aboutsummaryrefslogtreecommitdiff
path: root/en
diff options
context:
space:
mode:
authorAndroid Partner Docs <noreply@android.com>2018-05-07 15:51:34 -0700
committerClay Murphy <claym@google.com>2018-05-07 16:25:44 -0700
commit2f461f591c376486cd89434562131471c10fb1d2 (patch)
tree32d9f50448ba01b98916d555c04e68ac123eb99b /en
parent008a9e0bf136d461480396e6971347ce1c8b9484 (diff)
downloadsource.android.com-2f461f591c376486cd89434562131471c10fb1d2.tar.gz
Docs: Changes to source.android.com
- 195735838 Omit Nexus 6P build for now, this is a follow up of cr/19... by Android Partner Docs <noreply@android.com> - 195718504 Tags for 2018/05 Security Release. by Android Partner Docs <noreply@android.com> - 195700751 Update all tenant freezes to contain last_published_cl: 0. by Android Partner Docs <noreply@android.com> - 195685647 Add last month's enhancements to News section on home by Clay Murphy <claym@google.com> - 195679418 Cloned from CL 194466703 by 'g4 patch'. by Clay Murphy <claym@google.com> - 195463680 Exclude 2017 Pixel bulletins from localization by Danielle Roberts <daroberts@google.com> - 195438214 Devsite localized content from translation request 0bd594... by Android Partner Docs <noreply@android.com> - 195434804 Change from preview link to link that it resolved to. by Danielle Roberts <daroberts@google.com> - 195307570 Devsite localized content from translation request 315297... by Android Partner Docs <noreply@android.com> - 195268816 Fix spelling: passthough -> passthrough. by Mark Hecomovich <mheco@google.com> - 195268432 Devsite localized content from translation request 7a2fd8... by Android Partner Docs <noreply@android.com> - 195198267 Update modular kernel requirements by Android Partner Docs <noreply@android.com> - 195178304 Remove reference to ccache. by Android Partner Docs <noreply@android.com> - 195178297 Remove ccache reference. by Android Partner Docs <noreply@android.com> - 195151900 Minor documentation fixes by Android Partner Docs <noreply@android.com> PiperOrigin-RevId: 195735838 Change-Id: I4ae193dea515f236487e1533741006cb34a2a2c2
Diffstat (limited to 'en')
-rw-r--r--en/_freeze.yaml3
-rw-r--r--en/_index.yaml35
-rw-r--r--en/devices/architecture/hidl/index.html2
-rw-r--r--en/devices/architecture/kernel/modular-kernels.html6
-rw-r--r--en/devices/input/touch-devices.html5
-rw-r--r--en/devices/tech/admin/enterprise-telephony.html2
-rw-r--r--en/security/_toc.yaml4
-rw-r--r--en/security/bulletin/2018-04-01.html13
-rw-r--r--en/security/bulletin/2018-05-01.html604
-rw-r--r--en/security/bulletin/2018.html23
-rw-r--r--en/security/bulletin/_translation.yaml4
-rw-r--r--en/security/bulletin/index.html23
-rw-r--r--en/security/bulletin/pixel/2018-05-01.html619
-rw-r--r--en/security/bulletin/pixel/2018.html23
-rw-r--r--en/security/bulletin/pixel/index.html25
-rw-r--r--en/security/overview/acknowledgements.html369
-rw-r--r--en/setup/build/initializing.html2
-rw-r--r--en/setup/build/requirements.html3
-rw-r--r--en/setup/start/build-numbers.html24
19 files changed, 1577 insertions, 212 deletions
diff --git a/en/_freeze.yaml b/en/_freeze.yaml
index d9f62224..1d4ce6b9 100644
--- a/en/_freeze.yaml
+++ b/en/_freeze.yaml
@@ -1,2 +1,3 @@
# DevSite V2 is moving to production servers, but sites will not be published unless manually specified.
-# This freeze file prevents uploading of content to the production servers in V2 to prevent accidents. \ No newline at end of file
+# This freeze file prevents uploading of content to the production servers in V2 to prevent accidents.
+last_published_cl: 0 \ No newline at end of file
diff --git a/en/_index.yaml b/en/_index.yaml
index 796a08ac..0ba2105f 100644
--- a/en/_index.yaml
+++ b/en/_index.yaml
@@ -69,28 +69,31 @@ landing_page:
image_path: /images/android_stack.png
- heading: News
items:
- - heading: April Security Bulletins
+ - heading: hikey960 Vendor Partition
description: >
- The April 2018 Android and Pixel/Nexus Security Bulletins have been
- published to support the April security release.
+ HiKey960 documentation now includes the vendor partition. And CTS
+ Setup now notes the property <code>ro.product.first_api_level</code>
+ should be unset (removed) rather than set to 0.
buttons:
- - label: April 4th, 2018
- path: /security/bulletin/2018-04-01
- - heading: Android 2017 Year in Review
+ - label: April 11th, 2018
+ path: /setup/build/devices
+ - heading: Bluetooth Low Energy
description: >
- The Android Security 2017 Year in Review covers everything that happened
- in Android Security in 2017.
+ Implementation instructions have been published for Bluetooth Low
+ Energy. And Debian is now noted as used along with Ubuntu for testing
+ Android builds.
buttons:
- - label: March 15th, 2018
- path: /security/overview/reports
- - heading: ART DEX bytecode improvements
+ - label: April 10th, 2018
+ path: /devices/bluetooth/ble
+ - heading: ccache, Valgrind, and Jack No More
description: >
- Android runtime (ART) now includes bytecode documentation for
- <code>const-method-handle</code> and <code>const-method-type</code>, as
- well as updates to <code>invoke-polymorphic</code>.
+ Android engineering is now recommending against use of ccache.
+ Similarly, use AddressSanitizer over Valgrind and avoid the Jack
+ toolchain as Android has added support for Java 8 language features
+ directly into the current javac and dx set of tools.
buttons:
- - label: January 19th, 2018
- path: /devices/tech/dalvik/dalvik-bytecode
+ - label: April 5th, 2018
+ path: /devices/tech/debug/asan
- classname: devsite-landing-row-100 tf-row-centered
items:
- buttons:
diff --git a/en/devices/architecture/hidl/index.html b/en/devices/architecture/hidl/index.html
index 2ff78a12..5790b78c 100644
--- a/en/devices/architecture/hidl/index.html
+++ b/en/devices/architecture/hidl/index.html
@@ -31,7 +31,7 @@ between codebases that may be compiled independently.</p>
<p>HIDL is intended to be used for inter-process communication (IPC).
Communication between processes is referred to as
<a href="/devices/architecture/hidl/binder-ipc"><em>Binderized</em></a>. For
-libraries that must be linked to a process, a <a href="#passthrough">passthough
+libraries that must be linked to a process, a <a href="#passthrough">passthrough
mode</a> is also available (not supported in Java).</p>
<p>HIDL specifies data structures and method signatures, organized in interfaces
diff --git a/en/devices/architecture/kernel/modular-kernