权限的保护。</p>
+<p>对于官方传感器类型的传感器,一些字段会被框架覆盖。例如,强制要求<a href="sensor-types.html#accelerometer">加速度计</a>传感器使用连续报告模式,并强制要求<a href="sensor-types.html#heart_rate">心率</a>监测器受 <code>SENSOR_PERMISSION_BODY_SENSORS</code> 权限的保护。</p>
<h2 id="sensors_event_t">sensors_event_t</h2>
<p>由 Android 传感器生成并通过 <a href="#poll">poll</a> 函数报告的传感器事件属于 <code>type sensors_event_t</code>。以下是 <code>sensors_event_t</code> 的一些重要字段:</p>
<p><strong>version</strong>:必须是 <code>sizeof(struct sensors_event_t)</code>。</p>
diff --git a/zh-cn/devices/sensors/index.html b/zh-cn/devices/sensors/index.html
index c2cde4b3..d453ebaf 100644
--- a/zh-cn/devices/sensors/index.html
+++ b/zh-cn/devices/sensors/index.html
@@ -55,7 +55,7 @@
<ul>
<li>可以存在几个相同类型的传感器。例如,两个近程传感器或两个加速度计。</li>
<li>绝大多数应用仅会请求给定类型的单个传感器。例如,请求默认加速度计的应用将获得列表中的第一个加速度计。</li>
- <li>传感器通常由<a href="suspend-mode.html#wake-up_sensors">唤醒</a>和<a href="suspend-mode.html#non-wake-up_sensors">非唤醒</a>对定义,两种传感器共享同一类型,但其唤醒特性不同。</li>
+ <li>传感器通常由<a href="suspend-mode.html#wake-up_sensors">唤醒</a>和<a href="suspend-mode.html#non-wake-up_sensors">非唤醒</a>对进行定义,两种传感器会共用同一类型,但其唤醒特性不同。</li>
</ul>
</li>
</ul>
@@ -110,7 +110,7 @@
<ul>
<li><a href="/compatibility/android-cdd.pdf">https://source.android.com/compatibility/android-cdd.pdf</a></li>
<li>查看有关传感器的部分。</li>
- <li>CDD 的要求很宽松,因此满足 CDD 要求不足以确保传感器质量会很高。</li>
+ <li>CDD 的要求很宽松,因此满足 CDD 要求不足以确保传感器的质量很高。</li>
</ul>
</li>
</ul>
diff --git a/zh-cn/devices/sensors/sensor-types.html b/zh-cn/devices/sensors/sensor-types.html
index dbedb825..bc306675 100644
--- a/zh-cn/devices/sensors/sensor-types.html
+++ b/zh-cn/devices/sensors/sensor-types.html
@@ -99,7 +99,7 @@
<p>仅当传感器已禁用时,才可更新偏差校准和尺度校准,以避免流式传输时出现值激增。</p>
<p>加速度计还通过 <code>sensors_event_t.acceleration.status</code> 报告其预测的读数精度。要详细了解此字段的可能值,请参阅 <a href="https://developer.android.com/reference/android/hardware/SensorManager.html">SensorManager</a> 的 <a href="https://developer.android.com/reference/android/hardware/SensorManager.html#SENSOR_STATUS_ACCURACY_HIGH"><code>SENSOR_STATUS_* </code></a>常量。</p>
<h3 id="ambient_temperature">环境温度传感器</h3>
-<p>报告模式:<em><a href="report-modes.html#on-change">按变化模式</a></em></p>
+<p>报告模式:<em><a href="report-modes.html#on-change">变化模式</a></em></p>
<p><code>getDefaultSensor(SENSOR_TYPE_AMBIENT_TEMPERATURE)</code> 会返回一个非唤醒传感器<em></em></p>
<p>该传感器可提供环境(室内)温度,单位是摄氏度。</p>
<h3 id="magnetic_field_sensor">磁场传感器</h3>
@@ -136,12 +136,12 @@
<p>以每分钟心跳次数 (BPM) 表示的当前心率在 <code>sensors_event_t.heart_rate.bpm</code> 中报告,而传感器的状态在 <code>sensors_event_t.heart_rate.status</code> 中报告。要详细了解此字段的可能值,请参阅 <a href="https://developer.android.com/reference/android/hardware/SensorManager.html">SensorManager</a> 的 <a href="https://developer.android.com/reference/android/hardware/SensorManager.html#SENSOR_STATUS_ACCURACY_HIGH"><code>SENSOR_STATUS_*</code></a> 常量。特别是在第一次激活时,除非系统已知设备未随身携带,否则首次事件的状态字段必须设置为 <code>SENSOR_STATUS_UNRELIABLE</code>。因为传感器采用变化模式,当且仅当 <code>heart_rate.bpm</code> 或 <code>heart_rate.status</code> 自上次事件后已发生变化时才会触发事件。事件生成速度不会大于每隔 <code>sampling_period</code> 一次。</p>
<p><code>sensor_t.requiredPermission</code> 始终是 <code>SENSOR_PERMISSION_BODY_SENSORS</code>。</p>
<h3 id="light">光线传感器</h3>
-<p>报告模式:<em><a href="report-modes.html#on-change">按变化模式</a></em></p>
+<p>报告模式:<em><a href="report-modes.html#on-change">变化模式</a></em></p>
<p><code>getDefaultSensor(SENSOR_TYPE_LIGHT)</code> 会返回一个非唤醒传感器<em></em></p>
<p>光线传感器可报告当前照明度,采用国际单位勒克斯 (lux)。</p>
<p>测量结果在 <code>sensors_event_t.light</code> 中报告。</p>
<h3 id="proximity">近程传感器</h3>
-<p>报告模式:<em><a href="report-modes.html#on-change">按变化模式</a></em></p>
+<p>报告模式:<em><a href="report-modes.html#on-change">变化模式</a></em></p>
<p>通常定义为唤醒传感器</p>
<p><code>getDefaultSensor(SENSOR_TYPE_PROXIMITY)</code> 会返回一个唤醒传感器<em></em></p>
<p>近程传感器可报告从传感器到最近的可见表面的距离。</p>
@@ -159,7 +159,7 @@
</ul>
<p>气压计通常用于估算高度变化。要估算绝对高度,必须将海平面压力(随天气变化)作为参照点。</p>
<h3 id="relative_humidity">相对湿度传感器</h3>
-<p>报告模式:<em><a href="report-modes.html#on-change">按变化模式</a></em></p>
+<p>报告模式:<em><a href="report-modes.html#on-change">变化模式</a></em></p>
<p><code>getDefaultSensor(SENSOR_TYPE_RELATIVE_HUMIDITY)</code> 会返回一个非唤醒传感器<em></em></p>
<p>相对湿度传感器用于测量环境空气相对湿度,并返回百分比值。</p>
@@ -310,7 +310,7 @@
<p>每个传感器事件在 <code>sensors_event_t.data[0]</code> 中报告 1</p>
<h3 id="step_detector">步测器</h3>
<p>底层物理传感器:加速度计(可能还有其他低功耗计量器)</p>
-<p>报告模式:<em>特殊模式</em>(一步触发一个事件)<a href="report-modes.html#special"></a></p>
+<p>报告模式:<a href="report-modes.html#special">特殊模式</a>(一步触发一个事件)<em></em></p>
<p>低功耗</p>
<p><code>getDefaultSensor(SENSOR_TYPE_STEP_DETECTOR)</code> 会返回一个非唤醒传感器<em></em></p>
<p>用户每走一步,步测器就触发一个事件。</p>
@@ -321,7 +321,7 @@
<p>每个传感器事件在 <code>sensors_event_t.data[0]</code> 中报告 1</p>
<h3 id="step_counter">计步器</h3>
<p>底层物理传感器:加速度计(可能还有其他低功耗计量器)</p>
-<p>报告模式:<em><a href="report-modes.html#on-change">按变化模式</a></em></p>
+<p>报告模式:<em><a href="report-modes.html#on-change">变化模式</a></em></p>
<p>低功耗</p>
<p><code>getDefaultSensor(SENSOR_TYPE_STEP_COUNTER)</code> 会返回一个非唤醒传感器<em></em></p>
<p>计步器报告自激活后上一次重新启动以来用户行走的步数。</p>
@@ -423,7 +423,7 @@
</p>
</div>
<p>该定义与航空中使用的偏航、俯仰和滚动不同,其中 X 轴沿飞机长边(机尾到机头)延伸。</p>
-<p>方向传感器还通过 sensors_event_t.orientation.status 报告其预测的度数精度。要详细了解该字段的可能值,请参阅 <a href="https://developer.android.com/reference/android/hardware/SensorManager.html">SensorManager</a> 的 <a href="https://developer.android.com/reference/android/hardware/SensorManager.html#SENSOR_STATUS_ACCURACY_HIGH">SENSOR_STATUS_</a>* 常量。</p>
+<p>方向传感器还通过 sensors_event_t.orientation.status 报告其预测的度数精度。要详细了解此字段的可能值,请参阅 <a href="https://developer.android.com/reference/android/hardware/SensorManager.html">SensorManager</a> 的 <a href="https://developer.android.com/reference/android/hardware/SensorManager.html#SENSOR_STATUS_ACCURACY_HIGH">SENSOR_STATUS_</a>* 常量。</p>
<h2 id="uncalibrated_sensors">未校准传感器</h2>
<p>未校准传感器可提供更多的原始结果,可能包括一些偏差,还包含校准后更正结果中的少数“激增”值。一些应用可能更倾向于使用这些未校准结果,因为此类结果更流畅、可靠。例如,如果应用试图自己进行传感器融合,则引入校准可能会使结果失真。</p>
<h3 id="gyroscope_uncalibrated">未校准陀螺仪传感器</h3>
diff --git a/zh-cn/devices/tech/admin/multiuser-apps.html b/zh-cn/devices/tech/admin/multiuser-apps.html
index 9f38e943..f15699bf 100644
--- a/zh-cn/devices/tech/admin/multiuser-apps.html
+++ b/zh-cn/devices/tech/admin/multiuser-apps.html
@@ -71,7 +71,7 @@ INTERACT_ACROSS_USERS_FULL (signature)
</li><li><code>Context.bindServiceAsUser(Intent, …, UserHandle)</code>
</li><li><code>Context.sendBroadcastAsUser(Intent, … , UserHandle)</code>
</li><li><code>Context.startServiceAsUser(Intent, …, UserHandle)
-UserHandle</code> 可能是显式用户或特殊句柄之一:<code>UserHandle.CURRENT</code> 或 <code>UserHandle.ALL</code>。<code>CURRENT</code> 表示当前处于前台的用户。如果您想向所有用户发送广播,则可以使用 <code>ALL</code>。
+UserHandle</code> 可能是显式用户或特殊句柄之一:<code>UserHandle.CURRENT</code> 或 <code>UserHandle.ALL</code>。<code>CURRENT</code> 表示当前位于前台的用户。如果您想向所有用户发送广播,则可以使用 <code>ALL</code>。
</li></ul>
</li><li>要与您自己应用中的组件通信,请使用:
<code>(INTERACT_ACROSS_USERS)</code>
diff --git a/zh-cn/devices/tech/admin/testing-provision.html b/zh-cn/devices/tech/admin/testing-provision.html
index 4ca77664..749e01d7 100644
--- a/zh-cn/devices/tech/admin/testing-provision.html
+++ b/zh-cn/devices/tech/admin/testing-provision.html
@@ -204,12 +204,12 @@ TestRunner: java.lang.RuntimeException: Failed to load page: com.android.afwtest
这类错误通常是由之前的界面网页或加载失败的网页中的错误所导致,因此,请尝试在 logcat 中找到出现该错误之前的其他错误消息,然后按照配置流程手动重现该错误。</li>
<li>如果测试包运行失败:
<ul>
-<li>系统会使用以下语法将屏幕截图保存到 <code>out/host/linux-x86/afw-th/android-cts/repository/logs/<em>start-time</em></code>:<code>screenshot-test_<em>test_class_full_name</em>_<em>test_case_name</em>-<em>random_number</em>.png</code>。该信息也会记录在主机日志中。</li>
+<li>系统会使用下列语法将屏幕截图保存到 <code>out/host/linux-x86/afw-th/android-cts/repository/logs/<em>start-time</em></code>:<code>screenshot-test_<em>test_class_full_name</em>_<em>test_case_name</em>-<em>random_number</em>.png</code>。该信息也会记录在主机日志中。</li>
<li>错误报告会以下列形式保存到 <code>out/host/linux-x86/afw-th/android-cts/repository/logs/<em>start-time</em></code>:<code>bug-<em>test_class_full_name</em>_<em>test_case_name</em>-<em>random_number</em>.zip</code>。
</li>
</ul>
</li>
-<li>所有测试包均执行完毕后,屏幕截图会以 <code>screenshot-<em>random_number</em>.png</code> 的形式保存到 <code>out/host/linux-x86/afw-th/android-cts/repository/logs/<em>start-time</em></code>。该信息也会记录在主机日志中。</li>
+<li>所有测试包均执行完毕后,系统会截取屏幕截图,并将其以下列形式保存到 <code>out/host/linux-x86/afw-th/android-cts/repository/logs/<em>start-time</em></code>:<code>screenshot-<em>random_number</em>.png</code>。该信息也会记录在主机日志中。</li>
</ul>
<h2 id="faq">常见问题解答</h2>
diff --git a/zh-cn/devices/tech/config/filesystem.html b/zh-cn/devices/tech/config/filesystem.html
index 624d7ee3..da333bc6 100644
--- a/zh-cn/devices/tech/config/filesystem.html
+++ b/zh-cn/devices/tech/config/filesystem.html
@@ -37,7 +37,7 @@
<aside class="note"><strong>注意</strong>:虽然您仍可以使用<a href="#older">旧版 Android 中的文件系统替换方法</a>,但不能同时再使用新的 AID 机制。建议您尽可能使用新的机制。</aside>
<h2 id="adding-android-ids-aids">添加 Android ID (AID)</h2>
-<p>Android 8.0 从 Android 开源项目 (AOSP) 中移除了 <code>android_ids[]</code> 数组。所有适合 AID 的名称都改为在生成 Bionic <code>android_ids[]</code> 数组时从 <code>system/core/include/private/android_filesystem_config.h</code> 标头文件生成。这种机制会提取与 <code>AID_*</code> 匹配的所有 <code>define</code>,且 <strong>*</strong> 会变为小写名称。</p>
+<p>Android 8.0 从 Android 开源项目 (AOSP) 中移除了 <code>android_ids[]</code> 数组。所有适合 AID 的名称都改为在生成 Bionic <code>android_ids[]</code> 数组时从 <code>system/core/include/private/android_filesystem_config.h</code> 标头文件生成。这种机制会提取与 <code>define</code> 匹配的所有 <code>AID_*</code>,且 <strong></strong> 会变为小写名称。</p>
<p>例如,在 <code>private/android_filesystem_config.h</code> 中:</p>
@@ -56,7 +56,7 @@
<p>
要启用新的 AID 机制,请在 <code>BoardConfig.mk</code> 文件中设置 <code>TARGET_FS_CONFIG_GEN</code>。此变量含有配置文件列表,使您可以根据需要附加文件。</p>
-<aside class="caution"><strong>注意</strong>:请勿通过旧版 Android 中早期的 <code>TARGET_ANDROID_FILESYSTEM_CONFIG_H</code> 方法使用 <code>TARGET_FS_CONFIG_GEN</code>!否则,您会收到错误提示。</aside>
+<aside class="caution"><strong>注意</strong>:请勿通过旧版 Android 中早期的 <code>TARGET_FS_CONFIG_GEN</code> 方法使用 <code>TARGET_ANDROID_FILESYSTEM_CONFIG_H</code>!否则,您会收到错误提示。</aside>
<p>按照惯例,配置文件使用名称 <code>config.fs</code>,但在实践中,您可以使用任何名称。<code>config.fs</code> 文件采用 <a href="https://docs.python.org/2/library/configparser.html" class="external">Python ConfigParser ini 格式</a>,并包含 caps 部分(用于配置文件系统权能)和 AID 部分(用于配置 OEM 专属 AID)。
</p>
@@ -129,7 +129,7 @@
<td><code>value</code></td>
<td>&lt;number&gt;</td>
<td>有效的 C 样式的数字字符串(十六进制、八进制、二进制和十进制)。
- <br /><br />使用同一值选项指定多个部分<strong>或</strong>指定超出收录的 OEM 范围(在 <code>system/core/include/private/android_filesystem_config.h</code> 中指定)的值,属于错误的做法:
+ <br /><br />使用同一值选项指定多个部分<strong>或</strong>指定超出收录的 OEM 范围(在 <code>system/core/include/private/android_filesystem_config.h</code> 中指定)的值,都属于错误的做法:
<ul>
<li>AID_OEM_RESERVED_START(2900) - AID_OEM_RESERVED_END(2999)</li>
<li>AID_OEM_RESERVED_2_START(5000) - AID_OEM_RESERVED_2_END(5999)</li>
diff --git a/zh-cn/devices/tech/dalvik/improvements.html b/zh-cn/devices/tech/dalvik/improvements.html
index 87907a72..6d4ad734 100644
--- a/zh-cn/devices/tech/dalvik/improvements.html
+++ b/zh-cn/devices/tech/dalvik/improvements.html
@@ -200,7 +200,7 @@
<h2 id="faster-native-methods">更快速的原生方法</h2>
<p>
- 可以使用 <a class="external" href="https://android.googlesource.com/platform/libcore/+/master/dalvik/src/main/java/dalvik/annotation/optimization/FastNative.java"><code>@FastNative</code></a> 和 <a class="external" href="https://android.googlesource.com/platform/libcore/+/master/dalvik/src/main/java/dalvik/annotation/optimization/CriticalNative.java"><code>@CriticalNative</code></a> 注解实现对 Java 原生接口 (JNI) 更快速的原生调用。这种内置的 ART 运行时优化加快了 JNI 转换并取代了现在已弃用的 !<em>bang JNI 标记。</em>注解对非原生方法没有任何影响,并且仅适用于 <code>bootclasspath</code> 上的平台 Java 语言代码(无 Play 商店更新)。
+ 使用 <a class="external" href="https://android.googlesource.com/platform/libcore/+/master/dalvik/src/main/java/dalvik/annotation/optimization/FastNative.java"><code>@FastNative</code></a> 和 <a class="external" href="https://android.googlesource.com/platform/libcore/+/master/dalvik/src/main/java/dalvik/annotation/optimization/CriticalNative.java"><code>@CriticalNative</code></a> 注解可实现对 Java 原生接口 (JNI) 更快速的原生调用。这种内置的 ART 运行时优化加快了 JNI 转换,并取代了现在已弃用的 !<em>bang JNI 标记。</em>注解对非原生方法没有任何影响,并且仅适用于 <code>bootclasspath</code> 上的平台 Java 语言代码(无 Play 商店更新)。
</p>
<p>
diff --git a/zh-cn/devices/tech/datausage/tags-explained.html b/zh-cn/devices/tech/datausage/tags-explained.html
index e97b4a43..814136e8 100644
--- a/zh-cn/devices/tech/datausage/tags-explained.html
+++ b/zh-cn/devices/tech/datausage/tags-explained.html
@@ -1,5 +1,5 @@
<html devsite><head>
- <title>流量消耗标签说明</title>
+ <title>流量使用情况标签说明</title>
<meta name="project_path" value="/_project.yaml"/>
<meta name="book_path" value="/_book.yaml"/>
</head>
diff --git a/zh-cn/devices/tech/debug/ftrace.html b/zh-cn/devices/tech/debug/ftrace.html
index 1dee6a9b..dc2e42a8 100644
--- a/zh-cn/devices/tech/debug/ftrace.html
+++ b/zh-cn/devices/tech/debug/ftrace.html
@@ -48,7 +48,7 @@ echo 1 &gt; /d/tracing/events/irq/enable
echo 1 &gt; /d/tracing/events/sched/sched_wakeup/enable
</pre>
-<p>如果通过写入 sysfs 节点启用了额外的事件,这些事件将<strong>不会</strong>被 atrace 重置。Qualcomm 设备启动的常用模式是启用 <code>kgsl</code> (GPU) 和 <code>mdss</code>(显示管道)跟踪点,然后使用 atrace 或 <a href="/devices/tech/debug/systrace.html">systrace</a>:</p>
+<p>如果通过写入 sysfs 节点启用了额外的事件,这些事件将<strong>不会</strong>被 atrace 重置。Qualcomm 设备启动的常见模式是启用 <code>kgsl</code> (GPU) 和 <code>mdss</code>(显示管道)跟踪点,然后使用 atrace 或 <a href="/devices/tech/debug/systrace.html">systrace</a>:</p>
<pre class="devsite-click-to-copy">
<code class="devsite-terminal">adb shell "echo 1 &gt; /d/tracing/events/mdss/enable"</code>
@@ -206,7 +206,7 @@ cat /d/tracing/trace &gt; /data/local/tmp/trace
<h2 id="lock_stat">使用 lockstat</h2>
<p>有时,只有 ftrace 是不够的,您必须调试内核锁争用。还有一种内核选项值得尝试:<code>CONFIG_LOCK_STAT</code>。这是最后一种方法,因为要在 Android 设备上应用这一方法非常困难,原因是它会使内核的大小超出大多数设备可以处理的范围。</p>
-<p>不过,lockstat 使用调试锁基础设施,这对很多其他应用都有帮助。负责设备启动的所有人都应想出方法来使该选项适用于每台设备,因为您<strong>也许</strong>会想“如果我可以开启 <code>LOCK_STAT</code>,就可以在 5 分钟(而不是 5 天)内确认或反驳这一问题”。</p>
+<p>不过,lockstat 使用调试锁基础设施,这对很多其他应用都有帮助。负责设备启动的每个人都应该想法让该选项适用于每台设备,因为,如果<strong>以后</strong>碰到这方面的事情,您可能会想“要是能开启 <code>LOCK_STAT</code>,我就可以在 5 分钟(而不是 5 天)内判断是不是这方面的问题”。</p>
<section class="expandable">
<h4 class="showalways">显示问题:当内核以最大负载运行 non-SCHED_FIFO 时,SCHED_FIFO 终止</h4>
@@ -239,6 +239,6 @@ cat /proc/lock_stat &gt; /data/local/tmp/lock_stat
</li>
</ol>
-<p>有关解释所生成的输出结果的帮助内容,请参阅 lockstat 文档:<a href="https://www.kernel.org/doc/Documentation/locking/lockstat.txt"><code>&lt;kernel&gt;/Documentation/locking/lockstat.txt</code></a>。</p>
+<p>要获取关于解读所生成的输出结果的帮助信息,请参阅 lockstat 文档:<a href="https://www.kernel.org/doc/Documentation/locking/lockstat.txt"><code>&lt;kernel&gt;/Documentation/locking/lockstat.txt</code></a>。</p>
</body></html> \ No newline at end of file
diff --git a/zh-cn/devices/tech/debug/gdb.html b/zh-cn/devices/tech/debug/gdb.html
index e6757058..7f17247a 100644
--- a/zh-cn/devices/tech/debug/gdb.html
+++ b/zh-cn/devices/tech/debug/gdb.html
@@ -20,7 +20,7 @@
limitations under the License.
-->
-<p>GNU 项目调试程序 (GDB) 是常用的 Unix 调试程序。本页详细介绍了如何使用 <code>gdb</code> 调试 Android 应用和进程。</p>
+<p>GNU 项目调试程序 (GDB) 是常用的 Unix 调试程序。本页详细介绍了如何使用 <code>gdb</code> 调试 Android 应用和进程(面向平台开发者)。对于第三方应用开发,请参阅<a href="https://developer.android.com/studio/debug/index.html">调试您的应用</a>。</p>
<h2 id="running">调试运行中的应用或进程</h2>
diff --git a/zh-cn/devices/tech/ota/ab/index.html b/zh-cn/devices/tech/ota/ab/index.html
index d7bb1755..54f698d9 100644
--- a/zh-cn/devices/tech/ota/ab/index.html
+++ b/zh-cn/devices/tech/ota/ab/index.html
@@ -23,7 +23,9 @@
<p>A/B 系统更新(也称为无缝更新)的目标是确保在<a href="/devices/tech/ota/index.html">无线下载 (OTA) 更新</a>期间在磁盘上保留一个可正常启动和使用的系统。采用这种方式可以降低更新之后设备无法启动的可能性,这意味着用户需要将设备送到维修和保修中心进行更换和刷机的情况将会减少。其他某些商业级操作系统(例如 <a href="https://www.chromium.org/chromium-os">ChromeOS</a>)也成功运用了 A/B 更新机制。
</p>
- <p>A/B 系统更新可带来以下好处:</p>
+ <p>要详细了解 A/B 系统更新,请参见<a href="#slots">分区选择(槽位)</a>一节。
+
+ </p><p>A/B 系统更新可带来以下好处:</p>
<ul>
<li>
@@ -137,7 +139,7 @@ A/B 系统更新过程会使用名为 <code>update_engine</code> 的后台守护
</ul>
<p>
-由于 <code>update_engine</code> 守护进程本身不会参与到启动流程中,因此该守护进程在更新期间可以执行的操作受当前槽位中的 <a href="/security/selinux/">SELinux</a> 政策和功能限制(在系统启动到新版本之前,此类政策和功能无法更新)。<em></em>为了维持一个稳定可靠的系统,更新流程<strong>不应</strong>修改分区表、当前槽位中各个分区的内容,以及无法通过恢复出厂设置擦除的非 A/B 分区的内容。
+由于 <code>update_engine</code> 守护进程本身不会参与到启动流程中,因此该守护进程在更新期间可执行的操作受限于当前槽位中的 <a href="/security/selinux/">SELinux</a> 政策和功能(在系统启动到新版本之前,此类政策和功能无法更新)。<em></em>为了维持一个稳定可靠的系统,更新流程<strong>不应</strong>修改分区表、当前槽位中各个分区的内容,以及无法通过恢复出厂设置擦除的非 A/B 分区的内容。
</p>
<h4 id="update_engine_source">更新引擎源代码</h4>
@@ -156,7 +158,7 @@ A/B 系统更新过程会使用名为 <code>update_engine</code> 的后台守护
</ul>
<p>
-如需可使用的示例,请参阅 <code><a href="https://android.googlesource.com/device/google/marlin/+/nougat-dr1-release/device-common.mk" class="external-link">/device/google/marlin/device-common.mk</a></code>。
+如需实际示例,请参阅 <code><a href="https://android.googlesource.com/device/google/marlin/+/nougat-dr1-release/device-common.mk" class="external-link">/device/google/marlin/device-common.mk</a></code>。
</p>
<h4 id="update_engine_logs">更新引擎日志</h4>
@@ -178,7 +180,7 @@ A/B 系统更新过程会使用名为 <code>update_engine</code> 的后台守护
更改 594637</a></li>
</ul>
- <p>这些更改会将最新的 <code>update_engine</code> 日志的副本保存到 <code>/data/misc/update_engine_log/update_engine.<var>YEAR</var>-<var>TIME</var></code>。除当前日志以外,最近的五个日志也保存在 <code>/data/misc/update_engine_log/</code> 下方。拥有<strong>日志</strong>组 ID 的用户将能够访问相应的文件系统日志。</p>
+ <p>这些更改会将最新的 <code>update_engine</code> 日志的副本保存到 <code>/data/misc/update_engine_log/update_engine.<var>YEAR</var>-<var>TIME</var></code>。除当前日志以外,最近的五个日志也会保存在 <code>/data/misc/update_engine_log/</code> 下方。拥有<strong>日志</strong>组 ID 的用户将能够访问相应的文件系统日志。</p>
<h3 id="bootloader-interactions">引导加载程序交互</h3>
diff --git a/zh-cn/devices/tech/ota/index.html b/zh-cn/devices/tech/ota/index.html
index fa5bb3da..0ed9dc39 100644
--- a/zh-cn/devices/tech/ota/index.html
+++ b/zh-cn/devices/tech/ota/index.html
@@ -21,19 +21,19 @@
-->
<p>
- 正常使用的 Android 设备可以接收和安装系统和应用软件的无线 (OTA) 更新。本部分介绍了更新包的结构以及构建更新包时所用的工具。它适用于希望将 OTA 更新系统用于新的 Android 设备以及正在编译更新软件包以用于已发布设备的开发者。OTA 更新旨在升级基础操作系统和系统分区上安装的只读应用;这些更新<em>不会</em>影响用户从 Google Play 安装的应用。
+ 正常使用的 Android 设备可以接收和安装系统和应用软件的无线 (OTA) 更新。本部分介绍了更新包的结构以及构建更新包时所用的工具。它适用于希望将 OTA 更新系统用于新的 Android 设备以及正在编译更新软件包以用于已发布设备的开发者。<em></em>OTA 更新旨在升级基础操作系统和系统分区上安装的只读应用;这些更新不会影响用户从 Google Play 安装的应用。
</p>
- <h2 id="ab_updates">A/B 更新</h2>
+ <h2 id="ab_updates">A/B(无缝)系统更新</h2>
<p>
- 现代 A/B 设备中的每个分区都有两个副本(A 和 B)。当系统运行但处于空闲状态时,设备会将更新应用到当前未使用的分区。A/B 设备不需要空间来下载更新软件包,因为它们可以在从网络中读取更新时应用该更新。这被称为“流式传输 A/B”。A/B 更新也被称为“无缝更新”。<em></em><em></em>要详细了解有关 A/B 设备的 OTA 更新,请参阅 <a href="/devices/tech/ota/ab/index.html">A/B(无缝)系统更新</a>。
+ 现代 A/B 设备中的每个分区都有两个副本(A 和 B)。当系统运行但处于空闲状态时,设备会将更新应用到当前未使用的分区。A/B 设备不需要空间来下载更新软件包,因为它们可以在从网络中读取更新时应用该更新。这被称为“流式传输 A/B”。A/B 更新也被称为“无缝更新”。<em></em><em></em>要详细了解有关 A/B 设备的 OTA 更新,请参阅 <a href="/devices/tech/ota/ab/index.html">A/B(无缝)系统更新</a>一文。
</p>
- <h2 id="nonab_updates">非 A/B 更新</h2>
+ <h2 id="nonab_updates">非 A/B 系统更新</h2>
<p>
- 老款设备可在特殊的恢复分区中使用软件解压缩下载的更新包并将其应用于其他分区。有关详细信息,请查看<a href="/devices/tech/ota/nonab/index.html">非 A/B 系统更新</a>。
+ 老款设备可在特殊的恢复分区中使用软件解压缩下载的更新包并将其应用于其他分区。有关详细信息,请参阅<a href="/devices/tech/ota/nonab/index.html">非 A/B 系统更新</a>一文。
</p>
</body></html> \ No newline at end of file
diff --git a/zh-cn/devices/tech/ota/reduce_size.html b/zh-cn/devices/tech/ota/reduce_size.html
index 5268b6ec..cdeb517f 100644
--- a/zh-cn/devices/tech/ota/reduce_size.html
+++ b/zh-cn/devices/tech/ota/reduce_size.html
@@ -73,7 +73,7 @@
<li>要了解操作系统的编译时间,请读取 <code>ro.build.date</code>(应该会对除增量编译之外的所有内容都适用;增量编译可能不会更新此日期)。要查看示例,请参阅:<a href="https://android.googlesource.com/platform/external/libchrome/+/8b7977eccc94f6b3a3896cd13b4aeacbfa1e0f84" class="external">https://android.googlesource.com/platform/external/libchrome/+/8b7977eccc94f6b3a3896cd13b4aeacbfa1e0f84</a>。</li>
</ul>
-<aside class="note"><strong>注意</strong>:Android 7.0 开启了 <code>-Werror=date-time</code>,因此使用时间戳是一种编译错误。</aside>
+<aside class="note"><strong>注意</strong>:Android 7.0 开启了 <code>-Werror=date-time</code>,因此使用时间戳会导致编译错误。</aside>
<h3 id="embedded_timestamps_in_zip-based_archives_zip_jar">归档文件(zip、jar)中的嵌入时间戳</h3>
diff --git a/zh-cn/devices/tech/perf/boot-times.html b/zh-cn/devices/tech/perf/boot-times.html
index 74b39a90..468ead6f 100644
--- a/zh-cn/devices/tech/perf/boot-times.html
+++ b/zh-cn/devices/tech/perf/boot-times.html
@@ -212,14 +212,22 @@ CONFIG_MOBICORE_DRIVER=y
<h3 id="deferring-initialization">延迟初始化</h3>
<p>
-很多进程都在设备启动期间启动,但只有关键路径 (bootloader &gt; kernel &gt; init &gt; file system mount &gt; zygote &gt; system server) 中的组件才会直接影响启动时间。在内核启动期间执行 <strong>initcall</strong> 来识别对启动 init 进程不重要的外设/组件,然后将这些外设/组件延迟到启动过程的后期来启动。
+很多进程都在设备启动期间启动,但只有关键路径 (bootloader &gt; kernel &gt; init &gt; file system mount &gt; zygote &gt; system server) 中的组件才会直接影响启动时间。在内核启动期间分析 <strong>initcall</strong> 的执行情况来识别执行缓慢并且对启动 init 进程不重要的外设/组件,将这些外设/组件编译为内核模块并延迟到启动过程的后期来启动。将外设/组件的初始化过程改为异步并行也有助于解决从内核到init的关键路径。
</p>
-<pre class="prettyprint">
+<pre
+class="prettyprint">
BoardConfig-common.mk:
BOARD_KERNEL_CMDLINE += initcall_debug ignore_loglevel
+
+驱动程序:
+ .probe_type = PROBE_PREFER_ASYNCHRONOUS,
</pre>
+<p class="note">
+<strong>注意</strong> :谨慎处理驱动程序的依赖性,如有其他驱动程序依赖于被异步的驱动程序,要确保 <code>EPROBEDEFER</code> 的支持情况。
+</p>
+
<h2 id="optimizing-i-o-efficiency">优化 I/O 效率</h2>
<p>
@@ -346,6 +354,10 @@ Init 是从内核到框架建立之前的衔接过程,设备通常会在不同
</li><li>启动服务并及早启用关键路径中的外围设备。例如,有些 SOC 需要先启动安全相关服务,然后再启动 SurfaceFlinger。在 ServiceManager 返回“wait for service”(等待服务)时查看系统日志 - 这通常表明必须先启动依赖服务。
</li><li>移除 init.*.rc 中所有未使用的服务和命令。只要是早期阶段的 init 中没有使用的服务和命令,都应推迟到启动完成后再使用。</li></ul>
+<p class="note">
+<strong>注意</strong> :属性服务是 init 进程的一部分,如果在init执行内部脚本命令期间,在代码中调用设置属性的函数有可能被延迟
+</p>
+
<h3 id="using-scheduler-tuning">使用调度程序调整</h3>
<p>
@@ -555,4 +567,4 @@ systrace 的可视化可以帮助分析启动过程中的具体问题。(不
<strong>注意</strong>:Chrome 无法处理过大的文件。请考虑使用 <code>tail</code>、<code>head</code> 或 <code>grep</code> 分割 <code>boot_trace</code> 文件,以获得必要的部分。由于事件过多,I/O 分析通常需要直接分析获取的 <code>boot_trace</code>。
</p>
-</body></html> \ No newline at end of file
+</body></html>
diff --git a/zh-cn/legal.html b/zh-cn/legal.html
index 6e97ba7c..a7534dff 100644
--- a/zh-cn/legal.html
+++ b/zh-cn/legal.html
@@ -30,7 +30,7 @@
<h2 id="Brands">Android 品牌</h2>
-<p>“Android”名称、<img src="/setup/assets/images/sac_logo.png" alt="Android" style="margin:0;padding:0 2px;vertical-align:baseline"/> 徽标和<a href="http://www.google.com/permissions/">其他商标</a>均为 Google LLC 的财产。</p>
+<p>“Android”名称、<img src="/setup/assets/images/sac_logo.png" alt="Android" style="margin:0;padding:0 2px;vertical-align:baseline"/> 徽标及<a href="http://www.google.com/permissions/">其他商标</a>均为 Google LLC 的财产。</p>
<p>要了解更多详情,请参阅<a href="/setup/brands.html">品牌推广指南</a>。</p>
@@ -45,4 +45,4 @@
<div>
-</div></div></body></html>
+</div></div></body></html> \ No newline at end of file
diff --git a/zh-cn/license.html b/zh-cn/license.html
index 4603793b..b9eb8f96 100644
--- a/zh-cn/license.html
+++ b/zh-cn/license.html
@@ -38,7 +38,7 @@
<h2 id="terms">使用条款</h2>
-<p>我们非常乐意根据相应条款授权您使用 Android 文档和示例代码,这些条款鼓励您根据需要采用、修改、重复使用、改编或混编此类内容。您可以在自己的作品中随意使用文档内容,除非下文的<a href="#restrictions">限制</a>部分另有说明。例如,您可以在一本书中引用相应的文字,将某些部分的内容剪切并粘贴到您的博客中,将相应内容录制成有声读物供视障人士收听,甚至还可以将相应内容翻译成其他语言。</p>
+<p>我们非常乐意根据相应条款授权您使用 Android 文档和示例代码,这些条款鼓励您根据需要采用、修改、重复使用、改编或混编此类内容。您可以在自己的作品中随意使用文档内容,除非下文的<a href="#restrictions">限制</a>部分另有说明。例如,您可以在一本书中引用相应的文字,将部分内容剪切并粘贴到您的博客中,录制成有声读物供视障人士收听,甚至还可以翻译成其他语言。</p>
<h2 id="restrictions">限制</h2>
@@ -63,7 +63,7 @@
如果您的在线作品原样复制本网站中的全部或部分文字或图片,请在网页底部附上以下这段内容:<em></em>
</p>
<p style="margin-left:20px;font-style:italic">
- 本网页的部分内容是从 <a href="https://code.google.com/p/android/">Android 开源项目</a>原创及共享作品中复制的,须遵照 <a href="https://creativecommons.org/licenses/by/3.0/">Creative Commons Attribution 3.0 许可</a>所述条款进行使用。
+本网页的部分内容是从 <a href="https://code.google.com/p/android/">Android 开源项目</a>原创及共享作品中复制的,须遵照 <a href="https://creativecommons.org/licenses/by/3.0/">Creative Commons Attribution 3.0 许可</a>所述条款进行使用。
</p>
<p>此外,请提供指向原始来源网页的链接,以便读者参阅相应网页,了解更多信息。
@@ -71,8 +71,7 @@
<h3>经过修改的版本</h3>
<p>
如果您的在线作品会显示在本网站内容的基础上<em>修改的</em>文字或图片,请在您的网页底部附上以下这段内容:</p>
-<p style="margin-left:20px;font-style:italic">
- 本网页的部分内容是在 <a href="https://code.google.com/p/android/">Android 开源项目</a>原创及共享作品的基础上修改而成的,须遵照 <a href="https://creativecommons.org/licenses/by/3.0/">Creative Commons Attribution 3.0 许可</a>所述条款进行使用。
+<p style="margin-left:20px;font-style:italic">本网页的部分内容是在 <a href="https://code.google.com/p/android/">Android 开源项目</a>原创及共享作品的基础上修改而成的,须遵照 <a href="https://creativecommons.org/licenses/by/3.0/">Creative Commons Attribution 3.0 许可</a>所述条款进行使用。
</p>
<p>同样,请提供指向原始来源网页的链接,以便读者参阅相应网页,了解更多信息。在对相应内容做过修改后,尤其要谨记这一点。
</p>
diff --git a/zh-cn/security/advisory/index.html b/zh-cn/security/advisory/index.html
index 2e0028be..1c617e69 100644
--- a/zh-cn/security/advisory/index.html
+++ b/zh-cn/security/advisory/index.html
@@ -35,7 +35,12 @@
<tr>
<td><a href="2016-03-18.html">2016-03-18</a></td>
<td>
- <a href="/security/advisory/2016-03-18.html">English</a> / <a href="/security/advisory/2016-03-18.html?hl=ja">日本語</a> / <a href="/security/advisory/2016-03-18.html?hl=ko">한국어</a> / <a href="/security/advisory/2016-03-18.html?hl=ru">ру́сский</a> / <a href="/security/advisory/2016-03-18.html?hl=zh-cn">中文 (中国)</a> / <a href="/security/advisory/2016-03-18.html?hl=zh-tw">中文 (台灣)</a>
+ <a href="/security/advisory/2016-03-18.html">English</a> /
+ <a href="/security/advisory/2016-03-18.html?hl=ja">日本語</a> /
+ <a href="/security/advisory/2016-03-18.html?hl=ko">한국어</a> /
+ <a href="/security/advisory/2016-03-18.html?hl=ru">ру́сский</a> /
+ <a href="/security/advisory/2016-03-18.html?hl=zh-cn">中文(中国)</a>/
+ <a href="/security/advisory/2016-03-18.html?hl=zh-tw">中文(台灣)</a>
</td>
<td>2016 年 3 月 18 日</td>
</tr>
diff --git a/zh-cn/security/apksigning/v2.html b/zh-cn/security/apksigning/v2.html
index 3870b140..b32f6fff 100644
--- a/zh-cn/security/apksigning/v2.html
+++ b/zh-cn/security/apksigning/v2.html
@@ -1,5 +1,5 @@
<html devsite><head>
- <title>APK 签名架构 v2</title>
+ <title>APK 签名方案 v2</title>
<meta name="project_path" value="/_project.yaml"/>
<meta name="book_path" value="/_book.yaml"/>
</head>
diff --git a/zh-cn/security/bulletin/2016-07-01.html b/zh-cn/security/bulletin/2016-07-01.html
index c100c5ae..74ef6b98 100644
--- a/zh-cn/security/bulletin/2016-07-01.html
+++ b/zh-cn/security/bulletin/2016-07-01.html
@@ -41,7 +41,7 @@
<p>本部分总结了 <a href="/security/enhancements/index.html">Android 安全平台</a>和服务防护功能(如 SafetyNet)提供的缓解措施。这些功能可降低 Android 上的安全漏洞被成功利用的可能性。</p>
<ul>
<li>新版 Android 平台中的增强功能让攻击者更加难以利用 Android 上存在的许多问题。我们建议所有用户都尽可能更新到最新版 Android。</li>
- <li>Android 安全团队会积极利用<a href="/security/reports/Google_Android_Security_2015_Report_Final.pdf">“验证应用”和 SafetyNet</a> 来监控滥用行为,这些功能可在发现<a href="/security/reports/Google_Android_Security_PHA_classifications.pdf">可能有害的应用</a>时向用户发出警告。在预装有 <a href="http://www.android.com/gms">Google 移动服务</a>的设备上,“验证应用”在默认情况下处于启用状态。对于安装来自 Google Play 以外的应用的用户来说,这项功能尤为重要。虽然 Google Play 中禁止提供设备 Root 应用,但用户可能会尝试安装 Root 应用,而“验证应用”会在检测到这类应用(无论应用来自何处)时向用户发出警告。另外,“验证应用”会尝试识别并阻止用户安装会利用提权漏洞的已知恶意应用。如果用户已安装此类应用,那么“验证应用”将会通知用户并尝试移除所检测到的应用。</li>
+ <li>Android 安全团队会积极利用<a href="/security/reports/Google_Android_Security_2015_Report_Final.pdf">“验证应用”和 SafetyNet</a> 来监控滥用行为,这些功能会在发现<a href="/security/reports/Google_Android_Security_PHA_classifications.pdf">可能有害的应用</a>时向用户发出警告。在预装有 <a href="http://www.android.com/gms">Google 移动服务</a>的设备上,“验证应用”在默认情况下处于启用状态。对于安装来自 Google Play 以外的应用的用户来说,这项功能尤为重要。虽然 Google Play 中禁止提供设备 Root 应用,但用户可能会尝试安装 Root 应用,而“验证应用”会在检测到这类应用(无论应用来自何处)时向用户发出警告。另外,“验证应用”会尝试识别并阻止用户安装会利用提权漏洞的已知恶意应用。如果用户已安装此类应用,那么“验证应用”将会通知用户并尝试移除所检测到的应用。</li>
<li>由于已做了适当更新,因此 Google 环聊和 Messenger 应用不会自动将媒体内容传递给 Mediaserver 这类进程。</li>
</ul>
@@ -99,7 +99,9 @@
</tr>
<tr>
<td>CVE-2016-2508</td>
- <td><a href="https://android.googlesource.com/platform/frameworks/av/+/f81038006b4c59a5a148dcad887371206033c28f">A-28799341</a> [<a href="https://android.googlesource.com/platform/frameworks/av/+/d112f7d0c1dbaf0368365885becb11ca8d3f13a4">2</a>]</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/av/+/f81038006b4c59a5a148dcad887371206033c28f">A-28799341</a>
+ [<a href="https://android.googlesource.com/platform/frameworks/av/+/d112f7d0c1dbaf0368365885becb11ca8d3f13a4">2</a>]
+ </td>
<td>严重</td>
<td><a href="#all_nexus">所有 Nexus 设备</a></td>
<td>4.4.4、5.0.2、5.1.1、6.0、6.0.1</td>
@@ -107,7 +109,9 @@
</tr>
<tr>
<td>CVE-2016-3741</td>
- <td><a href="https://android.googlesource.com/platform/external/libavc/+/e629194c62a9a129ce378e08cb1059a8a53f1795">A-28165661</a> [<a href="https://android.googlesource.com/platform/external/libavc/+/cc676ebd95247646e67907ccab150fb77a847335">2</a>]</td>
+ <td><a href="https://android.googlesource.com/platform/external/libavc/+/e629194c62a9a129ce378e08cb1059a8a53f1795">A-28165661</a>
+ [<a href="https://android.googlesource.com/platform/external/libavc/+/cc676ebd95247646e67907ccab150fb77a847335">2</a>]
+ </td>
<td>严重</td>
<td><a href="#all_nexus">所有 Nexus 设备</a></td>
<td>6.0、6.0.1</td>
@@ -460,7 +464,9 @@
</tr>
<tr>
<td>CVE-2016-3754</td>
- <td><a href="https://android.googlesource.com/platform/frameworks/av/+/6fdee2a83432b3b150d6a34f231c4e2f7353c01e">A-28615448</a> [<a href="https://android.googlesource.com/platform/frameworks/av/+/e7142a0703bc93f75e213e96ebc19000022afed9">2</a>]</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/av/+/6fdee2a83432b3b150d6a34f231c4e2f7353c01e">A-28615448</a>
+ [<a href="https://android.googlesource.com/platform/frameworks/av/+/e7142a0703bc93f75e213e96ebc19000022afed9">2</a>]
+ </td>
<td>高</td>
<td><a href="#all_nexus">所有 Nexus 设备</a></td>
<td>4.4.4、5.0.2、5.1.1、6.0、6.0.1</td>
@@ -622,7 +628,10 @@
</tr>
<tr>
<td>CVE-2016-3760</td>
- <td><a href="https://android.googlesource.com/platform/hardware/libhardware/+/8b3d5a64c3c8d010ad4517f652731f09107ae9c5">A-27410683</a> [<a href="https://android.googlesource.com/platform/system/bt/+/37c88107679d36c419572732b4af6e18bb2f7dce">2</a>] [<a href="https://android.googlesource.com/platform/packages/apps/Bluetooth/+/122feb9a0b04290f55183ff2f0384c6c53756bd8">3</a>]</td>
+ <td><a href="https://android.googlesource.com/platform/hardware/libhardware/+/8b3d5a64c3c8d010ad4517f652731f09107ae9c5">A-27410683</a>
+[<a href="https://android.googlesource.com/platform/system/bt/+/37c88107679d36c419572732b4af6e18bb2f7dce">2</a>]
+[<a href="https://android.googlesource.com/platform/packages/apps/Bluetooth/+/122feb9a0b04290f55183ff2f0384c6c53756bd8">3</a>]
+ </td>
<td>中</td>
<td><a href="#all_nexus">所有 Nexus 设备</a></td>
<td>5.0.2、5.1.1、6.0、6.0.1</td>
@@ -777,7 +786,9 @@ Mediaserver 中的拒绝服务漏洞</h3>
</tr>
<tr>
<td>CVE-2016-3766</td>
- <td><a href="https://android.googlesource.com/platform/frameworks/av/+/6fdee2a83432b3b150d6a34f231c4e2f7353c01e">A-28471206</a> [<a href="https://android.googlesource.com/platform/frameworks/av/+/e7142a0703bc93f75e213e96ebc19000022afed9">2</a>]</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/av/+/6fdee2a83432b3b150d6a34f231c4e2f7353c01e">A-28471206</a>
+ [<a href="https://android.googlesource.com/platform/frameworks/av/+/e7142a0703bc93f75e213e96ebc19000022afed9">2</a>]
+ </td>
<td>中</td>
<td><a href="#all_nexus">所有 Nexus 设备</a></td>
<td>4.4.4、5.0.2、5.1.1、6.0、6.0.1</td>
@@ -821,7 +832,7 @@ QC-CR988993</a></td>
<td>2016 年 4 月 20 日</td>
</tr>
</tbody></table>
-<p>*针对该问题的补丁程序未公开发布。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上提供的 Nexus 设备的最新二进制驱动程序中包含相应更新。</p>
+<p>*尚未公开发布针对该问题的补丁程序。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上针对 Nexus 设备提供的最新二进制驱动程序中包含相应更新。</p>
<h3 id="elevation-of-privilege-vulnerability-in-mediatek-wi-fi-driver">
MediaTek WLAN 驱动程序中的提权漏洞</h3>
@@ -848,7 +859,7 @@ MediaTek WLAN 驱动程序中的提权漏洞</h3>
<td>2016 年 4 月 6 日</td>
</tr>
</tbody></table>
-<p>* 针对该问题的补丁程序未公开发布。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上提供的 Nexus 设备的最新二进制驱动程序中包含相应更新。</p>
+<p>*尚未公开发布针对该问题的补丁程序。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上针对 Nexus 设备提供的最新二进制驱动程序中包含相应更新。</p>
<h3 id="elevation-of-privilege-vulnerability-in-qualcomm-performance-component">Qualcomm 效能组件中的提权漏洞</h3>
<p>Qualcomm 效能组件中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于该漏洞有可能会造成本地设备永久损坏,而用户可能需要通过重写操作系统来修复设备,因此我们将其严重程度评为“严重”。</p>
@@ -874,7 +885,7 @@ MediaTek WLAN 驱动程序中的提权漏洞</h3>
<td>2016 年 4 月 9 日</td>
</tr>
</tbody></table>
-<p>*针对该问题的补丁程序未公开发布。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上提供的 Nexus 设备的最新二进制驱动程序中包含相应更新。</p>
+<p>*尚未公开发布针对该问题的补丁程序。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上针对 Nexus 设备提供的最新二进制驱动程序中包含相应更新。</p>
<h3 id="elevation-of-privilege-vulnerability-in-nvidia-video-driver">
NVIDIA 视频驱动程序中的提权漏洞</h3>
@@ -901,7 +912,7 @@ NVIDIA 视频驱动程序中的提权漏洞</h3>
<td>2016 年 4 月 18 日</td>
</tr>
</tbody></table>
-<p>*针对该问题的补丁程序未公开发布。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上提供的 Nexus 设备的最新二进制驱动程序中包含相应更新。</p>
+<p>*尚未公开发布针对该问题的补丁程序。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上针对 Nexus 设备提供的最新二进制驱动程序中包含相应更新。</p>
<h3 id="elevation-of-privilege-vulnerability-in-mediatek-drivers-device-specific">
MediaTek 驱动程序中的提权漏洞(与特定设备有关)</h3>
@@ -956,7 +967,7 @@ MediaTek 驱动程序中的提权漏洞(与特定设备有关)</h3>
<td>2016 年 4 月 22 日</td>
</tr>
</tbody></table>
-<p>*针对该问题的补丁程序未公开发布。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上提供的 Nexus 设备的最新二进制驱动程序中包含相应更新。</p>
+<p>*尚未公开发布针对该问题的补丁程序。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上针对 Nexus 设备提供的最新二进制驱动程序中包含相应更新。</p>
<h3 id="elevation-of-privilege-vulnerability-in-kernel-file-system">
内核文件系统中的提权漏洞</h3>
@@ -983,7 +994,7 @@ MediaTek 驱动程序中的提权漏洞(与特定设备有关)</h3>
<td>2016 年 5 月 4 日</td>
</tr>
</tbody></table>
-<p>* 针对该问题的补丁程序未公开发布。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上提供的 Nexus 设备的最新二进制驱动程序中包含相应更新。</p>
+<p>*尚未公开发布针对该问题的补丁程序。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上针对 Nexus 设备提供的最新二进制驱动程序中包含相应更新。</p>
<h3 id="elevation-of-privilege-vulnerability-in-usb-driver">
USB 驱动程序中的提权漏洞</h3>
@@ -1010,11 +1021,11 @@ USB 驱动程序中的提权漏洞</h3>
<td>2016 年 5 月 4 日</td>
</tr>
</tbody></table>
-<p>* 针对该问题的补丁程序未公开发布。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上提供的 Nexus 设备的最新二进制驱动程序中包含相应更新。</p>
+<p>*尚未公开发布针对该问题的补丁程序。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上针对 Nexus 设备提供的最新二进制驱动程序中包含相应更新。</p>
<h3 id="elevation-of-privilege-vulnerability-in-qualcomm-components">
Qualcomm 组件中的提权漏洞</h3>
-<p>下表列出了影响 Qualcomm 组件(包括引导加载程序、相机驱动程序、字符驱动程序、网络、声音驱动程序和视频驱动程序)的安全漏洞。</p>
+<p>下表中列出了影响 Qualcomm 组件(包括引导加载程序、摄像头驱动程序、字符驱动程序、网络组件、声音驱动程序和视频驱动程序)的安全漏洞。</p>
<p>由于这些问题中危险性最高的问题可能会让有心人士执行任意代码,进而导致本地设备永久损坏,且用户可能需要通过重写操作系统来修复设备,因此我们将此类问题的严重程度评为“严重”。</p>
<table>
@@ -1033,7 +1044,9 @@ Qualcomm 组件中的提权漏洞</h3>
<tr>
<td>CVE-2014-9795</td>
<td>A-28820720<br />
- <a href="https://us.codeaurora.org/cgit/quic/la//kernel/lk/commit/?id=ce2a0ea1f14298abc83729f3a095adab43342342">QC-CR681957</a> [<a href="https://us.codeaurora.org/cgit/quic/la//kernel/lk/commit/?id=fc3b31f81a1c128c2bcc745564a075022cd72a2e">2</a>]</td>
+ <a href="https://us.codeaurora.org/cgit/quic/la//kernel/lk/commit/?id=ce2a0ea1f14298abc83729f3a095adab43342342">QC-CR681957</a>
+ [<a href="https://us.codeaurora.org/cgit/quic/la//kernel/lk/commit/?id=fc3b31f81a1c128c2bcc745564a075022cd72a2e">2</a>]
+ </td>
<td>严重</td>
<td>Nexus 5</td>
<td>2014 年 8 月 8 日</td>
@@ -1124,7 +1137,8 @@ Qualcomm 组件中的提权漏洞</h3>
<tr>
<td>CVE-2014-9783</td>
<td>A-28441831<br />
- <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=2b1050b49a9a5f7bb57006648d145e001a3eaa8b">QC-CR511382</a> [<a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=a7502f4f801bb95bff73617309835bb7a016cde5">2</a>]</td>
+ <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=2b1050b49a9a5f7bb57006648d145e001a3eaa8b">QC-CR511382</a>
+ [<a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=a7502f4f801bb95bff73617309835bb7a016cde5">2</a>]</td>
<td>高</td>
<td>Nexus 7 (2013)</td>
<td>2014 年 3 月 31 日</td>
@@ -1172,7 +1186,8 @@ Qualcomm 组件中的提权漏洞</h3>
<tr>
<td>CVE-2014-9790</td>
<td>A-28769136<br />
- <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?h=LA.BF.1.1.3_rb1.12&id=6ed921bda8cbb505e8654dfc1095185b0bccc38e">QC-CR545716</a> [<a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit?h=LA.BF.1.1.3_rb1.12&id=9bc30c0d1832f7dd5b6fa10d5e48a29025176569">2</a>]</td>
+ <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?h=LA.BF.1.1.3_rb1.12&id=6ed921bda8cbb505e8654dfc1095185b0bccc38e">QC-CR545716</a>
+ [<a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit?h=LA.BF.1.1.3_rb1.12&id=9bc30c0d1832f7dd5b6fa10d5e48a29025176569">2</a>]</td>
<td>高</td>
<td>Nexus 5、Nexus 7 (2013)</td>
<td>2014 年 4 月 30 日</td>
@@ -1278,7 +1293,7 @@ Qualcomm 组件中的提权漏洞</h3>
<h3 id="elevation-of-privilege-vulnerability-in-qualcomm-usb-driver">
Qualcomm USB 驱动程序中的提权漏洞</h3>
-<p>Qualcomm USB 驱动程序中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于该漏洞需要先破坏特许进程,因此我们将其严重程度评为“高”。</p>
+<p>Qualcomm USB 驱动程序中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于恶意应用在利用该漏洞时需要先破坏特权进程,因此我们将其严重程度评为“高”。</p>
<table>
<colgroup><col width="19%" />
@@ -1305,7 +1320,7 @@ Qualcomm USB 驱动程序中的提权漏洞</h3>
<h3 id="elevation-of-privilege-vulnerability-in-qualcomm-wi-fi-driver">
Qualcomm WLAN 驱动程序中的提权漏洞</h3>
-<p>Qualcomm WLAN 驱动程序中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于该漏洞需要先破坏特许进程,因此我们将其严重程度评为“高”。</p>
+<p>Qualcomm WLAN 驱动程序中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于恶意应用在利用该漏洞时需要先破坏特权进程,因此我们将其严重程度评为“高”。</p>
<table>
<colgroup><col width="19%" />
@@ -1331,8 +1346,8 @@ Qualcomm WLAN 驱动程序中的提权漏洞</h3>
</tbody></table>
<h3 id="elevation-of-privilege-vulnerability-in-qualcomm-camera-driver">
-Qualcomm 相机驱动程序中的提权漏洞</h3>
-<p>Qualcomm 相机驱动程序中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于该漏洞需要先破坏特许进程,因此我们将其严重程度评为“高”。</p>
+Qualcomm 摄像头驱动程序中的提权漏洞</h3>
+<p>Qualcomm 摄像头驱动程序中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于恶意应用在利用该漏洞时需要先破坏特权进程,因此我们将其严重程度评为“高”。</p>
<table>
<colgroup><col width="19%" />
@@ -1356,11 +1371,11 @@ QC-CR1001092</td>
<td>2016 年 3 月 27 日</td>
</tr>
</tbody></table>
-<p>* 针对该问题的补丁程序未公开发布。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上提供的 Nexus 设备的最新二进制驱动程序中包含相应更新。</p>
+<p>*尚未公开发布针对该问题的补丁程序。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上针对 Nexus 设备提供的最新二进制驱动程序中包含相应更新。</p>
<h3 id="elevation-of-privilege-vulnerability-in-nvidia-camera-driver">
-NVIDIA 相机驱动程序中的提权漏洞</h3>
-<p>NVIDIA 相机驱动程序中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于该漏洞需要先破坏特许进程,因此我们将其严重程度评为“高”。</p>
+NVIDIA 摄像头驱动程序中的提权漏洞</h3>
+<p>NVIDIA 摄像头驱动程序中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于恶意应用在利用该漏洞时需要先破坏特权进程,因此我们将其严重程度评为“高”。</p>
<table>
<colgroup><col width="19%" />
@@ -1383,11 +1398,11 @@ NVIDIA 相机驱动程序中的提权漏洞</h3>
<td>2016 年 4 月 5 日</td>
</tr>
</tbody></table>
-<p>* 针对该问题的补丁程序未公开发布。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上提供的 Nexus 设备的最新二进制驱动程序中包含相应更新。</p>
+<p>*尚未公开发布针对该问题的补丁程序。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上针对 Nexus 设备提供的最新二进制驱动程序中包含相应更新。</p>
<h3 id="elevation-of-privilege-vulnerability-in-mediatek-power-driver">
MediaTek 电源驱动程序中的提权漏洞</h3>
-<p>MediaTek 电源驱动程序中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于该漏洞需要先破坏特许进程,因此我们将其严重程度评为“高”。</p>
+<p>MediaTek 电源驱动程序中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于恶意应用在利用该漏洞时需要先破坏特权进程,因此我们将其严重程度评为“高”。</p>
<table>
<colgroup><col width="19%" />
@@ -1417,11 +1432,11 @@ MediaTek 电源驱动程序中的提权漏洞</h3>
<td>2016 年 4 月 7 日</td>
</tr>
</tbody></table>
-<p>* 针对该问题的补丁程序未公开发布。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上提供的 Nexus 设备的最新二进制驱动程序中包含相应更新。</p>
+<p>*尚未公开发布针对该问题的补丁程序。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上针对 Nexus 设备提供的最新二进制驱动程序中包含相应更新。</p>
<h3 id="elevation-of-privilege-vulnerability-in-qualcomm-wi-fi-driver-2">
Qualcomm WLAN 驱动程序中的提权漏洞</h3>
-<p>Qualcomm WLAN 驱动程序中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于该漏洞需要先破坏特许进程,因此我们将其严重程度评为“高”。</p>
+<p>Qualcomm WLAN 驱动程序中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于恶意应用在利用该漏洞时需要先破坏特权进程,因此我们将其严重程度评为“高”。</p>
<table>
<colgroup><col width="19%" />
@@ -1439,17 +1454,17 @@ Qualcomm WLAN 驱动程序中的提权漏洞</h3>
<tr>
<td>CVE-2016-3797</td>
<td>A-28085680*
- QC-CR1001450</td>
+QC-CR1001450</td>
<td>高</td>
<td>Nexus 5X</td>
<td>2016 年 4 月 7 日</td>
</tr>
</tbody></table>
-<p>* 针对该问题的补丁程序未公开发布。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上提供的 Nexus 设备的最新二进制驱动程序中包含相应更新。</p>
+<p>*尚未公开发布针对该问题的补丁程序。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上针对 Nexus 设备提供的最新二进制驱动程序中包含相应更新。</p>
<h3 id="elevation-of-privilege-vulnerability-in-mediatek-hardware-sensor-driver">
MediaTek 硬件传感器驱动程序中的提权漏洞</h3>
-<p>MediaTek 硬件传感器驱动程序中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于该漏洞需要先破坏特许进程,因此我们将其严重程度评为“高”。</p>
+<p>MediaTek 硬件传感器驱动程序中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于恶意应用在利用该漏洞时需要先破坏特权进程,因此我们将其严重程度评为“高”。</p>
<table>
<colgroup><col width="19%" />
@@ -1472,11 +1487,11 @@ MediaTek 硬件传感器驱动程序中的提权漏洞</h3>
<td>2016 年 4 月 11 日</td>
</tr>
</tbody></table>
-<p>* 针对该问题的补丁程序未公开发布。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上提供的 Nexus 设备的最新二进制驱动程序中包含相应更新。</p>
+<p>*尚未公开发布针对该问题的补丁程序。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上针对 Nexus 设备提供的最新二进制驱动程序中包含相应更新。</p>
<h3 id="elevation-of-privilege-vulnerability-in-mediatek-video-driver">
MediaTek 视频驱动程序中的提权漏洞</h3>
-<p>MediaTek 视频驱动程序中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于该漏洞需要先破坏特许进程,因此我们将其严重程度评为“高”。</p>
+<p>MediaTek 视频驱动程序中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于恶意应用在利用该漏洞时需要先破坏特权进程,因此我们将其严重程度评为“高”。</p>
<table>
<colgroup><col width="19%" />
@@ -1506,11 +1521,11 @@ MediaTek 视频驱动程序中的提权漏洞</h3>
<td>2016 年 4 月 11 日</td>
</tr>
</tbody></table>
-<p>* 针对该问题的补丁程序未公开发布。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上提供的 Nexus 设备的最新二进制驱动程序中包含相应更新。</p>
+<p>*尚未公开发布针对该问题的补丁程序。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上针对 Nexus 设备提供的最新二进制驱动程序中包含相应更新。</p>
<h3 id="elevation-of-privilege-vulnerability-in-mediatek-gps-driver">
MediaTek GPS 驱动程序中的提权漏洞</h3>
-<p>MediaTek GPS 驱动程序中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于该漏洞需要先破坏特许进程,因此我们将其严重程度评为“高”。</p>
+<p>MediaTek GPS 驱动程序中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于恶意应用在利用该漏洞时需要先破坏特权进程,因此我们将其严重程度评为“高”。</p>
<table>
<colgroup><col width="19%" />
@@ -1533,11 +1548,11 @@ MediaTek GPS 驱动程序中的提权漏洞</h3>
<td>2016 年 4 月 11 日</td>
</tr>
</tbody></table>
-<p>* 针对该问题的补丁程序未公开发布。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上提供的 Nexus 设备的最新二进制驱动程序中包含相应更新。</p>
+<p>*尚未公开发布针对该问题的补丁程序。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上针对 Nexus 设备提供的最新二进制驱动程序中包含相应更新。</p>
<h3 id="elevation-of-privilege-vulnerability-in-kernel-file-system-2">
内核文件系统中的提权漏洞</h3>
-<p>内核文件系统中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于该漏洞需要先破坏特许进程,因此我们将其严重程度评为“高”。</p>
+<p>内核文件系统中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于恶意应用在利用该漏洞时需要先破坏特权进程,因此我们将其严重程度评为“高”。</p>
<table>
<colgroup><col width="19%" />
@@ -1567,11 +1582,11 @@ MediaTek GPS 驱动程序中的提权漏洞</h3>
<td>2016 年 5 月 4 日</td>
</tr>
</tbody></table>
-<p>* 针对该问题的补丁程序未公开发布。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上提供的 Nexus 设备的最新二进制驱动程序中包含相应更新。</p>
+<p>*尚未公开发布针对该问题的补丁程序。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上针对 Nexus 设备提供的最新二进制驱动程序中包含相应更新。</p>
<h3 id="elevation-of-privilege-vulnerability-in-mediatek-power-management-driver">
MediaTek 电源管理驱动程序中的提权漏洞</h3>
-<p>MediaTek 电源管理驱动程序中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于该漏洞需要先破坏特许进程,因此我们将其严重程度评为“高”。</p>
+<p>MediaTek 电源管理驱动程序中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于恶意应用在利用该漏洞时需要先破坏特权进程,因此我们将其严重程度评为“高”。</p>
<table>
<colgroup><col width="19%" />
@@ -1601,11 +1616,11 @@ MediaTek 电源管理驱动程序中的提权漏洞</h3>
<td>2016 年 4 月 21 日</td>
</tr>
</tbody></table>
-<p>* 针对该问题的补丁程序未公开发布。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上提供的 Nexus 设备的最新二进制驱动程序中包含相应更新。</p>
+<p>*尚未公开发布针对该问题的补丁程序。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上针对 Nexus 设备提供的最新二进制驱动程序中包含相应更新。</p>
<h3 id="elevation-of-privilege-vulnerability-in-mediatek-display-driver">
MediaTek 显卡驱动程序中的提权漏洞</h3>
-<p>MediaTek 显卡驱动程序中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于该漏洞需要先破坏特许进程,因此我们将其严重程度评为“高”。</p>
+<p>MediaTek 显卡驱动程序中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于恶意应用在利用该漏洞时需要先破坏特权进程,因此我们将其严重程度评为“高”。</p>
<table>
<colgroup><col width="19%" />
@@ -1628,11 +1643,11 @@ MediaTek 显卡驱动程序中的提权漏洞</h3>
<td>2016 年 4 月 26 日</td>
</tr>
</tbody></table>
-<p>* 针对该问题的补丁程序未公开发布。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上提供的 Nexus 设备的最新二进制驱动程序中包含相应更新。</p>
+<p>*尚未公开发布针对该问题的补丁程序。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上针对 Nexus 设备提供的最新二进制驱动程序中包含相应更新。</p>
<h3 id="elevation-of-privilege-vulnerability-in-serial-peripheral-interface-driver">
串行外设接口驱动程序中的提权漏洞</h3>
-<p>串行外设接口驱动程序中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于该漏洞需要先破坏特许进程,因此我们将其严重程度评为“高”。</p>
+<p>串行外设接口驱动程序中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于恶意应用在利用该漏洞时需要先破坏特权进程,因此我们其严重程度评为“高”。</p>
<table>
<colgroup><col width="19%" />
@@ -1662,11 +1677,11 @@ MediaTek 显卡驱动程序中的提权漏洞</h3>
<td>2016 年 4 月 26 日</td>
</tr>
</tbody></table>
-<p>* 针对该问题的补丁程序未公开发布。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上提供的 Nexus 设备的最新二进制驱动程序中包含相应更新。</p>
+<p>*尚未公开发布针对该问题的补丁程序。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上针对 Nexus 设备提供的最新二进制驱动程序中包含相应更新。</p>
<h3 id="elevation-of-privilege-vulnerability-in-qualcomm-sound-driver">
Qualcomm 声音驱动程序中的提权漏洞</h3>
-<p>Qualcomm 声音驱动程序中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于该漏洞需要先破坏特许进程,因此我们将其严重程度评为“高”。</p>
+<p>Qualcomm 声音驱动程序中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于恶意应用在利用该漏洞时需要先破坏特权进程,因此我们将其严重程度评为“高”。</p>
<table>
<colgroup><col width="19%" />
@@ -1693,7 +1708,7 @@ Qualcomm 声音驱动程序中的提权漏洞</h3>
<h3 id="elevation-of-privilege-vulnerability-in-kernel">
内核中的提权漏洞</h3>
-<p>内核中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于该漏洞需要先破坏特许进程,因此我们将其严重程度评为“高”。</p>
+<p>内核中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于恶意应用在利用该漏洞时需要先破坏特权进程,因此我们将其严重程度评为“高”。</p>
<table>
<colgroup><col width="19%" />
@@ -1743,7 +1758,7 @@ Qualcomm 声音驱动程序中的提权漏洞</h3>
<td>2016 年 3 月 5 日</td>
</tr>
</tbody></table>
-<p>* 针对该问题的补丁程序未公开发布。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上提供的 Nexus 设备的最新二进制驱动程序中包含相应更新。</p>
+<p>*尚未公开发布针对该问题的补丁程序。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上针对 Nexus 设备提供的最新二进制驱动程序中包含相应更新。</p>
<h3 id="information-disclosure-vulnerability-in-mediatek-wi-fi-driver">
MediaTek WLAN 驱动程序中的信息披露漏洞</h3>
@@ -1770,11 +1785,11 @@ MediaTek WLAN 驱动程序中的信息披露漏洞</h3>
<td>2016 年 4 月 12 日</td>
</tr>
</tbody></table>
-<p>* 针对该问题的补丁程序未公开发布。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上提供的 Nexus 设备的最新二进制驱动程序中包含相应更新。</p>
+<p>*尚未公开发布针对该问题的补丁程序。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上针对 Nexus 设备提供的最新二进制驱动程序中包含相应更新。</p>
<h3 id="elevation-of-privilege-vulnerability-in-kernel-video-driver">
内核视频驱动程序中的提权漏洞</h3>
-<p>内核视频驱动程序中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于该漏洞需要先破坏特许进程,因此我们将其严重程度评为“中”。</p>
+<p>内核视频驱动程序中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于恶意应用在利用该漏洞时需要先破坏特权进程,因此我们将其严重程度评为“中”。</p>
<table>
<colgroup><col width="19%" />
@@ -1797,11 +1812,11 @@ MediaTek WLAN 驱动程序中的信息披露漏洞</h3>
<td>Google 内部</td>
</tr>
</tbody></table>
-<p>* 针对该问题的补丁程序未公开发布。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上提供的 Nexus 设备的最新二进制驱动程序中包含相应更新。</p>
+<p>*尚未公开发布针对该问题的补丁程序。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上针对 Nexus 设备提供的最新二进制驱动程序中包含相应更新。</p>
<h3 id="information-disclosure-vulnerability-in-mediatek-video-codec-driver">
MediaTek 视频编解码器驱动程序中的信息披露漏洞</h3>
-<p>MediaTek 视频编解码器驱动程序中的信息披露漏洞可让本地恶意应用获取超出其权限范围的数据。由于该漏洞需要先破坏特许进程,因此我们将其严重程度评为“中”。</p>
+<p>MediaTek 视频编解码器驱动程序中的信息披露漏洞可让本地恶意应用获取超出其权限范围的数据。由于恶意应用在利用该漏洞时需要先破坏特权进程,因此我们将其严重程度评为“中”。</p>
<table>
<colgroup><col width="19%" />
@@ -1824,11 +1839,11 @@ MediaTek 视频编解码器驱动程序中的信息披露漏洞</h3>
<td>2016 年 4 月 11 日</td>
</tr>
</tbody></table>
-<p>* 针对该问题的补丁程序未公开发布。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上提供的 Nexus 设备的最新二进制驱动程序中包含相应更新。</p>
+<p>*尚未公开发布针对该问题的补丁程序。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上针对 Nexus 设备提供的最新二进制驱动程序中包含相应更新。</p>
<h3 id="information-disclosure-vulnerability-in-qualcomm-usb-driver">
Qualcomm USB 驱动程序中的信息披露漏洞</h3>
-<p>Qualcomm USB 驱动程序中的信息披露漏洞可让本地恶意应用获取超出其权限范围的数据。由于该漏洞需要先破坏特许进程,因此我们将其严重程度评为“中”。</p>
+<p>Qualcomm USB 驱动程序中的信息披露漏洞可让本地恶意应用获取超出其权限范围的数据。由于恶意应用在利用该漏洞时需要先破坏特权进程,因此我们将其严重程度评为“中”。</p>
<table>
<colgroup><col width="19%" />
@@ -1852,11 +1867,11 @@ QC-CR1010222</td>
<td>2016 年 4 月 11 日</td>
</tr>
</tbody></table>
-<p>* 针对该问题的补丁程序未公开发布。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上提供的 Nexus 设备的最新二进制驱动程序中包含相应更新。</p>
+<p>*尚未公开发布针对该问题的补丁程序。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上针对 Nexus 设备提供的最新二进制驱动程序中包含相应更新。</p>
<h3 id="information-disclosure-vulnerability-in-nvidia-camera-driver">
-NVIDIA 相机驱动程序中的信息披露漏洞</h3>
-<p>NVIDIA 相机驱动程序中的信息披露漏洞可让本地恶意应用获取超出其权限范围的数据。由于该漏洞需要先破坏特许进程,因此我们将其严重程度评为“中”。</p>
+NVIDIA 摄像头驱动程序中的信息披露漏洞</h3>
+<p>NVIDIA 摄像头驱动程序中的信息披露漏洞可让本地恶意应用获取超出其权限范围的数据。由于恶意应用在利用该漏洞时需要先破坏特权进程,因此我们将其严重程度评为“中”。</p>
<table>
<colgroup><col width="19%" />
@@ -1886,11 +1901,11 @@ NVIDIA 相机驱动程序中的信息披露漏洞</h3>
<td>2016 年 5 月 1 日</td>
</tr>
</tbody></table>
-<p>* 针对该问题的补丁程序未公开发布。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上提供的 Nexus 设备的最新二进制驱动程序中包含相应更新。</p>
+<p>*尚未公开发布针对该问题的补丁程序。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上针对 Nexus 设备提供的最新二进制驱动程序中包含相应更新。</p>
<h3 id="information-disclosure-vulnerability-in-mediatek-display-driver">
MediaTek 显卡驱动程序中的信息披露漏洞</h3>
-<p>MediaTek 显卡驱动程序中的信息披露漏洞可让本地恶意应用获取超出其权限范围的数据。由于该漏洞需要先破坏特许进程,因此我们将其严重程度评为“中”。</p>
+<p>MediaTek 显卡驱动程序中的信息披露漏洞可让本地恶意应用获取超出其权限范围的数据。由于恶意应用在利用该漏洞时需要先破坏特权进程,因此我们将其严重程度评为“中”。</p>
<table>
<colgroup><col width="19%" />
@@ -1913,11 +1928,11 @@ MediaTek 显卡驱动程序中的信息披露漏洞</h3>
<td>2016 年 4 月 26 日</td>
</tr>
</tbody></table>
-<p>* 针对该问题的补丁程序未公开发布。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上提供的 Nexus 设备的最新二进制驱动程序中包含相应更新。</p>
+<p>*尚未公开发布针对该问题的补丁程序。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上针对 Nexus 设备提供的最新二进制驱动程序中包含相应更新。</p>
<h3 id="information-disclosure-vulnerability-in-kernel-teletype-driver">
内核电传驱动程序中的信息披露漏洞</h3>
-<p>电传驱动程序中的信息披露漏洞可让本地恶意应用获取超出其权限范围的数据。由于该漏洞需要先破坏特许进程,因此我们将其严重程度评为“中”。</p>
+<p>电传驱动程序中的信息披露漏洞可让本地恶意应用获取超出其权限范围的数据。由于恶意应用在利用该漏洞时需要先破坏特权进程,因此我们将其严重程度评为“中”。</p>
<table>
<colgroup><col width="19%" />
@@ -1944,7 +1959,7 @@ MediaTek 显卡驱动程序中的信息披露漏洞</h3>
<h3 id="denial-of-service-vulnerability-in-qualcomm-bootloader">
Qualcomm 引导加载程序中的拒绝服务漏洞</h3>
-<p>Qualcomm 引导加载程序中的拒绝服务漏洞可让本地恶意应用造成本地设备永久损坏,而用户可能需要通过重写操作系统来修复设备。由于该漏洞需要先破坏特许进程,因此我们将其严重程度评为“中”。</p>
+<p>Qualcomm 引导加载程序中的拒绝服务漏洞可让本地恶意应用造成本地设备永久损坏,而用户可能需要通过重写操作系统来修复设备。由于恶意应用在利用该漏洞时需要先破坏特权进程,因此我们将其严重程度评为“中”。</p>
<table>
<colgroup><col width="19%" />
@@ -1990,9 +2005,9 @@ Qualcomm 引导加载程序中的拒绝服务漏洞</h3>
<p id="all_nexus"><strong>3. 如何确定各个问题都会影响哪些 Nexus 设备?</strong></p>
<p>在 <a href="#2016-07-01-details">2016-07-01</a> 和 <a href="#2016-07-05-details">2016-07-05</a> 安全漏洞详情部分,每个表中均包含“已更新的 Nexus 设备”列,其中列出了已针对每个问题进行更新的受影响 Nexus 设备。此列有以下几种情形:</p>
<ul>
- <li><strong>所有 Nexus 设备</strong>:如果某个问题会影响所有 Nexus 设备,则相应表的“已更新的 Nexus 设备”列中会显示“所有 Nexus 设备”。<em></em>“所有 Nexus 设备”包含下列<a href="https://support.google.com/nexus/answer/4457705#nexus_devices">受支持的设备</a>:Nexus 5、Nexus 5X、Nexus 6、Nexus 6P、Nexus 7 (2013)、Nexus 9、Android One、Nexus Player 和 Pixel C。</li>
- <li><strong>部分 Nexus 设备</strong>:如果某个问题仅会影响部分 Nexus 设备,则“已更新的 Nexus 设备”列中会列出受影响的 Nexus 设备。<em></em></li>
- <li><strong>无 Nexus 设备</strong>:如果某个问题不会影响任何 Nexus 设备,则相应表的“已更新的 Nexus 设备”列中会显示“无”。<em></em></li>
+ <li><strong>所有 Nexus 设备</strong>:如果问题会影响所有 Nexus 设备,则相应表的“已更新的 Nexus 设备”列中会显示“所有 Nexus 设备”。<em></em>“所有 Nexus 设备”包含下列<a href="https://support.google.com/nexus/answer/4457705#nexus_devices">受支持的设备</a>:Nexus 5、Nexus 5X、Nexus 6、Nexus 6P、Nexus 7 (2013)、Nexus 9、Android One、Nexus Player 和 Pixel C。</li>
+ <li><strong>部分 Nexus 设备</strong>:如果问题仅会影响部分 Nexus 设备,则“已更新的 Nexus 设备”列中会列出受影响的 Nexus 设备。<em></em></li>
+ <li><strong>无 Nexus 设备</strong>:如果问题不会影响任何 Nexus 设备,则相应表的“已更新的 Nexus 设备”列中会显示“无”。<em></em></li>
</ul>
<p><strong>4.“参考信息”列中的条目对应的是什么内容?</strong></p>
diff --git a/zh-cn/security/bulletin/2016-12-01.html b/zh-cn/security/bulletin/2016-12-01.html
index 0b165b35..3ca21240 100644
--- a/zh-cn/security/bulletin/2016-12-01.html
+++ b/zh-cn/security/bulletin/2016-12-01.html
@@ -93,7 +93,7 @@ Android 安全公告详细介绍了会影响 Android 设备的安全漏洞。除
<li>奇虎 360 科技有限公司成都安全响应中心的 <a href="http://weibo.com/ele7enxxh">Zinuo Han</a>:CVE-2016-6762</li>
</ul>
<p>
-此外,还要衷心感谢瓶子科技的 MengLuo Gou (<a href="https://twitter.com/idhyt3r">@idhyt3r</a>)、Google 的王勇 (<a href="https://twitter.com/ThomasKing2014">@ThomasKing2014</a>) 和 Zubin Mithra 为本安全公告做出的贡献。
+此外,还要衷心感谢瓶子科技的 MengLuo Gou (<a href="https://twitter.com/idhyt3r">@idhyt3r</a>) 以及 Google 的王勇 (<a href="https://twitter.com/ThomasKing2014">@ThomasKing2014</a>) 和 Zubin Mithra 为本安全公告做出的贡献。
</p>
<h2 id="2016-12-01-details">2016-12-01 安全补丁程序级别 - 漏洞详情</h2>
@@ -101,7 +101,7 @@ Android 安全公告详细介绍了会影响 Android 设备的安全漏洞。除
<h3 id="rce-in-curl-libcurl">CURL/LIBCURL 中的远程代码执行漏洞</h3>
<p>
-下表列出了影响 CURL 和 LIBCURL 库的安全漏洞。其中最严重的问题可让中间人攻击者使用伪造的证书通过特许进程执行任意代码。由于攻击者需要伪造的证书,因此我们将该漏洞的严重程度评为“高”。
+下表中列出了影响 CURL 和 LIBCURL 库的安全漏洞。其中最严重的问题可让中间人攻击者使用伪造的证书通过特许进程执行任意代码。由于攻击者需要伪造的证书,因此我们将该漏洞的严重程度评为“高”。
</p>
<table>
@@ -147,7 +147,7 @@ Android 安全公告详细介绍了会影响 Android 设备的安全漏洞。除
<h3 id="eop-in-libziparchive">libziparchive 中的提权漏洞</h3>
<p>
-libziparchive 库中的提权漏洞可让本地恶意应用通过特许进程执行任意代码。由于攻击者可以利用该漏洞使第三方应用在本地获取超出规定的权能,因此我们将其严重程度评为“高”。
+libziparchive 库中的提权漏洞可让本地恶意应用通过特许进程执行任意代码。由于攻击者可以利用该漏洞使第三方应用在本地获取超出规定的权能,因此我们将该漏洞的严重程度评为“高”。
</p>
<table>
@@ -167,7 +167,9 @@ libziparchive 库中的提权漏洞可让本地恶意应用通过特许进程执
</tr>
<tr>
<td>CVE-2016-6762</td>
- <td><a href="https://android.googlesource.com/platform/system/core/+/1ee4892e66ba314131b7ecf17e98bb1762c4b84c">A-31251826</a> [<a href="https://android.googlesource.com/platform/bionic/+/3656958a16590d07d1e25587734e000beb437740">2</a>]</td>
+ <td><a href="https://android.googlesource.com/platform/system/core/+/1ee4892e66ba314131b7ecf17e98bb1762c4b84c">A-31251826</a>
+ [<a href="https://android.googlesource.com/platform/bionic/+/3656958a16590d07d1e25587734e000beb437740">2</a>]
+ </td>
<td>高</td>
<td>所有</td>
<td>5.0.2、5.1.1、6.0、6.0.1、7.0</td>
@@ -177,7 +179,7 @@ libziparchive 库中的提权漏洞可让本地恶意应用通过特许进程执
<h3 id="dos-in-telephony">Telephony 中的拒绝服务漏洞</h3>
<p>
-Telephony 中的拒绝服务漏洞可让本地恶意应用使用特制文件挂起或重启设备。由于攻击者可以利用该漏洞在本地发起永久拒绝服务攻击,因此我们将其严重程度评为“高”。
+Telephony 中的拒绝服务漏洞可让本地恶意应用使用特制文件挂起或重启设备。由于攻击者可以利用该漏洞在本地发起永久拒绝服务攻击,因此我们将该漏洞的严重程度评为“高”。
</p>
<table>
@@ -207,7 +209,7 @@ Telephony 中的拒绝服务漏洞可让本地恶意应用使用特制文件挂
<h3 id="dos-in-mediaserver">Mediaserver 中的拒绝服务漏洞</h3>
<p>
-Mediaserver 中的拒绝服务漏洞可让攻击者使用特制文件挂起或重启设备。由于攻击者可以利用该漏洞远程发起拒绝服务攻击,因此我们将其严重程度评为“高”。
+Mediaserver 中的拒绝服务漏洞可让攻击者使用特制文件挂起或重启设备。由于攻击者可以利用该漏洞远程发起拒绝服务攻击,因此我们将该漏洞的严重程度评为“高”。
</p>
<table>
@@ -260,12 +262,12 @@ Mediaserver 中的拒绝服务漏洞可让攻击者使用特制文件挂起或
</tbody></table>
<p>
-* 搭载 Android 7.0(或更高版本)且已安装所有可用更新的受支持的 Google 设备不受此漏洞的影响。
+*搭载 Android 7.0(或更高版本)且已安装所有可用更新的受支持 Google 设备不受此漏洞的影响。
</p>
<h3 id="rce-in-framesequence-library">Framesequence 库中的远程代码执行漏洞</h3>
<p>
-Framesequence 库中的远程代码执行漏洞可让攻击者使用特制文件通过非特许进程执行任意代码。由于攻击者可以利用该漏洞在使用 Framesequence 库的应用中远程执行代码,因此我们将其严重程度评为“高”。
+Framesequence 库中的远程代码执行漏洞可让攻击者使用特制文件通过非特许进程执行任意代码。由于攻击者可以利用该漏洞在使用 Framesequence 库的应用中远程执行代码,因此我们将该漏洞的严重程度评为“高”。
</p>
<table>
@@ -295,7 +297,7 @@ Framesequence 库中的远程代码执行漏洞可让攻击者使用特制文件
<h3 id="eop-in-smart-lock">Smart Lock 中的提权漏洞</h3>
<p>
-Smart Lock 中的提权漏洞可让本地恶意用户在无需输入 PIN 码的情况下访问 Smart Lock 设置。由于该漏洞需要攻击者先拿到已解锁的实物设备,且要求设备用户最后一次访问的设置窗格必须是 Smart Lock,因此我们将其严重程度评为“中”。
+Smart Lock 中的提权漏洞可让本地恶意用户在无需输入 PIN 码的情况下访问 Smart Lock 设置。由于该漏洞需要攻击者先拿到已解锁的实物设备,且要求设备用户最后一次访问的设置窗格必须是 Smart Lock,因此我们将该漏洞的严重程度评为“中”。
</p>
<table>
@@ -323,12 +325,12 @@ Smart Lock 中的提权漏洞可让本地恶意用户在无需输入 PIN 码的
</tr>
</tbody></table>
<p>
-* 搭载 Android 7.0(或更高版本)且已安装所有可用更新的受支持的 Google 设备不受此漏洞的影响。
+*搭载 Android 7.0(或更高版本)且已安装所有可用更新的受支持 Google 设备不受此漏洞的影响。
</p>
<h3 id="eop-in-framework-apis">Framework API 中的提权漏洞</h3>
<p>
-Framework API 中的提权漏洞可让本地恶意应用访问超出其访问权限级别的系统功能。由于该漏洞允许在本地绕过对受限进程的限制,因此我们将其严重程度评为“中”。
+Framework API 中的提权漏洞可让本地恶意应用访问超出其访问权限级别的系统功能。由于该漏洞允许在本地绕过对受限进程的限制,因此我们将该漏洞的严重程度评为“中”。
</p>
<table>
@@ -358,7 +360,7 @@ Framework API 中的提权漏洞可让本地恶意应用访问超出其访问权
<h3 id="eop-in-telephony">Telephony 中的提权漏洞</h3>
<p>
-Telephony 中的提权漏洞可让本地恶意应用访问超出其访问权限级别的系统功能。由于该漏洞允许在本地绕过对受限进程的限制,因此我们将其严重程度评为“中”。
+Telephony 中的提权漏洞可让本地恶意应用访问超出其访问权限级别的系统功能。由于该漏洞允许在本地绕过对受限进程的限制,因此我们将该漏洞的严重程度评为“中”。
</p>
<table>
@@ -388,7 +390,7 @@ Telephony 中的提权漏洞可让本地恶意应用访问超出其访问权限
<h3 id="eop-in-wi-fi">WLAN 中的提权漏洞</h3>
<p>
-WLAN 中的提权漏洞可让本地恶意应用通过特许进程执行任意代码。由于该漏洞需要先破坏特许进程,因此我们将其严重程度评为“中”。
+WLAN 中的提权漏洞可让本地恶意应用通过特许进程执行任意代码。由于恶意应用在利用该漏洞时需要先破坏特权进程,因此我们将该漏洞的严重程度评为“中”。
</p>
<table>
@@ -408,7 +410,8 @@ WLAN 中的提权漏洞可让本地恶意应用通过特许进程执行任意代
</tr>
<tr>
<td>CVE-2016-6772</td>
- <td><a href="https://android.googlesource.com/platform/frameworks/opt/net/wifi/+/a5a18239096f6faee80f15f3fff39c3311898484">A-31856351</a> [<a href="https://android.googlesource.com/platform/frameworks/opt/net/wifi/+/29a2baf3195256bab6a0a4a2d07b7f2efa46b614">2</a>]</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/opt/net/wifi/+/a5a18239096f6faee80f15f3fff39c3311898484">A-31856351</a>
+ [<a href="https://android.googlesource.com/platform/frameworks/opt/net/wifi/+/29a2baf3195256bab6a0a4a2d07b7f2efa46b614">2</a>]</td>
<td>中</td>
<td>所有</td>
<td>5.0.2、5.1.1、6.0、6.0.1、7.0</td>
@@ -418,7 +421,7 @@ WLAN 中的提权漏洞可让本地恶意应用通过特许进程执行任意代
<h3 id="id-in-mediaserver">Mediaserver 中的信息披露漏洞</h3>
<p>
-Mediaserver 中的信息披露漏洞可让本地恶意应用获取超出其权限范围的数据。由于攻击者可以利用该漏洞在未经许可的情况下获取敏感数据,因此我们将其严重程度评为“中”。
+Mediaserver 中的信息披露漏洞可让本地恶意应用获取超出其权限范围的数据。由于攻击者可以利用该漏洞在未经许可的情况下获取敏感数据,因此我们将该漏洞的严重程度评为“中”。
</p>
<table>
@@ -438,7 +441,8 @@ Mediaserver 中的信息披露漏洞可让本地恶意应用获取超出其权
</tr>
<tr>
<td>CVE-2016-6773</td>
- <td><a href="https://android.googlesource.com/platform/external/libavc/+/026745ef046e646b8d04f4f57d8320042f6b29b0">A-30481714</a> [<a href="https://android.googlesource.com/platform/external/libavc/+/6676aeb4195e7c7379915c0972f3d209410f0641">2</a>]</td>
+ <td><a href="https://android.googlesource.com/platform/external/libavc/+/026745ef046e646b8d04f4f57d8320042f6b29b0">A-30481714</a>
+ [<a href="https://android.googlesource.com/platform/external/libavc/+/6676aeb4195e7c7379915c0972f3d209410f0641">2</a>]</td>
<td>中</td>
<td>所有</td>
<td>6.0、6.0.1、7.0</td>
@@ -448,7 +452,7 @@ Mediaserver 中的信息披露漏洞可让本地恶意应用获取超出其权
<h3 id="id-in-package-manager">软件包管理器中的信息披露漏洞</h3>
<p>
-软件包管理器中的信息披露漏洞可让本地恶意应用绕过将应用数据与其他应用隔离开的操作系统防护功能。由于该漏洞需要先破坏特许进程,因此我们将其严重程度评为“中”。
+软件包管理器中的信息披露漏洞可让本地恶意应用绕过将应用数据与其他应用隔离开的操作系统防护功能。由于恶意应用在利用该漏洞时需要先破坏特权进程,因此我们将该漏洞的严重程度评为“中”。
</p>
<table>
@@ -477,11 +481,11 @@ Mediaserver 中的信息披露漏洞可让本地恶意应用获取超出其权
</tbody></table>
<h2 id="2016-12-05-details">2016-12-05 安全补丁程序级别 - 漏洞详情</h2>
-<p>我们在下面提供了 2016-12-05 补丁程序级别涵盖的每个安全漏洞的详细信息,其中包括问题描述、严重程度阐释和一个表,该表中包含 CVE、相关参考信息、严重程度、已更新的 Google 设备、已更新的 AOSP 版本(如果适用)及报告日期。在适用的情况下,我们会将 Bug ID 链接到解决相应问题的公开更改记录(如 AOSP 代码更改列表)。如果某个 Bug 有多条相关的更改记录,我们还通过 Bug ID 后面的数字链接到了更多参考信息。</p>
+<p>我们在下面提供了 2016-12-05 补丁程序级别涵盖的每个安全漏洞的详细信息,其中包括问题描述、严重程度阐释和一个表,该表中包含 CVE、相关参考信息、严重程度、已更新的 Google 设备、已更新的 AOSP 版本(如果适用)及报告日期。在适用的情况下,我们会将 Bug ID 链接到解决相应问题的公开更改记录(如 AOSP 代码更改列表)。如果某个 Bug 有多条相关的更改记录,我们还将通过 Bug ID 后面的数字链接到更多参考信息。</p>
<h3 id="eop-in-kernel-memory-subsystem">内核内存子系统中的提权漏洞</h3>
<p>
-内核内存子系统中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于该漏洞有可能会造成本地设备永久损坏,而用户可能需要通过重写操作系统来修复设备,因此我们将其严重程度评为“严重”。
+内核内存子系统中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于该漏洞有可能会造成本地设备永久损坏,而用户可能需要通过重写操作系统来修复设备,因此我们将该漏洞的严重程度评为“严重”。
</p>
<table>
@@ -500,7 +504,8 @@ Mediaserver 中的信息披露漏洞可让本地恶意应用获取超出其权
<tr>
<td>CVE-2016-4794</td>
<td>A-31596597<br />
- <a href="http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=6710e594f71ccaad8101bc64321152af7cd9ea28">上游内核</a> [<a href="http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=4f996e234dad488e5d9ba0858bc1bae12eff82c3">2</a>]</td>
+ <a href="http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=6710e594f71ccaad8101bc64321152af7cd9ea28">上游内核</a>
+ [<a href="http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=4f996e234dad488e5d9ba0858bc1bae12eff82c3">2</a>]</td>
<td>严重</td>
<td>Pixel C、Pixel、Pixel XL</td>
<td>2016 年 4 月 17 日</td>
@@ -508,7 +513,8 @@ Mediaserver 中的信息披露漏洞可让本地恶意应用获取超出其权
<tr>
<td>CVE-2016-5195</td>
<td>A-32141528<br />
- <a href="https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=9691eac5593ff1e2f82391ad327f21d90322aec1">上游内核</a> [<a href="https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=e45a502bdeae5a075257c4f061d1ff4ff0821354">2</a>]</td>
+ <a href="https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=9691eac5593ff1e2f82391ad327f21d90322aec1">上游内核</a>
+ [<a href="https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=e45a502bdeae5a075257c4f061d1ff4ff0821354">2</a>]</td>
<td>严重</td>
<td>Nexus 5X、Nexus 6、Nexus 6P、Nexus 9、Android One、Pixel C、Nexus Player、Pixel、Pixel XL</td>
<td>2016 年 10 月 12 日</td>
@@ -517,7 +523,7 @@ Mediaserver 中的信息披露漏洞可让本地恶意应用获取超出其权
<h3 id="eop-in-nvidia-gpu-driver">NVIDIA GPU 驱动程序中的提权漏洞</h3>
<p>
-NVIDIA GPU 驱动程序中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于该漏洞有可能会造成本地设备永久损坏,而用户可能需要通过重写操作系统来修复设备,因此我们将其严重程度评为“严重”。
+NVIDIA GPU 驱动程序中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于该漏洞有可能会造成本地设备永久损坏,而用户可能需要通过重写操作系统来修复设备,因此我们将该漏洞的严重程度评为“严重”。
</p>
<table>
@@ -556,12 +562,12 @@ NVIDIA GPU 驱动程序中的提权漏洞可让本地恶意应用通过内核执
</tr>
</tbody></table>
<p>
-* 针对该问题的补丁程序未公开发布。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上提供的 Google 设备的最新二进制驱动程序中包含相应更新。
+*尚未公开发布针对该问题的补丁程序。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上针对 Google 设备提供的最新二进制驱动程序中包含相应更新。
</p>
<h3 id="eop-in-kernel">内核中的提权漏洞</h3>
<p>
-内核中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于该漏洞有可能会造成本地设备永久损坏,而用户可能需要通过重写操作系统来修复设备,因此我们将其严重程度评为“严重”。
+内核中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于该漏洞有可能会造成本地设备永久损坏,而用户可能需要通过重写操作系统来修复设备,因此我们将该漏洞的严重程度评为“严重”。
</p>
<table>
@@ -587,11 +593,11 @@ NVIDIA GPU 驱动程序中的提权漏洞可让本地恶意应用通过内核执
</tr>
</tbody></table>
<p>
-* 搭载 Android 7.0(或更高版本)且已安装所有可用更新的受支持的 Google 设备不受此漏洞的影响。
+*搭载 Android 7.0(或更高版本)且已安装所有可用更新的受支持 Google 设备不受此漏洞的影响。
</p>
<h3 id="eop-in-nvidia-video-driver">NVIDIA 视频驱动程序中的提权漏洞</h3>
-<p>NVIDIA 视频驱动程序中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于该漏洞有可能会造成本地设备永久损坏,而用户可能需要通过重写操作系统来修复设备,因此我们将其严重程度评为“严重”。
+<p>NVIDIA 视频驱动程序中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于该漏洞有可能会造成本地设备永久损坏,而用户可能需要通过重写操作系统来修复设备,因此我们将该漏洞的严重程度评为“严重”。
</p>
<table>
@@ -616,26 +622,28 @@ NVIDIA GPU 驱动程序中的提权漏洞可让本地恶意应用通过内核执
</tr>
<tr>
<td>CVE-2016-6916</td>
- <td>A-32072350*<br />N-CVE-2016-6916</td>
+ <td>A-32072350*
+ <br />N-CVE-2016-6916</td>
<td>严重</td>
<td>Nexus 9、Pixel C</td>
<td>2016 年 9 月 13 日</td>
</tr>
<tr>
<td>CVE-2016-6917</td>
- <td>A-32072253*<br />N-CVE-2016-6917</td>
+ <td>A-32072253*
+ <br />N-CVE-2016-6917</td>
<td>严重</td>
<td>Nexus 9</td>
<td>2016 年 9 月 13 日</td>
</tr>
</tbody></table>
<p>
-* 针对该问题的补丁程序未公开发布。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上提供的 Google 设备的最新二进制驱动程序中包含相应更新。
+*尚未公开发布针对该问题的补丁程序。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上针对 Google 设备提供的最新二进制驱动程序中包含相应更新。
</p>
<h3 id="eop-in-kernel-ion-driver">内核 ION 驱动程序中的提权漏洞</h3>
<p>
-内核 ION 驱动程序中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于该漏洞有可能会造成本地设备永久损坏,而用户可能需要通过重写操作系统来修复设备,因此我们将其严重程度评为“严重”。
+内核 ION 驱动程序中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于该漏洞有可能会造成本地设备永久损坏,而用户可能需要通过重写操作系统来修复设备,因此我们将该漏洞的严重程度评为“严重”。
</p>
<table>
@@ -686,13 +694,13 @@ NVIDIA GPU 驱动程序中的提权漏洞可让本地恶意应用通过内核执
<td>Qualcomm 内部</td>
</tr>
</tbody></table>
-<p>* 这些漏洞的严重程度评级由供应商决定。</p>
-<p>** 针对该问题的补丁程序未公开发布。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上提供的 Google 设备的最新二进制驱动程序中包含相应更新。
+<p>*这些漏洞的严重程度评级是由供应商决定的。</p>
+<p>**尚未公开发布针对该问题的补丁程序。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上针对 Google 设备提供的最新二进制驱动程序中包含相应更新。
</p>
<h3 id="eop-in-kernel-file-system">内核文件系统中的提权漏洞</h3>
<p>
-内核文件系统中的提权漏洞可让本地恶意应用绕过将应用数据与其他应用隔离开的操作系统防护功能。由于攻击者可以利用该漏洞使第三方应用在本地获取超出规定的权能,因此我们将其严重程度评为“高”。
+内核文件系统中的提权漏洞可让本地恶意应用绕过将应用数据与其他应用隔离开的操作系统防护功能。由于攻击者可以利用该漏洞使第三方应用在本地获取超出规定的权能,因此我们将该漏洞的严重程度评为“高”。
</p>
<table>
@@ -720,7 +728,7 @@ NVIDIA GPU 驱动程序中的提权漏洞可让本地恶意应用通过内核执
<h3 id="eop-in-kernel-2">内核中的提权漏洞</h3>
<p>
-内核中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于该漏洞的攻击行为必须发生在另一个漏洞攻击行为之后,因此我们将其严重程度评为“高”。
+内核中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于该漏洞的攻击行为必须发生在另一个漏洞攻击行为之后,因此我们将该漏洞的严重程度评为“高”。
</p>
<table>
@@ -748,7 +756,7 @@ NVIDIA GPU 驱动程序中的提权漏洞可让本地恶意应用通过内核执
<h3 id="eop-in-htc-sound-codec-driver">HTC 声音编解码器驱动程序中的提权漏洞</h3>
<p>
-HTC 声音编解码器驱动程序中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于该漏洞需要先破坏特许进程,因此我们将其严重程度评为“高”。
+HTC 声音编解码器驱动程序中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于恶意应用在利用该漏洞时需要先破坏特权进程,因此我们将该漏洞的严重程度评为“高”。
</p>
<table>
@@ -787,12 +795,12 @@ HTC 声音编解码器驱动程序中的提权漏洞可让本地恶意应用通
</tr>
</tbody></table>
<p>
-* 针对该问题的补丁程序未公开发布。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上提供的 Google 设备的最新二进制驱动程序中包含相应更新。
+*尚未公开发布针对该问题的补丁程序。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上针对 Google 设备提供的最新二进制驱动程序中包含相应更新。
</p>
<h3 id="eop-in-mediatek-driver">MediaTek 驱动程序中的提权漏洞</h3>
<p>
-MediaTek 驱动程序中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于该漏洞需要先破坏特许进程,因此我们将其严重程度评为“高”。
+MediaTek 驱动程序中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于恶意应用在利用该漏洞时需要先破坏特权进程,因此我们将该漏洞的严重程度评为“高”。
</p>
<table>
@@ -852,12 +860,12 @@ MediaTek 驱动程序中的提权漏洞可让本地恶意应用通过内核执
</tr>
</tbody></table>
<p>
-* 搭载 Android 7.0(或更高版本)且已安装所有可用更新的受支持的 Google 设备不受此漏洞的影响。
+*搭载 Android 7.0(或更高版本)且已安装所有可用更新的受支持 Google 设备不受此漏洞的影响。
</p>
<h3 id="eop-in-qualcomm-media-codecs">Qualcomm 媒体编解码器中的提权漏洞</h3>
<p>
-Qualcomm 媒体编解码器中的提权漏洞可让本地恶意应用通过特许进程执行任意代码。由于攻击者可以利用该漏洞使第三方应用在本地获取超出规定的权能,因此我们将其严重程度评为“高”。
+Qualcomm 媒体编解码器中的提权漏洞可让本地恶意应用通过特许进程执行任意代码。由于攻击者可以利用该漏洞使第三方应用在本地获取超出规定的权能,因此我们将该漏洞的严重程度评为“高”。
</p>
<table>
@@ -875,40 +883,44 @@ Qualcomm 媒体编解码器中的提权漏洞可让本地恶意应用通过特
</tr>
<tr>
<td>CVE-2016-6761</td>
- <td>A-29421682*<br />QC-CR#1055792</td>
+ <td>A-29421682*
+ <br />QC-CR#1055792</td>
<td>高</td>
<td>Nexus 5X、Nexus 6、Nexus 6P、Nexus 9、Android One、Nexus Player、Pixel、Pixel XL</td>
<td>2016 年 6 月 16 日</td>
</tr>
<tr>
<td>CVE-2016-6760</td>
- <td>A-29617572*<br />QC-CR#1055783</td>
+ <td>A-29617572*
+ <br />QC-CR#1055783</td>
<td>高</td>
<td>Nexus 5X、Nexus 6、Nexus 6P、Nexus 9、Android One、Nexus Player、Pixel、Pixel XL</td>
<td>2016 年 6 月 23 日</td>
</tr>
<tr>
<td>CVE-2016-6759</td>
- <td>A-29982686*<br />QC-CR#1055766</td>
+ <td>A-29982686*
+ <br />QC-CR#1055766</td>
<td>高</td>
<td>Nexus 5X、Nexus 6、Nexus 6P、Nexus 9、Android One、Nexus Player、Pixel、Pixel XL</td>
<td>2016 年 7 月 4 日</td>
</tr>
<tr>
<td>CVE-2016-6758</td>
- <td>A-30148882*<br />QC-CR#1071731</td>
+ <td>A-30148882*
+ <br />QC-CR#1071731</td>
<td>高</td>
<td>Nexus 5X、Nexus 6、Nexus 6P、Nexus 9、Android One、Nexus Player、Pixel、Pixel XL</td>
<td>2016 年 7 月 13 日</td>
</tr>
</tbody></table>
<p>
-* 针对该问题的补丁程序未公开发布。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上提供的 Google 设备的最新二进制驱动程序中包含相应更新。
+*尚未公开发布针对该问题的补丁程序。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上针对 Google 设备提供的最新二进制驱动程序中包含相应更新。
</p>
-<h3 id="eop-in-qualcomm-camera-driver">Qualcomm 相机驱动程序中的提权漏洞</h3>
+<h3 id="eop-in-qualcomm-camera-driver">Qualcomm 摄像头驱动程序中的提权漏洞</h3>
<p>
-Qualcomm 相机驱动程序中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于该漏洞需要先破坏特许进程,因此我们将其严重程度评为“高”。
+Qualcomm 摄像头驱动程序中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于恶意应用在利用该漏洞时需要先破坏特权进程,因此我们将该漏洞的严重程度评为“高”。
</p>
<table>
@@ -936,7 +948,7 @@ Qualcomm 相机驱动程序中的提权漏洞可让本地恶意应用通过内
<h3 id="eop-in-kernel-performance-subsystem">内核效能子系统中的提权漏洞</h3>
<p>
-内核效能子系统中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于该漏洞需要先破坏特许进程,因此我们将其严重程度评为“高”。
+内核效能子系统中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于恶意应用在利用该漏洞时需要先破坏特权进程,因此我们将该漏洞的严重程度评为“高”。
</p>
<table>
@@ -972,7 +984,7 @@ Qualcomm 相机驱动程序中的提权漏洞可让本地恶意应用通过内
<h3 id="eop-in-mediatek-i2c-driver">MediaTek I2C 驱动程序中的提权漏洞</h3>
<p>
-MediaTek I2C 驱动程序中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于该漏洞需要先破坏特许进程,因此我们将其严重程度评为“高”。
+MediaTek I2C 驱动程序中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于恶意应用在利用该漏洞时需要先破坏特权进程,因此我们将该漏洞的严重程度评为“高”。
</p>
<table>
@@ -997,12 +1009,12 @@ MediaTek I2C 驱动程序中的提权漏洞可让本地恶意应用通过内核
</tr>
</tbody></table>
<p>
-* 搭载 Android 7.0(或更高版本)且已安装所有可用更新的受支持的 Google 设备不受此漏洞的影响。
+*搭载 Android 7.0(或更高版本)且已安装所有可用更新的受支持 Google 设备不受此漏洞的影响。
</p>
<h3 id="eop-in-nvidia-libomx-library">NVIDIA libomx 库中的提权漏洞</h3>
<p>
-NVIDIA libomx 库 (libnvomx) 中的提权漏洞可让本地恶意应用通过特许进程执行任意代码。由于攻击者可以利用该漏洞使第三方应用在本地获取超出规定的权能,因此我们将其严重程度评为“高”。
+NVIDIA libomx 库 (libnvomx) 中的提权漏洞可让本地恶意应用通过特许进程执行任意代码。由于攻击者可以利用该漏洞使第三方应用在本地获取超出规定的权能,因此我们将该漏洞的严重程度评为“高”。
</p>
<table>
@@ -1020,26 +1032,28 @@ NVIDIA libomx 库 (libnvomx) 中的提权漏洞可让本地恶意应用通过特
</tr>
<tr>
<td>CVE-2016-6789</td>
- <td>A-31251973*<br />N-CVE-2016-6789</td>
+ <td>A-31251973*
+ <br />N-CVE-2016-6789</td>
<td>高</td>
<td>Pixel C</td>
<td>2016 年 8 月 29 日</td>
</tr>
<tr>
<td>CVE-2016-6790</td>
- <td>A-31251628*<br />N-CVE-2016-6790</td>
+ <td>A-31251628*
+ <br />N-CVE-2016-6790</td>
<td>高</td>
<td>Pixel C</td>
<td>2016 年 8 月 28 日</td>
</tr>
</tbody></table>
<p>
-* 针对该问题的补丁程序未公开发布。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上提供的 Google 设备的最新二进制驱动程序中包含相应更新。
+*尚未公开发布针对该问题的补丁程序。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上针对 Google 设备提供的最新二进制驱动程序中包含相应更新。
</p>
<h3 id="eop-in-qualcomm-sound-driver">Qualcomm 声音驱动程序中的提权漏洞</h3>
<p>
-Qualcomm 声音驱动程序中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于该漏洞需要先破坏特许进程,因此我们将其严重程度评为“高”。
+Qualcomm 声音驱动程序中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于恶意应用在利用该漏洞时需要先破坏特权进程,因此我们将该漏洞的严重程度评为“高”。
</p>
<table>
@@ -1058,7 +1072,8 @@ Qualcomm 声音驱动程序中的提权漏洞可让本地恶意应用通过内
<tr>
<td>CVE-2016-6791</td>
<td>A-31252384<br />
- <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=62580295210b6c0bd809cde7088b45ebb65ace79">QC-CR#1071809</a></td>
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=62580295210b6c0bd809cde7088b45ebb65ace79">
+QC-CR#1071809</a></td>
<td>高</td>
<td>Nexus 5X、Nexus 6、Nexus 6P、Android One、Pixel、Pixel XL</td>
<td>2016 年 8 月 31 日</td>
@@ -1066,7 +1081,8 @@ Qualcomm 声音驱动程序中的提权漏洞可让本地恶意应用通过内
<tr>
<td>CVE-2016-8391</td>
<td>A-31253255<br />
- <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=62580295210b6c0bd809cde7088b45ebb65ace79">QC-CR#1072166</a></td>
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=62580295210b6c0bd809cde7088b45ebb65ace79">
+QC-CR#1072166</a></td>
<td>高</td>
<td>Nexus 5X、Nexus 6、Nexus 6P、Android One、Pixel、Pixel XL</td>
<td>2016 年 8 月 31 日</td>
@@ -1074,7 +1090,8 @@ Qualcomm 声音驱动程序中的提权漏洞可让本地恶意应用通过内
<tr>
<td>CVE-2016-8392</td>
<td>A-31385862<br />
- <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=62580295210b6c0bd809cde7088b45ebb65ace79">QC-CR#1073136</a></td>
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=62580295210b6c0bd809cde7088b45ebb65ace79">
+QC-CR#1073136</a></td>
<td>高</td>
<td>Nexus 5X、Nexus 6、Nexus 6P、Android One、Pixel、Pixel XL</td>
<td>2016 年 9 月 8 日</td>
@@ -1083,7 +1100,7 @@ Qualcomm 声音驱动程序中的提权漏洞可让本地恶意应用通过内
<h3 id="eop-in-kernel-security-subsystem">内核安全子系统中的提权漏洞</h3>
<p>
-内核安全子系统中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于该漏洞需要先破坏特许进程,因此我们将其严重程度评为“高”。
+内核安全子系统中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于恶意应用在利用该漏洞时需要先破坏特权进程,因此我们将该漏洞的严重程度评为“高”。
</p>
<table>
@@ -1112,7 +1129,7 @@ Qualcomm 声音驱动程序中的提权漏洞可让本地恶意应用通过内
<h3 id="eop-in-synaptics-touchscreen-driver">Synaptics 触摸屏驱动程序中的提权漏洞</h3>
<p>
-Synaptics 触摸屏驱动程序中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于该漏洞需要先破坏特许进程,因此我们将其严重程度评为“高”。
+Synaptics 触摸屏驱动程序中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于恶意应用在利用该漏洞时需要先破坏特权进程,因此我们将该漏洞的严重程度评为“高”。
</p>
<table>
@@ -1144,12 +1161,12 @@ Synaptics 触摸屏驱动程序中的提权漏洞可让本地恶意应用通过
</tr>
</tbody></table>
<p>
-* 针对该问题的补丁程序未公开发布。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上提供的 Google 设备的最新二进制驱动程序中包含相应更新。
+*尚未公开发布针对该问题的补丁程序。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上针对 Google 设备提供的最新二进制驱动程序中包含相应更新。
</p>
<h3 id="eop-in-broadcom-wi-fi-driver">Broadcom WLAN 驱动程序中的提权漏洞</h3>
<p>
-Broadcom WLAN 驱动程序中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于该漏洞需要先破坏特许进程,因此我们将其严重程度评为“高”。
+Broadcom WLAN 驱动程序中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于恶意应用在利用该漏洞时需要先破坏特权进程,因此我们将该漏洞的严重程度评为“高”。
</p>
<table>
@@ -1181,12 +1198,12 @@ Broadcom WLAN 驱动程序中的提权漏洞可让本地恶意应用通过内核
</tr>
</tbody></table>
<p>
-* 搭载 Android 7.0(或更高版本)且已安装所有可用更新的受支持的 Google 设备不受此漏洞的影响。
+*搭载 Android 7.0(或更高版本)且已安装所有可用更新的受支持 Google 设备不受此漏洞的影响。
</p>
<h3 id="id-in-mediatek-video-driver">MediaTek 视频驱动程序中的信息披露漏洞</h3>
<p>
-MediaTek 视频驱动程序中的信息披露漏洞可让本地恶意应用获取超出其权限范围的数据。由于攻击者可以利用该漏洞在未经用户明确许可的情况下获取敏感数据,因此我们将其严重程度评为“高”。
+MediaTek 视频驱动程序中的信息披露漏洞可让本地恶意应用获取超出其权限范围的数据。由于攻击者可以利用该漏洞在未经用户明确许可的情况下获取敏感数据,因此我们将该漏洞的严重程度评为“高”。
</p>
<table>
@@ -1211,12 +1228,12 @@ MediaTek 视频驱动程序中的信息披露漏洞可让本地恶意应用获
</tr>
</tbody></table>
<p>
-* 搭载 Android 7.0(或更高版本)且已安装所有可用更新的受支持的 Google 设备不受此漏洞的影响。
+*搭载 Android 7.0(或更高版本)且已安装所有可用更新的受支持 Google 设备不受此漏洞的影响。
</p>
<h3 id="id-in-nvidia-video-driver">NVIDIA 视频驱动程序中的信息披露漏洞</h3>
<p>
-NVIDIA 视频驱动程序中的信息披露漏洞可让本地恶意应用获取超出其权限范围的数据。由于攻击者可以利用该漏洞在未经用户明确许可的情况下获取敏感数据,因此我们将其严重程度评为“高”。
+NVIDIA 视频驱动程序中的信息披露漏洞可让本地恶意应用获取超出其权限范围的数据。由于攻击者可以利用该漏洞在未经用户明确许可的情况下获取敏感数据,因此我们将该漏洞的严重程度评为“高”。
</p>
<table>
@@ -1234,19 +1251,20 @@ NVIDIA 视频驱动程序中的信息披露漏洞可让本地恶意应用获取
</tr>
<tr>
<td>CVE-2016-8397</td>
- <td>A-31385953*<br />N-CVE-2016-8397</td>
+ <td>A-31385953*<br />
+N-CVE-2016-8397</td>
<td>高</td>
<td>Nexus 9</td>
<td>2016 年 9 月 8 日</td>
</tr>
</tbody></table>
<p>
-* 针对该问题的补丁程序未公开发布。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上提供的 Google 设备的最新二进制驱动程序中包含相应更新。
+*尚未公开发布针对该问题的补丁程序。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上针对 Google 设备提供的最新二进制驱动程序中包含相应更新。
</p>
<h3 id="dos-in-gps">GPS 中的拒绝服务漏洞</h3>
<p>
-Qualcomm GPS 组件中的拒绝服务漏洞可让远程攻击者挂起或重启设备。由于攻击者可以利用该漏洞远程发起暂时拒绝服务攻击,因此我们将其严重程度评为“高”。
+Qualcomm GPS 组件中的拒绝服务漏洞可让远程攻击者挂起或重新启动设备。由于攻击者可以利用该漏洞远程发起暂时拒绝服务攻击,因此我们将该漏洞的严重程度评为“高”。
</p>
<table>
@@ -1271,12 +1289,12 @@ Qualcomm GPS 组件中的拒绝服务漏洞可让远程攻击者挂起或重启
</tr>
</tbody></table>
<p>
-* 针对该问题的补丁程序未公开发布。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上提供的 Google 设备的最新二进制驱动程序中包含相应更新。
+*尚未公开发布针对该问题的补丁程序。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上针对 Google 设备提供的最新二进制驱动程序中包含相应更新。
</p>
-<h3 id="dos-in-nvidia-camera-driver">NVIDIA 相机驱动程序中的拒绝服务漏洞</h3>
+<h3 id="dos-in-nvidia-camera-driver">NVIDIA 摄像头驱动程序中的拒绝服务漏洞</h3>
<p>
-NVIDIA 相机驱动程序中的拒绝服务漏洞可让攻击者在本地发起永久拒绝服务攻击,而用户可能需要通过重写操作系统来修复设备。由于攻击者可以利用该漏洞在本地发起永久拒绝服务攻击,因此我们将其严重程度评为“高”。
+NVIDIA 摄像头驱动程序中的拒绝服务漏洞可让攻击者在本地发起永久拒绝服务攻击,而用户可能需要通过重写操作系统来修复设备。由于攻击者可以利用该漏洞在本地发起永久拒绝服务攻击,因此我们将该漏洞的严重程度评为“高”。
</p>
<table>
@@ -1294,19 +1312,20 @@ NVIDIA 相机驱动程序中的拒绝服务漏洞可让攻击者在本地发起
</tr>
<tr>
<td>CVE-2016-8395</td>
- <td>A-31403040*<br />N-CVE-2016-8395</td>
+ <td>A-31403040*
+ <br />N-CVE-2016-8395</td>
<td>高</td>
<td>Pixel C</td>
<td>2016 年 9 月 9 日</td>
</tr>
</tbody></table>
<p>
-* 针对该问题的补丁程序未公开发布。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上提供的 Google 设备的最新二进制驱动程序中包含相应更新。
+*尚未公开发布针对该问题的补丁程序。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上针对 Google 设备提供的最新二进制驱动程序中包含相应更新。
</p>
<h3 id="eop-in-kernel-networking-subsystem">内核网络子系统中的提权漏洞</h3>
<p>
-内核网络子系统中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于该漏洞需要先破坏特许进程,而且当前编译器优化功能限制访问有漏洞的代码,因此我们将其严重程度评为“中”。
+内核网络子系统中的提权漏洞可让本地恶意应用通过内核执行任意代码。由于恶意应用在利用该漏洞时需要先破坏特权进程,而当前编译器优化功能限制访问易受攻击的代码,因此我们将该漏洞的严重程度评为“中”。
</p>
<table>
@@ -1331,12 +1350,12 @@ NVIDIA 相机驱动程序中的拒绝服务漏洞可让攻击者在本地发起
</tr>
</tbody></table>
<p>
-* 针对该问题的补丁程序未公开发布。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上提供的 Google 设备的最新二进制驱动程序中包含相应更新。
+*尚未公开发布针对该问题的补丁程序。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上针对 Google 设备提供的最新二进制驱动程序中包含相应更新。
</p>
<h3 id="id-in-qualcomm-components">Qualcomm 组件中的信息披露漏洞</h3>
<p>
-Qualcomm 组件(包括相机驱动程序和视频驱动程序)中的信息披露漏洞可让本地恶意应用获取超出其权限范围的数据。由于该漏洞需要先破坏特许进程,因此我们将其严重程度评为“中”。
+Qualcomm 组件(包括摄像头驱动程序和视频驱动程序)中的信息披露漏洞可让本地恶意应用获取超出其权限范围的数据。由于恶意应用在利用该漏洞时需要先破坏特权进程,因此我们将该漏洞的严重程度评为“中”。
</p>
<table>
@@ -1355,7 +1374,8 @@ Qualcomm 组件(包括相机驱动程序和视频驱动程序)中的信息
<tr>
<td>CVE-2016-6756</td>
<td>A-29464815<br />
- <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=f91d28dcba304c9f3af35b5bebaa26233c8c13a5">QC-CR#1042068</a> [<a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=3a214ef870dc97437c7de79a1507dfe5079dce88">2</a>]</td>
+ <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=f91d28dcba304c9f3af35b5bebaa26233c8c13a5">QC-CR#1042068</a>
+ [<a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=3a214ef870dc97437c7de79a1507dfe5079dce88">2</a>]</td>
<td>中</td>
<td>Nexus 5X、Nexus 6、Nexus 6P、Android One、Pixel、Pixel XL</td>
<td>2016 年 6 月 17 日</td>
@@ -1363,7 +1383,8 @@ Qualcomm 组件(包括相机驱动程序和视频驱动程序)中的信息
<tr>
<td>CVE-2016-6757</td>
<td>A-30148242<br />
- <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=cd99d3bbdb16899a425716e672485e0cdc283245">QC-CR#1052821</a></td>
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=cd99d3bbdb16899a425716e672485e0cdc283245">
+QC-CR#1052821</a></td>
<td>中</td>
<td>Nexus 5X、Nexus 6、Nexus 6P、Pixel、Pixel XL</td>
<td>2016 年 7 月 13 日</td>
@@ -1372,7 +1393,7 @@ Qualcomm 组件(包括相机驱动程序和视频驱动程序)中的信息
<h3 id="id-in-nvidia-librm-library">NVIDIA librm 库中的信息披露漏洞</h3>
<p>
-NVIDIA librm 库 (libnvrm) 中的信息披露漏洞可让本地恶意应用获取超出其权限范围的数据。由于攻击者可以利用该漏洞在未经许可的情况下获取敏感数据,因此我们将其严重程度评为“中”。
+NVIDIA librm 库 (libnvrm) 中的信息披露漏洞可让本地恶意应用获取超出其权限范围的数据。由于攻击者可以利用该漏洞在未经许可的情况下获取敏感数据,因此我们将该漏洞的严重程度评为“中”。
</p>
<table>
@@ -1390,19 +1411,20 @@ NVIDIA librm 库 (libnvrm) 中的信息披露漏洞可让本地恶意应用获
</tr>
<tr>
<td>CVE-2016-8400</td>
- <td>A-31251599*<br />N-CVE-2016-8400</td>
+ <td>A-31251599*
+ <br />N-CVE-2016-8400</td>
<td>中</td>
<td>Pixel C</td>
<td>2016 年 8 月 29 日</td>
</tr>
</tbody></table>
<p>
-* 针对该问题的补丁程序未公开发布。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上提供的 Google 设备的最新二进制驱动程序中包含相应更新。
+*尚未公开发布针对该问题的补丁程序。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上针对 Google 设备提供的最新二进制驱动程序中包含相应更新。
</p>
<h3 id="id-in-kernel-components">内核组件中的信息披露漏洞</h3>
<p>
-内核组件(包括 ION 子系统、Binder、USB 驱动程序和网络子系统)中的信息披露漏洞可让本地恶意应用获取超出其权限范围的数据。由于该漏洞需要先破坏特许进程,因此我们将其严重程度评为“中”。
+内核组件(包括 ION 子系统、Binder、USB 驱动程序和网络子系统)中的信息披露漏洞可让本地恶意应用获取超出其权限范围的数据。由于恶意应用在利用该漏洞时需要先破坏特权进程,因此我们将该漏洞的严重程度评为“中”。
</p>
<table>
@@ -1469,12 +1491,12 @@ NVIDIA librm 库 (libnvrm) 中的信息披露漏洞可让本地恶意应用获
</tr>
</tbody></table>
<p>
-* 针对该问题的补丁程序未公开发布。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上提供的 Google 设备的最新二进制驱动程序中包含相应更新。
+*尚未公开发布针对该问题的补丁程序。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上针对 Google 设备提供的最新二进制驱动程序中包含相应更新。
</p>
<h3 id="id-in-nvidia-video-driver-2">NVIDIA 视频驱动程序中的信息披露漏洞</h3>
<p>
-NVIDIA 视频驱动程序中的信息披露漏洞可让本地恶意应用获取超出其权限范围的数据。由于该漏洞需要先破坏特许进程,因此我们将其严重程度评为“中”。
+NVIDIA 视频驱动程序中的信息披露漏洞可让本地恶意应用获取超出其权限范围的数据。由于恶意应用在利用该漏洞时需要先破坏特权进程,因此我们将该漏洞的严重程度评为“中”。
</p>
<table>
@@ -1492,26 +1514,28 @@ NVIDIA 视频驱动程序中的信息披露漏洞可让本地恶意应用获取
</tr>
<tr>
<td>CVE-2016-8408</td>
- <td>A-31496571*<br />N-CVE-2016-8408</td>
+ <td>A-31496571*
+ <br />N-CVE-2016-8408</td>
<td>中</td>
<td>Nexus 9</td>
<td>2016 年 9 月 13 日</td>
</tr>
<tr>
<td>CVE-2016-8409</td>
- <td>A-31495687*<br />N-CVE-2016-8409</td>
+ <td>A-31495687*
+ <br />N-CVE-2016-8409</td>
<td>中</td>
<td>Nexus 9</td>
<td>2016 年 9 月 13 日</td>
</tr>
</tbody></table>
<p>
-* 针对该问题的补丁程序未公开发布。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上提供的 Google 设备的最新二进制驱动程序中包含相应更新。
+*尚未公开发布针对该问题的补丁程序。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上针对 Google 设备提供的最新二进制驱动程序中包含相应更新。
</p>
<h3 id="id-in-qualcomm-sound-driver">Qualcomm 声音驱动程序中的信息披露漏洞</h3>
<p>
-Qualcomm 声音驱动程序中的信息披露漏洞可让本地恶意应用获取超出其权限范围的数据。由于该漏洞需要先破坏特许进程,因此我们将其严重程度评为“中”。
+Qualcomm 声音驱动程序中的信息披露漏洞可让本地恶意应用获取超出其权限范围的数据。由于恶意应用在利用该漏洞时需要先破坏特权进程,因此我们将该漏洞的严重程度评为“中”。
</p>
<table>
@@ -1530,7 +1554,8 @@ Qualcomm 声音驱动程序中的信息披露漏洞可让本地恶意应用获
<tr>
<td>CVE-2016-8410</td>
<td>A-31498403<br />
- <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?h=e2bbf665187a1f0a1248e4a088823cb182153ba9">QC-CR#987010</a></td>
+ <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?h=e2bbf665187a1f0a1248e4a088823cb182153ba9">
+QC-CR#987010</a></td>
<td>中</td>
<td>Nexus 5X、Nexus 6、Nexus 6P、Android One</td>
<td>Google 内部</td>
@@ -1539,14 +1564,14 @@ Qualcomm 声音驱动程序中的信息披露漏洞可让本地恶意应用获
<h2 id="common-questions-and-answers">常见问题和解答</h2>
<p>
-这一部分针对阅读本公告后可能产生的常见问题提供了相应的解答。
+这一部分解答了用户阅读本公告后可能会提出的常见问题。
</p>
<p>
<strong>1. 如何确定我的设备是否已更新到解决了这些问题的版本?
</strong>
</p>
<p>
-要了解如何检查设备的安全补丁程序级别,请阅读 <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel 和 Nexus 更新时间表</a>中的说明。
+要了解如何查看设备的安全补丁程序级别,请阅读 <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel 和 Nexus 更新时间表</a>中的说明。
</p>
<ul>
<li>2016-12-01(或之后)的安全补丁程序级别解决了与 2016-12-01 安全补丁程序级别相关的所有问题。</li>
@@ -1559,7 +1584,7 @@ Qualcomm 声音驱动程序中的信息披露漏洞可让本地恶意应用获
<li>[ro.build.version.security_patch]:[2016-12-05]</li>
</ul>
<p>
-<strong>2. 为何本公告会有 2 个安全补丁程序级别?</strong>
+<strong>2. 为何本公告有 2 个安全补丁程序级别?</strong>
</p>
<p>
本公告有 2 个安全补丁程序级别,目的是让 Android 合作伙伴能够灵活地、更快速地修复所有 Android 设备上类似的一系列漏洞。我们建议 Android 合作伙伴修复本公告中的所有问题并使用最新的安全补丁程序级别。
@@ -1578,9 +1603,9 @@ Qualcomm 声音驱动程序中的信息披露漏洞可让本地恶意应用获
在 <a href="#2016-12-01-details">2016-12-01</a> 和 <a href="#2016-12-05-details">2016-12-05</a> 安全漏洞详情部分,每个表中均包含“已更新的 Google 设备”列,其中列出了已针对每个问题进行更新的受影响 Google 设备。<em></em>此列有以下几种情形:
</p>
<ul>
- <li><strong>所有 Google 设备</strong>:如果某个问题会影响所有 Nexus 和 Pixel 设备,则相应表的“已更新的 Google 设备”列中会显示“所有”。<em></em>“所有”包含下列<a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">受支持的设备</a>:Nexus 5、Nexus 5X、Nexus 6、Nexus 6P、Nexus 9、Android One、Nexus Player、Pixel C、Pixel 和 Pixel XL。</li>
- <li><strong>部分 Google 设备</strong>:如果某个问题仅会影响部分 Google 设备,则“已更新的 Google 设备”列中会列出受影响的 Google 设备。<em></em></li>
- <li><strong>无 Google 设备</strong>:如果某个问题不会影响任何运行 Android 7.0 的 Google 设备,则相应表的“已更新的 Google 设备”列中会显示“无”。<em></em></li>
+ <li><strong>所有 Google 设备</strong>:如果问题会影响所有 Nexus 和 Pixel 设备,则相应表的“已更新的 Google 设备”列中会显示“所有”。<em></em>“所有”包含下列<a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">受支持的设备</a>:Nexus 5、Nexus 5X、Nexus 6、Nexus 6P、Nexus 9、Android One、Nexus Player、Pixel C、Pixel 和 Pixel XL。</li>
+ <li><strong>部分 Google 设备</strong>:如果问题仅会影响部分 Google 设备,则“已更新的 Google 设备”列中会列出受影响的 Google 设备。<em></em></li>
+ <li><strong>无 Google 设备</strong>:如果问题不会影响任何运行 Android 7.0 的 Google 设备,则相应表的“已更新的 Google 设备”列中会显示“无”。<em></em></li>
</ul>
<p>
<strong>4.“参考信息”列中的条目对应的是什么内容?</strong>
diff --git a/zh-cn/security/encryption/file-based.html b/zh-cn/security/encryption/file-based.html
index db0b51a2..13e06839 100644
--- a/zh-cn/security/encryption/file-based.html
+++ b/zh-cn/security/encryption/file-based.html
@@ -90,15 +90,18 @@ Android 提供了文件级加密的参考实现,其中 vold (<a href="https://
</tr>
<tr>
<td>Android Common</td>
- <td><strong>kernel/common</strong> android-3.10.y (<a href="https://android.googlesource.com/kernel/common/+/android-3.10.y">git</a>)</td>
+ <td><strong>kernel/common</strong> android-3.10.y (<a href="https://android.googlesource.com/kernel/common/+/android-3.10.y">git</a>)
+ </td>
</tr>
<tr>
<td>Nexus 5X (bullhead)</td>
- <td><strong>kernel/msm</strong> android-msm-bullhead-3.10-n-preview-2 (<a href="https://android.googlesource.com/kernel/msm/+/android-msm-bullhead-3.10-n-preview-2">git</a>)</td>
+ <td><strong>kernel/msm</strong> android-msm-bullhead-3.10-n-preview-2 (<a href="https://android.googlesource.com/kernel/msm/+/android-msm-bullhead-3.10-n-preview-2">git</a>)
+ </td>
</tr>
<tr>
<td>Nexus 6P (angler)</td>
- <td><strong>kernel/msm</strong> android-msm-angler-3.10-n-preview-2 (<a href="https://android.googlesource.com/kernel/msm/+/android-msm-angler-3.10-n-preview-2">git</a>)</td>
+ <td><strong>kernel/msm</strong> android-msm-angler-3.10-n-preview-2 (<a href="https://android.googlesource.com/kernel/msm/+/android-msm-angler-3.10-n-preview-2">git</a>)
+ </td>
</tr>
</tbody></table>
<p>请注意,以上每个内核都使用了到 3.10 的反向移植。Linux 3.18 中的 EXT4 和 JBD2 驱动程序已移植到基于 3.10 的现有内核中。由于内核各个部分之间存在依赖关系,因此这种反向移植会导致系统停止支持 Nexus 设备不使用的一些功能。其中包括:</p>
@@ -117,7 +120,7 @@ Android 提供了文件级加密的参考实现,其中 vold (<a href="https://
</p><p>
测试设备上的 FBE 实现情况时,可以指定以下标记:<code>forcefdeorfbe="&lt;path/to/metadata/partition&gt;"</code>
</p>
-<p>此标记会将设备设为使用 FDE,但允许针对开发者转换为 FBE。默认情况下,此标记的行为类似于 <code>forceencrypt</code>,会使设备进入 FDE 模式。不过,它将提供一个调试选项,以便在开发者预览中允许将设备切换到 FBE 模式。另外,还可以使用以下命令在 fastboot 中启用 FBE:</p>
+<p>此标记会将设备设为使用 FDE,但允许针对开发者转换为 FBE。默认情况下,此标记的行为类似于 <code>forceencrypt</code>,会使设备进入 FDE 模式。不过,它将提供一个调试选项,以便在开发者预览中允许将设备切换到 FBE 模式。另外,还可以使用以下命令在 fastboot 中启用 FBE:</p>
<p>
</p><pre class="devsite-terminal devsite-click-to-copy">
fastboot --wipe-and-use-fbe
diff --git a/zh-cn/security/overview/acknowledgements.html b/zh-cn/security/overview/acknowledgements.html
index 3094e789..c6a10575 100644
--- a/zh-cn/security/overview/acknowledgements.html
+++ b/zh-cn/security/overview/acknowledgements.html
@@ -25,6 +25,89 @@
<h2 id="2018">2018</h2>
<p>2018 年的安全致谢信息将按月列出。过去几年的致谢信息是列在一起的。</p>
+<h4 id="mar-2018">3 月</h4>
+
+ <table>
+ <colgroup><col width="70%" />
+ <col width="30%" />
+ </colgroup><tbody><tr>
+ <th>研究人员</th>
+ <th>CVE</th>
+ </tr>
+ <tr>
+ <td>Google 的 Billy Lau</td>
+ <td>CVE-2017-14879</td>
+ </tr>
+ <tr>
+ <td>Copperhead Security 的 Daniel Micay</td>
+ <td>CVE-2017-13265</td>
+ </tr>
+ <tr>
+ <td><a href="mailto:shaodacheng2016@gmail.com">Dacheng Shao</a> 和周明建</td>
+ <td>CVE-2017-6288</td>
+ </tr>
+ <tr>
+ <td>奇虎 360 科技有限公司 Alpha 团队的 Elphet 和龚广</td>
+ <td>CVE-2017-13254</td>
+ </tr>
+ <tr>
+ <td>Shellphish Grill 团队的 Jake Corina</td>
+ <td>CVE-2018-3560</td>
+ </tr>
+ <tr>
+ <td>奇虎 360 科技有限公司 Alpha 团队的 Jianjun Dai (<a href="https://twitter.com/jioun_dai">@Jioun_dai</a>) 和龚广</td>
+ <td>CVE-2017-13266、CVE-2017-13256、CVE-2017-13255</td>
+ </tr>
+ <tr>
+ <td>Julian Rauchberger</td>
+ <td>CVE-2017-13258</td>
+ </tr>
+ <tr>
+ <td><a href="http://c0reteam.org">C0RE 团队</a>的 Hongli Han (<a href="https://twitter.com/hexb1n">@HexB1n</a>)、<a href="mailto:shaodacheng2016@gmail.com">Dacheng Shao</a> 和周明建 (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>)</td>
+ <td>CVE-2017-6287</td>
+ </tr>
+ <tr>
+ <td><a href="http://c0reteam.org">C0RE 团队</a>的 Hongli Han (<a href="https://twitter.com/HexB1n">@HexB1n</a>) 和周明建 (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>)</td>
+ <td>CVE-2017-6286、CVE-2017-6285、CVE-2017-6281</td>
+ </tr>
+ <tr>
+ <td>百度安全实验室的丁鹏飞、包沉浮和韦韬</td>
+ <td>CVE-2017-13262、CVE-2017-13261、CVE-2017-13260、CVE-2017-11029、CVE-2017-15814</td>
+ </tr>
+ <tr>
+ <td>腾讯安全平台部门的 Peter Pi</td>
+ <td>CVE-2017-13269</td>
+ </tr>
+ <tr>
+ <td>Zimperium zLabs 团队的 Tamir Zahavi-Brunner (<a href="https://twitter.com/tamir_zb">@tamir_zb</a>)</td>
+ <td>CVE-2017-13253</td>
+ </tr>
+ <tr>
+ <td>Vasily Vasiliev</td>
+ <td>CVE-2017-13249、CVE-2017-13248、CVE-2017-13264</td>
+ </tr>
+ <tr>
+ <td>蚂蚁金服巴斯光年安全实验室的<a href="http://www.weibo.com/wishlinux">吴潍浠</a> (<a href=" https://twitter.com/wish_wu">@wish_wu</a>)</td>
+ <td>CVE-2017-13259、CVE-2017-13272</td>
+ </tr>
+ <tr>
+ <td>蚂蚁金服巴斯光年安全实验室的 Yaoguang Chen</td>
+ <td>CVE-2017-13257、CVE-2017-13268</td>
+ </tr>
+ <tr>
+ <td>奇虎 360 科技有限公司 IceSword 实验室的 Yonggang Guo (<a href="https://twitter.com/guoygang">@guoygang</a>)</td>
+ <td>CVE-2017-13271</td>
+ </tr>
+ <tr>
+ <td>腾讯安全平台部门的 ZhangBo</td>
+ <td>CVE-2017-18069</td>
+ </tr>
+ <tr>
+ <td>奇虎 360 科技有限公司成都安全响应中心的 <a href="http://weibo.com/ele7enxxh">Zinuo Han</a></td>
+ <td>CVE-2017-13252、CVE-2017-13251、CVE-2018-3561</td>
+ </tr>
+</tbody></table>
+
<h4 id="feb-2018">2 月</h4>
<table>
@@ -71,13 +154,13 @@
</td>
</tr>
<tr>
- <td><a href="http://c0reteam.org">C0RE 团队</a>的 Hongli Han (<a href="https://twitter.com/HexB1n">@HexB1n</a>)、<a href="mailto:shaodacheng2016@gmail.com">Dacheng Shao</a> 和 Mingjian Zhou (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>)
+ <td><a href="http://c0reteam.org">C0RE 团队</a>的 Hongli Han (<a href="https://twitter.com/HexB1n">@HexB1n</a>)、<a href="mailto:shaodacheng2016@gmail.com">Dacheng Shao</a> 和周明建 (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>)
</td>
<td>CVE-2017-6258
</td>
</tr>
<tr>
- <td><a href="http://c0reteam.org">CORE 团队</a>的 Hongli Han (<a href="https://twitter.com/HexB1n">@HexB1n</a>)、Mingjian Zhou (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>)
+ <td><a href="http://c0reteam.org">CORE 团队</a>的 Hongli Han (<a href="https://twitter.com/HexB1n">@HexB1n</a>)、周明建 (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>)
</td>
<td>CVE-2017-17767、CVE-2017-6279
</td>
@@ -172,7 +255,7 @@
<td>CVE-2017-13214</td>
</tr>
<tr>
- <td><a href="http://c0reteam.org">C0RE 团队</a>的 <a href="mailto:zc1991@mail.ustc.edu.cn">Chi Zhang</a> 和 Mingjian Zhou (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>)</td>
+ <td><a href="http://c0reteam.org">C0RE 团队</a>的 <a href="mailto:zc1991@mail.ustc.edu.cn">Chi Zhang</a> 和周明建 (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>)</td>
<td>CVE-2017-13178、CVE-2017-13179</td>
</tr>
<tr>
@@ -184,11 +267,11 @@
<td>CVE-2017-13198</td>
</tr>
<tr>
- <td><a href="http://c0reteam.org">C0RE 团队</a>的 Hongli Han (<a href="https://twitter.com/HexB1n">@HexB1n</a>) 和 Mingjian Zhou (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>)</td>
+ <td><a href="http://c0reteam.org">C0RE 团队</a>的 Hongli Han (<a href="https://twitter.com/HexB1n">@HexB1n</a>) 和周明建 (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>)</td>
<td>CVE-2017-13183、CVE-2017-13180</td>
</tr>
<tr>
- <td><a href="http://c0reteam.org">C0RE 团队</a>的 Hongli Han (<a href="https://twitter.com/HexB1n">@HexB1n</a>)、<a href="mailto:shaodacheng2016@gmail.com">Dacheng Shao</a> 和 Mingjian Zhou (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>)</td>
+ <td><a href="http://c0reteam.org">C0RE 团队</a>的 Hongli Han (<a href="https://twitter.com/HexB1n">@HexB1n</a>)、<a href="mailto:shaodacheng2016@gmail.com">Dacheng Shao</a> 和周明建 (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>)</td>
<td>CVE-2017-13194</td>
</tr>
<tr>
@@ -1494,8 +1577,7 @@ William Roberts</a> (<a href="mailto:bill.c.roberts@gmail.com">bill.c.roberts@gm
<p>印第安纳大学布卢明顿分校的 <a href="http://homes.soic.indiana.edu/luyixing">Luyi Xing</a> (<a href="mailto:xingluyi@gmail.com">xingluyi@gmail.com</a>)</p>
<p><a href="https://isecpartners.com/">iSEC Partners</a> 的 <a href="https://lacklustre.net/">Mike Ryan</a>
-<br />(<a href="https://twitter.com/mpeg4codec">@mpeg4codec</a>、<a href="mailto:mikeryan@isecpartners.com">mikeryan@isecpartners.com
-</a>)</p>
+<br />(<a href="https://twitter.com/mpeg4codec">@mpeg4codec</a>、<a href="mailto:mikeryan@isecpartners.com">mikeryan@isecpartners.com</a>)</p>
<p><a href="http://illinois.edu/">伊利诺伊大学厄巴纳-尚佩恩分校</a>的 <a href="http://cryptoonline.com/">Muhammad Naveed</a>
<br />(<a href="mailto:naveed2@illinois.edu">naveed2@illinois.edu</a>)</p>
diff --git a/zh-cn/security/overview/updates-resources.html b/zh-cn/security/overview/updates-resources.html
index 32653fbc..7ef59eb0 100644
--- a/zh-cn/security/overview/updates-resources.html
+++ b/zh-cn/security/overview/updates-resources.html
@@ -223,6 +223,7 @@
<h3 id="reports">报告</h3>
<p>Android 安全团队有时会发布报告或白皮书。以下是一些最新发布的内容。</p>
<ul>
+ <li><a href="/security/reports/Google_Android_Security_2017_Report_Final.pdf">Android 安全性 2017 年年度回顾报告</a></li>
<li><a href="/security/reports/Google_Android_Security_2016_Report_Final.pdf">Android 安全性 2016 年年度回顾报告</a></li>
<li><a href="/security/reports/Google_Android_Security_2015_Report_Final.pdf">Android 安全性 2015 年年度回顾报告</a></li>
<li><a href="/security/reports/Google_Android_Security_2014_Report_Final.pdf">Android 安全性 2014 年年度回顾报告</a></li>
diff --git a/zh-tw/security/bulletin/2015-08-01.html b/zh-tw/security/bulletin/2015-08-01.html
index 734905d8..f95c10d3 100644
--- a/zh-tw/security/bulletin/2015-08-01.html
+++ b/zh-tw/security/bulletin/2015-08-01.html
@@ -130,18 +130,13 @@
<p>受影響的功能是以應用程式 API 形式提供使用,而多個應用程式都允許遠端內容連到這項功能,其中最常見的內容是多媒體訊息和瀏覽器中播放的媒體。</p>
-<p>由於這個問題可能會讓遠端程式碼當做獲得授權的服務來執行,因此嚴重程度被評定為「最高」。儘管媒體伺服器
-會受到 SELinux 保護,但它確實能夠存取音訊和視訊串流,
-以及在許多裝置上獲得授權的核心驅動程式裝置節點 (這是
-第三方應用程式一般無法存取的權限)。</p>
+<p>由於這個問題可能會讓遠端程式碼當做獲得授權的服務來執行,因此嚴重程度被評定為「最高」。儘管媒體伺服器會受到 SELinux 保護,但它確實能夠存取音訊和視訊串流,以及在許多裝置上獲得授權的核心驅動程式裝置節點 (這是第三方應用程式一般無法存取的權限)。</p>
-<p>請注意,依據舊版的嚴重程度評定規範,這項漏洞被評定為
-「高」的影響程度,並已據此回報給合作夥伴。但依據
-我們 2015 年 6 月發佈的新版規範,這項漏洞卻屬於「最高」等級的問題。</p>
+<p>請注意,依據舊版的嚴重程度評定規範,這項漏洞的嚴重程度被評定為「高」,並已據此回報給合作夥伴,但依據我們 2015 年 6 月發佈的新版規範,這項漏洞屬於「最高」等級的問題。</p>
<table>
<tbody><tr>
<th>CVE</th>
- <th>錯誤 (附有 AOSP 連結)</th>
+ <th>錯誤 (附有 Android 開放原始碼計劃連結)</th>
<th>嚴重程度</th>
<th>受影響的版本</th>
</tr>
@@ -164,15 +159,11 @@
都允許遠端內容連到這項功能,其中最常見的內容是多媒體
訊息和瀏覽器中播放的媒體。</p>
-<p>由於這個問題可能會讓遠端程式碼當做獲得授權的服務來
-執行,因此被評定為「最高」的影響程度。儘管媒體伺服器
-會受到 SELinux 保護,但它確實能夠存取音訊和視訊串流,
-以及在許多裝置上獲得授權的核心驅動程式裝置節點 (這是
-第三方應用程式一般無法存取的權限)。請注意,依據舊版的嚴重程度評定規範,這項漏洞的嚴重程度被評定為「高」,並已據此回報給合作夥伴,但依據我們 2015 年 6 月發佈的新版規範,這項漏洞卻屬於「最高」等級的問題。</p>
+<p>由於這個問題可能會讓遠端程式碼當做獲得授權的服務來執行,因此嚴重程度被評定為「最高」。儘管媒體伺服器會受到 SELinux 保護,但它確實能夠存取音訊和視訊串流,以及在許多裝置上獲得授權的核心驅動程式裝置節點 (這是第三方應用程式一般無法存取的權限)。請注意,依據舊版的嚴重程度評定規範,這項漏洞的嚴重程度被評定為「高」,並已據此回報給合作夥伴,但依據我們 2015 年 6 月發佈的新版規範,這項漏洞屬於「最高」等級的問題。</p>
<table>
<tbody><tr>
<th>CVE</th>
- <th>錯誤 (附有 AOSP 連結)</th>
+ <th>錯誤 (附有 Android 開放原始碼計劃連結)</th>
<th>嚴重程度</th>
<th>受影響的版本</th>
</tr>
@@ -195,15 +186,11 @@
都允許遠端內容連到這項功能,其中最常見的內容是多媒體
訊息和瀏覽器中播放的媒體。</p>
-<p>由於這個問題可能會讓遠端程式碼當做獲得授權的服務來
-執行,因此被評定為「最高」的影響程度。儘管媒體伺服器
-會受到 SELinux 保護,但它確實能夠存取音訊和視訊串流,
-以及在許多裝置上獲得授權的核心驅動程式裝置節點 (這是
-第三方應用程式一般無法存取的權限)。請注意,依據舊版的嚴重程度評定規範,這項漏洞的嚴重程度被評定為「高」,並已據此回報給合作夥伴,但依據我們 2015 年 6 月發佈的新版規範,這項漏洞卻屬於「最高」等級的問題。</p>
+<p>由於這個問題可能會讓遠端程式碼當做獲得授權的服務來執行,因此嚴重程度被評定為「最高」。儘管媒體伺服器會受到 SELinux 保護,但它確實能夠存取音訊和視訊串流,以及在許多裝置上獲得授權的核心驅動程式裝置節點 (這是第三方應用程式一般無法存取的權限)。請注意,依據舊版的嚴重程度評定規範,這項漏洞的嚴重程度被評定為「高」,並已據此回報給合作夥伴,但依據我們 2015 年 6 月發佈的新版規範,這項漏洞屬於「最高」等級的問題。</p>
<table>
<tbody><tr>
<th>CVE</th>
- <th>錯誤 (附有 AOSP 連結)</th>
+ <th>錯誤 (附有 Android 開放原始碼計劃連結)</th>
<th>嚴重程度</th>
<th>受影響的版本</th>
</tr>
@@ -225,15 +212,11 @@
都允許遠端內容連到這項功能,其中最常見的內容是多媒體
訊息和瀏覽器中播放的媒體。</p>
-<p>由於這個問題可能會讓遠端程式碼當做獲得授權的服務來
-執行,因此被評定為「最高」的影響程度。儘管媒體伺服器
-會受到 SELinux 保護,但它確實能夠存取音訊和視訊串流,
-以及在許多裝置上獲得授權的核心驅動程式裝置節點 (這是
-第三方應用程式一般無法存取的權限)。請注意,依據舊版的嚴重程度評定規範,這項漏洞的嚴重程度被評定為「高」,並已據此回報給合作夥伴,但依據我們 2015 年 6 月發佈的新版規範,這項漏洞卻屬於「最高」等級的問題。</p>
+<p>由於這個問題可能會讓遠端程式碼當做獲得授權的服務來執行,因此嚴重程度被評定為「最高」。儘管媒體伺服器會受到 SELinux 保護,但它確實能夠存取音訊和視訊串流,以及在許多裝置上獲得授權的核心驅動程式裝置節點 (這是第三方應用程式一般無法存取的權限)。請注意,依據舊版的嚴重程度評定規範,這項漏洞的嚴重程度被評定為「高」,並已據此回報給合作夥伴,但依據我們 2015 年 6 月發佈的新版規範,這項漏洞屬於「最高」等級的問題。</p>
<table>
<tbody><tr>
<th>CVE</th>
- <th>錯誤 (附有 AOSP 連結)</th>
+ <th>錯誤 (附有 Android 開放原始碼計劃連結)</th>
<th>嚴重程度</th>
<th>受影響的版本</th>
</tr>
@@ -255,8 +238,7 @@
都允許遠端內容連到這項功能,其中最常見的內容是多媒體
訊息和瀏覽器中播放的媒體。</p>
-<p>由於這個問題可能會讓遠端程式碼當做獲得授權的服務來
-執行,因此被評定為「最高」的影響程度。儘管媒體伺服器
+<p>由於這個問題可能會讓遠端程式碼當做獲得授權的服務來執行,因此嚴重程度被評定為「最高」。儘管媒體伺服器
會受到 SELinux 保護,但它確實能夠存取音訊和視訊串流,
以及在許多裝置上獲得授權的核心驅動程式裝置節點 (這是
第三方應用程式一般無法存取的權限)。</p>
@@ -268,7 +250,7 @@
<table>
<tbody><tr>
<th>CVE</th>
- <th>錯誤 (附有 AOSP 連結)</th>
+ <th>錯誤 (附有 Android 開放原始碼計劃連結)</th>
<th>嚴重程度</th>
<th>受影響的版本</th>
</tr>
@@ -295,7 +277,7 @@
<table>
<tbody><tr>
<th>CVE</th>
- <th>錯誤 (附有 AOSP 連結)</th>
+ <th>錯誤 (附有 Android 開放原始碼計劃連結)</th>
<th>嚴重程度</th>
<th>受影響的版本</th>
</tr>
@@ -323,7 +305,7 @@
<table>
<tbody><tr>
<th>CVE</th>
- <th>錯誤 (附有 AOSP 連結)</th>
+ <th>錯誤 (附有 Android 開放原始碼計劃連結)</th>
<th>嚴重程度</th>
<th>受影響的版本</th>
</tr>
@@ -362,7 +344,7 @@
<table>
<tbody><tr>
<th>CVE</th>
- <th>錯誤 (附有 AOSP 連結)</th>
+ <th>錯誤 (附有 Android 開放原始碼計劃連結)</th>
<th>嚴重程度</th>
<th>受影響的版本</th>
</tr>
@@ -385,7 +367,7 @@
<table>
<tbody><tr>
<th>CVE</th>
- <th>錯誤 (附有 AOSP 連結)</th>
+ <th>錯誤 (附有 Android 開放原始碼計劃連結)</th>
<th>嚴重程度</th>
<th>受影響的版本</th>
</tr>
@@ -413,7 +395,7 @@
<table>
<tbody><tr>
<th>CVE</th>
- <th>錯誤 (附有 AOSP 連結)</th>
+ <th>錯誤 (附有 Android 開放原始碼計劃連結)</th>
<th>嚴重程度</th>
<th>受影響的版本</th>
</tr>
@@ -441,7 +423,7 @@
<table>
<tbody><tr>
<th>CVE</th>
- <th>錯誤 (附有 AOSP 連結)</th>
+ <th>錯誤 (附有 Android 開放原始碼計劃連結)</th>
<th>嚴重程度</th>
<th>受影響的版本</th>
</tr>
@@ -469,7 +451,7 @@
<table>
<tbody><tr>
<th>CVE</th>
- <th>錯誤 (附有 AOSP 連結)</th>
+ <th>錯誤 (附有 Android 開放原始碼計劃連結)</th>
<th>嚴重程度</th>
<th>受影響的版本</th>
</tr>
@@ -493,7 +475,7 @@
<table>
<tbody><tr>
<th>CVE</th>
- <th>錯誤 (附有 AOSP 連結)</th>
+ <th>錯誤 (附有 Android 開放原始碼計劃連結)</th>
<th>嚴重程度</th>
<th>受影響的版本</th>
</tr>
@@ -520,7 +502,7 @@
<table>
<tbody><tr>
<th>CVE</th>
- <th>錯誤 (附有 AOSP 連結)</th>
+ <th>錯誤 (附有 Android 開放原始碼計劃連結)</th>
<th>嚴重程度</th>
<th>受影響的版本</th>
</tr>
@@ -545,7 +527,7 @@
<table>
<tbody><tr>
<th>CVE</th>
- <th>錯誤 (附有 AOSP 連結)</th>
+ <th>錯誤 (附有 Android 開放原始碼計劃連結)</th>
<th>嚴重程度</th>
<th>受影響的版本</th>
</tr>
@@ -568,7 +550,7 @@
<table>
<tbody><tr>
<th>CVE</th>
- <th>錯誤 (附有 AOSP 連結)</th>
+ <th>錯誤 (附有 Android 開放原始碼計劃連結)</th>
<th>嚴重程度</th>
<th>受影響的版本</th>
</tr>
@@ -598,7 +580,7 @@
<table>
<tbody><tr>
<th>CVE</th>
- <th>錯誤 (附有 AOSP 連結)</th>
+ <th>錯誤 (附有 Android 開放原始碼計劃連結)</th>
<th>嚴重程度</th>
<th>受影響的版本</th>
</tr>
@@ -621,7 +603,7 @@
<table>
<tbody><tr>
<th>CVE</th>
- <th>錯誤 (附有 AOSP 連結)</th>
+ <th>錯誤 (附有 Android 開放原始碼計劃連結)</th>
<th>嚴重程度</th>
<th>受影響的版本</th>
</tr>
diff --git a/zh-tw/security/bulletin/2015-12-01.html b/zh-tw/security/bulletin/2015-12-01.html
index 5b9f335c..76987cbc 100644
--- a/zh-tw/security/bulletin/2015-12-01.html
+++ b/zh-tw/security/bulletin/2015-12-01.html
@@ -36,8 +36,7 @@
<ul>
<li>Android 平台持續推出新的版本來強化安全性,因此有心人士越來越難在 Android 系統上找出漏洞加以利用。我們建議所有使用者盡可能更新至最新版的 Android。</li>
- <li>Android 安全性小組採用「驗證應用程式」和 SafetyNet 主動監控濫用情形,這些功能果發現應用程式可能有害,將在安裝作業前發出警告。Google Play 內禁止發佈任何可用於獲取裝置 Root 權限的工具。為了在使用者安裝 Google Play 外的應用程式時提供保護,系統預設會啟用驗證應用程式,並向使用者發出警告,提醒他們留意目前已知會獲取 Root 權限的應用程式。「驗證應用程式」會盡可能找出已知會利用權限升級漏洞的惡意應用程式,
-並封鎖這類應用程式的安裝程序。如果使用者已安裝這類應用程式,「驗證應用程式」會通知使用者,並嘗試移除該應用程式。</li>
+ <li>Android 安全性小組採用「驗證應用程式」和 SafetyNet 主動監控濫用情形,這些功能果發現應用程式可能有害,將在安裝作業前發出警告。Google Play 內禁止發佈任何可用於獲取裝置 Root 權限的工具。為了保護不是在 Google Play 安裝應用程式的使用者,「驗證應用程式」在預設狀態下會自動啟用並向使用者發出警告,提醒他們留意目前已知的破解程式 (用於取得 Root 權限的應用程式)。「驗證應用程式」會盡可能找出已知會利用權限升級漏洞的惡意應用程式,並封鎖這類應用程式的安裝程序。如果使用者已安裝這類應用程式,「驗證應用程式」會通知使用者,並嘗試移除該應用程式。</li>
<li>在適用情況下,Google Hangouts 和 Messenger 應用程式不會自動將媒體內容傳送給媒體伺服器這類的處理程序。</li>
</ul>
@@ -139,9 +138,9 @@ CVE-2015-6619、CVE-2015-6633、CVE-2015-6634
<table>
<tbody><tr>
<th>CVE</th>
- <th>錯誤 (附有 AOSP 連結)</th>
+ <th>錯誤 (附有 Android 開放原始碼計劃連結)</th>
<th>嚴重程度</th>
- <th>最新版本</th>
+ <th>需要更新的版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -208,13 +207,13 @@ CVE-2015-6619、CVE-2015-6633、CVE-2015-6634
<h3 id="elevation_of_privilege_vulnerabilities_in_libstagefright">
libstagefright 中的權限升級漏洞</h3>
-<p>libstagefright 中有多項漏洞,本機惡意應用程式可加以利用,在媒體伺服器服務環境內執行任何程式碼。由於這個問題可用於取得某些進階權限 (例如 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> 或 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> 等第三方應用程式無法存取的權限),因此嚴重程度被評定為「高」。</p>
+<p>libstagefright 中有多項漏洞,本機惡意應用程式可加以利用,在媒體伺服器服務環境內執行任何程式碼。由於這個問題可用於取得進階功能 (例如 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> 或 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> 等第三方應用程式無法存取的權限),因此嚴重程度被評定為「高」。</p>
<table>
<tbody><tr>
<th>CVE</th>
- <th>錯誤 (附有 AOSP 連結)</th>
+ <th>錯誤 (附有 Android 開放原始碼計劃連結)</th>
<th>嚴重程度</th>
- <th>最新版本</th>
+ <th>需要更新的版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -235,7 +234,7 @@ libstagefright 中的權限升級漏洞</h3>
<h3 id="elevation_of_privilege_vulnerability_in_systemui">
SystemUI 中的權限升級漏洞</h3>
-<p>使用鬧鐘應用程式設定鬧鐘時,應用程式可能會利用 SystemUI 元件中的漏洞執行更高權限等級的工作。由於這個問題可用於取得某些進階權限 (例如 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> 或 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> 等第三方應用程式無法存取的權限),因此嚴重程度被評定為「高」。</p>
+<p>使用鬧鐘應用程式設定鬧鐘時,應用程式可能會利用 SystemUI 元件中的漏洞執行更高權限等級的工作。由於這個問題可用於取得進階功能 (例如 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> 或 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> 等第三方應用程式無法存取的權限),因此嚴重程度被評定為「高」。</p>
<table>
<tbody><tr>
<th>CVE</th>
@@ -255,13 +254,13 @@ SystemUI 中的權限升級漏洞</h3>
<h3 id="information_disclosure_vulnerability_in_native_frameworks_library">原生架構程式庫中的資訊外洩漏洞</h3>
-<p>Android 原生架構程式庫中的資訊外洩漏洞可讓有心人士用來規避系統中用於防範攻擊者惡意運用平台的安全措施。由於這些問題也能用來取得某些進階權限 (例如 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> 或 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> 等第三方應用程式無法存取的權限),因此嚴重程度被評定為「高」。</p>
+<p>Android 原生架構程式庫中的資訊外洩漏洞可讓有心人士用來規避系統中用於防範攻擊者惡意運用平台的安全措施。由於這些問題也能用來取得更高權限的功能 (例如 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> 或 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> 等第三方應用程式無法存取的權限),因此嚴重程度被評定為「高」。</p>
<table>
<tbody><tr>
<th>CVE</th>
- <th>錯誤 (附有 AOSP 連結)</th>
+ <th>錯誤 (附有 Android 開放原始碼計劃連結)</th>
<th>嚴重程度</th>
- <th>最新版本</th>
+ <th>需要更新的版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -275,7 +274,7 @@ SystemUI 中的權限升級漏洞</h3>
<h3 id="elevation_of_privilege_vulnerability_in_wi-fi">Wi-Fi 連線中的權限升級漏洞</h3>
-<p>Wi-Fi 連線中的權限升級漏洞可能會讓本機惡意應用程式在進階系統服務環境內執行任何程式碼。由於這個問題可用於取得某些進階權限 (例如 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> 或 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> 等第三方應用程式無法存取的權限),因此嚴重程度被評定為「高」。</p>
+<p>Wi-Fi 連線中的權限升級漏洞可能會讓本機惡意應用程式在進階系統服務環境內執行任何程式碼。由於這個問題可用於取得進階功能 (例如 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> 或 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> 等第三方應用程式無法存取的權限),因此嚴重程度被評定為「高」。</p>
<table>
<tbody><tr>
<th>CVE</th>
@@ -295,7 +294,7 @@ SystemUI 中的權限升級漏洞</h3>
<h3 id="elevation_of_privilege_vulnerability_in_system_server">系統伺服器中的權限升級漏洞</h3>
-<p>系統伺服器元件中的權限升級漏洞可讓本機惡意應用程式取得服務相關資訊的存取權。由於這個問題可用於取得某些進階權限 (例如 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> 或 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> 等第三方應用程式無法存取的權限),因此嚴重程度被評定為「高」。</p>
+<p>系統伺服器元件中的權限升級漏洞可讓本機惡意應用程式取得服務相關資訊的存取權。由於這個問題可用於取得進階功能 (例如 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> 或 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> 等第三方應用程式無法存取的權限),因此嚴重程度被評定為「高」。</p>
<table>
<tbody><tr>
<th>CVE</th>
@@ -316,7 +315,7 @@ SystemUI 中的權限升級漏洞</h3>
<h3 id="information_disclosure_vulnerabilities_in_libstagefright">
libstagefright 中的資訊外洩漏洞</h3>
-<p>在系統與媒體伺服器進行通訊時,libstagefright 中的一些資訊外洩漏洞可讓有心人士用來規避系統中用於防範攻擊者惡意運用平台的安全措施。由於這些問題也能用來取得某些進階權限 (例如 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> 或 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> 等第三方應用程式無法存取的權限),因此嚴重程度被評定為「高」。</p>
+<p>在系統與媒體伺服器進行通訊時,libstagefright 中的一些資訊外洩漏洞可讓有心人士用來規避系統中用於防範攻擊者惡意運用平台的安全措施。由於這些問題也能用來取得更高權限的功能 (例如 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> 或 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> 等第三方應用程式無法存取的權限),因此嚴重程度被評定為「高」。</p>
<table>
<tbody><tr>
<th>CVE</th>
@@ -350,7 +349,7 @@ libstagefright 中的資訊外洩漏洞</h3>
<h3 id="information_disclosure_vulnerability_in_audio">音訊中的資訊外洩漏洞</h3>
-<p>音訊元件中的漏洞可能會在系統處理音訊檔案時遭到惡意運用。在處理某些特殊的檔案時,本機惡意應用程式可能會利用這項漏洞造成資訊外洩。由於這個問題可用於取得某些進階權限 (例如 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> 或 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> 等第三方應用程式無法存取的權限),因此嚴重程度被評定為「高」。</p>
+<p>音訊元件中的漏洞可能會在系統處理音訊檔案時遭到惡意運用。在處理某些特殊的檔案時,本機惡意應用程式可能會利用這項漏洞造成資訊外洩。由於這個問題可用於取得進階功能 (例如 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> 或 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> 等第三方應用程式無法存取的權限),因此嚴重程度被評定為「高」。</p>
<table>
<tbody><tr>
<th>CVE</th>
@@ -390,7 +389,7 @@ libstagefright 中的資訊外洩漏洞</h3>
<h3 id="information_disclosure_vulnerability_in_wi-fi">Wi-Fi 連線中的資訊外洩漏洞</h3>
-<p>Wi-Fi 元件中的漏洞可讓攻擊者造成 Wi-Fi 服務洩漏資訊。由於這個問題可用於取得某些進階權限 (例如 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> 或 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> 等第三方應用程式無法存取的權限),因此嚴重程度被評定為「高」。</p>
+<p>Wi-Fi 元件中的漏洞可讓攻擊者造成 Wi-Fi 服務洩漏資訊。由於這個問題可用於取得進階功能 (例如 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> 或 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> 等第三方應用程式無法存取的權限),因此嚴重程度被評定為「高」。</p>
<table>
<tbody><tr>
<th>CVE</th>
@@ -414,7 +413,7 @@ libstagefright 中的資訊外洩漏洞</h3>
<table>
<tbody><tr>
<th>CVE</th>
- <th>錯誤 (附有 AOSP 連結)</th>
+ <th>錯誤 (附有 Android 開放原始碼計劃連結)</th>
<th>嚴重程度</th>
<th>需要更新的版本</th>
<th>回報日期</th>
diff --git a/zh-tw/security/bulletin/2016-06-01.html b/zh-tw/security/bulletin/2016-06-01.html
index 772813f7..a53b2e17 100644
--- a/zh-tw/security/bulletin/2016-06-01.html
+++ b/zh-tw/security/bulletin/2016-06-01.html
@@ -87,7 +87,7 @@
<th>Android 錯誤</th>
<th>嚴重程度</th>
<th>更新的 Nexus 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -449,7 +449,7 @@ Qualcomm 音效驅動程式中的權限升級漏洞</h3>
<td><a href="https://android.googlesource.com/platform/frameworks/av/+/ad40e57890f81a3cf436c5f06da66396010bd9e5">27793371</a>
</td>
<td>高</td>
- <td><a href="#nexus_devices">All Nexus</a></td>
+ <td><a href="#nexus_devices">所有 Nexus 裝置</a></td>
<td>4.4.4、5.0.2、5.1.1、6.0、6.0.1</td>
<td>2016 年 3 月 22 日</td>
</tr>
@@ -460,7 +460,7 @@ Qualcomm 音效驅動程式中的權限升級漏洞</h3>
[<a href="https://android.googlesource.com/platform/frameworks/av/+/4e32001e4196f39ddd0b86686ae0231c8f5ed944">3</a>]
</td>
<td>高</td>
- <td><a href="#nexus_devices">All Nexus</a></td>
+ <td><a href="#nexus_devices">所有 Nexus 裝置</a></td>
<td>4.4.4、5.0.2、5.1.1、6.0、6.0.1</td>
<td>Google 內部資訊</td>
</tr>
@@ -660,7 +660,7 @@ SD 卡模擬層中的權限升級漏洞</h3>
<th>Android 錯誤</th>
<th>嚴重程度</th>
<th>更新的 Nexus 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -668,7 +668,7 @@ SD 卡模擬層中的權限升級漏洞</h3>
<td><a href="https://android.googlesource.com/platform/system/core/+/864e2e22fcd0cba3f5e67680ccabd0302dfda45d">28085658</a>
</td>
<td>高</td>
- <td><a href="#nexus_devices">All Nexus</a></td>
+ <td><a href="#nexus_devices">所有 Nexus 裝置</a></td>
<td>4.4.4、5.0.2、5.1.1、6.0、6.0.1</td>
<td>2016 年 4 月 7 日</td>
</tr>
@@ -718,7 +718,7 @@ Broadcom Wi-Fi 驅動程式中的權限升級漏洞</h3>
<th>Android 錯誤</th>
<th>嚴重程度</th>
<th>更新的 Nexus 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -727,7 +727,7 @@ Broadcom Wi-Fi 驅動程式中的權限升級漏洞</h3>
[<a href="https://android.googlesource.com/platform/frameworks/av/+/b57b3967b1a42dd505dbe4fcf1e1d810e3ae3777">2</a>]
</td>
<td>高</td>
- <td><a href="#nexus_devices">All Nexus</a></td>
+ <td><a href="#nexus_devices">所有 Nexus 裝置</a></td>
<td>4.4.4、5.0.2、5.1.1、6.0、6.0.1</td>
<td>2016 年 4 月 6 日</td>
</tr>
@@ -749,7 +749,7 @@ Broadcom Wi-Fi 驅動程式中的權限升級漏洞</h3>
<th>Android 錯誤</th>
<th>嚴重程度</th>
<th>更新的 Nexus 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -809,7 +809,7 @@ Qualcomm Wi-Fi 驅動程式中的資訊外洩漏洞</h3>
<th>Android 錯誤</th>
<th>嚴重程度</th>
<th>更新的 Nexus 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -839,7 +839,7 @@ Qualcomm Wi-Fi 驅動程式中的資訊外洩漏洞</h3>
<th>Android 錯誤</th>
<th>嚴重程度</th>
<th>更新的 Nexus 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
diff --git a/zh-tw/security/bulletin/2016-07-01.html b/zh-tw/security/bulletin/2016-07-01.html
index 1e38a37b..371f56f0 100644
--- a/zh-tw/security/bulletin/2016-07-01.html
+++ b/zh-tw/security/bulletin/2016-07-01.html
@@ -105,7 +105,7 @@
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Nexus 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -195,7 +195,7 @@ OpenSSL 和 BoringSSL 中的遠端程式碼執行漏洞</h3>
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Nexus 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -226,7 +226,7 @@ OpenSSL 和 BoringSSL 中的遠端程式碼執行漏洞</h3>
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Nexus 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -234,7 +234,7 @@ OpenSSL 和 BoringSSL 中的遠端程式碼執行漏洞</h3>
<td><a href="https://android.googlesource.com/platform/system/bt/+/514139f4b40cbb035bb92f3e24d5a389d75db9e6">
A-27930580</a></td>
<td>高</td>
- <td><a href="#all_nexus">All Nexus</a></td>
+ <td><a href="#all_nexus">所有 Nexus 裝置</a></td>
<td>4.4.4、5.0.2、5.1.1、6.0、6.0.1</td>
<td>2016 年 3 月 30 日</td>
</tr>
@@ -256,7 +256,7 @@ libpng 中的權限升級漏洞</h3>
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Nexus 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -265,7 +265,7 @@ libpng 中的權限升級漏洞</h3>
A-23265085</a>
</td>
<td>高</td>
- <td><a href="#all_nexus">All Nexus</a></td>
+ <td><a href="#all_nexus">所有 Nexus 裝置</a></td>
<td>4.4.4、5.0.2、5.1.1、6.0、6.0.1</td>
<td>2015 年 12 月 3 日</td>
</tr>
@@ -287,7 +287,7 @@ libpng 中的權限升級漏洞</h3>
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Nexus 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -296,7 +296,7 @@ libpng 中的權限升級漏洞</h3>
A-28173666</a>
</td>
<td>高</td>
- <td><a href="#all_nexus">All Nexus</a></td>
+ <td><a href="#all_nexus">所有 Nexus 裝置</a></td>
<td>4.4.4、5.0.2、5.1.1、6.0、6.0.1</td>
<td>2016 年 4 月 10 日</td>
</tr>
@@ -306,7 +306,7 @@ libpng 中的權限升級漏洞</h3>
A-27890802</a>
</td>
<td>高</td>
- <td><a href="#all_nexus">All Nexus</a></td>
+ <td><a href="#all_nexus">所有 Nexus 裝置</a></td>
<td>4.4.4、5.0.2、5.1.1、6.0、6.0.1</td>
<td>2016 年 3 月 27 日</td>
</tr>
@@ -316,7 +316,7 @@ libpng 中的權限升級漏洞</h3>
A-27903498</a>
</td>
<td>高</td>
- <td><a href="#all_nexus">All Nexus</a></td>
+ <td><a href="#all_nexus">所有 Nexus 裝置</a></td>
<td>4.4.4、5.0.2、5.1.1、6.0、6.0.1</td>
<td>2016 年 3 月 28 日</td>
</tr>
@@ -338,7 +338,7 @@ libpng 中的權限升級漏洞</h3>
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Nexus 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -369,7 +369,7 @@ libpng 中的權限升級漏洞</h3>
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Nexus 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -400,7 +400,7 @@ Framework API 中的權限升級漏洞</h3>
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Nexus 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -409,7 +409,7 @@ Framework API 中的權限升級漏洞</h3>
A-28395952</a>
</td>
<td>高</td>
- <td><a href="#all_nexus">All Nexus</a></td>
+ <td><a href="#all_nexus">所有 Nexus 裝置</a></td>
<td>4.4.4、5.0.2、5.1.1、6.0、6.0.1</td>
<td>2015 年 12 月 16 日</td>
</tr>
@@ -431,7 +431,7 @@ ChooserTarget 服務中的權限升級漏洞</h3>
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Nexus 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -462,7 +462,7 @@ ChooserTarget 服務中的權限升級漏洞</h3>
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Nexus 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -492,7 +492,7 @@ OpenSSL 中的資訊外洩漏洞</h3>
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Nexus 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -522,7 +522,7 @@ OpenSSL 中的資訊外洩漏洞</h3>
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Nexus 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -532,7 +532,7 @@ OpenSSL 中的資訊外洩漏洞</h3>
[<a href="https://android.googlesource.com/platform/frameworks/av/+/e7142a0703bc93f75e213e96ebc19000022afed9">2</a>]
</td>
<td>高</td>
- <td><a href="#all_nexus">All Nexus</a></td>
+ <td><a href="#all_nexus">所有 Nexus 裝置</a></td>
<td>4.4.4、5.0.2、5.1.1、6.0、6.0.1</td>
<td>2016 年 5 月 5 日</td>
</tr>
@@ -552,7 +552,7 @@ OpenSSL 中的資訊外洩漏洞</h3>
A-28556125</a>
</td>
<td>高</td>
- <td><a href="#all_nexus">All Nexus</a></td>
+ <td><a href="#all_nexus">所有 Nexus 裝置</a></td>
<td>4.4.4、5.0.2、5.1.1、6.0、6.0.1</td>
<td>Google 內部資訊</td>
</tr>
@@ -573,7 +573,7 @@ OpenSSL 中的資訊外洩漏洞</h3>
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Nexus 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -602,7 +602,7 @@ OpenSSL 中的資訊外洩漏洞</h3>
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Nexus 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -632,7 +632,7 @@ OpenSSL 中的資訊外洩漏洞</h3>
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Nexus 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -663,7 +663,7 @@ Framework API 中的權限升級漏洞</h3>
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Nexus 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -694,7 +694,7 @@ Framework API 中的權限升級漏洞</h3>
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Nexus 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -726,7 +726,7 @@ NFC 中的權限升級漏洞</h3>
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Nexus 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -757,7 +757,7 @@ NFC 中的權限升級漏洞</h3>
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Nexus 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -788,7 +788,7 @@ Proxy 自動設定中的資訊外洩漏洞</h3>
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Nexus 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -819,7 +819,7 @@ Proxy 自動設定中的資訊外洩漏洞</h3>
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Nexus 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -860,7 +860,7 @@ Proxy 自動設定中的資訊外洩漏洞</h3>
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Nexus 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -881,7 +881,7 @@ Proxy 自動設定中的資訊外洩漏洞</h3>
<h3 id="elevation-of-privilege-vulnerability-in-qualcomm-gpu-driver">
Qualcomm GPU 驅動程式中的權限升級漏洞</h3>
-<p>Qualcomm GPU 驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何程式碼。由於這個問題可能導致本機裝置的安全性徹底被破壞,使裝置必須以還原 (Re-flash) 作業系統的方式才能修復,因此嚴重程度被評定為「最高」。</p>
+<p>Qualcomm GPU 驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何程式碼。由於這個問題可能導致本機裝置的安全性徹底被破壞,造成使用者必須以還原 (Reflash) 作業系統的方式才能修復裝置,因此嚴重程度被評定為「最高」。</p>
<table>
<colgroup><col width="19%" />
@@ -1409,7 +1409,7 @@ Qualcomm USB 驅動程式中的權限升級漏洞</h3>
<h3 id="elevation-of-privilege-vulnerability-in-qualcomm-wi-fi-driver">
Qualcomm Wi-Fi 驅動程式中的權限升級漏洞</h3>
-<p>Qualcomm Wi-Fi 驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何程式碼。由於這種攻擊必須先破壞特定獲授權的程序才能執行,因此這個問題的嚴重程度被評定為「高」。</p>
+<p>Qualcomm Wi-Fi 驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何程式碼。由於這種攻擊必須先破解具有特定權限的程序才能執行,因此這個問題的嚴重程度被評定為「高」。</p>
<table>
<colgroup><col width="19%" />
@@ -1436,7 +1436,7 @@ Qualcomm Wi-Fi 驅動程式中的權限升級漏洞</h3>
<h3 id="elevation-of-privilege-vulnerability-in-qualcomm-camera-driver">
Qualcomm 相機驅動程式中的權限升級漏洞</h3>
-<p>Qualcomm 相機驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何程式碼。由於這種攻擊必須先破壞特定獲授權的程序才能執行,因此這個問題的嚴重程度被評定為「高」。</p>
+<p>Qualcomm 相機驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何程式碼。由於這種攻擊必須先破解具有特定權限的程序才能執行,因此這個問題的嚴重程度被評定為「高」。</p>
<table>
<colgroup><col width="19%" />
@@ -1528,7 +1528,7 @@ MediaTek 電源驅動程式中的權限升級漏洞</h3>
<h3 id="elevation-of-privilege-vulnerability-in-qualcomm-wi-fi-driver-2">
Qualcomm Wi-Fi 驅動程式中的權限升級漏洞</h3>
-<p>Qualcomm Wi-Fi 驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何程式碼。由於這種攻擊必須先破壞特定獲授權的程序才能執行,因此這個問題的嚴重程度被評定為「高」。</p>
+<p>Qualcomm Wi-Fi 驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何程式碼。由於這種攻擊必須先破解具有特定權限的程序才能執行,因此這個問題的嚴重程度被評定為「高」。</p>
<table>
<colgroup><col width="19%" />
@@ -1556,7 +1556,7 @@ Qualcomm Wi-Fi 驅動程式中的權限升級漏洞</h3>
<h3 id="elevation-of-privilege-vulnerability-in-mediatek-hardware-sensor-driver">
MediaTek 硬體感測器驅動程式中的權限升級漏洞</h3>
-<p>MediaTek 硬體感測器驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何程式碼。由於這種攻擊必須先破壞特定獲授權的程序才能執行,因此這個問題的嚴重程度被評定為「高」。</p>
+<p>MediaTek 硬體感測器驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何程式碼。由於這種攻擊必須先破解具有特定權限的程序才能執行,因此這個問題的嚴重程度被評定為「高」。</p>
<table>
<colgroup><col width="19%" />
@@ -1584,7 +1584,7 @@ MediaTek 硬體感測器驅動程式中的權限升級漏洞</h3>
<h3 id="elevation-of-privilege-vulnerability-in-mediatek-video-driver">
MediaTek 視訊驅動程式中的權限升級漏洞</h3>
-<p>MediaTek 視訊驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何程式碼。由於這種攻擊必須先破壞特定獲授權的程序才能執行,因此這個問題的嚴重程度被評定為「高」。</p>
+<p>MediaTek 視訊驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何程式碼。由於這種攻擊必須先破解具有特定權限的程序才能執行,因此這個問題的嚴重程度被評定為「高」。</p>
<table>
<colgroup><col width="19%" />
diff --git a/zh-tw/security/bulletin/2016-08-01.html b/zh-tw/security/bulletin/2016-08-01.html
index 9c904264..2c490115 100644
--- a/zh-tw/security/bulletin/2016-08-01.html
+++ b/zh-tw/security/bulletin/2016-08-01.html
@@ -158,7 +158,7 @@ CVE-2016-2504</li>
<td><a href="https://android.googlesource.com/platform/external/jhead/+/bae671597d47b9e5955c4cb742e468cebfd7ca6b">
A-28868315</a></td>
<td>高</td>
- <td>All Nexus</td>
+ <td>所有 Nexus 裝置</td>
<td>4.4.4、5.0.2、5.1.1、6.0、6.0.1</td>
<td>Google 內部資訊</td>
</tr>
@@ -187,7 +187,7 @@ CVE-2016-2504</li>
<td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/7558d03e6498e970b761aa44fff6b2c659202d95">
A-28815329</a></td>
<td>高</td>
- <td>All Nexus</td>
+ <td>所有 Nexus 裝置</td>
<td>4.4.4、5.0.2、5.1.1、6.0、6.0.1</td>
<td>2016 年 5 月 17 日</td>
</tr>
@@ -196,7 +196,7 @@ CVE-2016-2504</li>
<td><a href="https://android.googlesource.com/platform/frameworks/av/+/b351eabb428c7ca85a34513c64601f437923d576">
A-28816827</a></td>
<td>高</td>
- <td>All Nexus</td>
+ <td>所有 Nexus 裝置</td>
<td>4.4.4、5.0.2、5.1.1、6.0、6.0.1</td>
<td>2016 年 5 月 17 日</td>
</tr>
@@ -214,7 +214,7 @@ CVE-2016-2504</li>
<td><a href="https://android.googlesource.com/platform/frameworks/av/+/9cd8c3289c91254b3955bd7347cf605d6fa032c6">
A-29251553</a></td>
<td>高</td>
- <td>All Nexus</td>
+ <td>所有 Nexus 裝置</td>
<td>4.4.4、5.0.2、5.1.1、6.0、6.0.1</td>
<td>2016 年 6 月 9 日</td>
</tr>
@@ -270,7 +270,7 @@ CVE-2016-2504</li>
<td><a href="https://android.googlesource.com/platform/frameworks/av/+/8e438e153f661e9df8db0ac41d587e940352df06">
A-29153599</a></td>
<td>高</td>
- <td>All Nexus</td>
+ <td>所有 Nexus 裝置</td>
<td>4.4.4、5.0.2、5.1.1、6.0、6.0.1</td>
<td>Google 內部資訊</td>
</tr>
@@ -299,7 +299,7 @@ CVE-2016-2504</li>
<td><a href="https://android.googlesource.com/platform/frameworks/opt/telephony/+/f47bc301ccbc5e6d8110afab5a1e9bac1d4ef058">
A-29083635</a></td>
<td>高</td>
- <td>All Nexus</td>
+ <td>所有 Nexus 裝置</td>
<td>4.4.4、5.0.2、5.1.1、6.0、6.0.1</td>
<td>2016 年 5 月 31 日</td>
</tr>
@@ -842,7 +842,7 @@ QC-CR#547479</a>
</p>
</td>
<td>高</td>
- <td>Google Nexus 5</td>
+ <td>Nexus 5</td>
<td>2014 年 4 月 30 日</td>
</tr>
<tr>
@@ -926,7 +926,7 @@ QC-CR#562261</a>
</p>
</td>
<td>高</td>
- <td>Google Nexus 5</td>
+ <td>Nexus 5</td>
<td>2014 年 4 月 30 日</td>
</tr>
<tr>
@@ -973,7 +973,7 @@ QC-CR#642735</a>
QC-CR#674712</a>
</p></td>
<td>高</td>
- <td>Google Nexus 5</td>
+ <td>Nexus 5</td>
<td>2014 年 10 月 31 日</td>
</tr>
<tr>
@@ -1185,7 +1185,7 @@ Qualcomm 效能元件中的權限升級漏洞可能會讓本機惡意應用程
</p>
<h3 id="elevation-of-privilege-vulnerability-in-kernel">核心中的權限升級漏洞</h3>
-<p>核心中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何指令。由於這個問題可能導致本機裝置的安全性徹底被破壞,使裝置必須以還原 (Re-flash) 作業系統的方式才能修復,因此嚴重程度被評定為「最高」。
+<p>核心中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何指令。由於這個問題可能導致本機裝置的安全性徹底被破壞,造成使用者必須以還原 (Reflash) 作業系統的方式才能修復裝置,因此嚴重程度被評定為「最高」。
</p>
<table>
<colgroup><col width="19%" />
@@ -1623,7 +1623,7 @@ QC-CR#786116</a></p></td>
<a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=bfc6eee5e30a0c20bc37495233506f4f0cc4991d">
QC-CR#542223</a></p></td>
<td>中</td>
- <td>Google Nexus 5</td>
+ <td>Nexus 5</td>
<td>2014 年 3 月 27 日</td>
</tr>
<tr>
@@ -2015,7 +2015,7 @@ Framework API 中的權限升級漏洞可能會讓預先安裝的應用程式在
<ul>
<li><strong>所有 Nexus 裝置</strong>:如果問題會影響到所有 Nexus 裝置,表格內「更新的 Nexus 裝置」<em></em>欄中就會顯示「所有 Nexus 裝置」字樣。「所有 Nexus 裝置」包含下列<a href="https://support.google.com/nexus/answer/4457705#nexus_devices">支援的裝置</a>:Nexus 5、Nexus 5X、Nexus 6、Nexus 6P、Nexus 7 (2013)、Nexus 9、Android One、Nexus Player 和 Pixel C。</li>
<li><strong>部分 Nexus 裝置</strong>:如果問題並未影響所有 Nexus 裝置,「更新的 Nexus 裝置」<em></em>欄中就會列出受到影響的 Nexus 裝置。</li>
-<li><strong>不影響任何 Nexus 裝置</strong>:如果問題不會影響到任何 Nexus 裝置,「更新的 Nexus 裝置」<em></em>欄中就會顯示「無」字樣。
+<li><strong>不影響任何 Nexus 裝置</strong>:如果問題不會影響到任何 Nexus 裝置,表格內「更新的 Nexus 裝置」<em></em>欄中就會標示「無」字樣。
</li>
</ul>
<p>
diff --git a/zh-tw/security/bulletin/2016-10-01.html b/zh-tw/security/bulletin/2016-10-01.html
index 78bb518f..2365f1ba 100644
--- a/zh-tw/security/bulletin/2016-10-01.html
+++ b/zh-tw/security/bulletin/2016-10-01.html
@@ -53,7 +53,8 @@
<li>在適用情況下,Google Hangouts 和 Messenger 應用程式不會自動將媒體內容傳送給媒體伺服器這類的處理程序。</li>
</ul>
<h2 id="acknowledgements">特別銘謝</h2>
-<p>感謝以下研究人員做出的貢獻:
+<p>
+感謝以下研究人員做出的貢獻:
</p>
<ul>
<li>Andre Teixeira Rizzo:CVE-2016-3882</li>
@@ -85,8 +86,9 @@
<li><a href="https://twitter.com/0xr0ot">獵豹移動</a>安全實驗室的 Zhanpeng Zhao (行之) (<a href="http://www.cmcm.com">@0xr0ot</a>):CVE-2016-3908</li>
</ul>
-<h2 id="2016-10-01-details">2016-10-01 安全性修補程式等級 — 資安漏洞詳情</h2>
-<p>下列各節針對 2016-10-01 安全性修補程式等級適用的各項安全性漏洞提供了詳細資訊,包括問題說明、嚴重程度評定原因,以及一份漏洞資訊表,顯示漏洞的 CVE、相關參考資料、嚴重程度、更新的 Nexus 裝置、更新的 AOSP 版本 (在適用情況下) 和回報日期。如果相關錯誤有公開變更,該錯誤 ID 會連結到相對應的變更 (例如 AOSP 變更清單)。如果單一錯誤有多項相關變更,其他參考資料可透過該錯誤 ID 後面的編號連結開啟。</p>
+<h2 id="2016-10-01-details">2016-10-01 安全性修補程式等級 - 資安漏洞詳情</h2>
+<p>
+下列各節針對 2016-10-01 安全性修補程式等級適用的各項安全性漏洞提供了詳細資訊,另外也附上了問題說明、嚴重程度評定原因和一份 CVE 資訊表,其中包括了相關參考資料、嚴重程度、更新的 Nexus 裝置、更新的 Android 開放原始碼計劃版本 (在適用情況下) 和回報日期。假如相關錯誤有公開變更,該錯誤 ID 會連結到相對應的變更 (例如 Android 開放原始碼計劃變更清單)。如果單一錯誤有多項相關變更,您可以透過該錯誤 ID 後面的編號連結開啟額外的參考資料。</p>
<h3 id="eopv-in-servicemanager">ServiceManager 中的權限升級漏洞</h3>
<p>
ServiceManager 中的權限升級漏洞可能會讓本機惡意應用程式註冊通常是由獲得授權的程序 (例如 system_server) 所提供的任何服務。由於這個問題可能會允許冒用他人身分的服務,因此嚴重程度被評定為「高」。
@@ -103,7 +105,7 @@ ServiceManager 中的權限升級漏洞可能會讓本機惡意應用程式註
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Nexus 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -133,7 +135,7 @@ ServiceManager 中的權限升級漏洞可能會讓本機惡意應用程式註
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Nexus 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -147,7 +149,7 @@ ServiceManager 中的權限升級漏洞可能會讓本機惡意應用程式註
</tr>
</tbody></table>
<h3 id="eopv-in-mediaserver">媒體伺服器中的權限升級漏洞</h3>
-<p>媒體伺服器中的權限升級漏洞可能會讓本機惡意應用程式在獲得授權的程序環境內執行任何程式碼。由於這個問題可用於取得某些進階功能的本機存取權,第三方應用程式通常無法存取這類功能,因此嚴重程度被評定為「高」。
+<p>媒體伺服器中的權限升級漏洞可能會讓本機惡意應用程式在獲得授權的程序環境內執行任何程式碼。由於有心人士可利用這個漏洞來取得某些進階功能的本機存取權,第三方應用程式通常無法存取這類功能,因此嚴重程度被評定為「高」。
</p>
<table>
<colgroup><col width="18%" />
@@ -161,7 +163,7 @@ ServiceManager 中的權限升級漏洞可能會讓本機惡意應用程式註
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Nexus 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -195,7 +197,7 @@ ServiceManager 中的權限升級漏洞可能會讓本機惡意應用程式註
</tbody></table>
<h3 id="eopv-in-zygote-process">Zygote 程序中的權限升級漏洞</h3>
<p>
-Zygote 程序中的權限升級漏洞可能會讓本機惡意應用程式在獲得授權的程序環境內執行任何程式碼。由於這個問題可用於取得某些進階功能的本機存取權,第三方應用程式通常無法存取這類功能,因此嚴重程度被評定為「高」。
+Zygote 程序中的權限升級漏洞可能會讓本機惡意應用程式在獲得授權的程序環境內執行任何程式碼。由於有心人士可利用這個漏洞來取得某些進階功能的本機存取權,第三方應用程式通常無法存取這類功能,因此嚴重程度被評定為「高」。
</p>
<table>
<colgroup><col width="18%" />
@@ -209,7 +211,7 @@ Zygote 程序中的權限升級漏洞可能會讓本機惡意應用程式在獲
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Nexus 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -219,12 +221,12 @@ Zygote 程序中的權限升級漏洞可能會讓本機惡意應用程式在獲
<td>高</td>
<td>所有 Nexus 裝置</td>
<td>4.4.4、5.0.2、5.1.1、6.0、6.0.1、7.0</td>
- <td>2016 年 7 月 16 日</td>
+ <td>2016 年 7 月 12 日</td>
</tr>
</tbody></table>
<h3 id="eopv-in-framework-apis">Framework API 中的權限升級漏洞</h3>
<p>
-Framework API 中的權限升級漏洞可能會讓本機惡意應用程式在獲得授權的程序環境內執行任何程式碼。由於這個問題可用於取得某些進階功能的本機存取權,第三方應用程式通常無法存取這類功能,因此嚴重程度被評定為「高」。
+Framework API 中的權限升級漏洞可能會讓本機惡意應用程式在獲得授權的程序環境內執行任何程式碼。由於有心人士可利用這個漏洞來取得某些進階功能的本機存取權,第三方應用程式通常無法存取這類功能,因此嚴重程度被評定為「高」。
</p>
<table>
<colgroup><col width="18%" />
@@ -238,7 +240,7 @@ Framework API 中的權限升級漏洞可能會讓本機惡意應用程式在獲
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Nexus 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -253,7 +255,7 @@ Framework API 中的權限升級漏洞可能會讓本機惡意應用程式在獲
</tbody></table>
<h3 id="eopv-in-telephony">電話通訊系統中的權限升級漏洞</h3>
<p>
-電話通訊系統元件中的權限升級漏洞可能會讓本機惡意應用程式在獲得授權的程序環境內執行任何程式碼。由於這個問題可用於取得某些進階功能的本機存取權,第三方應用程式通常無法存取這類功能,因此嚴重程度被評定為「高」。
+電話通訊系統元件中的權限升級漏洞可能會讓本機惡意應用程式在獲得授權的程序環境內執行任何程式碼。由於有心人士可利用這個漏洞來取得某些進階功能的本機存取權,第三方應用程式通常無法存取這類功能,因此嚴重程度被評定為「高」。
</p>
<table>
<colgroup><col width="18%" />
@@ -267,7 +269,7 @@ Framework API 中的權限升級漏洞可能會讓本機惡意應用程式在獲
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Nexus 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -282,7 +284,7 @@ Framework API 中的權限升級漏洞可能會讓本機惡意應用程式在獲
</tbody></table>
<h3 id="eopv-in-camera-service">相機服務中的權限升級漏洞</h3>
<p>
-相機服務中的權限升級漏洞可能會讓本機惡意應用程式在獲得授權的程序環境內執行任何程式碼。由於這個問題可用於取得某些進階功能的本機存取權,第三方應用程式通常無法存取這類功能,因此嚴重程度被評定為「高」。
+相機服務中的權限升級漏洞可能會讓本機惡意應用程式在獲得授權的程序環境內執行任何程式碼。由於有心人士可利用這個漏洞來取得某些進階功能的本機存取權,第三方應用程式通常無法存取這類功能,因此嚴重程度被評定為「高」。
</p>
<table>
<colgroup><col width="18%" />
@@ -296,7 +298,7 @@ Framework API 中的權限升級漏洞可能會讓本機惡意應用程式在獲
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Nexus 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -334,7 +336,7 @@ Framework API 中的權限升級漏洞可能會讓本機惡意應用程式在獲
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Nexus 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -347,9 +349,9 @@ Framework API 中的權限升級漏洞可能會讓本機惡意應用程式在獲
<td>2016 年 8 月 5 日</td>
</tr>
</tbody></table>
-<h3 id="information-disclosure-vulnerability-in-aosp-mail">AOSP Mail 中的資訊外洩漏洞</h3>
+<h3 id="information-disclosure-vulnerability-in-aosp-mail">Android 開放原始碼計劃 Mail 中的資訊外洩漏洞</h3>
<p>
-AOSP Mail 中的資訊外洩漏洞可能會讓本機惡意應用程式規避作業系統為了將應用程式資料與其他應用程式隔離而採取的防護措施。由於這個問題可用於在未獲授權的情況下存取資料,因此嚴重程度被評定為「高」。
+Android 開放原始碼計劃 Mail 中的資訊外洩漏洞可能會讓本機惡意應用程式規避作業系統為了將應用程式資料與其他應用程式隔離而採取的防護措施。由於這個問題可能導致有心人士在未獲授權的情況下存取資料,因此嚴重程度被評定為「高」。
</p>
<table>
<colgroup><col width="18%" />
@@ -363,7 +365,7 @@ AOSP Mail 中的資訊外洩漏洞可能會讓本機惡意應用程式規避作
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Nexus 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -392,7 +394,7 @@ Wi-Fi 中的拒絕服務漏洞可能會讓鄰近本機的攻擊者建立無線
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Nexus 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -421,7 +423,7 @@ GPS 元件中的拒絕服務漏洞可能會讓遠端攻擊者造成裝置停止
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Nexus 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -450,7 +452,7 @@ GPS 元件中的拒絕服務漏洞可能會讓遠端攻擊者造成裝置停止
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Nexus 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -465,7 +467,7 @@ GPS 元件中的拒絕服務漏洞可能會讓遠端攻擊者造成裝置停止
</tbody></table>
<h3 id="eopv-in-framework-listener">Framework 接聽程式中的權限升級漏洞</h3>
<p>
-Framework 接聽程式中的權限升級漏洞可能會讓本機惡意應用程式在獲得授權的程序環境內執行任何程式碼。由於這種攻擊必須先破壞特定獲授權的程序才能執行,因此這個問題的嚴重程度被評定為「中」。
+Framework 接聽程式中的權限升級漏洞可能會讓本機惡意應用程式在獲得授權的程序環境內執行任何程式碼。由於這種攻擊必須先破解具有特定權限的程序才能執行,因此這個問題的嚴重程度被評定為「中」。
</p>
<table>
<colgroup><col width="18%" />
@@ -479,7 +481,7 @@ Framework 接聽程式中的權限升級漏洞可能會讓本機惡意應用程
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Nexus 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -494,7 +496,7 @@ Framework 接聽程式中的權限升級漏洞可能會讓本機惡意應用程
</tbody></table>
<h3 id="eopv-in-telephony-2">電話通訊系統中的權限升級漏洞</h3>
<p>
-電話通訊系統中的權限升級漏洞可能會讓本機惡意應用程式在獲得授權的程序環境內執行任何程式碼。由於這種攻擊必須先破壞特定獲授權的程序才能執行,因此這個問題的嚴重程度被評定為「中」。
+電話通訊系統中的權限升級漏洞可能會讓本機惡意應用程式在獲得授權的程序環境內執行任何程式碼。由於這種攻擊必須先破解具有特定權限的程序才能執行,因此這個問題的嚴重程度被評定為「中」。
</p>
<table>
<colgroup><col width="18%" />
@@ -508,7 +510,7 @@ Framework 接聽程式中的權限升級漏洞可能會讓本機惡意應用程
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Nexus 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -537,7 +539,7 @@ Framework 接聽程式中的權限升級漏洞可能會讓本機惡意應用程
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Nexus 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -552,7 +554,7 @@ Framework 接聽程式中的權限升級漏洞可能會讓本機惡意應用程
</tbody></table>
<h3 id="information-disclosure-vulnerability-in-mediaserver">媒體伺服器中的資訊外洩漏洞</h3>
<p>
-媒體伺服器中的資訊外洩漏洞可能會讓本機惡意應用程式存取其權限等級以外的資料。由於這個問題可能導致有心人士在未獲授權的情況下存取機密資料,因此嚴重程度被評定為「中」。
+媒體伺服器中的資訊外洩漏洞可能會讓本機惡意應用程式存取其權限範圍以外的資料。由於這個問題可能會讓有心人士在未獲授權的情況下存取機密資料,因此嚴重程度被評定為「中」。
</p>
<table>
<colgroup><col width="18%" />
@@ -566,7 +568,7 @@ Framework 接聽程式中的權限升級漏洞可能會讓本機惡意應用程
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Nexus 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -595,7 +597,7 @@ Wi-Fi 服務中的拒絕服務漏洞可能會讓本機惡意應用程式禁止
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Nexus 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -608,11 +610,12 @@ Wi-Fi 服務中的拒絕服務漏洞可能會讓本機惡意應用程式禁止
<td>Google 內部資訊</td>
</tr>
</tbody></table>
-<h2 id="2016-10-05-details">2016-10-05 安全性修補程式等級 — 資安漏洞詳情</h2>
-<p>下列各節針對 2016-10-05 安全性修補程式等級適用的各項安全性漏洞提供了詳細資訊。包括問題說明、嚴重程度評定原因,以及一份漏洞資訊表,顯示漏洞的 CVE、相關參考資料、嚴重程度、更新的 Nexus 裝置、更新的 AOSP 版本 (在適用情況下) 和回報日期。如果相關錯誤有公開變更,該錯誤 ID 會連結到相對應的變更 (例如 AOSP 變更清單)。如果單一錯誤有多項相關變更,其他參考資料可透過該錯誤 ID 後面的編號連結開啟。</p>
+<h2 id="2016-10-05-details">2016-10-05 安全性修補程式等級 - 資安漏洞詳情</h2>
+<p>
+下列各節針對 2016-10-05 安全性修補程式等級適用的各項安全性漏洞提供了詳細資訊,另外也附上了問題說明、嚴重程度評定原因和一份 CVE 資訊表,其中包括了相關參考資料、嚴重程度、更新的 Nexus 裝置、更新的 Android 開放原始碼計劃版本 (在適用情況下) 和回報日期。假如相關錯誤有公開變更,該錯誤 ID 會連結到相對應的變更 (例如 Android 開放原始碼計劃變更清單)。如果單一錯誤有多項相關變更,您可以透過該錯誤 ID 後面的編號連結開啟額外的參考資料。</p>
<h3 id="remote-code-execution-vulnerability-in-kernel-asn-1-decoder">核心 ASN.1 解碼器中的遠端程式碼執行漏洞</h3>
<p>
-核心 ASN.1 解碼器中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何程式碼。由於這個問題可能導致本機裝置的安全性徹底被破壞,使裝置必須以還原 (Re-flash) 作業系統的方式才能修復,因此嚴重程度被評定為「最高」。
+核心 ASN.1 解碼器中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何程式碼。由於這個問題可能導致本機裝置的安全性徹底被破壞,造成使用者必須以還原 (Reflash) 作業系統的方式才能修復裝置,因此嚴重程度被評定為「最高」。
</p>
<table>
<colgroup><col width="19%" />
@@ -639,7 +642,7 @@ Wi-Fi 服務中的拒絕服務漏洞可能會讓本機惡意應用程式禁止
</tbody></table>
<h3 id="remote-code-execution-vulnerability-in-kernel-networking-subsystem">核心網路子系統中的遠端程式碼執行漏洞</h3>
<p>
-核心網路子系統中的遠端程式碼執行漏洞可能會讓遠端攻擊者在核心環境內執行任何程式碼。由於這個問題可能導致本機裝置的安全性徹底被破壞,使裝置必須以還原 (Re-flash) 作業系統的方式才能修復,因此嚴重程度被評定為「最高」。
+核心網路子系統中的遠端程式碼執行漏洞可能會讓遠端攻擊者在核心環境內執行任何程式碼。由於這個問題可能導致本機裝置的安全性徹底被破壞,造成使用者必須以還原 (Reflash) 作業系統的方式才能修復裝置,因此嚴重程度被評定為「最高」。
</p>
<table>
<colgroup><col width="19%" />
@@ -665,7 +668,7 @@ Wi-Fi 服務中的拒絕服務漏洞可能會讓本機惡意應用程式禁止
</tbody></table>
<h3 id="eopv-in-mediatek-video-driver">MediaTek 視訊驅動程式中的權限升級漏洞</h3>
<p>
-MediaTek 視訊驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何程式碼。由於這個問題可能導致本機裝置的安全性徹底被破壞,使裝置必須以還原 (Re-flash) 作業系統的方式才能修復,因此嚴重程度被評定為「最高」。
+MediaTek 視訊驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何程式碼。由於這個問題可能導致本機裝置的安全性徹底被破壞,造成使用者必須以還原 (Reflash) 作業系統的方式才能修復裝置,因此嚴重程度被評定為「最高」。
</p>
<table>
<colgroup><col width="19%" />
@@ -689,11 +692,12 @@ MediaTek 視訊驅動程式中的權限升級漏洞可能會讓本機惡意應
<td>2016 年 7 月 6 日</td>
</tr>
</tbody></table>
-<p>* 這個問題的修補程式並未公開提供,而是直接整合在最新的 Nexus 裝置專用驅動程式的安裝檔中。您可以前往 <a href="https://developers.google.com/android/nexus/drivers">Google Developers 網站</a>下載這些驅動程式。
+<p>
+* 這個問題的修補程式並未開放給一般使用者下載,相關的更新已直接整合在最新的 Nexus 裝置專用驅動程式的安裝檔中。您可以前往 <a href="https://developers.google.com/android/nexus/drivers">Google Developers 網站</a>下載這些驅動程式。
</p>
<h3 id="eopv-in-kernel-shared-memory-driver">核心共用記憶體驅動程式中的權限升級漏洞</h3>
<p>
-核心共用記憶體驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何程式碼。由於這個問題可能導致本機裝置的安全性徹底被破壞,使裝置必須以還原 (Re-flash) 作業系統的方式才能修復,因此嚴重程度被評定為「最高」。
+核心共用記憶體驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何程式碼。由於這個問題可能導致本機裝置的安全性徹底被破壞,造成使用者必須以還原 (Reflash) 作業系統的方式才能修復裝置,因此嚴重程度被評定為「最高」。
</p>
<table>
<colgroup><col width="19%" />
@@ -757,11 +761,12 @@ MediaTek 視訊驅動程式中的權限升級漏洞可能會讓本機惡意應
<td>Qualcomm 內部資訊</td>
</tr>
</tbody></table>
-<p>* 這個問題的修補程式並未公開提供,而是直接整合在最新的 Nexus 裝置專用驅動程式的安裝檔中。您可以前往 <a href="https://developers.google.com/android/nexus/drivers">Google Developers 網站</a>下載這些驅動程式。
+<p>
+* 這個問題的修補程式並未開放給一般使用者下載,相關的更新已直接整合在最新的 Nexus 裝置專用驅動程式的安裝檔中。您可以前往 <a href="https://developers.google.com/android/nexus/drivers">Google Developers 網站</a>下載這些驅動程式。
</p>
<h3 id="eopv-in-qualcomm-networking-component">Qualcomm 網路元件中的權限升級漏洞</h3>
<p>
-Qualcomm 網路元件中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何程式碼。由於這種攻擊必須先破壞特定獲授權的程序才能執行,因此這個問題的嚴重程度被評定為「高」。
+Qualcomm 網路元件中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何程式碼。由於這種攻擊必須先破解具有特定權限的程序才能執行,因此這個問題的嚴重程度被評定為「高」。
</p>
<table>
<colgroup><col width="19%" />
@@ -787,7 +792,7 @@ Qualcomm 網路元件中的權限升級漏洞可能會讓本機惡意應用程
</tbody></table>
<h3 id="eopv-in-nvidia-mmc-test-driver">NVIDIA MMC 測試驅動程式中的權限升級漏洞</h3>
<p>
-NVIDIA MMC 測試驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何程式碼。由於這種攻擊必須先破壞特定獲授權的程序才能執行,因此這個問題的嚴重程度被評定為「高」。
+NVIDIA MMC 測試驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何程式碼。由於這種攻擊必須先破解具有特定權限的程序才能執行,因此這個問題的嚴重程度被評定為「高」。
</p>
<table>
<colgroup><col width="19%" />
@@ -811,10 +816,11 @@ NVIDIA MMC 測試驅動程式中的權限升級漏洞可能會讓本機惡意應
<td>2016 年 5 月 12 日</td>
</tr>
</tbody></table>
-<p>* 這個問題的修補程式並未公開提供,而是直接整合在最新的 Nexus 裝置專用驅動程式的安裝檔中。您可以前往 <a href="https://developers.google.com/android/nexus/drivers">Google Developers 網站</a>下載這些驅動程式。
+<p>
+* 這個問題的修補程式並未開放給一般使用者下載,相關的更新已直接整合在最新的 Nexus 裝置專用驅動程式的安裝檔中。您可以前往 <a href="https://developers.google.com/android/nexus/drivers">Google Developers 網站</a>下載這些驅動程式。
</p>
<h3 id="eopv-in-qsee-communicator-driver">Qualcomm QSEE 通訊工具驅動程式中的權限升級漏洞</h3>
-<p>Qualcomm QSEE 通訊工具驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何程式碼。由於這種攻擊必須先破壞特定獲授權的程序才能執行,因此這個問題的嚴重程度被評定為「高」。
+<p>Qualcomm QSEE 通訊工具驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何程式碼。由於這種攻擊必須先破解具有特定權限的程序才能執行,因此這個問題的嚴重程度被評定為「高」。
</p>
<table>
<colgroup><col width="19%" />
@@ -839,7 +845,7 @@ NVIDIA MMC 測試驅動程式中的權限升級漏洞可能會讓本機惡意應
</tr>
</tbody></table>
<h3 id="eopv-in-mediaserver-2">媒體伺服器中的權限升級漏洞</h3>
-<p>媒體伺服器中的權限升級漏洞可能會讓本機惡意應用程式在獲得授權的程序環境內執行任何程式碼。由於這個問題可用於取得某些進階功能的本機存取權,第三方應用程式通常無法存取這類功能,因此嚴重程度被評定為「高」。
+<p>媒體伺服器中的權限升級漏洞可能會讓本機惡意應用程式在獲得授權的程序環境內執行任何程式碼。由於有心人士可利用這個漏洞來取得某些進階功能的本機存取權,第三方應用程式通常無法存取這類功能,因此嚴重程度被評定為「高」。
</p>
<table>
<colgroup><col width="19%" />
@@ -871,11 +877,12 @@ NVIDIA MMC 測試驅動程式中的權限升級漏洞可能會讓本機惡意應
<td>2016 年 6 月 14 日</td>
</tr>
</tbody></table>
-<p>* 這個問題的修補程式並未公開提供,而是直接整合在最新的 Nexus 裝置專用驅動程式的安裝檔中。您可以前往 <a href="https://developers.google.com/android/nexus/drivers">Google Developers 網站</a>下載這些驅動程式。
+<p>
+* 這個問題的修補程式並未開放給一般使用者下載,相關的更新已直接整合在最新的 Nexus 裝置專用驅動程式的安裝檔中。您可以前往 <a href="https://developers.google.com/android/nexus/drivers">Google Developers 網站</a>下載這些驅動程式。
</p>
<h3 id="eopv-in-qualcomm-camera-driver">Qualcomm 相機驅動程式中的權限升級漏洞</h3>
<p>
-Qualcomm 相機驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何程式碼。由於這種攻擊必須先破壞特定獲授權的程序才能執行,因此這個問題的嚴重程度被評定為「高」。
+Qualcomm 相機驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何程式碼。由於這種攻擊必須先破解具有特定權限的程序才能執行,因此這個問題的嚴重程度被評定為「高」。
</p>
<table>
<colgroup><col width="19%" />
@@ -904,12 +911,12 @@ Qualcomm 相機驅動程式中的權限升級漏洞可能會讓本機惡意應
<a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=27fbeb6b025d5d46ccb0497cbed4c6e78ed1c5cc">QC-CR#789704</a></td>
<td>高</td>
<td>Nexus 5、Nexus 5X、Nexus 6、Nexus 6P、Android One</td>
- <td>2016 年 7 月 16 日</td>
+ <td>2016 年 7 月 12 日</td>
</tr>
</tbody></table>
<h3 id="eopv-in-qualcomm-sound-driver">Qualcomm 音效驅動程式中的權限升級漏洞</h3>
<p>
-Qualcomm 音效驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何程式碼。由於這種攻擊必須先破壞特定獲授權的程序才能執行,因此這個問題的嚴重程度被評定為「高」。
+Qualcomm 音效驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何程式碼。由於這種攻擊必須先破解具有特定權限的程序才能執行,因此這個問題的嚴重程度被評定為「高」。
</p>
<table>
<colgroup><col width="19%" />
@@ -935,7 +942,7 @@ Qualcomm 音效驅動程式中的權限升級漏洞可能會讓本機惡意應
</tr>
</tbody></table>
<h3 id="eopv-in-qualcomm-crypto-engine-driver">Qualcomm 加密引擎驅動程式中的權限升級漏洞</h3>
-<p>Qualcomm 加密引擎驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何程式碼。由於這種攻擊必須先破壞特定獲授權的程序才能執行,因此這個問題的嚴重程度被評定為「高」。
+<p>Qualcomm 加密引擎驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何程式碼。由於這種攻擊必須先破解具有特定權限的程序才能執行,因此這個問題的嚴重程度被評定為「高」。
</p>
<table>
<colgroup><col width="19%" />
@@ -969,7 +976,7 @@ Qualcomm 音效驅動程式中的權限升級漏洞可能會讓本機惡意應
</tbody></table>
<h3 id="eopv-in-mediatek-video-driver-2">MediaTek 視訊驅動程式中的權限升級漏洞</h3>
<p>
-MediaTek 視訊驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何程式碼。由於這種攻擊必須先破壞特定獲授權的程序才能執行,因此這個問題的嚴重程度被評定為「高」。
+MediaTek 視訊驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何程式碼。由於這種攻擊必須先破解具有特定權限的程序才能執行,因此這個問題的嚴重程度被評定為「高」。
</p>
<table>
<colgroup><col width="19%" />
@@ -1001,11 +1008,12 @@ MediaTek 視訊驅動程式中的權限升級漏洞可能會讓本機惡意應
<td>2016 年 7 月 7 日</td>
</tr>
</tbody></table>
-<p>* 這個問題的修補程式並未公開提供,而是直接整合在最新的 Nexus 裝置專用驅動程式的安裝檔中。您可以前往 <a href="https://developers.google.com/android/nexus/drivers">Google Developers 網站</a>下載這些驅動程式。
+<p>
+* 這個問題的修補程式並未開放給一般使用者下載,相關的更新已直接整合在最新的 Nexus 裝置專用驅動程式的安裝檔中。您可以前往 <a href="https://developers.google.com/android/nexus/drivers">Google Developers 網站</a>下載這些驅動程式。
</p>
<h3 id="eopv-in-qualcomm-video-driver">Qualcomm 視訊驅動程式中的權限升級漏洞</h3>
<p>
-Qualcomm 視訊驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何程式碼。由於這種攻擊必須先破壞特定獲授權的程序才能執行,因此這個問題的嚴重程度被評定為「高」。
+Qualcomm 視訊驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何程式碼。由於這種攻擊必須先破解具有特定權限的程序才能執行,因此這個問題的嚴重程度被評定為「高」。
</p>
<table>
<colgroup><col width="19%" />
@@ -1038,7 +1046,7 @@ Qualcomm 視訊驅動程式中的權限升級漏洞可能會讓本機惡意應
</tr>
</tbody></table>
<h3 id="eopv-in-synaptics-touchscreen-driver">Synaptics 觸控螢幕驅動程式中的權限升級漏洞</h3>
-<p>Synaptics 觸控螢幕驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何程式碼。由於這種攻擊必須先破壞特定獲授權的程序才能執行,因此這個問題的嚴重程度被評定為「高」。
+<p>Synaptics 觸控螢幕驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何程式碼。由於這種攻擊必須先破解具有特定權限的程序才能執行,因此這個問題的嚴重程度被評定為「高」。
</p>
<table>
<colgroup><col width="19%" />
@@ -1058,7 +1066,7 @@ Qualcomm 視訊驅動程式中的權限升級漏洞可能會讓本機惡意應
<td>A-30141991*</td>
<td>高</td>
<td>Nexus 6P、Android One</td>
- <td>2016 年 7 月 16 日</td>
+ <td>2016 年 7 月 12 日</td>
</tr>
<tr>
<td>CVE-2016-6672</td>
@@ -1068,11 +1076,12 @@ Qualcomm 視訊驅動程式中的權限升級漏洞可能會讓本機惡意應
<td>2016 年 7 月 31 日</td>
</tr>
</tbody></table>
-<p>* 這個問題的修補程式並未公開提供,而是直接整合在最新的 Nexus 裝置專用驅動程式的安裝檔中。您可以前往 <a href="https://developers.google.com/android/nexus/drivers">Google Developers 網站</a>下載這些驅動程式。
+<p>
+* 這個問題的修補程式並未開放給一般使用者下載,相關的更新已直接整合在最新的 Nexus 裝置專用驅動程式的安裝檔中。您可以前往 <a href="https://developers.google.com/android/nexus/drivers">Google Developers 網站</a>下載這些驅動程式。
</p>
<h3 id="eopv-in-nvidia-camera-driver">NVIDIA 相機驅動程式中的權限升級漏洞</h3>
<p>
-NVIDIA 相機驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何程式碼。由於這種攻擊必須先破壞特定獲授權的程序才能執行,因此這個問題的嚴重程度被評定為「高」。
+NVIDIA 相機驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何程式碼。由於這種攻擊必須先破解具有特定權限的程序才能執行,因此這個問題的嚴重程度被評定為「高」。
</p>
<table>
<colgroup><col width="19%" />
@@ -1096,10 +1105,11 @@ NVIDIA 相機驅動程式中的權限升級漏洞可能會讓本機惡意應用
<td>2016 年 7 月 17 日</td>
</tr>
</tbody></table>
-<p>* 這個問題的修補程式並未公開提供,而是直接整合在最新的 Nexus 裝置專用驅動程式的安裝檔中。您可以前往 <a href="https://developers.google.com/android/nexus/drivers">Google Developers 網站</a>下載這些驅動程式。
+<p>
+* 這個問題的修補程式並未開放給一般使用者下載,相關的更新已直接整合在最新的 Nexus 裝置專用驅動程式的安裝檔中。您可以前往 <a href="https://developers.google.com/android/nexus/drivers">Google Developers 網站</a>下載這些驅動程式。
</p>
<h3 id="eopv-in-system_server">System_server 中的權限升級漏洞</h3>
-<p>System_server 中的權限升級漏洞可能會讓本機惡意應用程式在獲得授權的程序環境內執行任何程式碼。由於這個問題可用於取得某些進階功能的本機存取權,第三方應用程式通常無法存取這類功能,因此嚴重程度被評定為「高」。
+<p>System_server 中的權限升級漏洞可能會讓本機惡意應用程式在獲得授權的程序環境內執行任何程式碼。由於有心人士可利用這個漏洞來取得某些進階功能的本機存取權,第三方應用程式通常無法存取這類功能,因此嚴重程度被評定為「高」。
</p>
<table>
<colgroup><col width="19%" />
@@ -1122,11 +1132,12 @@ NVIDIA 相機驅動程式中的權限升級漏洞可能會讓本機惡意應用
<td>2016 年 7 月 26 日</td>
</tr>
</tbody></table>
-<p>* 這個問題的修補程式並未公開提供,而是直接整合在最新的 Nexus 裝置專用驅動程式的安裝檔中。您可以前往 <a href="https://developers.google.com/android/nexus/drivers">Google Developers 網站</a>下載這些驅動程式。
+<p>
+* 這個問題的修補程式並未開放給一般使用者下載,相關的更新已直接整合在最新的 Nexus 裝置專用驅動程式的安裝檔中。您可以前往 <a href="https://developers.google.com/android/nexus/drivers">Google Developers 網站</a>下載這些驅動程式。
</p>
<h3 id="eopv-in-qualcomm-wi-fi-driver">Qualcomm Wi-Fi 驅動程式中的權限升級漏洞</h3>
<p>
-Qualcomm Wi-Fi 驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何程式碼。由於這種攻擊必須先破壞特定獲授權的程序才能執行,因此這個問題的嚴重程度被評定為「高」。
+Qualcomm Wi-Fi 驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何程式碼。由於這種攻擊必須先破解具有特定權限的程序才能執行,因此這個問題的嚴重程度被評定為「高」。
</p>
<table>
<colgroup><col width="19%" />
@@ -1176,7 +1187,7 @@ Qualcomm Wi-Fi 驅動程式中的權限升級漏洞可能會讓本機惡意應
</tbody></table>
<h3 id="eopv-in-kernel-performance-subsystem">核心效能子系統中的權限升級漏洞</h3>
<p>
-核心效能子系統中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何程式碼。由於這種攻擊必須先破壞特定獲授權的程序才能執行,因此這個問題的嚴重程度被評定為「高」。
+核心效能子系統中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何程式碼。由於這種攻擊必須先破解具有特定權限的程序才能執行,因此這個問題的嚴重程度被評定為「高」。
</p>
<table>
<colgroup><col width="19%" />
@@ -1202,7 +1213,7 @@ Qualcomm Wi-Fi 驅動程式中的權限升級漏洞可能會讓本機惡意應
</tbody></table>
<h3 id="information-disclosure-vulnerability-in-kernel-ion-subsystem">核心 ION 子系統中的資訊外洩漏洞</h3>
<p>
-核心 ION 子系統中的資訊外洩漏洞可能會讓本機惡意應用程式存取其權限等級以外的資料。由於這個問題可用於在未獲使用者明確授權的情況下存取機密資料,因此嚴重程度被評定為「高」。
+核心 ION 子系統中的資訊外洩漏洞可能會讓本機惡意應用程式存取其權限範圍以外的資料。由於這個問題可能讓有心人士在未獲使用者明確授權的情況下存取機密資料,因此嚴重程度被評定為「高」。
</p>
<table>
<colgroup><col width="19%" />
@@ -1227,7 +1238,7 @@ Qualcomm Wi-Fi 驅動程式中的權限升級漏洞可能會讓本機惡意應
</tr>
</tbody></table>
<h3 id="information-disclosure-vulnerability-in-nvidia-gpu-driver">NVIDIA GPU 驅動程式中的資訊外洩漏洞</h3>
-<p>NVIDIA GPU 驅動程式中的資訊外洩漏洞可能會讓本機惡意應用程式存取其權限等級以外的資料。由於這種攻擊必須先破壞特定獲授權的程序才能執行,因此這個問題的嚴重程度被評定為「高」。
+<p>NVIDIA GPU 驅動程式中的資訊外洩漏洞可能會讓本機惡意應用程式存取其權限範圍以外的資料。由於這種攻擊必須先破解具有特定權限的程序才能執行,因此這個問題的嚴重程度被評定為「高」。
</p>
<table>
<colgroup><col width="19%" />
@@ -1251,11 +1262,12 @@ Qualcomm Wi-Fi 驅動程式中的權限升級漏洞可能會讓本機惡意應
<td>2016 年 7 月 19 日</td>
</tr>
</tbody></table>
-<p>* 這個問題的修補程式並未公開提供,而是直接整合在最新的 Nexus 裝置專用驅動程式的安裝檔中。您可以前往 <a href="https://developers.google.com/android/nexus/drivers">Google Developers 網站</a>下載這些驅動程式。
+<p>
+* 這個問題的修補程式並未開放給一般使用者下載,相關的更新已直接整合在最新的 Nexus 裝置專用驅動程式的安裝檔中。您可以前往 <a href="https://developers.google.com/android/nexus/drivers">Google Developers 網站</a>下載這些驅動程式。
</p>
<h3 id="eopv-in-qualcomm-character-driver">Qualcomm 字元驅動程式中的權限升級漏洞</h3>
<p>
-Qualcomm 字元驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何程式碼。由於這種攻擊必須先破壞特定獲授權的程序才能執行,而且目前也無法存取受到影響的程式碼,因此這個問題的嚴重程度被評定為「中」。
+Qualcomm 字元驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何程式碼。由於這種攻擊必須先破解具有特定權限的程序才能執行,而且目前也無法存取受到影響的程式碼,因此這個問題的嚴重程度被評定為「中」。
</p>
<table>
<colgroup><col width="19%" />
@@ -1281,7 +1293,7 @@ Qualcomm 字元驅動程式中的權限升級漏洞可能會讓本機惡意應
</tbody></table>
<h3 id="information-disclosure-vulnerability-in-qualcomm-sound-driver">Qualcomm 音效驅動程式中的資訊外洩漏洞</h3>
<p>
-Qualcomm 音效驅動程式中的資訊外洩漏洞可能會讓本機惡意應用程式存取其權限等級以外的資料。由於這種攻擊必須先破壞特定獲授權的程序才能執行,因此這個問題的嚴重程度被評定為「中」。
+Qualcomm 音效驅動程式中的資訊外洩漏洞可能會讓本機惡意應用程式存取其權限範圍以外的資料。由於這種攻擊必須先破解具有特定權限的程序才能執行,因此這個問題的嚴重程度被評定為「中」。
</p>
<table>
<colgroup><col width="19%" />
@@ -1302,12 +1314,12 @@ Qualcomm 音效驅動程式中的資訊外洩漏洞可能會讓本機惡意應
<a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/diff/sound/soc/msm/qdsp6v2/audio_calibration.c?id=528976f54be246ec93a71ac53aa4faf3e3791c48">QC-CR#1038127</a></td>
<td>中</td>
<td>Nexus 5X、Nexus 6P、Android One</td>
- <td>20164 年 6 月 13 日</td>
+ <td>2016 年 6 月 13 日</td>
</tr>
</tbody></table>
<h3 id="information-disclosure-vulnerability-in-motorola-usbnet-driver">Motorola USBNet 驅動程式中的資訊外洩漏洞</h3>
<p>
-Motorola USBNet 驅動程式中的資訊外洩漏洞可能會讓本機惡意應用程式存取其權限等級以外的資料。由於這種攻擊必須先破壞特定獲授權的程序才能執行,因此這個問題的嚴重程度被評定為「中」。
+Motorola USBNet 驅動程式中的資訊外洩漏洞可能會讓本機惡意應用程式存取其權限範圍以外的資料。由於這種攻擊必須先破解具有特定權限的程序才能執行,因此這個問題的嚴重程度被評定為「中」。
</p>
<table>
<colgroup><col width="19%" />
@@ -1330,11 +1342,12 @@ Motorola USBNet 驅動程式中的資訊外洩漏洞可能會讓本機惡意應
<td>2016 年 6 月 30 日</td>
</tr>
</tbody></table>
-<p>* 這個問題的修補程式並未公開提供,而是直接整合在最新的 Nexus 裝置專用驅動程式的安裝檔中。您可以前往 <a href="https://developers.google.com/android/nexus/drivers">Google Developers 網站</a>下載這些驅動程式。
+<p>
+* 這個問題的修補程式並未開放給一般使用者下載,相關的更新已直接整合在最新的 Nexus 裝置專用驅動程式的安裝檔中。您可以前往 <a href="https://developers.google.com/android/nexus/drivers">Google Developers 網站</a>下載這些驅動程式。
</p>
<h3 id="information-disclosure-vulnerability-in-qualcomm-components">Qualcomm 元件中的資訊外洩漏洞</h3>
<p>
-Qualcomm 元件 (包括音效驅動程式、IPA 驅動程式和 Wi-Fi 驅動程式) 中的資訊外洩漏洞可能會讓本機惡意應用程式存取其權限等級以外的資料。由於這種攻擊必須先破壞特定獲授權的程序才能執行,因此這個問題的嚴重程度被評定為「中」。
+Qualcomm 元件 (包括音效驅動程式、IPA 驅動程式和 Wi-Fi 驅動程式) 中的資訊外洩漏洞可能會讓本機惡意應用程式存取其權限範圍以外的資料。由於這種攻擊必須先破解具有特定權限的程序才能執行,因此這個問題的嚴重程度被評定為「中」。
</p>
<table>
<colgroup><col width="19%" />
@@ -1563,7 +1576,8 @@ NVIDIA 分析器中的資訊外洩漏洞可能會讓本機惡意應用程式存
<td>2016 年 5 月 18 日</td>
</tr>
</tbody></table>
-<p>* 這個問題的修補程式並未公開提供,而是直接整合在最新的 Nexus 裝置專用驅動程式的安裝檔中。您可以前往 <a href="https://developers.google.com/android/nexus/drivers">Google Developers 網站</a>下載這些驅動程式。
+<p>
+* 這個問題的修補程式並未開放給一般使用者下載,而是直接整合在最新的 Nexus 裝置專用驅動程式的安裝檔中。您可以前往 <a href="https://developers.google.com/android/nexus/drivers">Google Developers 網站</a>下載這些驅動程式。
</p>
<h3 id="vulnerabilities-in-qualcomm-components">Qualcomm 元件中的漏洞</h3>
<p>
@@ -1668,7 +1682,7 @@ NVIDIA 分析器中的資訊外洩漏洞可能會讓本機惡意應用程式存
<ul>
<li><strong>所有 Nexus 裝置</strong>:如果問題會影響到所有 Nexus 裝置,表格內「更新的 Nexus 裝置」<em></em>欄中就會顯示「所有 Nexus 裝置」字樣。「所有 Nexus 裝置」包含下列<a href="https://support.google.com/nexus/answer/4457705#nexus_devices">支援的裝置</a>:Nexus 5、Nexus 5X、Nexus 6、Nexus 6P、Nexus 9、Android One、Nexus Player 和 Pixel C。</li>
<li><strong>部分 Nexus 裝置</strong>:如果問題並未影響所有 Nexus 裝置,「更新的 Nexus 裝置」<em></em>欄中就會列出受到影響的 Nexus 裝置。</li>
- <li><strong>不影響任何 Nexus 裝置</strong>:如果問題不會影響到任何搭載 Android 7.0 的 Nexus 裝置,表個內「更新的 Nexus 裝置」<em></em>欄中就會標示「無」字樣。</li>
+ <li><strong>不影響任何 Nexus 裝置</strong>:如果問題不會影響到任何搭載 Android 7.0 的 Nexus 裝置,表格內「更新的 Nexus 裝置」<em></em>欄中就會顯示「無」字樣。</li>
</ul>
<p>
<strong>4. 參考資料欄底下列出的識別碼代表什麼意義?</strong>
@@ -1677,7 +1691,7 @@ NVIDIA 分析器中的資訊外洩漏洞可能會讓本機惡意應用程式存
</p>
<table>
<tbody><tr>
- <th>前置字元</th>
+ <th>前置字串</th>
<th>參考資料</th>
</tr>
<tr>
diff --git a/zh-tw/security/bulletin/2017-01-01.html b/zh-tw/security/bulletin/2017-01-01.html
index 8d1093f4..18e95d91 100644
--- a/zh-tw/security/bulletin/2017-01-01.html
+++ b/zh-tw/security/bulletin/2017-01-01.html
@@ -97,7 +97,7 @@
</ul>
<h2 id="2017-01-01-details">2017-01-01 安全性修補程式等級 — 資安漏洞詳情</h2>
-<p>下列各節針對 2017-01-01 安全性修補程式等級適用的各項安全性漏洞提供了詳細資訊,包括問題說明、嚴重程度評定原因,以及一份漏洞資訊表,顯示漏洞的 CVE、相關參考資料、嚴重程度、更新的 Google 裝置、更新的 AOSP 版本 (在適用情況下) 和回報日期。假如相關錯誤有公開變更,該錯誤 ID 會連結到相對應的變更 (例如 AOSP 變更清單)。如果單一錯誤有多項相關變更,其他參考資料可透過該錯誤 ID 後面的編號連結開啟。</p>
+<p>下列各節針對 2017-01-01 安全性修補程式等級適用的各項安全性漏洞提供了詳細資訊,包括問題說明、嚴重程度評定原因,以及一份漏洞資訊表,顯示漏洞的 CVE、相關參考資料、嚴重程度、更新的 Google 裝置、更新的 AOSP 版本 (在適用情況下) 和回報日期。假如相關錯誤有公開變更,該錯誤 ID 會連結到相對應的變更 (例如 Android 開放原始碼計劃變更清單)。如果單一錯誤有多項相關變更,其他參考資料可透過該錯誤 ID 後面的編號連結開啟。</p>
<h3 id="rce-in-c-ares">c-ares 中的遠端程式碼執行漏洞</h3>
<p>
@@ -116,7 +116,7 @@ c-ares 中的遠端程式碼執行漏洞可能會讓攻擊者能利用特製要
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Google 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -146,7 +146,7 @@ Framesequence 程式庫中的遠端程式碼執行漏洞可能會讓攻擊者能
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Google 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -175,7 +175,7 @@ Framework API 中的權限升級漏洞可能會讓本機惡意應用程式在獲
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Google 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -203,7 +203,7 @@ Framework API 中的權限升級漏洞可能會讓本機惡意應用程式在獲
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Google 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -241,7 +241,7 @@ libnl 程式庫中的權限升級漏洞可能會讓本機惡意應用程式在
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Google 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -270,7 +270,7 @@ libnl 程式庫中的權限升級漏洞可能會讓本機惡意應用程式在
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Google 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -299,7 +299,7 @@ libnl 程式庫中的權限升級漏洞可能會讓本機惡意應用程式在
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Google 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -328,7 +328,7 @@ libnl 程式庫中的權限升級漏洞可能會讓本機惡意應用程式在
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Google 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -359,7 +359,7 @@ libnl 程式庫中的權限升級漏洞可能會讓本機惡意應用程式在
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Google 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -415,7 +415,7 @@ libnl 程式庫中的權限升級漏洞可能會讓本機惡意應用程式在
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Google 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -444,7 +444,7 @@ libnl 程式庫中的權限升級漏洞可能會讓本機惡意應用程式在
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Google 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -473,7 +473,7 @@ libnl 程式庫中的權限升級漏洞可能會讓本機惡意應用程式在
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Google 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -520,7 +520,7 @@ libnl 程式庫中的權限升級漏洞可能會讓本機惡意應用程式在
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Google 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -592,11 +592,11 @@ libnl 程式庫中的權限升級漏洞可能會讓本機惡意應用程式在
</tbody></table>
<h2 id="2017-01-05-details">2017-01-05 安全性修補程式等級 — 資安漏洞詳情</h2>
-<p>下列各節針對 2017-01-05 安全性修補程式等級適用的各項安全性漏洞提供了詳細資訊,包括問題說明、嚴重程度評定原因,以及一份漏洞資訊表,顯示漏洞的 CVE、相關參考資料、嚴重程度、更新的 Google 裝置、更新的 AOSP 版本 (在適用情況下) 和回報日期。假如相關錯誤有公開變更,該錯誤 ID 會連結到相對應的變更 (例如 AOSP 變更清單)。如果單一錯誤有多項相關變更,其他參考資料可透過該錯誤 ID 後面的編號連結開啟。</p>
+<p>下列各節針對 2017-01-05 安全性修補程式等級適用的各項安全性漏洞提供了詳細資訊,包括問題說明、嚴重程度評定原因,以及一份漏洞資訊表,顯示漏洞的 CVE、相關參考資料、嚴重程度、更新的 Google 裝置、更新的 AOSP 版本 (在適用情況下) 和回報日期。假如相關錯誤有公開變更,該錯誤 ID 會連結到相對應的變更 (例如 AOSP 變更清單)。如果單一錯誤有多項相關變更,您可以透過該錯誤 ID 後面的編號連結開啟額外的參考資料。</p>
<h3 id="eop-in-kernel-memory-subsystem">核心記憶體子系統中的權限升級漏洞</h3>
<p>
-核心記憶體子系統中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何指令。由於這個問題可能導致本機裝置的安全性徹底被破壞,造成使用者必須以還原 (Re-flash) 作業系統的方式才能修復裝置,因此嚴重程度被評定為「最高」。
+核心記憶體子系統中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何程式碼。由於這個問題可能導致本機裝置的安全性徹底被破壞,造成使用者必須以還原 (Reflash) 作業系統的方式才能修復裝置,因此嚴重程度被評定為「最高」。
</p>
<table>
@@ -828,7 +828,7 @@ MediaTek 驅動程式中的權限升級漏洞可能會讓本機惡意應用程
</p>
<h3 id="eop-in-qualcomm-gpu-driver">Qualcomm GPU 驅動程式中的權限升級漏洞</h3>
-<p>Qualcomm GPU 驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何指令。由於這個問題可能導致本機裝置的安全性徹底被破壞,造成使用者必須以還原 (Re-flash) 作業系統的方式才能修復裝置,因此嚴重程度被評定為「最高」。
+<p>Qualcomm GPU 驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何指令。由於這個問題可能導致本機裝置的安全性徹底被破壞,造成使用者必須以還原 (Reflash) 作業系統的方式才能修復裝置,因此嚴重程度被評定為「最高」。
</p>
<table>
@@ -1172,7 +1172,7 @@ NVIDIA GPU 驅動程式中的權限升級漏洞可能會讓本機惡意應用程
<h3 id="eop-in-qualcomm-sound-driver">Qualcomm 音效驅動程式中的權限升級漏洞</h3>
<p>
-Qualcomm 音效驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何指令。由於這種攻擊必須先破壞特定獲授權的程序才能執行,因此這個問題的嚴重程度被評定為「高」。
+Qualcomm 音效驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何指令。由於這種攻擊必須先破解具有特定權限的程序才能執行,因此這個問題的嚴重程度被評定為「高」。
</p>
<table>
@@ -1200,7 +1200,7 @@ QC-CR#880388</a></td>
</tbody></table>
<h3 id="eop-in-synaptics-touchscreen-driver">Synaptics 觸控螢幕驅動程式中的權限升級漏洞</h3>
-<p>Synaptics 觸控螢幕驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何指令。由於這種攻擊必須先破壞特定獲授權的程序才能執行,因此這個問題的嚴重程度被評定為「高」。
+<p>Synaptics 觸控螢幕驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何程式碼。由於這種攻擊必須先破解具有特定權限的程序才能執行,因此這個問題的嚴重程度被評定為「高」。
</p>
<table>
@@ -1290,7 +1290,7 @@ QC-CR#880388</a></td>
<h3 id="eop-in-kernel-sound-subsystem">核心音效子系統中的權限升級漏洞</h3>
<p>
-核心音效子系統中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何指令。由於這種攻擊必須先破壞特定獲授權的程序才能執行,因此這個問題的嚴重程度被評定為「高」。
+核心音效子系統中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何指令。由於這種攻擊必須先破解具有特定權限的程序才能執行,因此這個問題的嚴重程度被評定為「高」。
</p>
<table>
@@ -1406,7 +1406,7 @@ QC-CR#1079713</a></td>
<h3 id="eop-in-broadcom-wi-fi-driver">Broadcom Wi-Fi 驅動程式中的權限升級漏洞</h3>
<p>
-Broadcom Wi-Fi 驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何指令。由於這種攻擊必須先破壞特定獲授權的程序才能執行,因此這個問題的嚴重程度被評定為「高」。
+Broadcom Wi-Fi 驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何指令。由於這種攻擊必須先破解具有特定權限的程序才能執行,因此這個問題的嚴重程度被評定為「高」。
</p>
<table>
@@ -1468,7 +1468,7 @@ Broadcom Wi-Fi 驅動程式中的權限升級漏洞可能會讓本機惡意應
</p>
<h3 id="eop-in-synaptics-touchscreen-driver-2">Synaptics 觸控螢幕驅動程式中的權限升級漏洞</h3>
-<p>Synaptics 觸控螢幕驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何指令。由於這種攻擊必須先破壞特定獲授權的程序才能執行,因此這個問題的嚴重程度被評定為「高」。
+<p>Synaptics 觸控螢幕驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何程式碼。由於這種攻擊必須先破解具有特定權限的程序才能執行,因此這個問題的嚴重程度被評定為「高」。
</p>
<table>
@@ -1827,7 +1827,7 @@ Qualcomm 音訊後置處理器中的資訊外洩漏洞可能會讓本機惡意
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Google 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -1963,16 +1963,16 @@ HTC 輸入驅動程式中的資訊外洩漏洞可能會讓本機惡意應用程
<p>在 <a href="#2017-01-01-details">2017-01-01</a> 和 <a href="#2017-01-05-details">2017-01-05</a> 安全性漏洞詳情的章節中,每個表格都包含「更新的 Google 裝置」<em></em>欄,當中列出已針對各個問題進行更新的受影響 Google 裝置範圍。此欄中的選項包括:</p>
<ul>
<li><strong>所有 Google 裝置</strong>:如果問題會影響到 Pixel 裝置和所有的 Google 裝置,表格內「更新的 Google 裝置」<em></em>欄中就會標示「全部」字樣。「全部」包含下列<a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">支援的裝置</a>:Nexus 5X、Nexus 6、Nexus 6P、Nexus 9、Android One、Nexus Player、Pixel C、Pixel 和 Pixel XL。</li>
- <li><strong>部分 Google 裝置</strong>:如果問題並未影響到所有 Google 裝置,則「更新的 Google 裝置」<em></em>欄中會列出受影響的 Google 裝置。</li>
+ <li><strong>部分 Google 裝置</strong>:如果問題並未影響到所有 Google 裝置,「更新的 Google 裝置」<em></em>欄中會列出受影響的 Google 裝置。</li>
<li><strong>不影響任何 Google 裝置</strong>:如果問題不會影響到任何搭載目前提供最新版 Android 的 Google 裝置,表格內「更新的 Google 裝置」<em></em>欄中就會標示「無」字樣。</li>
</ul>
<p><strong>4. 參考資料欄底下列出的識別碼代表什麼意義?</strong></p>
-<p>資安漏洞詳情表格中「參考資料」<em></em>欄底下的項目可能會包含一個前置字串,用以表示該參考資料值所屬的機構或公司。這些前置字元代表的意義如下:</p>
+<p>資安漏洞詳情表格中「參考資料」<em></em>欄底下的項目可能會包含一個前置字串,用以表示該參考資料值所屬的機構或公司。這些前置字串代表的意義如下:</p>
<table>
<tbody><tr>
- <th>前置字元</th>
+ <th>前置字串</th>
<th>參考資料</th>
</tr>
<tr>
diff --git a/zh-tw/security/bulletin/2017-03-01.html b/zh-tw/security/bulletin/2017-03-01.html
index 36644735..15ebedba 100644
--- a/zh-tw/security/bulletin/2017-03-01.html
+++ b/zh-tw/security/bulletin/2017-03-01.html
@@ -22,7 +22,7 @@
<p><em>發佈日期:2017 年 3 月 6 日 | 更新日期:2017 年 3 月 7 日</em></p>
<p>Android 安全性公告羅列了會對 Android 裝置造成影響的安全性漏洞,並說明各項相關細節。在這篇公告發佈的同時,Google 已透過 OTA 更新機制發佈了 Google 裝置的安全性更新。此外,Google 韌體映像檔也已經發佈到 <a href="https://developers.google.com/android/nexus/images">Google Developers 網站</a>上。2017 年 3 月 5 日之後的安全性修補程式等級已解決了這些已提及的所有問題。請參閱 <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel 與 Nexus 更新時間表</a>,瞭解如何查看裝置的安全性修補程式等級。</p>
-<p>我們的合作夥伴在 2017 年 2 月 6 日當天或更早之前已收到公告中所述問題的相關通知。這些問題的原始碼修補程式已發佈到 Android 開放原始碼計劃 (AOSP) 存放區中,且公告中亦提供相關連結。此外,本公告也提供 AOSP 以外的修補程式連結。</p>
+<p>我們的合作夥伴在 2017 年 2 月 6 日當天或更早之前已收到公告中所述問題的相關通知。這些問題的原始碼修補程式已發佈到 Android 開放原始碼計劃 (AOSP) 存放區中,且公告中亦提供相關連結。此外,本公告也提供 Android 開放原始碼計劃以外的修補程式連結。</p>
<p>在這些問題中,最嚴重的就是「最高」等級的安全性漏洞。當系統執行媒體檔案時,遠端程式碼可利用這類漏洞,透過電子郵件、網頁瀏覽活動和多媒體訊息等方法,自動在受影響的裝置上執行。<a href="/security/overview/updates-resources.html#severity">嚴重程度評定標準</a>是假設平台與服務的因應防護措施基於開發作業的需求而被停用,或是遭到有心人士破解,然後推算當有人惡意運用漏洞時,裝置會受到多大的影響,據此評定漏洞的嚴重程度。</p>
<p>針對這些新發現的漏洞,我們目前尚未收到任何客戶回報相關的漏洞濫用案例。如果您想進一步瞭解 <a href="#mitigations">Android 安全性平台防護措施</a>和服務防護措施 (例如 <a href="/security/enhancements/index.html">SafetyNet</a>) 如何加強 Android 平台的安全性,請參閱 <a href="https://developer.android.com/training/safetynet/index.html">Android 和 Google 服務問題因應措施</a>一節。</p>
<p>我們建議所有客戶接受這些裝置更新。</p>
@@ -39,18 +39,18 @@
<p>本節概述 <a href="/security/enhancements/index.html">Android 安全性平台</a>和 SafetyNet 等服務防護方案針對資安漏洞所提供的因應措施。這些措施可有效防範有心人士在 Android 系統上惡意運用安全性漏洞來達到特定目的。</p>
<ul>
<li>Android 平台持續推出新的版本來強化安全性,因此有心人士越來越難在 Android 系統上找出漏洞加以利用。我們建議所有使用者盡可能更新至最新版的 Android。</li>
-<li>Android 安全性小組採用<a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_2015_Report_Final.pdf">「驗證應用程式」和 SafetyNet</a> 主動監控濫用情形;使用這些功能的目的是在發現<a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_PHA_classifications.pdf">可能有害的應用程式</a>時警告使用者。「驗證應用程式」在搭載 <a href="http://www.android.com/gms">Google 行動服務</a>的裝置上都會預設啟用,且對於要從 Google Play 以外來源安裝應用程式的使用者來說格外重要。Google Play 禁止發佈任何可用於獲取裝置 Root 權限的工具,但「驗證應用程式」會在使用者嘗試安裝已偵測到的 Root 權限獲取應用程式 (無論其來源為何) 時發出警告。此外,「驗證應用程式」會設法找出已知會利用權限升級漏洞的惡意應用程式,並封鎖這類應用程式的安裝作業。如果使用者已安裝這類應用程式,「驗證應用程式」會通知使用者並嘗試移除偵測到的應用程式。</li>
+<li>Android 安全性小組採用<a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_2015_Report_Final.pdf">「驗證應用程式」和 SafetyNet</a> 主動監控濫用情形;使用這些功能的目的是在發現<a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_PHA_classifications.pdf">可能有害的應用程式</a>時警告使用者。在預設情況下,搭載 <a href="http://www.android.com/gms">Google 行動服務</a>的裝置會自動啟用「驗證應用程式」。對於需要從 Google Play 以外的來源安裝應用程式的使用者來說,這項防護措施格外重要。雖然 Google Play 禁止發佈任何可用於獲取裝置 Root 權限的工具,但是當「驗證應用程式」偵測到使用者嘗試安裝具有這類用途的應用程式時,無論其來源為何,都會發出警告。此外,「驗證應用程式」會設法找出已知會利用權限升級漏洞的惡意應用程式,並封鎖這類應用程式的安裝作業。如果使用者已安裝這類應用程式,「驗證應用程式」會通知使用者並嘗試移除偵測到的應用程式。</li>
<li>在適用情況下,Google Hangouts 和 Messenger 應用程式不會自動將媒體內容傳送給媒體伺服器這類的處理程序。</li>
</ul>
<h2 id="acknowledgements">特別銘謝</h2>
<p>感謝以下研究人員做出的貢獻:</p>
<ul>
-<li>Google 動態工具小組成員 Alexander Potapenko:CVE-2017-0537</li><li>阿里巴巴行動安全小組成員 Baozeng Ding、Chengming Yang、Peng Xiao 和 Yang Song:CVE-2017-0506</li><li>阿里巴巴行動安全小組成員 Baozeng Ding、Ning You、Chengming Yang、Peng Xiao 和 Yang Song:CVE-2017-0463</li><li>Android 安全性小組成員 Billy Lau:CVE-2017-0335、CVE-2017-0336、CVE-2017-0338、CVE-2017-0460</li><li><a href="mailto:derrek.haxx@gmail.com">derrek</a> (<a href="https://twitter.com/derrekr6">@derrekr6</a>):CVE-2016-8413、CVE-2016-8477、CVE-2017-0531</li><li><a href="mailto:derrek.haxx@gmail.com">derrek</a> (<a href="https://twitter.com/derrekr6">@derrekr6</a>) 和 <a href="mailto:sbauer@plzdonthack.me">Scott Bauer</a> (<a href="https://twitter.com/ScottyBauer1">@ScottyBauer1</a>):CVE-2017-0521</li><li>騰訊科恩實驗室 (<a href="https://twitter.com/returnsme">@keen_lab</a>) 的 Di Shen (<a href="https://twitter.com/keen_lab">@returnsme</a>):CVE-2017-0334、CVE-2017-0456、CVE-2017-0457、CVE-2017-0525</li><li><a href="https://twitter.com/heeeeen4x">MS509Team</a> 的 En He (<a href="http://www.ms509.com">@heeeeen4x</a>) 和 Bo Liu:CVE-2017-0490</li><li>奇虎 360 科技有限公司 IceSword 實驗室的 Gengjia Chen (<a href="https://twitter.com/chengjia4574">@chengjia4574</a>) 和 <a href="http://weibo.com/jfpan">pjf</a>:CVE-2017-0500、CVE-2017-0501、CVE-2017-0502、CVE-2017-0503、CVE-2017-0509、CVE-2017-0524、CVE-2017-0529、CVE-2017-0536</li><li>奇虎 360 科技有限公司 Alpha 小組成員 Hao Chen 和 Guang Gong:CVE-2017-0453、CVE-2017-0461、CVE-2017-0464</li><li>Sony Mobile Communications Inc. 的 Hiroki Yamamoto 和 Fang Chen:CVE-2017-0481</li><li>IBM 安全性 X-Force 研究員 Sagi Kedmi 和 Roee Hay:CVE-2017-0510</li><li><a href="https://twitter.com/Jioun_dai">奇虎 360 Skyeye 實驗室</a>的 Jianjun Dai (<a href="https://skyeye.360safe.com">@Jioun_dai</a>):CVE-2017-0478</li><li>奇虎 360 IceSword 實驗室的 Jianqiang Zhao (<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>) 和 <a href="http://weibo.com/jfpan">pjf</a>:CVE-2016-8416、CVE-2016-8478、CVE-2017-0458、CVE-2017-0459、CVE-2017-0518、CVE-2017-0519、CVE-2017-0533、CVE-2017-0534</li><li><a href="mailto:zlbzlb815@163.com">C0RE 小組</a>成員 <a href="mailto:segfault5514@gmail.com">Lubo Zhang</a>、<a href="mailto:computernik@gmail.com">Tong Lin</a>、<a href="http://c0reteam.org">Yuan-Tsung Lo</a> 和 Xuxian Jiang:CVE-2016-8479</li><li>Google 的 Makoto Onuki:CVE-2017-0491</li><li><a href="https://twitter.com/Mingjian_Zhou">C0RE 小組</a>成員 Mingjian Zhou (<a href="mailto:arnow117@gmail.com">@Mingjian_Zhou</a>)、<a href="http://c0reteam.org">Hanxiang Wen</a> 和 Xuxian Jiang:CVE-2017-0479、CVE-2017-0480</li><li>Nathan Crandall (<a href="https://twitter.com/natecray">@natecray</a>):CVE-2017-0535</li><li>特斯拉產品安全小組成員 Nathan Crandall (<a href="https://twitter.com/natecray">@natecray</a>):CVE-2017-0306</li><li>百度安全實驗室的 Pengfei Ding (丁鹏飞)、Chenfu Bao (包沉浮) 和 Lenx Wei (韦韬):CVE-2016-8417</li><li>騰訊科恩實驗室的 Qidan He (何淇丹) (<a href="https://twitter.com/flanker_hqd">@flanker_hqd</a>):CVE-2017-0337、CVE-2017-0476</li><li>奇虎 360 的 Qing Zhang 和新加坡理工大學 (SIT) 的 Guangdong Bai:CVE-2017-0496</li><li>螞蟻金服巴斯光年安全實驗室的 Quhe 和 wanchouchou:CVE-2017-0522</li><li>DarkMatter 安全通訊小組的 <a href="mailto:keun-o.park@darkmatter.ae">Sahara</a>:CVE-2017-0528</li><li>加州大學聖塔芭芭拉分校 Shellphish Grill 小組的 salls (<a href="https://twitter.com/chris_salls">@chris_salls</a>):CVE-2017-0505</li><li><a href="mailto:sbauer@plzdonthack.me">Scott Bauer</a> (<a href="https://twitter.com/ScottyBauer1">@ScottyBauer1</a>):CVE-2017-0504、CVE-2017-0516</li><li>Sean Beaupre (beaups):CVE-2017-0455</li><li>趨勢科技的 Seven Shen (<a href="https://twitter.com/lingtongshen">@lingtongshen</a>):CVE-2017-0452</li><li>富士通的 Shinichi Matsumoto:CVE-2017-0498</li><li><a href="mailto:smarques84@gmail.com">ByteRev</a> 的 <a href="http://www.byterev.com">Stéphane Marques</a>:CVE-2017-0489
-</li><li>Google 的 Svetoslav Ganov:CVE-2017-0492</li><li><a href="mailto:segfault5514@gmail.com">C0RE 小組</a>成員 <a href="mailto:computernik@gmail.com">Tong Lin</a>、<a href="http://c0reteam.org">Yuan-Tsung Lo</a> 和 Xuxian Jiang:CVE-2017-0333</li><li><a href="https://twitter.com/vysea">趨勢科技</a><a href="http://blog.trendmicro.com/trendlabs-security-intelligence/category/mobile">行動威脅研究小組</a>成員 V.E.O (<a href="http://www.trendmicro.com">@VYSEa</a>):CVE-2017-0466、CVE-2017-0467、CVE-2017-0468、CVE-2017-0469、CVE-2017-0470、CVE-2017-0471、CVE-2017-0472、CVE-2017-0473、CVE-2017-0482、CVE-2017-0484、CVE-2017-0485、CVE-2017-0486、CVE-2017-0487、CVE-2017-0494、CVE-2017-0495</li><li>螞蟻金服巴斯光年安全實驗室的 Wish Wu (吴潍浠 此彼) (<a href="https://twitter.com/wish_wu">@wish_wu</a>):CVE-2017-0477</li><li>奇虎 360 科技有限公司 Vulpecker 小組成員 Yu Pan:CVE-2017-0517、CVE-2017-0532</li><li><a href="http://c0reteam.org">C0RE 小組</a>成員 <a href="mailto:computernik@gmail.com">Yuan-Tsung Lo</a> 和 Xuxian Jiang:CVE-2017-0526、CVE-2017-0527</li><li><a href="https://twitter.com/nikos233__">C0RE 小組</a>成員 Yuqi Lu (<a href="mailto:vancouverdou@gmail.com">@nikos233</a>)、<a href="mailto:shaodacheng2016@gmail.com">Wenke Dou</a>、<a href="https://twitter.com/Mingjian_Zhou">Dacheng Shao</a>、Mingjian Zhou (<a href="http://c0reteam.org">@Mingjian_Zhou</a>) 和 Xuxian Jiang:CVE-2017-0483</li>
+<li>Google 動態工具小組成員 Alexander Potapenko:CVE-2017-0537</li><li>阿里巴巴行動安全小組成員 Baozeng Ding、Chengming Yang、Peng Xiao 和 Yang Song:CVE-2017-0506</li><li>阿里巴巴行動安全小組成員 Baozeng Ding、Ning You、Chengming Yang、Peng Xiao 和 Yang Song:CVE-2017-0463</li><li>Android 安全性小組成員 Billy Lau:CVE-2017-0335、CVE-2017-0336、CVE-2017-0338、CVE-2017-0460</li><li><a href="mailto:derrek.haxx@gmail.com">derrek</a> (<a href="https://twitter.com/derrekr6">@derrekr6</a>):CVE-2016-8413、CVE-2016-8477、CVE-2017-0531</li><li><a href="mailto:derrek.haxx@gmail.com">derrek</a> (<a href="https://twitter.com/derrekr6">@derrekr6</a>) 和 <a href="mailto:sbauer@plzdonthack.me">Scott Bauer</a> (<a href="https://twitter.com/ScottyBauer1">@ScottyBauer1</a>):CVE-2017-0521</li><li>騰訊科恩實驗室 (<a href="https://twitter.com/returnsme">@keen_lab</a>) 的 Di Shen (<a href="https://twitter.com/keen_lab">@returnsme</a>):CVE-2017-0334、CVE-2017-0456、CVE-2017-0457、CVE-2017-0525</li><li><a href="https://twitter.com/heeeeen4x">MS509Team</a> 的 En He (<a href="http://www.ms509.com">@heeeeen4x</a>) 和 Bo Liu:CVE-2017-0490</li><li>奇虎 360 科技有限公司 IceSword 實驗室的 Gengjia Chen (<a href="https://twitter.com/chengjia4574">@chengjia4574</a>) 和 <a href="http://weibo.com/jfpan">pjf</a>:CVE-2017-0500、CVE-2017-0501、CVE-2017-0502、CVE-2017-0503、CVE-2017-0509、CVE-2017-0524、CVE-2017-0529、CVE-2017-0536</li><li>奇虎 360 科技有限公司 Alpha 小組成員 Hao Chen 和 Guang Gong:CVE-2017-0453、CVE-2017-0461、CVE-2017-0464</li><li>Sony Mobile Communications Inc. 的 Hiroki Yamamoto 和 Fang Chen:CVE-2017-0481</li><li>IBM 安全性 X-Force 研究員 Sagi Kedmi 和 Roee Hay:CVE-2017-0510</li><li><a href="https://twitter.com/Jioun_dai">奇虎 360 Skyeye 實驗室</a>的 Jianjun Dai (<a href="https://skyeye.360safe.com">@Jioun_dai</a>):CVE-2017-0478</li><li>奇虎 360 IceSword 實驗室的 Jianqiang Zhao (<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>) 和 <a href="http://weibo.com/jfpan">pjf</a>:CVE-2016-8416、CVE-2016-8478、CVE-2017-0458、CVE-2017-0459、CVE-2017-0518、CVE-2017-0519、CVE-2017-0533、CVE-2017-0534</li><li><a href="mailto:zlbzlb815@163.com">C0RE 小組</a>成員 <a href="mailto:segfault5514@gmail.com">Lubo Zhang</a>、<a href="mailto:computernik@gmail.com">Tong Lin</a>、<a href="http://c0reteam.org">Yuan-Tsung Lo</a> 和 Xuxian Jiang:CVE-2016-8479</li><li>Google 的 Makoto Onuki:CVE-2017-0491</li><li><a href="https://twitter.com/Mingjian_Zhou">C0RE 小組</a>成員 Mingjian Zhou (<a href="mailto:arnow117@gmail.com">@Mingjian_Zhou</a>)、<a href="http://c0reteam.org">Hanxiang Wen</a> 和 Xuxian Jiang:CVE-2017-0479、CVE-2017-0480</li><li>Nathan Crandall (<a href="https://twitter.com/natecray">@natecray</a>):CVE-2017-0535</li><li>特斯拉產品安全小組成員 Nathan Crandall (<a href="https://twitter.com/natecray">@natecray</a>):CVE-2017-0306</li><li>百度安全實驗室的 Pengfei Ding (丁鵬飛)、Chenfu Bao (包沉浮) 和 Lenx Wei (韋韜):CVE-2016-8417</li><li>騰訊科恩實驗室的 Qidan He (何淇丹) (<a href="https://twitter.com/flanker_hqd">@flanker_hqd</a>):CVE-2017-0337、CVE-2017-0476</li><li>奇虎 360 的 Qing Zhang 和新加坡理工大學 (SIT) 的 Guangdong Bai:CVE-2017-0496</li><li>螞蟻金服巴斯光年安全實驗室的 Quhe 和 wanchouchou:CVE-2017-0522</li><li>DarkMatter 安全通訊小組的 <a href="mailto:keun-o.park@darkmatter.ae">Sahara</a>:CVE-2017-0528</li><li>加州大學聖塔芭芭拉分校 Shellphish Grill 小組的 salls (<a href="https://twitter.com/chris_salls">@chris_salls</a>):CVE-2017-0505</li><li><a href="mailto:sbauer@plzdonthack.me">Scott Bauer</a> (<a href="https://twitter.com/ScottyBauer1">@ScottyBauer1</a>):CVE-2017-0504、CVE-2017-0516</li><li>Sean Beaupre (beaups):CVE-2017-0455</li><li>趨勢科技的 Seven Shen (<a href="https://twitter.com/lingtongshen">@lingtongshen</a>):CVE-2017-0452</li><li>富士通的 Shinichi Matsumoto:CVE-2017-0498</li><li><a href="mailto:smarques84@gmail.com">ByteRev</a> 的 <a href="http://www.byterev.com">Stéphane Marques</a>:CVE-2017-0489
+</li><li>Google 的 Svetoslav Ganov:CVE-2017-0492</li><li><a href="mailto:segfault5514@gmail.com">C0RE 小組</a>成員 <a href="mailto:computernik@gmail.com">Tong Lin</a>、<a href="http://c0reteam.org">Yuan-Tsung Lo</a> 和 Xuxian Jiang:CVE-2017-0333</li><li><a href="https://twitter.com/vysea">趨勢科技</a><a href="http://blog.trendmicro.com/trendlabs-security-intelligence/category/mobile">行動威脅研究小組</a>成員 V.E.O (<a href="http://www.trendmicro.com">@VYSEa</a>):CVE-2017-0466、CVE-2017-0467、CVE-2017-0468、CVE-2017-0469、CVE-2017-0470、CVE-2017-0471、CVE-2017-0472、CVE-2017-0473、CVE-2017-0482、CVE-2017-0484、CVE-2017-0485、CVE-2017-0486、CVE-2017-0487、CVE-2017-0494、CVE-2017-0495</li><li>螞蟻金服巴斯光年安全實驗室的 Wish Wu (吴潍浠 此彼) (<a href="https://twitter.com/wish_wu">@wish_wu</a>):CVE-2017-0477</li><li>奇虎 360 科技有限公司 Vulpecker 小組成員 Yu Pan:CVE-2017-0517、CVE-2017-0532</li><li><a href="mailto:computernik@gmail.com">C0RE 小組</a>成員 <a href="http://c0reteam.org">Yuan-Tsung Lo</a> 和 Xuxian Jiang:CVE-2017-0526、CVE-2017-0527</li><li><a href="https://twitter.com/nikos233__">C0RE 小組</a>成員 Yuqi Lu (<a href="mailto:vancouverdou@gmail.com">@nikos233</a>)、<a href="mailto:shaodacheng2016@gmail.com">Wenke Dou</a>、<a href="https://twitter.com/Mingjian_Zhou">Dacheng Shao</a>、Mingjian Zhou (<a href="http://c0reteam.org">@Mingjian_Zhou</a>) 和 Xuxian Jiang:CVE-2017-0483</li>
<li>奇虎 360 科技有限公司成都安全性應變中心成員 Zinuo Han (<a href="https://weibo.com/ele7enxxh">weibo.com/ele7enxxh</a>):CVE-2017-0475、CVE-2017-0497</li></ul>
<h2 id="2017-03-01-details">2017-03-01 安全性修補程式等級 — 資安漏洞詳情</h2>
-<p>下列各節針對 2017-03-01 安全性修補程式等級適用的各項安全性漏洞提供了詳細資訊,包括問題說明、嚴重程度評定原因,以及一份漏洞資訊表,顯示漏洞的 CVE、相關參考資料、嚴重程度、更新的 Google 裝置、更新的 AOSP 版本 (在適用情況下) 和回報日期。假如相關錯誤有公開變更,該錯誤 ID 會連結到相對應的變更 (例如 AOSP 變更清單)。如果單一錯誤有多項相關變更,其他參考資料可透過該錯誤 ID 後面的編號連結開啟。</p>
+<p>下列各節針對 2017-03-01 安全性修補程式等級適用的各項安全性漏洞提供了詳細資訊,包括問題說明、嚴重程度評定原因,以及一份漏洞資訊表,顯示漏洞的 CVE、相關參考資料、嚴重程度、更新的 Google 裝置、更新的 AOSP 版本 (在適用情況下) 和回報日期。假如相關錯誤有公開變更,該錯誤 ID 會連結到相對應的變更 (例如 Android 開放原始碼計劃變更清單)。如果單一錯誤有多項相關變更,其他參考資料可透過該錯誤 ID 後面的編號連結開啟。</p>
<h3 id="rce-in-openssl-&-boringssl">OpenSSL 和 BoringSSL 中的遠端程式碼執行漏洞</h3>
<p>在檔案和資料的處理期間,OpenSSL 和 BoringSSL 中的遠端程式碼執行漏洞可能會讓攻擊者能利用特製檔案造成記憶體出錯。由於這個問題可能會讓遠端程式碼在獲得授權的程序環境內執行,因此嚴重程度被評定為「最高」。</p>
@@ -67,7 +67,7 @@
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Google 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -96,7 +96,7 @@
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Google 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -200,7 +200,7 @@
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Google 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -214,8 +214,8 @@
</tr>
</tbody></table>
-<h3 id="rce-in-aosp-messaging">AOSP Messaging 中的遠端程式碼執行漏洞</h3>
-<p>在媒體檔案和資料的處理期間,AOSP Messaging 中的遠端程式碼執行漏洞可能會讓攻擊者能利用特製檔案造成記憶體出錯。由於這個問題可能會讓遠端程式碼在未獲授權的程序環境內執行,因此嚴重程度被評定為「高」。</p>
+<h3 id="rce-in-aosp-messaging">Android 開放原始碼計劃 Messaging 中的遠端程式碼執行漏洞</h3>
+<p>在媒體檔案和資料的處理期間,Android 開放原始碼計劃 Messaging 中的遠端程式碼執行漏洞可能會讓攻擊者能利用特製檔案造成記憶體出錯。由於這個問題可能會讓遠端程式碼在未獲授權的程序環境內執行,因此嚴重程度被評定為「高」。</p>
<table>
<colgroup><col width="18%" />
@@ -229,7 +229,7 @@
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Google 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -258,7 +258,7 @@
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Google 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -287,7 +287,7 @@
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Google 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -316,7 +316,7 @@
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Google 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -345,7 +345,7 @@
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Google 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -506,7 +506,7 @@
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Google 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -538,7 +538,7 @@
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Google 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -598,7 +598,7 @@
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Google 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -627,7 +627,7 @@
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Google 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -656,7 +656,7 @@
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Google 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -686,7 +686,7 @@
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Google 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -715,7 +715,7 @@
<th>參考資料</th>
<th>嚴重程度</th>
<th>更新的 Google 裝置</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
<th>回報日期</th>
</tr>
<tr>
@@ -761,10 +761,10 @@
</tbody></table>
<h2 id="2017-03-05-details">2017-03-05 安全性修補程式等級 — 資安漏洞詳情</h2>
-<p>下列各節針對 2017-03-05 安全性修補程式等級適用的各項安全性漏洞提供了詳細資訊,包括問題說明、嚴重程度評定原因,以及一份漏洞資訊表,顯示漏洞的 CVE、相關參考資料、嚴重程度、更新的 Google 裝置、更新的 AOSP 版本 (在適用情況下) 和回報日期。假如相關錯誤有公開變更,該錯誤 ID 會連結到相對應的變更 (例如 AOSP 變更清單)。如果單一錯誤有多項相關變更,其他參考資料可透過該錯誤 ID 後面的編號連結開啟。</p>
+<p>下列各節針對 2017-03-05 安全性修補程式等級適用的各項安全性漏洞提供了詳細資訊,包括問題說明、嚴重程度評定原因,以及一份漏洞資訊表,顯示漏洞的 CVE、相關參考資料、嚴重程度、更新的 Google 裝置、更新的 AOSP 版本 (在適用情況下) 和回報日期。假如相關錯誤有公開變更,該錯誤 ID 會連結到相對應的變更 (例如 Android 開放原始碼計劃變更清單)。如果單一錯誤有多項相關變更,其他參考資料可透過該錯誤 ID 後面的編號連結開啟。</p>
<h3 id="eop-in-mediatek-components">MediaTek 元件中的權限升級漏洞</h3>
-<p>MediaTek 元件 (包括 M4U 驅動程式、音效驅動程式、觸控螢幕驅動程式、GPU 驅動程式和指令佇列驅動程式) 中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何指令。由於這個問題可能導致本機裝置的安全性徹底被破壞,造成使用者必須以還原 (Re-flash) 作業系統的方式才能修復裝置,因此嚴重程度被評定為「最高」。</p>
+<p>MediaTek 元件 (包括 M4U 驅動程式、音效驅動程式、觸控螢幕驅動程式、GPU 驅動程式和指令佇列驅動程式) 中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何程式碼。由於這個問題可能導致本機裝置的安全性徹底被破壞,造成使用者必須以還原 (Reflash) 作業系統的方式才能修復裝置,因此嚴重程度被評定為「最高」。</p>
<table>
<colgroup><col width="19%" />
@@ -956,7 +956,7 @@
<td>2016 年 10 月 12 日</td>
</tr>
</tbody></table>
-<p>* 這個問題的修補程式並未開放給一般使用者下載,而是直接整合在最新的 Nexus 裝置專用驅動程式的安裝檔中。您可以前往 <a href="https://developers.google.com/android/nexus/drivers">Google Developers 網站</a>下載這些驅動程式。</p>
+<p>* 這個問題的修補程式並未開放給一般使用者下載,相關的更新已直接整合在最新的 Nexus 裝置專用驅動程式的安裝檔中。您可以前往 <a href="https://developers.google.com/android/nexus/drivers">Google Developers 網站</a>下載這些驅動程式。</p>
<p>** 如果是搭載 Android 7.0 以上版本的 Google 裝置 (必須是受支援的機型,且已安裝所有可用更新),就不會受到這個漏洞影響。</p>
<h3 id="eop-in-kernel-fiq-debugger">核心 FIQ 偵錯工具中的權限升級漏洞</h3>
@@ -1105,7 +1105,7 @@
<p>*** 如果是搭載 Android 7.0 以上版本的 Google 裝置 (必須是受支援的機型,且已安裝所有可用更新),就不會受到這個漏洞影響。</p>
<h3 id="eop-in-kernel-networking-subsystem-2">核心網路子系統中的權限升級漏洞</h3>
-<p>核心網路子系統中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何指令。由於這種攻擊必須先破壞特定獲授權的程序才能執行,因此這個問題的嚴重程度被評定為「高」。</p>
+<p>核心網路子系統中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何程式碼。由於這種攻擊必須先破解具有特定權限的程序才能執行,因此這個問題的嚴重程度被評定為「高」。</p>
<table>
<colgroup><col width="19%" />
@@ -1141,7 +1141,7 @@
</tbody></table>
<h3 id="eop-in-qualcomm-input-hardware-driver">Qualcomm 輸入硬體驅動程式中的權限升級漏洞</h3>
-<p>Qualcomm 輸入硬體驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何指令。由於這種攻擊必須先破壞特定獲授權的程序才能執行,因此這個問題的嚴重程度被評定為「高」。</p>
+<p>Qualcomm 輸入硬體驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何程式碼。由於這種攻擊必須先破解具有特定權限的程序才能執行,因此這個問題的嚴重程度被評定為「高」。</p>
<table>
<colgroup><col width="19%" />
@@ -1196,7 +1196,7 @@
<p>** 如果是搭載 Android 7.0 以上版本的 Google 裝置 (必須是受支援的機型,且已安裝所有可用更新),就不會受到這個漏洞所影響。</p>
<h3 id="eop-in-qualcomm-adsprpc-driver">Qualcomm ADSPRPC 驅動程式中的權限升級漏洞</h3>
-<p>Qualcomm ADSPRPC 驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何指令。由於這種攻擊必須先破壞特定獲授權的程序才能執行,因此這個問題的嚴重程度被評定為「高」。</p>
+<p>Qualcomm ADSPRPC 驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何指令。由於這種攻擊必須先破解具有特定權限的程序才能執行,因此這個問題的嚴重程度被評定為「高」。</p>
<table>
<colgroup><col width="19%" />
@@ -1286,7 +1286,7 @@ QC-CR#1082636</a></td>
</tbody></table>
<h3 id="eop-in-qualcomm-camera-driver">Qualcomm 相機驅動程式中的權限升級漏洞</h3>
-<p>Qualcomm 相機驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何指令。由於這種攻擊必須先破壞特定獲授權的程序才能執行,因此這個問題的嚴重程度被評定為「高」。</p>
+<p>Qualcomm 相機驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何指令。由於這種攻擊必須先破解具有特定權限的程序才能執行,因此這個問題的嚴重程度被評定為「高」。</p>
<table>
<colgroup><col width="19%" />
@@ -1346,11 +1346,11 @@ QC-CR#1097709</a></td>
<td>2016 年 11 月 15 日</td>
</tr>
</tbody></table>
-<p>* 這個問題的修補程式並未開放給一般使用者下載,而是直接整合在最新的 Nexus 裝置專用驅動程式的安裝檔中。您可以前往 <a href="https://developers.google.com/android/nexus/drivers">Google Developers 網站</a>下載這些驅動程式。</p>
+<p>* 這個問題的修補程式並未開放給一般使用者下載,相關的更新已直接整合在最新的 Nexus 裝置專用驅動程式的安裝檔中。您可以前往 <a href="https://developers.google.com/android/nexus/drivers">Google Developers 網站</a>下載這些驅動程式。</p>
<p>** 如果是搭載 Android 7.0 以上版本的 Google 裝置 (必須是受支援的機型,且已安裝所有可用更新),就不會受到這個漏洞所影響。</p>
<h3 id="eop-in-qualcomm-wi-fi-driver">Qualcomm Wi-Fi 驅動程式中的權限升級漏洞</h3>
-<p>Qualcomm Wi-Fi 驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何指令。由於這種攻擊必須先破壞特定獲授權的程序才能執行,因此這個問題的嚴重程度被評定為「高」。</p>
+<p>Qualcomm Wi-Fi 驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何指令。由於這種攻擊必須先破解具有特定權限的程序才能執行,因此這個問題的嚴重程度被評定為「高」。</p>
<table>
<colgroup><col width="19%" />
@@ -1514,7 +1514,7 @@ QC-CR#1096945</a></td>
<td>2016 年 11 月 28 日</td>
</tr>
</tbody></table>
-<p>* 這個問題的修補程式並未開放給一般使用者下載,而是直接整合在最新的 Nexus 裝置專用驅動程式的安裝檔中。您可以前往 <a href="https://developers.google.com/android/nexus/drivers">Google Developers 網站</a>下載這些驅動程式。</p>
+<p>* 這個問題的修補程式並未開放給一般使用者下載,相關的更新已直接整合在最新的 Nexus 裝置專用驅動程式的安裝檔中。您可以前往 <a href="https://developers.google.com/android/nexus/drivers">Google Developers 網站</a>下載這些驅動程式。</p>
<p>** 如果是搭載 Android 7.0 以上版本的 Google 裝置 (必須是受支援的機型,且已安裝所有可用更新),就不會受到這個漏洞所影響。</p>
<h3 id="eop-in-qualcomm-networking-driver">Qualcomm 網路驅動程式中的權限升級漏洞</h3>
@@ -1668,7 +1668,7 @@ QC-CR#1094140</a></td>
<td>2016 年 4 月 27 日</td>
</tr>
</tbody></table>
-<p>* 這個問題的修補程式並未開放給一般使用者下載,而是直接整合在最新的 Nexus 裝置專用驅動程式的安裝檔中。您可以前往 <a href="https://developers.google.com/android/nexus/drivers">Google Developers 網站</a>下載這些驅動程式。</p>
+<p>* 這個問題的修補程式並未開放給一般使用者下載,相關的更新已直接整合在最新的 Nexus 裝置專用驅動程式的安裝檔中。您可以前往 <a href="https://developers.google.com/android/nexus/drivers">Google Developers 網站</a>下載這些驅動程式。</p>
<p>** 如果是搭載 Android 7.0 以上版本的 Google 裝置 (必須是受支援的機型,且已安裝所有可用更新),就不會受到這個漏洞影響。</p>
<h3 id="id-in-qualcomm-bootloader">Qualcomm 系統啟動載入程式中的資訊外洩漏洞</h3>
@@ -1942,7 +1942,7 @@ QC-CR#1088206</a></td>
</tbody></table>
<h3 id="id-in-qualcomm-camera-driver">Qualcomm 相機驅動程式中的資訊外洩漏洞</h3>
-<p>Qualcomm 相機驅動程式中的資訊外洩漏洞可能會讓本機惡意應用程式存取其權限範圍以外的資料。由於這種攻擊必須先破壞特定獲授權的程序才能執行,因此這個問題的嚴重程度被評定為「中」。</p>
+<p>Qualcomm 相機驅動程式中的資訊外洩漏洞可能會讓本機惡意應用程式存取其權限範圍以外的資料。由於這種攻擊必須先破解具有特定權限的程序才能執行,因此這個問題的嚴重程度被評定為「中」。</p>
<table>
<colgroup><col width="19%" />
@@ -2005,7 +2005,7 @@ QC-CR#1090007</a>
<p>* 這個問題的修補程式並未開放給一般使用者下載,而是直接整合在最新的 Nexus 裝置專用驅動程式的安裝檔中。您可以前往 <a href="https://developers.google.com/android/nexus/drivers">Google Developers 網站</a>下載這些驅動程式。</p>
<h3 id="id-in-synaptics-touchscreen-driver">Synaptics 觸控螢幕驅動程式中的資訊外洩漏洞</h3>
-<p>Synaptics 觸控螢幕驅動程式中的資訊外洩漏洞可能會讓本機惡意應用程式存取其權限範圍以外的資料。由於這種攻擊必須先破壞特定獲授權的程序才能執行,因此這個問題的嚴重程度被評定為「中」。</p>
+<p>Synaptics 觸控螢幕驅動程式中的資訊外洩漏洞可能會讓本機惡意應用程式存取其權限範圍以外的資料。由於這種攻擊必須先破解具有特定權限的程序才能執行,因此這個問題的嚴重程度被評定為「中」。</p>
<table>
<colgroup><col width="19%" />
diff --git a/zh-tw/security/bulletin/2017-05-01.html b/zh-tw/security/bulletin/2017-05-01.html
index 4cbd02a0..0603f671 100644
--- a/zh-tw/security/bulletin/2017-05-01.html
+++ b/zh-tw/security/bulletin/2017-05-01.html
@@ -561,7 +561,7 @@
</tr>
</tbody></table>
-<p>* 這個問題的修補程式並未開放給一般使用者下載,而是直接整合在最新的 Nexus 裝置專用驅動程式的安裝檔中。您可以前往 <a href="https://developers.google.com/android/nexus/drivers">Google Developers 網站</a>下載這些驅動程式。</p>
+<p>* 這個問題的修補程式並未開放給一般使用者下載,相關的更新已直接整合在最新的 Nexus 裝置專用驅動程式的安裝檔中。您可以前往 <a href="https://developers.google.com/android/nexus/drivers">Google Developers 網站</a>下載這些驅動程式。</p>
<p>** 如果是搭載 Android 7.1.1 以上版本的 Google 裝置 (必須是受支援的機型,且已安裝所有可用更新),就不會受到這個漏洞所影響。</p>
@@ -849,7 +849,7 @@ QC-CR#826589</a></td>
</tr>
</tbody></table>
-<p>* 這個問題的修補程式並未開放給一般使用者下載,而是直接整合在最新的 Nexus 裝置專用驅動程式的安裝檔中。您可以前往 <a href="https://developers.google.com/android/nexus/drivers">Google Developers 網站</a>下載這些驅動程式。</p>
+<p>* 這個問題的修補程式並未開放給一般使用者下載,相關的更新已直接整合在最新的 Nexus 裝置專用驅動程式的安裝檔中。您可以前往 <a href="https://developers.google.com/android/nexus/drivers">Google Developers 網站</a>下載這些驅動程式。</p>
<p>** 如果是搭載 Android 7.1.1 以上版本的 Google 裝置 (必須是受支援的機型,且已安裝所有可用更新),就不會受到這個漏洞所影響。</p>
@@ -1289,7 +1289,7 @@ QC-CR#1080290</a></td>
</tr>
</tbody></table>
-<p>* 這個問題的修補程式並未開放給一般使用者下載,而是直接整合在最新的 Nexus 裝置專用驅動程式的安裝檔中。您可以前往 <a href="https://developers.google.com/android/nexus/drivers">Google Developers 網站</a>下載這些驅動程式。</p>
+<p>* 這個問題的修補程式並未開放給一般使用者下載,相關的更新已直接整合在最新的 Nexus 裝置專用驅動程式的安裝檔中。您可以前往 <a href="https://developers.google.com/android/nexus/drivers">Google Developers 網站</a>下載這些驅動程式。</p>
<p>** 如果是搭載 Android 7.1.1 以上版本的 Google 裝置 (必須是受支援的機型,且已安裝所有可用更新),就不會受到這個漏洞所影響。</p>
@@ -1351,7 +1351,7 @@ QC-CR#1080290</a></td>
</tr>
</tbody></table>
-<p>* 這個問題的修補程式並未開放給一般使用者下載,而是直接整合在最新的 Nexus 裝置專用驅動程式的安裝檔中。您可以前往 <a href="https://developers.google.com/android/nexus/drivers">Google Developers 網站</a>下載這些驅動程式。</p>
+<p>* 這個問題的修補程式並未開放給一般使用者下載,相關的更新已直接整合在最新的 Nexus 裝置專用驅動程式的安裝檔中。您可以前往 <a href="https://developers.google.com/android/nexus/drivers">Google Developers 網站</a>下載這些驅動程式。</p>
<p>** 如果是搭載 Android 7.1.1 以上版本的 Google 裝置 (必須是受支援的機型,且已安裝所有可用更新),就不會受到這個漏洞所影響。</p>
@@ -1382,7 +1382,7 @@ QC-CR#1080290</a></td>
</tr>
</tbody></table>
-<p>* 這個問題的修補程式並未開放給一般使用者下載,而是直接整合在最新的 Nexus 裝置專用驅動程式的安裝檔中。您可以前往 <a href="https://developers.google.com/android/nexus/drivers">Google Developers 網站</a>下載這些驅動程式。</p>
+<p>* 這個問題的修補程式並未開放給一般使用者下載,相關的更新已直接整合在最新的 Nexus 裝置專用驅動程式的安裝檔中。您可以前往 <a href="https://developers.google.com/android/nexus/drivers">Google Developers 網站</a>下載這些驅動程式。</p>
<p>** 如果是搭載 Android 7.1.1 以上版本的 Google 裝置 (必須是受支援的機型,且已安裝所有可用更新),就不會受到這個漏洞所影響。</p>
@@ -1528,7 +1528,7 @@ QC-CR#831322</a></td>
<h3 id="eop-in-qualcomm-networking-driver">Qualcomm 網路驅動程式中的權限升級漏洞</h3>
-<p>Qualcomm 網路驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何指令。由於這種攻擊必須先破解具有特定權限的程序才能執行,因此這個問題的嚴重程度被評定為「高」。</p>
+<p>Qualcomm 網路驅動程式中的權限升級漏洞可能會讓本機惡意應用程式在核心環境內執行任何程式碼。由於這種攻擊必須先破解具有特定權限的程序才能執行,因此這個問題的嚴重程度被評定為「高」。</p>
<table>
<colgroup><col width="19%" />
@@ -2404,7 +2404,7 @@ QC-CR#832915</a></td>
<p>在 <a href="#2017-05-01-details">2017-05-01</a> 和 <a href="#2017-05-05-details">2017-05-05</a> 安全性漏洞詳情的章節中,每個表格都包含「更新的 Google 裝置」<em></em>欄,當中列出已針對各個問題進行更新的受影響 Google 裝置範圍。此欄中的選項包括:</p>
<ul>
<li><strong>所有 Google 裝置</strong>:如果問題會影響到 Pixel 裝置和所有的 Google 裝置,表格內「更新的 Google 裝置」<em></em>欄中就會標示「全部」字樣。「全部」包含下列<a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">支援的裝置</a>:Nexus 5X、Nexus 6、Nexus 6P、Nexus 9、Android One、Nexus Player、Pixel C、Pixel 和 Pixel XL。</li>
-<li><strong>部分 Google 裝置</strong>:如果問題並未影響到所有 Google 裝置,則「更新的 Google 裝置」<em></em>欄中會列出受影響的 Google 裝置。</li>
+<li><strong>部分 Google 裝置</strong>:如果問題並未影響到所有 Google 裝置,「更新的 Google 裝置」<em></em>欄中會列出受影響的 Google 裝置。</li>
<li><strong>不影響任何 Google 裝置</strong>:如果問題不會影響到任何搭載 Android 7.0 的 Google 裝置,表格內「更新的 Google 裝置」<em></em>欄中就會標示「無」字樣。</li>
</ul>
<p><strong>4. 參考資料欄底下列出的識別碼代表什麼意義?</strong></p>
diff --git a/zh-tw/security/bulletin/2017-11-01.html b/zh-tw/security/bulletin/2017-11-01.html
index fbd1b550..16c50cc9 100644
--- a/zh-tw/security/bulletin/2017-11-01.html
+++ b/zh-tw/security/bulletin/2017-11-01.html
@@ -29,7 +29,8 @@ Android 合作夥伴在 2017-11-01 和 2017-11-05 修補程式公告的至少一
<p>
在這些問題中,最嚴重的就是媒體架構中「最高」等級的安全性漏洞。遠端攻擊者可利用這類漏洞,在獲得授權的程序環境內透過特製檔案執行任何指令。<a href="/security/overview/updates-resources.html#severity">嚴重程度評定標準</a>是假設平台與服務的因應防護措施基於開發作業的需求而被關閉,或是遭到有心人士破解,然後推算當有人惡意運用漏洞時,使用者的裝置會受到多大的影響,據此評定漏洞的嚴重程度。
</p>
-<p>針對這些新發現的漏洞,我們目前尚未收到任何客戶回報相關的漏洞濫用案例。如果想進一步瞭解 <a href="#mitigations">Android 安全性平台防護措施</a>和 Google Play 安全防護機制如何加強 Android 平台的安全性,請參閱 <a href="/security/enhancements/index.html">Android 和 Google Play 安全防護機制所提供的因應措施</a>。
+<p>
+針對這些新發現的漏洞,我們目前尚未收到任何客戶回報相關的漏洞濫用案例。如果想進一步瞭解 <a href="#mitigations">Android 安全性平台防護措施</a>和 Google Play 安全防護機制如何加強 Android 平台的安全性,請參閱 <a href="/security/enhancements/index.html">Android 和 Google Play 安全防護機制所提供的因應措施</a>。
</p>
<p class="note">
<strong>注意:</strong><a href="/security/bulletin/pixel/2017-11-01">2017 年 11 月 Pixel / Nexus 安全性公告</a>提供了和 Google 裝置的最新無線下載更新 (OTA) 與韌體映像檔有關的資訊。
@@ -49,7 +50,7 @@ Android 合作夥伴在 2017-11-01 和 2017-11-05 修補程式公告的至少一
</ul>
<h2 id="2017-11-01-details">2017-11-01 安全性修補程式等級 - 資安漏洞詳情</h2>
<p>
-下列各節針對 2017-11-01 安全性修補程式等級適用的各項安全性漏洞提供了詳細資訊,並依照資安問題本身所影響的元件將各項漏洞分門別類,包括問題說明以及一份漏洞資訊表,顯示漏洞的 CVE、相關參考資料、<a href="#type">漏洞類型</a>、<a href="/security/overview/updates-resources.html#severity">嚴重程度</a>,以及更新的 Android 開放原始碼計劃版本 (在適用情況下)。假如相關錯誤有公開變更,該錯誤 ID 會連結到相對應的變更 (例如 Android 開放原始碼計劃變更清單)。如果單一錯誤有多項相關變更,您可以透過該錯誤 ID 後面的編號連結開啟額外的參考資料。</p>
+下列各節針對 2017-11-01 安全性修補程式等級適用的各項安全性漏洞提供了詳細資訊,我們依照資安問題本身所影響的元件將各項漏洞分門別類,另外也附上了問題說明和一份 CVE 資訊表,其中包括了相關參考資料、<a href="#type">漏洞類型</a>、<a href="/security/overview/updates-resources.html#severity">嚴重程度</a>,以及更新的 Android 開放原始碼計劃版本 (在適用情況下)。假如相關錯誤有公開變更,該錯誤 ID 會連結到相對應的變更 (例如 Android 開放原始碼計劃變更清單)。如果單一錯誤有多項相關變更,您可以透過該錯誤 ID 後面的編號連結開啟額外的參考資料。</p>
<h3 id="framework">架構</h3>
<p>本節中最嚴重的漏洞可能會讓本機惡意應用程式規避使用者互動要求以取得其他權限。</p>
@@ -84,7 +85,7 @@ Android 合作夥伴在 2017-11-01 和 2017-11-05 修補程式公告的至少一
</tbody></table>
<h3 id="media-framework">媒體架構</h3>
-<p>本節中最嚴重的漏洞可能會讓遠端攻擊者得以利用特製檔案在獲得授權的程序環境內執行任何指令。</p>
+<p>本節中最嚴重的漏洞可能會讓遠端攻擊者得以利用特製檔案在獲得授權的程序環境內執行任何程式碼。</p>
<table>
<colgroup><col width="17%" />
@@ -187,7 +188,7 @@ Android 合作夥伴在 2017-11-01 和 2017-11-05 修補程式公告的至少一
下列各節針對 2017-11-05 安全性修補程式等級適用的各項安全性漏洞提供了詳細資訊。我們依照資安問題本身所影響的元件將各項漏洞分門別類,另外也附上了一些詳細資料,例如 CVE、相關參考資料、<a href="#type">漏洞類型</a>、<a href="/security/overview/updates-resources.html#severity">嚴重程度</a>、元件 (在適用情況下),和更新的 Android 開放原始碼計劃版本 (在適用情況下)。假如相關錯誤有公開變更,該錯誤 ID 會連結到相對應的變更 (例如 Android 開放原始碼計劃變更清單)。如果單一錯誤有多項相關變更,您可以透過該錯誤 ID 後面的編號連結開啟額外的參考資料。</p>
<h3 id="kernel-components">核心元件</h3>
-<p>本節中最嚴重的漏洞可能會讓本機惡意應用程式在獲得授權的程序環境內執行任何指令。</p>
+<p>本節中最嚴重的漏洞可能會讓本機惡意應用程式在獲得授權的程序環境內執行任何程式碼。</p>
<table>
<colgroup><col width="17%" />
@@ -223,7 +224,7 @@ Android 合作夥伴在 2017-11-01 和 2017-11-05 修補程式公告的至少一
</tbody></table>
<h3 id="mediatek-components">MediaTek 元件</h3>
-<p>本節中最嚴重的漏洞可能會讓本機惡意應用程式在獲得授權的程序環境內執行任何指令。</p>
+<p>本節中最嚴重的漏洞可能會讓本機惡意應用程式在獲得授權的程序環境內執行任何程式碼。</p>
<table>
<colgroup><col width="17%" />
@@ -249,7 +250,7 @@ Android 合作夥伴在 2017-11-01 和 2017-11-05 修補程式公告的至少一
</tbody></table>
<h3 id="nvidia-components">NVIDIA 元件</h3>
-<p>本節中最嚴重的漏洞可能會讓本機惡意應用程式在獲得授權的程序環境內執行任何指令。</p>
+<p>本節中最嚴重的漏洞可能會讓本機惡意應用程式在獲得授權的程序環境內執行任何程式碼。</p>
<table>
<colgroup><col width="17%" />
@@ -275,7 +276,7 @@ Android 合作夥伴在 2017-11-01 和 2017-11-05 修補程式公告的至少一
</tbody></table>
<h3 id="qualcomm-components">Qualcomm 元件</h3>
-<p>本節中最嚴重的漏洞可能會讓遠端攻擊者得以利用特製檔案在獲得授權的程序環境內執行任何指令。</p>
+<p>本節中最嚴重的漏洞可能會讓遠端攻擊者得以利用特製檔案在獲得授權的程序環境內執行任何程式碼。</p>
<table>
<colgroup><col width="17%" />
@@ -454,7 +455,7 @@ QC-CR#2008683</a>
請參閱<a href="//support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">檢查及更新 Android 版本</a>一文,瞭解如何查看裝置的安全性修補程式等級。
</p>
<ul>
- <li>2017 年 11 月 1 日之後的安全性修補程式等級已解決了所有與 2017-11-01 安全性修補程式等級相關的問題。</li>
+ <li>2017-11-01 之後的安全性修補程式等級已解決了所有與 2017-11-01 安全性修補程式等級相關的問題。</li>
<li>2017 年 11 月 5 日之後的安全性修補程式等級完全解決了與 2017-11-05 安全性修補程式等級及所有先前修補程式等級相關的問題。</li>
<li>2017 年 11 月 6 日之後的安全性修補程式等級完全解決了與 2017-11-06 安全性修補程式等級及所有先前修補程式等級相關的問題。
</li>
diff --git a/zh-tw/security/bulletin/2018-01-01.html b/zh-tw/security/bulletin/2018-01-01.html
index 057ebdae..eae9c8a9 100644
--- a/zh-tw/security/bulletin/2018-01-01.html
+++ b/zh-tw/security/bulletin/2018-01-01.html
@@ -19,24 +19,30 @@
See the License for the specific language governing permissions and
limitations under the License.
-->
-<p><em>發佈日期:2018 年 1 月 2 日</em></p>
+<p><em>發佈日期:2018 年 1 月 2 日 | 更新日期:2018 年 1 月 29 日</em></p>
<p>
Android 安全性公告羅列了會對 Android 裝置造成影響的安全性漏洞,並說明各項相關細節。2018-01-05 之後的安全性修補程式等級已解決了這些問題。請參閱<a href="https://support.google.com/pixelphone/answer/4457705">檢查及更新 Android 版本</a>一文,瞭解如何查看裝置的安全性修補程式等級。
</p>
<p>
-Android 的合作夥伴在至少一個月之前已收到公告中所有問題的相關通知。這些問題的原始碼修補程式將於接下來 48 小時內發佈到 Android 開放原始碼計劃 (AOSP) 存放區,等到相關 Android 開放原始碼計劃連結建立完成後,我們就會修訂這則公告。
-</p>
+Android 的合作夥伴在至少一個月之前已收到公告中所有問題的相關通知。這些問題的原始碼修補程式已發佈到 Android 開放原始碼計劃 (AOSP) 存放區中,且公告中亦提供相關連結。此外,本公告也提供 Android 開放原始碼計劃以外的修補程式連結。</p>
<p>
-在這些問題中,最嚴重的就是媒體架構中「最高」等級的安全性漏洞。遠端攻擊者可利用這類漏洞,在獲得授權的程序環境內透過特製檔案執行任何程式碼。<a href="/security/overview/updates-resources.html#severity">嚴重程度評定標準</a>是假設平台與服務的因應防護措施基於開發作業的需求而被關閉,或是遭到有心人士破解,然後推算當有人惡意運用漏洞時,使用者的裝置會受到多大的影響,據此評定漏洞的嚴重程度。
+在這些問題中,最嚴重的就是媒體架構中「最高」等級的安全性漏洞。遠端攻擊者可利用這類漏洞,在獲得授權的程序環境內透過特製檔案執行任何指令。<a href="/security/overview/updates-resources.html#severity">嚴重程度評定標準</a>是假設平台與服務的因應防護措施基於開發作業的需求而被關閉,或是遭到有心人士破解,然後推算當有人惡意運用漏洞時,使用者的裝置會受到多大的影響,據此評定漏洞的嚴重程度。
</p>
-<p>
-針對這些新發現的漏洞,我們目前尚未收到任何客戶回報相關的漏洞濫用案例。如果想進一步瞭解 <a href="/security/enhancements/index.html">Android 安全性平台防護措施</a>和 Google Play 安全防護機制如何加強 Android 平台的安全性,請參閱 <a href="#mitigations">Android 和 Google Play 安全防護機制所提供的因應措施</a>。
+<p>針對這些新發現的漏洞,我們目前尚未收到任何客戶回報相關的漏洞濫用案例。如果想進一步瞭解 <a href="#mitigations">Android 安全性平台防護措施</a>和 Google Play 安全防護機制如何加強 Android 平台的安全性,請參閱 <a href="/security/enhancements/index.html">Android 和 Google Play 安全防護機制所提供的因應措施</a>。
</p>
<p>
<strong>注意:</strong>2018 年 1 月 Pixel/Nexus 安全性公告提供了和 Google 裝置的最新無線下載更新 (OTA) 與韌體映像檔有關的資訊。
</p>
<h2 id="announcements">公告事項</h2>
+<aside class="note">
+<p><strong>注意:</strong>CVE-2017-5715、CVE-2017-5753 和 CVE-2017-5754 這一組與處理器中推測性執行相關的安全性漏洞已公開揭露。Android 並不清楚目前是否有人成功利用這些漏洞,造成任何採用 ARM 架構的 Android 裝置發生未經授權的資訊外洩情況。
+</p>
+<p>
+為提供額外的安全防護,我們已經在這個公告中加入 CVE-2017-13218 的更新,以限制存取高精度計時器,藉此降低所有已知 ARM 處理器系列受到旁路攻擊 (例如 CVE-2017-5715、CVE-2017-5753 和 CVE-2017-5754) 的機率。
+</p>
+<p>我們建議 Android 使用者接受可用的裝置安全性更新。詳情請參閱 <a href="https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html">Google 安全性網誌</a>。</p>
+</aside>
<p>
我們新推出了 <a href="/security/bulletin/pixel/">Pixel/Nexus 安全性公告</a>,其中羅列了其他已解決的安全性漏洞與相關詳情,以及各項功能改善項目 (適用於 Pixel 和 Nexus 裝置)。Android 裝置製造商可藉此處理自家裝置的相關問題。如需查詢其他相關資訊,請參閱<a href="#common-questions-and-answers">常見問題與解答</a>。
</p>
@@ -48,7 +54,7 @@ Android 的合作夥伴在至少一個月之前已收到公告中所有問題的
</li><li>Android 安全性小組透過 <a href="https://www.android.com/play-protect">Google Play 安全防護</a>主動監控濫用情形;使用這些功能的目的是在發現<a href="/security/reports/Google_Android_Security_PHA_classifications.pdf">可能有害的應用程式</a>時警告使用者。在預設情況下,搭載 <a href="http://www.android.com/gms">Google 行動服務</a>的裝置會自動啟用 Google Play 安全防護機制。對於需要從 Google Play 以外的來源安裝應用程式的使用者來說,這項防護措施格外重要。</li></ul>
<h2 id="2018-01-01-security-patch-level—vulnerability-details">2018-01-01 安全性修補程式等級 - 資安漏洞詳情</h2>
<p>
-下列各節針對 2018-01-01 安全性修補程式等級適用的各項安全性漏洞提供了詳細資訊。我們依照資安問題本身所影響的元件將各項漏洞分門別類,另外也附上了問題說明和一份 CVE 資訊表,其中包括了相關參考資料、<a href="#type">漏洞類型</a>、<a href="/security/overview/updates-resources.html#severity">嚴重程度</a>,以及更新的 Android 開放原始碼計劃版本 (在適用情況下)。假如相關錯誤有公開變更,該錯誤 ID 會連結到相對應的變更 (例如 AOSP 變更清單)。如果單一錯誤有多項相關變更,您可以透過該錯誤 ID 後面的編號連結開啟額外的參考資料。</p>
+下列各節針對 2018-01-01 安全性修補程式等級適用的各項安全性漏洞提供了詳細資訊。我們依照資安問題本身所影響的元件將各項漏洞分門別類,另外也附上了問題說明和一份 CVE 資訊表,其中包括了相關參考資料、<a href="#type">漏洞類型</a>、<a href="/security/overview/updates-resources.html#severity">嚴重程度</a>,以及更新的 Android 開放原始碼計劃版本 (在適用情況下)。假如相關錯誤有公開變更,該錯誤 ID 會連結到相對應的變更 (例如 Android 開放原始碼計劃變更清單)。如果單一錯誤有多項相關變更,您可以透過該錯誤 ID 後面的編號連結開啟額外的參考資料。</p>
<h3 id="android-runtime">Android 執行階段</h3>
<p>本節中最嚴重的漏洞可能會讓遠端攻擊者規避使用者互動要求以取得其他權限。</p>
@@ -68,7 +74,8 @@ Android 的合作夥伴在至少一個月之前已收到公告中所有問題的
</tr>
<tr>
<td>CVE-2017-13176</td>
- <td>A-68341964</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/base/+/4afa0352d6c1046f9e9b67fbf0011bcd751fcbb5">
+ A-68341964</a></td>
<td>EoP</td>
<td>高</td>
<td>5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
@@ -92,109 +99,124 @@ Android 的合作夥伴在至少一個月之前已收到公告中所有問題的
<th>更新的 Android 開放原始碼計劃版本</th>
</tr>
<tr>
- <td>CVE-2017-13177</td>
- <td>A-68320413</td>
- <td>RCE</td>
- <td>最高</td>
- <td>5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
+ <td>CVE-2017-13177</td>
+ <td><a href="https://android.googlesource.com/platform/external/libhevc/+/b686bb2df155fd1f55220d56f38cc0033afe278c">
+ A-68320413</a></td>
+ <td>RCE</td>
+ <td>最高</td>
+ <td>5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
</tr>
<tr>
- <td>CVE-2017-13178</td>
- <td>A-66969281</td>
- <td>RCE</td>
- <td>最高</td>
- <td>6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
+ <td>CVE-2017-13178</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/av/+/646a18fef28d19ba5beb6a2e1c00ac4c2663a10b">
+ A-66969281</a></td>
+ <td>RCE</td>
+ <td>最高</td>
+ <td>6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
</tr>
<tr>
- <td>CVE-2017-13179</td>
- <td>A-66969193</td>
- <td>RCE</td>
- <td>最高</td>
- <td>6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
+ <td>CVE-2017-13179</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/av/+/47d4b33b504e14e98420943f771a9aecd6d09516">
+ A-66969193</a></td>
+ <td>RCE</td>
+ <td>最高</td>
+ <td>6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
</tr>
<tr>
- <td>CVE-2017-13180</td>
- <td>A-66969349</td>
- <td>EoP</td>
- <td>高</td>
- <td>6.0、6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
+ <td>CVE-2017-13180</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/av/+/cf1e36f93fc8776e3a8109149424babeee7f8382">
+ A-66969349</a></td>
+ <td>EoP</td>
+ <td>高</td>
+ <td>6.0、6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
</tr>
<tr>
- <td>CVE-2017-13181</td>
- <td>A-67864232</td>
- <td>EoP</td>
- <td>高</td>
- <td>7.0、7.1.1、7.1.2、8.0、8.1</td>
+ <td>CVE-2017-13181</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/base/+/d64e9594d3d73c613010ca9fafc7af9782e9225d">
+ A-67864232</a></td>
+ <td>EoP</td>
+ <td>高</td>
+ <td>7.0、7.1.1、7.1.2、8.0、8.1</td>
</tr>
<tr>
- <td>CVE-2017-13182</td>
- <td>A-67737022</td>
- <td>EoP</td>
- <td>高</td>
- <td>8.0、8.1</td>
+ <td>CVE-2017-13182</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/av/+/f1652e1b9f1d2840c79b6bf784d1befe40f4799e">
+ A-67737022</a></td>
+ <td>EoP</td>
+ <td>高</td>
+ <td>8.0、8.1</td>
</tr>
<tr>
- <td>CVE-2017-13184</td>
- <td>A-65483324</td>
- <td>EoP</td>
- <td>高</td>
- <td>8.0、8.1</td>
+ <td>CVE-2017-13184</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/native/+/16392a119661fd1da750d4d4e8e03442578bc543">
+ A-65483324</a></td>
+ <td>EoP</td>
+ <td>高</td>
+ <td>8.0、8.1</td>
</tr>
<tr>
- <td>CVE-2017-0855</td>
- <td>A-64452857</td>
- <td>DoS</td>
- <td>高</td>
- <td>5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2、8.0</td>
+ <td>CVE-2017-0855</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/av/+/d7d6df849cec9d0a9c1fd0d9957a1b8edef361b7">
+ A-64452857</a></td>
+ <td>DoS</td>
+ <td>高</td>
+ <td>5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2、8.0</td>
</tr>
<tr>
- <td>CVE-2017-13191</td>
- <td>A-64380403</td>
- <td>DoS</td>
- <td>高</td>
- <td>5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
+ <td>CVE-2017-13191</td>
+ <td><a href="https://android.googlesource.com/platform/external/libhevc/+/f5b2fa243b4c45a4cd885e85f49ae548ab88c264">
+ A-64380403</a></td>
+ <td>DoS</td>
+ <td>高</td>
+ <td>5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
</tr>
<tr>
- <td>CVE-2017-13192</td>
- <td>A-64380202</td>
- <td>DoS</td>
- <td>高</td>
- <td>5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
+ <td>CVE-2017-13192</td>
+ <td><a href="https://android.googlesource.com/platform/external/libhevc/+/52ca619511acbd542d843df1f92f858ce13048a5">
+ A-64380202</a></td>
+ <td>DoS</td>
+ <td>高</td>
+ <td>5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
</tr>
<tr>
- <td>CVE-2017-13193</td>
- <td>A-65718319</td>
- <td>DoS</td>
- <td>高</td>
- <td>5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
+ <td>CVE-2017-13193</td>
+ <td><a href="https://android.googlesource.com/platform/external/libhevc/+/b3f31e493ef6fa886989198da9787807635eaae2">
+ A-65718319</a></td>
+ <td>DoS</td>
+ <td>高</td>
+ <td>5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
</tr>
<tr>
- <td>CVE-2017-13195</td>
- <td>A-65398821</td>
- <td>DoS</td>
- <td>高</td>
- <td>5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
+ <td>CVE-2017-13195</td>
+ <td><a href="https://android.googlesource.com/platform/external/libhevc/+/066e3b1f9c954d95045bc9d33d2cdc9df419784f">
+ A-65398821</a></td>
+ <td>DoS</td>
+ <td>高</td>
+ <td>5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
</tr>
<tr>
- <td>CVE-2017-13196</td>
- <td>A-63522067</td>
- <td>DoS</td>
- <td>高</td>
- <td>5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
+ <td>CVE-2017-13196</td>
+ <td><a href="https://android.googlesource.com/platform/external/libhevc/+/f5b2fa243b4c45a4cd885e85f49ae548ab88c264">
+ A-63522067</a></td>
+ <td>DoS</td>
+ <td>高</td>
+ <td>5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
</tr>
<tr>
- <td>CVE-2017-13197</td>
- <td>A-64784973</td>
- <td>DoS</td>
- <td>高</td>
- <td>6.0、6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
+ <td>CVE-2017-13197</td>
+ <td><a href="https://android.googlesource.com/platform/external/libhevc/+/0a714d3a14d256c6a5675d6fbd975ca26e9bc471">
+ A-64784973</a></td>
+ <td>DoS</td>
+ <td>高</td>
+ <td>6.0、6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
</tr>
<tr>
- <td>CVE-2017-13199</td>
- <td>A-33846679</td>
- <td>DoS</td>
- <td>高</td>
- <td>8.0、8.1</td>
+ <td>CVE-2017-13199</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/base/+/42b2e419b48a26d2ba599d87e3a2a02c4aa625f4">
+ A-33846679</a></td>
+ <td>DoS</td>
+ <td>高</td>
+ <td>8.0、8.1</td>
</tr>
</tbody></table>
@@ -215,37 +237,43 @@ Android 的合作夥伴在至少一個月之前已收到公告中所有問題的
<th>更新的 Android 開放原始碼計劃版本</th>
</tr>
<tr>
- <td>CVE-2017-13208</td>
- <td>A-67474440</td>
- <td>RCE</td>
- <td>最高</td>
- <td>5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
+ <td>CVE-2017-13208</td>
+ <td><a href="https://android.googlesource.com/platform/system/core/+/b71335264a7c3629f80b7bf1f87375c75c42d868">
+ A-67474440</a></td>
+ <td>RCE</td>
+ <td>最高</td>
+ <td>5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
</tr>
<tr>
- <td>CVE-2017-13209</td>
- <td>A-68217907</td>
- <td>EoP</td>
- <td>高</td>
- <td>8.0、8.1</td>
+ <td>CVE-2017-13209</td>
+ <td><a href="https://android.googlesource.com/platform/system/libhidl/+/a4d0252ab5b6f6cc52a221538e1536c5b55c1fa7">
+ A-68217907</a>
+[<a href="https://android.googlesource.com/platform/system/tools/hidl/+/8539fc8ac94d5c92ef9df33675844ab294f68d61">2</a>]
+[<a href="https://android.googlesource.com/platform/system/hwservicemanager/+/e1b4a889e8b84f5c13b76333d4de90dbe102a0de">3</a>]</td>
+ <td>EoP</td>
+ <td>高</td>
+ <td>8.0、8.1</td>
</tr>
<tr>
- <td>CVE-2017-13210</td>
- <td>A-67782345</td>
- <td>EoP</td>
- <td>高</td>
- <td>5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
+ <td>CVE-2017-13210</td>
+ <td><a href="https://android.googlesource.com/platform/system/media/+/e770e378dc8e2320679272234285456ca2244a62">
+ A-67782345</a></td>
+ <td>EoP</td>
+ <td>高</td>
+ <td>5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
</tr>
<tr>
- <td>CVE-2017-13211</td>
- <td>A-65174158</td>
- <td>DoS</td>
- <td>高</td>
- <td>8.0</td>
+ <td>CVE-2017-13211</td>
+ <td><a href="https://android.googlesource.com/platform/system/bt/+/181144a50114c824cfe3cdfd695c11a074673a5e">
+ A-65174158</a></td>
+ <td>DoS</td>
+ <td>高</td>
+ <td>8.0</td>
</tr>
</tbody></table>
<h2 id="2018-01-05-security-patch-level—vulnerability-details">2018-01-05 安全性修補程式等級 - 資安漏洞詳情</h2>
-<p>下列各節針對 2018-01-05 安全性修補程式等級適用的各項安全性漏洞提供了詳細資訊。我們依照資安問題本身所影響的元件將各項漏洞分門別類,另外也附上了一些詳細資料,例如 CVE、相關參考資料、<a href="#type">漏洞類型</a>、<a href="/security/overview/updates-resources.html#severity">嚴重程度</a>、元件 (在適用情況下),和更新的 Android 開放原始碼計劃版本 (在適用情況下)。假如相關錯誤有公開變更,該錯誤 ID 會連結到相對應的變更 (例如 AOSP 變更清單)。如果單一錯誤有多項相關變更,您可以透過該錯誤 ID 後面的編號連結開啟額外的參考資料。</p>
+<p>下列各節針對 2018-01-05 安全性修補程式等級適用的各項安全性漏洞提供了詳細資訊。我們依照資安問題本身所影響的元件將各項漏洞分門別類,另外也附上了一些詳細資料,例如 CVE、相關參考資料、<a href="#type">漏洞類型</a>、<a href="/security/overview/updates-resources.html#severity">嚴重程度</a>、元件 (在適用情況下),和更新的 Android 開放原始碼計劃版本 (在適用情況下)。假如相關錯誤有公開變更,該錯誤 ID 會連結到相對應的變更 (例如 Android 開放原始碼計劃變更清單)。如果單一錯誤有多項相關變更,您可以透過該錯誤 ID 後面的編號連結開啟額外的參考資料。</p>
<h3 id="htc-components">HTC 元件</h3>
<p>本節中最嚴重的漏洞可能會讓重要的系統程序在遭到遠端攻擊時拒絕服務。</p>
@@ -273,7 +301,7 @@ Android 的合作夥伴在至少一個月之前已收到公告中所有問題的
</tbody></table>
<h3 id="kernel-components">核心元件</h3>
-<p>本節中最嚴重的漏洞可能會讓本機惡意應用程式在獲得授權的程序環境內執行任何指令。</p>
+<p>本節中最嚴重的漏洞可能會讓本機惡意應用程式在獲得授權的程序環境內執行任何程式碼。</p>
<table>
<colgroup><col width="17%" />
@@ -318,7 +346,7 @@ Android 的合作夥伴在至少一個月之前已收到公告中所有問題的
<td>A-68266545<a href="#asterisk">*</a></td>
<td>ID</td>
<td>高</td>
- <td>計時器</td>
+ <td>高精度計時器</td>
</tr>
</tbody></table>
@@ -372,34 +400,8 @@ Android 的合作夥伴在至少一個月之前已收到公告中所有問題的
</tr>
</tbody></table>
-<h3 id="mediatek-components">MediaTek 元件</h3>
-<p>本節中最嚴重的漏洞可能會讓本機惡意應用程式在獲得授權的程序環境內執行任何程式碼。</p>
-
-<table>
- <colgroup><col width="17%" />
- <col width="19%" />
- <col width="9%" />
- <col width="14%" />
- <col width="39%" />
- </colgroup><tbody><tr>
- <th>CVE</th>
- <th>參考資料</th>
- <th>類型</th>
- <th>嚴重程度</th>
- <th>元件</th>
- </tr>
- <tr>
- <td>CVE-2017-13225</td>
- <td>A-38308024<a href="#asterisk">*</a><br />
- M-ALPS03495789</td>
- <td>EoP</td>
- <td>高</td>
- <td>MTK 媒體</td>
- </tr>
-</tbody></table>
-
<h3 id="nvidia-components">NVIDIA 元件</h3>
-<p>本節中最嚴重的漏洞可能會讓本機惡意應用程式在獲得授權的程序環境內執行任何指令。</p>
+<p>本節中最嚴重的漏洞可能會讓本機惡意應用程式在獲得授權的程序環境內執行任何程式碼。</p>
<table>
<colgroup><col width="17%" />
@@ -563,7 +565,7 @@ QC-CR#2060780</a></td>
我們建議合作夥伴將所有問題適用的修補程式都彙整在單一更新中。
</p>
<p id="type">
-<strong>3. 「類型」<em></em>欄中的項目代表什麼意義?</strong>
+<strong>3.「類型」<em></em>欄中的項目代表什麼意義?</strong>
</p>
<p>
資安漏洞詳情表格中「類型」<em></em>欄中的項目代表的是安全性漏洞的類別。
@@ -597,7 +599,7 @@ QC-CR#2060780</a></td>
</tr>
</tbody></table>
<p>
-<strong>4. 「參考資料」<em></em>欄底下列出的識別碼代表什麼意義?</strong>
+<strong>4.「參考資料」<em></em>欄底下列出的識別碼代表什麼意義?</strong>
</p>
<p>
資安漏洞詳情表格中「參考資料」<em></em>欄底下的項目可能會包含一個前置字串,用以表示該參考資料值所屬的機構或公司。
@@ -639,14 +641,13 @@ QC-CR#2060780</a></td>
<p>
<strong>6. 為什麼安全性漏洞會分別刊載在這份安全性公告和裝置/合作夥伴安全性公告 (例如 Pixel/Nexus 公告)?</strong>
</p>
-<p>
-為了宣告 Android 裝置最新的安全性修補程式等級,我們必須先在這份安全性公告中刊載相關的安全性漏洞。裝置/合作夥伴安全性公告所刊載的其他安全性漏洞並未強制規定宣告安全性修補程式等級。我們鼓勵 Android 裝置和晶片製造商透過自己的網站刊載修正方法,例如 <a href="https://security.samsungmobile.com/securityUpdate.smsb">Samsung</a>、<a href="https://lgsecurity.lge.com/security_updates.html">LGE</a> 或是 <a href="/security/bulletin/pixel/">Pixel/Nexus</a> 安全性公告。
+<p>為了宣告 Android 裝置最新的安全性修補程式等級,我們必須先在這份安全性公告中刊載相關的安全性漏洞。裝置/合作夥伴安全性公告所刊載的其他安全性漏洞並未強制規定宣告安全性修補程式等級。我們鼓勵 Android 裝置和晶片製造商透過自己的網站刊載修正方法,例如 <a href="https://security.samsungmobile.com/securityUpdate.smsb">Samsung</a>、<a href="https://lgsecurity.lge.com/security_updates.html">LGE</a> 或是 <a href="/security/bulletin/pixel/">Pixel/Nexus</a> 安全性公告。
</p>
<h2 id="versions">版本</h2>
<table>
- <colgroup><col width="25%" />
+ <colgroup><col width="15%" />
<col width="25%" />
- <col width="50%" />
+ <col width="60%" />
</colgroup><tbody><tr>
<th>版本</th>
<th>日期</th>
@@ -657,6 +658,20 @@ QC-CR#2060780</a></td>
<td>2018 年 1 月 2 日</td>
<td>發佈公告。</td>
</tr>
-</tbody></table>
+ <tr>
+ <td>1.1</td>
+ <td>2018 年 1 月 3 日</td>
+ <td>更新公告內容 (加入 CVE-2017-13218 的公告事項)。</td>
+ </tr>
+ <tr>
+ <td>1.2</td>
+ <td>2018 年 1 月 5 日</td>
+ <td>修訂公告內容 (加入 Android 開放原始碼計劃連結)。</td>
+ </tr>
+ <tr>
+ <td>1.3</td>
+ <td>2018 年 1 月 29 日</td>
+ <td>將 CVE-2017-13225 移至 <a href="/security/bulletin/pixel/">Pixel / Nexus 安全性公告</a>。</td>
+</tr></tbody></table>
</body></html> \ No newline at end of file
diff --git a/zh-tw/security/bulletin/pixel/2017-10-01.html b/zh-tw/security/bulletin/pixel/2017-10-01.html
index 8db531ae..76dc6f78 100644
--- a/zh-tw/security/bulletin/pixel/2017-10-01.html
+++ b/zh-tw/security/bulletin/pixel/2017-10-01.html
@@ -21,7 +21,7 @@
-->
<p><em>發佈日期:2017 年 10 月 2 日 | 更新日期:2017 年 10 月 3 日</em></p>
-<p>Pixel/Nexus 安全性公告羅列了會對<a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">支援的 Google Pixel 和 Nexus 裝置</a> (Google 裝置) 造成影響的安全性漏洞和功能改善項目,並說明各項相關細節。針對 Google 裝置,2017 年 10 月 5 日之後的安全性修補程式等級已解決了本安全性公告和 <a href="/security/bulletin/2017-10-01">2017 年 10 月 Android 安全性公告</a>中的所有問題。想瞭解如何查看裝置的安全性修補程式等級,請參閱<a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">檢查和更新 Android 版本</a>。</p>
+<p>Pixel/Nexus 安全性公告羅列了會對<a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">支援的 Google Pixel 和 Nexus 裝置</a> (Google 裝置) 造成影響的安全性漏洞和功能改善項目,並說明各項相關細節。針對 Google 裝置,2017 年 10 月 5 日之後的安全性修補程式等級已解決了本安全性公告和 <a href="/security/bulletin/2017-10-01">2017 年 10 月 Android 安全性公告</a>中的所有問題。請參閱<a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">檢查及更新 Android 版本</a>一文,瞭解如何查看裝置的安全性修補程式等級。</p>
<p>所有支援的 Google 裝置都會收到 2017-10-05 修補等級更新。我們建議所有客戶接受這些裝置更新。</p>
@@ -82,7 +82,7 @@
<th>參考資料</th>
<th>類型</th>
<th>嚴重程度</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
</tr>
<tr>
<td>CVE-2017-0813</td>
@@ -161,14 +161,14 @@
<th>參考資料</th>
<th>類型</th>
<th>嚴重程度</th>
- <th>更新的 AOSP 版本</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
</tr>
<tr>
<td>CVE-2017-0822</td>
<td><a href="https://android.googlesource.com/platform/frameworks/base/+/c574568aaede7f652432deb7707f20ae54bbdf9a">A-63787722</a></td>
<td>EoP</td>
<td>中</td>
- <td>6.0.1, 7.0, 7.1.1, 7.1.2, 8.0</td>
+ <td>6.0.1、7.0、7.1.1、7.1.2、8.0</td>
</tr>
<tr>
<td>CVE-2017-0823</td>
@@ -232,7 +232,7 @@
<td>A-34949781<a href="#asterisk">*</a></td>
<td>EoP</td>
<td>中</td>
- <td>系統啟動載入程式</td>
+ <td>開機載入器</td>
</tr>
</tbody></table>
@@ -306,7 +306,7 @@
<td>A-62345044<a href="#asterisk">*</a></td>
<td>EoP</td>
<td>中</td>
- <td>系統啟動載入程式</td>
+ <td>開機載入器</td>
</tr>
</tbody></table>
@@ -523,10 +523,10 @@ QC-CR#2016076</a></td>
<p><strong>1. 如何判斷我目前的裝置軟體版本是否已修正這些問題?
</strong></p>
-<p>2017 年 10 月 5 日之後的安全修補等級完全解決了與 2017-10-05 安全修補等級及所有先前修補等級相關的問題。想瞭解如何查看裝置的安全性修補程式等級,請詳讀 <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel 和 Nexus 更新時間表</a>中的操作說明。</p>
+<p>2017-10-05 之後的安全修補等級完全解決了與 2017-10-05 安全性修補程式等級及所有先前修補等級相關的問題。請參閱 <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel 與 Nexus 更新時間表</a>中的操作說明,瞭解如何查看裝置的安全性修補程式等級。</p>
<p id="type">
-<strong>2.「類型」<em></em>欄底下列出的識別碼代表什麼意義?</strong></p>
+<strong>2.「類型」<em></em>欄中的項目代表什麼意義?</strong></p>
<p>資安漏洞詳情表格中「類型」<em></em>欄中的項目代表的是安全性漏洞的類別。</p>
@@ -558,7 +558,7 @@ QC-CR#2016076</a></td>
<td>未分類</td>
</tr>
</tbody></table>
-<p><strong>3.「參考資料」<em></em>欄中的項目代表什麼意義?</strong></p>
+<p><strong>3.「參考資料」<em></em>欄底下列出的識別碼代表什麼意義?</strong></p>
<p>資安漏洞詳情表格中「參考資料」<em></em>欄底下的項目可能會包含一個前置字串,用以表示該參考資料值所屬的機構或公司。</p>
@@ -598,7 +598,8 @@ QC-CR#2016076</a></td>
<p id="split">
<strong>5. 為什麼安全性漏洞會區分為本安全性公告和 Android 安全性公告?</strong>
</p>
-<p>刊載在 Android 安全性公告的安全性漏洞有其規定作業,以便針對 Android 裝置宣告最新的安全性修補程式等級。其他安全性漏洞 (例如本安全性公告所刊載的安全性漏洞) 並未強制規定宣告安全性修補程式等級。
+<p>
+為了宣告 Android 裝置最新的安全性修補程式等級,我們必須先在 Android 安全性公告中刊載相關的安全性漏洞。其他安全性漏洞 (例如本安全性公告所刊載的安全性漏洞) 並未強制規定宣告安全性修補程式等級。
</p>
<h2 id="versions">版本</h2>
diff --git a/zh-tw/security/bulletin/pixel/2018-03-01.html b/zh-tw/security/bulletin/pixel/2018-03-01.html
new file mode 100644
index 00000000..c50efcf1
--- /dev/null
+++ b/zh-tw/security/bulletin/pixel/2018-03-01.html
@@ -0,0 +1,651 @@
+<html devsite><head>
+ <title>Pixel / Nexus 安全性公告 - 2018 年 3 月</title>
+ <meta name="project_path" value="/_project.yaml"/>
+ <meta name="book_path" value="/_book.yaml"/>
+ </head>
+ <body>
+ <!--
+ Copyright 2018 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ //www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<p><em>發佈日期:2018 年 3 月 5 日</em></p>
+
+<p>
+Pixel/Nexus 安全性公告羅列了會對<a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">支援的 Google Pixel 和 Nexus 裝置</a> (Google 裝置) 造成影響的安全性漏洞和功能改善項目,並說明各項相關細節。2018-03-05 之後的安全性修補程式等級也已針對 Google 裝置解決了這個公告和 <a href="/security/bulletin/2018-03-01">2018 年 3 月 Android 安全性公告</a>列出的所有問題。請參閱<a href="https://support.google.com/pixelphone/answer/4457705">檢查及更新 Android 版本</a>一文,瞭解如何查看裝置的安全性修補程式等級。</p>
+<p>
+所有支援的 Google 裝置都會收到 2018-03-05 修補程式等級更新。我們建議所有客戶接受這些裝置更新。
+</p>
+<p class="note">
+<strong>注意:</strong>您可以前往 <a href="https://developers.google.com/android/nexus/images">Google Developers 網站</a>取得 Google 裝置韌體映像檔。
+</p>
+
+<h2 id="announcements">公告事項</h2>
+<p>我們除了修補 <a href="/security/bulletin/2018-03-01">2018 年 3 月 Android 安全性公告</a>中所列出的安全性漏洞,也針對下文列出的 Google 裝置的安全性漏洞提供修補程式。我們的合作夥伴在至少一個月之前已收到所述問題的相關通知,方便他們將相關內容納入其裝置更新中。</p>
+
+<h2 id="security-patches">安全性修補程式</h2>
+<p>
+我們依照資安問題本身所影響的元件將各項漏洞分門別類,另外也附上了問題說明和一份 CVE 資訊表,其中包括了相關參考資料、<a href="#type">漏洞類型</a>、<a href="https://source.android.com/security/overview/updates-resources.html#severity">嚴重程度</a>,以及更新的 Android 開放原始碼計劃 (AOSP) 版本 (在適用情況下)。假如相關錯誤有公開變更,該錯誤 ID 會連結到相對應的變更 (例如 Android 開放原始碼計劃變更清單)。如果單一錯誤有多項相關變更,您可以透過該錯誤 ID 後面的編號連結開啟額外的參考資料。</p>
+
+<h3 id="framework">架構</h3>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>參考資料</th>
+ <th>類型</th>
+ <th>嚴重程度</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-13263</td>
+ <td>A-69383160</td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>8.0、8.1</td>
+ </tr>
+</tbody></table>
+
+<h3 id="media-framework">媒體架構</h3>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>參考資料</th>
+ <th>類型</th>
+ <th>嚴重程度</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
+ </tr>
+ <tr>
+ <td rowspan="2">CVE-2017-13264</td>
+ <td rowspan="2">A-70294343</td>
+ <td>NSI</td>
+ <td>NSI</td>
+ <td>7.0、7.1.1、7.1.2、8.0、8.1</td>
+ </tr>
+ <tr>
+ <td>DoS</td>
+ <td>高</td>
+ <td>6.0、6.0.1</td>
+ </tr>
+ <tr>
+ <td rowspan="2">CVE-2017-13254</td>
+ <td rowspan="2">A-70239507</td>
+ <td>NSI</td>
+ <td>NSI</td>
+ <td>7.0、7.1.1、7.1.2、8.0、8.1</td>
+ </tr>
+ <tr>
+ <td>DoS</td>
+ <td>高</td>
+ <td>5.1.1、6.0、6.0.1</td>
+ </tr>
+</tbody></table>
+
+<h3 id="system">系統</h3>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>參考資料</th>
+ <th>類型</th>
+ <th>嚴重程度</th>
+ <th>更新的 Android 開放原始碼計劃版本</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-13265</td>
+ <td>A-36232423</td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>7.0、7.1.1、7.1.2、8.0、8.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-13266</td>
+ <td>A-69478941</td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-13268</td>
+ <td>A-67058064</td>
+ <td>ID</td>
+ <td>中</td>
+ <td>5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-13269</td>
+ <td>A-68818034</td>
+ <td>ID</td>
+ <td>中</td>
+ <td>5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2、8.0、8.1</td>
+ </tr>
+</tbody></table>
+
+<h3 id="kernel-components">核心元件</h3>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>參考資料</th>
+ <th>類型</th>
+ <th>嚴重程度</th>
+ <th>元件</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-5754</td>
+ <td>A-69856074<a href="#asterisk">*</a></td>
+ <td>ID</td>
+ <td>高</td>
+ <td>記憶體對應檔案</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-13270</td>
+ <td>A-69474744<a href="#asterisk">*</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>Mnh_sm 驅動程式</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-13271</td>
+ <td>A-69006799<a href="#asterisk">*</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>Mnh_sm 驅動程式</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-16527</td>
+ <td>A-69051382<br />
+<a href="https://github.com/torvalds/linux/commit/124751d5e63c823092060074bd0abaae61aaa9c4">
+上游程式庫核心</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>USB 音效驅動程式</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-15649</td>
+ <td>A-69160446<br />
+<a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=008ba2a13f2d04c947adc536d19debb8fe66f110">
+上游程式庫核心</a>
+[<a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4971613c1639d8e5f102c4e797c3bf8f83a5a69e">2</a>]</td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>網路驅動程式</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-1000111</td>
+ <td>A-68806121<br />
+<a href="http://patchwork.ozlabs.org/patch/800274/">上游程式庫核心</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>網路驅動程式</td>
+ </tr>
+</tbody></table>
+
+<h3 id="nvidia-components">NVIDIA 元件</h3>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>參考資料</th>
+ <th>類型</th>
+ <th>嚴重程度</th>
+ <th>元件</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-6287</td>
+ <td>A-64893264<a href="#asterisk">*</a><br />
+ N-CVE-2017-6287</td>
+ <td>ID</td>
+ <td>中</td>
+ <td>媒體架構</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-6285</td>
+ <td>A-64893156<a href="#asterisk">*</a><br />
+ N-CVE-2017-6285</td>
+ <td>ID</td>
+ <td>中</td>
+ <td>媒體架構</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-6288</td>
+ <td>A-65482562<a href="#asterisk">*</a><br />
+ N-CVE-2017-6288</td>
+ <td>ID</td>
+ <td>中</td>
+ <td>媒體架構</td>
+ </tr>
+</tbody></table>
+
+<h3 id="qualcomm-components">Qualcomm 元件</h3>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>參考資料</th>
+ <th>類型</th>
+ <th>嚴重程度</th>
+ <th>元件</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-18061</td>
+ <td>A-70237701<br />
+<a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=b65cf2a007e88fe86dbd6d3269682fc585a4130f">
+QC-CR#2117246</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>Wil6210</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18050</td>
+ <td>A-70237697<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=63b57442d65dfdb4b4634ff32059b1bca8c72fb7">
+QC-CR#2119443</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>Wma 管理</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18054</td>
+ <td>A-70237694<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=6eefc756612e39fab49ff719b3dc9b94def53396">
+QC-CR#2119432</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>Wma</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18055</td>
+ <td>A-70237693<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=50a0554d12cff58b3ffbd51d3194304244b87023">
+QC-CR#2119430</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>Wma</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18065</td>
+ <td>A-70237685<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=a8bc0f90ef49ea0aee90047a17772e4eebff259a">
+QC-CR#2113423</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>Wma</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18066</td>
+ <td>A-70235107<br />
+<a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=ff11f44c0c10c94170f03a8698f73f7e08b74625">
+QC-CR#2107976</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>電源驅動程式</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18062</td>
+ <td>A-68992451<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=d7927eb7c9c2d79a3e24cddd1e9447ab98bf6700">
+QC-CR#2115375</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>Wma</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-3561</td>
+ <td>A-68870904<a href="#asterisk">*</a><br />
+ QC-CR#2068569</td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>Diagchar</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-3560</td>
+ <td>A-68664502<a href="#asterisk">*</a><br />
+ QC-CR#2142216</td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>Qdsp6v2 音效驅動程式</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-15834</td>
+ <td>A-70237704<br />
+<a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=2e1b54e38f1516e70d9f6581c4f1ee935effb903">
+QC-CR#2111858</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>Diagchar</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-15833</td>
+ <td>A-70237702<br />
+<a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=51ce6aec73d80e1f1fcc9c7fa71e9c2fcbdbc0fd">
+QC-CR#2059835</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>電源驅動程式</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-15831</td>
+ <td>A-70237687<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=31e6a657320e4299c659e3d57d38a89afe8c1ce1">
+QC-CR#2114255</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>Wma</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-15830</td>
+ <td>A-70237719<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=8a7a2a9c5d203e3395811963061c79d3bc257ebe">
+QC-CR#2120725</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>sme 驅動程式</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-14889</td>
+ <td>A-70237700<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=e11e9dc8298dc0632050cacce96e9652d017f755">
+QC-CR#2119803</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>Wma</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-14887</td>
+ <td>A-70237715<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=4ce28e7c85f89e2c3555ec840b6adda47bd5dab0">
+QC-CR#2119673</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-14879</td>
+ <td>A-63851638<a href="#asterisk">*</a><br />
+ QC-CR#2056307</td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>IPA</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-11082</td>
+ <td>A-66937387<br />
+<a href="https://www.codeaurora.org/gitweb/quic/la/?p=kernel/msm-3.10.git;a=commit;h=2d4f8cd8d11f8fb1491a20d7e316cc0fd03eeb59">
+QC-CR#2071560</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-11074</td>
+ <td>A-68940798<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=f5ae7b35c90f14b7e66b3a91d4fb247563a8a22b">
+QC-CR#2049138</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18052</td>
+ <td>A-70237712<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=c04c4870bd86a5f878553d7acf207388f3d6c3bd">
+QC-CR#2119439</a></td>
+ <td>ID</td>
+ <td>中</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18057</td>
+ <td>A-70237709<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=24d41d2bd3d98325b3800345f4ba27a334b3894b">
+QC-CR#2119403</a></td>
+ <td>ID</td>
+ <td>中</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18059</td>
+ <td>A-70237708<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=217705da7726002ffe61dad51a6c9cc97c52f649">
+QC-CR#2119399</a></td>
+ <td>ID</td>
+ <td>中</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18060</td>
+ <td>A-70237707<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=f3d81bd0b3cb992c214d94196b33168b02589c6b">
+QC-CR#2119394</a></td>
+ <td>ID</td>
+ <td>中</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18051</td>
+ <td>A-70237696<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=38fba6a9f6ca3c7bf0c4c1bd84fa2b89fbcaeb93">
+QC-CR#2119442</a></td>
+ <td>ID</td>
+ <td>中</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18053</td>
+ <td>A-70237695<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=da1c6e996ac7635c202296e31118f088f9427947">
+QC-CR#2119434</a></td>
+ <td>ID</td>
+ <td>中</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18058</td>
+ <td>A-70237690<br />
+<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=d6d42a10d4abf09299cdfacdd8aed5c26731b5ff">
+QC-CR#2119401</a></td>
+ <td>ID</td>
+ <td>中</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-15855</td>
+ <td>A-38232131<a href="#asterisk">*</a><br />
+ QC-CR#2139514</td>
+ <td>ID</td>
+ <td>中</td>
+ <td>Camera_v2 驅動程式</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-15814</td>
+ <td>A-64836865<a href="#asterisk">*</a><br />
+ QC-CR#2092793</td>
+ <td>ID</td>
+ <td>中</td>
+ <td>Camera_v2 驅動程式</td>
+ </tr>
+</tbody></table>
+
+<h2 id="functional-updates">功能更新</h2>
+<p>
+這些更新的目的在於解決受影響 Pixel 裝置的功能問題,與 Pixel 裝置的安全性無關。下表列出相關參考資料、受影響的類別 (例如藍牙或行動數據),以及問題摘要。
+</p>
+
+<table>
+ <tbody><tr>
+ <th>參考資料</th>
+ <th>類別</th>
+ <th>改善項目</th>
+ <th>裝置</th>
+ </tr>
+ <tr>
+ <td>A-70491468</td>
+ <td>效能</td>
+ <td>改善指紋解鎖的螢幕喚醒效能</td>
+ <td>Pixel 2、Pixel 2 XL</td>
+ </tr>
+ <tr>
+ <td>A-69307875</td>
+ <td>音訊</td>
+ <td>改善錄製影片時的音訊效能</td>
+ <td>Pixel 2 XL</td>
+ </tr>
+ <tr>
+ <td>A-70641186</td>
+ <td>回報</td>
+ <td>改善當機回報功能</td>
+ <td>Pixel 2、Pixel 2 XL</td>
+ </tr>
+</tbody></table>
+
+<h2 id="common-questions-and-answers">常見問題與解答</h2>
+<p>
+如果您在閱讀這篇公告後有任何疑問,可參考本節的常見問答。
+</p>
+<p>
+<strong>1. 如何判斷我目前的裝置軟體版本是否已修正這些問題?
+</strong>
+</p>
+<p>2018-03-05 之後的安全性修補程式等級完全解決了與 2018-03-05 安全性修補程式等級及所有先前修補程式等級相關的問題。請參閱 <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel 與 Nexus 更新時間表</a>中的操作說明,瞭解如何查看裝置的安全性修補程式等級。
+</p>
+<p id="type">
+<strong>2.「類型」<em></em>欄中的項目代表什麼意義?</strong>
+</p>
+<p>
+資安漏洞詳情表格中「類型」<em></em>欄中的項目代表的是安全性漏洞的類別。
+</p>
+<table>
+ <colgroup><col width="25%" />
+ <col width="75%" />
+ </colgroup><tbody><tr>
+ <th>縮寫詞</th>
+ <th>定義</th>
+ </tr>
+ <tr>
+ <td>RCE</td>
+ <td>遠端程式碼執行</td>
+ </tr>
+ <tr>
+ <td>EoP</td>
+ <td>權限升級</td>
+ </tr>
+ <tr>
+ <td>ID</td>
+ <td>資訊外洩</td>
+ </tr>
+ <tr>
+ <td>DoS</td>
+ <td>拒絕服務</td>
+ </tr>
+ <tr>
+ <td>無</td>
+ <td>未分類</td>
+ </tr>
+</tbody></table>
+<p>
+<strong>3.「參考資料」<em></em>欄底下列出的識別碼代表什麼意義?</strong>
+</p>
+<p>
+資安漏洞詳情表格中「參考資料」<em></em>欄底下的項目可能會包含一個前置字串,用以表示該參考資料值所屬的機構或公司。
+</p>
+<table>
+ <colgroup><col width="25%" />
+ <col width="75%" />
+ </colgroup><tbody><tr>
+ <th>前置字串</th>
+ <th>參考資料</th>
+ </tr>
+ <tr>
+ <td>A-</td>
+ <td>Android 錯誤 ID</td>
+ </tr>
+ <tr>
+ <td>QC-</td>
+ <td>Qualcomm 參考編號</td>
+ </tr>
+ <tr>
+ <td>M-</td>
+ <td>MediaTek 參考編號</td>
+ </tr>
+ <tr>
+ <td>N-</td>
+ <td>NVIDIA 參考編號</td>
+ </tr>
+ <tr>
+ <td>B-</td>
+ <td>Broadcom 參考編號</td>
+ </tr>
+</tbody></table>
+<p id="asterisk">
+<strong>4.「參考資料」<em></em>欄中 Android 錯誤 ID 旁邊的星號 (*) 代表什麼意義?</strong>
+</p>
+<p>
+在「參考資料」<em></em>欄中 Android 錯誤 ID 旁邊標上星號 (*) 代表該問題並未公開,相關的更新通常是直接整合在最新的 Nexus 裝置專用驅動程式的安裝檔中。您可以前往 <a href="https://developers.google.com/android/nexus/drivers">Google Developers 網站</a>下載這些驅動程式。
+</p>
+<p>
+<strong>5. 為什麼安全性漏洞會分別刊載在這份安全性公告和 Android 安全性公告?</strong>
+</p>
+<p>
+為了宣告 Android 裝置最新的安全性修補程式等級,我們必須先在 Android 安全性公告中刊載相關的安全性漏洞。其他安全性漏洞 (例如本安全性公告所刊載的安全性漏洞) 並未強制規定宣告安全性修補程式等級。
+</p>
+<h2 id="versions">版本</h2>
+<table>
+ <colgroup><col width="25%" />
+ <col width="25%" />
+ <col width="50%" />
+ </colgroup><tbody><tr>
+ <th>版本</th>
+ <th>日期</th>
+ <th>附註</th>
+ </tr>
+ <tr>
+ <td>1.0</td>
+ <td>2018 年 3 月 5 日</td>
+ <td>發佈公告。</td>
+ </tr>
+</tbody></table>
+
+</body></html> \ No newline at end of file
diff --git a/zh-tw/security/bulletin/pixel/2018.html b/zh-tw/security/bulletin/pixel/2018.html
index e3e462d8..bb8968d0 100644
--- a/zh-tw/security/bulletin/pixel/2018.html
+++ b/zh-tw/security/bulletin/pixel/2018.html
@@ -34,17 +34,43 @@
<th>安全性修補程式等級</th>
</tr>
<tr>
- <td><a href="/security/bulletin/pixel/2018-01-01.html">2018 年 1 月</a></td>
+ <td><a href="/security/bulletin/pixel/2018-03-01.html">2018 年 3 月</a></td>
<td>即將推出
<!--
- <a href="/security/bulletin/pixel/2018-01-01.html">English</a>&nbsp;/
- <a href="/security/bulletin/pixel/2018-01-01.html?hl=ja">日本語</a>&nbsp;/
- <a href="/security/bulletin/pixel/2018-01-01.html?hl=ko">한국어</a>&nbsp;/
- <a href="/security/bulletin/pixel/2018-01-01.html?hl=ru">ру́сский</a>&nbsp;/
- <a href="/security/bulletin/pixel/2018-01-01.html?hl=zh-cn">中文&nbsp;(中国)</a>&nbsp;/
- <a href="/security/bulletin/pixel/2018-01-01.html?hl=zh-tw">中文&nbsp;(台灣)</a>
+ <a href="/security/bulletin/pixel/2018-03-01.html">English</a>&nbsp;/
+ <a href="/security/bulletin/pixel/2018-03-01.html?hl=ja">日本語</a>&nbsp;/
+ <a href="/security/bulletin/pixel/2018-03-01.html?hl=ko">한국어</a>&nbsp;/
+ <a href="/security/bulletin/pixel/2018-03-01.html?hl=ru">ру́сский</a>&nbsp;/
+ <a href="/security/bulletin/pixel/2018-03-01.html?hl=zh-cn">中文&nbsp;(中国)</a>&nbsp;/
+ <a href="/security/bulletin/pixel/2018-03-01.html?hl=zh-tw">中文&nbsp;(台灣)</a>
-->
</td>
+ <td>2018 年 3 月</td>
+ <td>2018-03-05</td>
+ </tr>
+ <tr>
+ <td><a href="/security/bulletin/pixel/2018-02-01.html">2018 年 2 月</a></td>
+ <td>
+ <a href="/security/bulletin/pixel/2018-02-01.html">English</a> /
+ <a href="/security/bulletin/pixel/2018-02-01.html?hl=ja">日本語</a> /
+ <a href="/security/bulletin/pixel/2018-02-01.html?hl=ko">한국어</a> /
+ <a href="/security/bulletin/pixel/2018-02-01.html?hl=ru">ру́сский</a> /
+ <a href="/security/bulletin/pixel/2018-02-01.html?hl=zh-cn">中文 (中国)</a> /
+ <a href="/security/bulletin/pixel/2018-02-01.html?hl=zh-tw">中文 (台灣)</a>
+ </td>
+ <td>2018 年 2 月</td>
+ <td>2018-02-05</td>
+ </tr>
+ <tr>
+ <td><a href="/security/bulletin/pixel/2018-01-01.html">2018 年 1 月</a></td>
+ <td>
+ <a href="/security/bulletin/pixel/2018-01-01.html">English</a> /
+ <a href="/security/bulletin/pixel/2018-01-01.html?hl=ja">日本語</a> /
+ <a href="/security/bulletin/pixel/2018-01-01.html?hl=ko">한국어</a> /
+ <a href="/security/bulletin/pixel/2018-01-01.html?hl=ru">ру́сский</a> /
+ <a href="/security/bulletin/pixel/2018-01-01.html?hl=zh-cn">中文 (中国)</a> /
+ <a href="/security/bulletin/pixel/2018-01-01.html?hl=zh-tw">中文 (台灣)</a>
+ </td>
<td>2018 年 1 月</td>
<td>2018-01-05</td>
</tr>
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-12 13:16:28 +0000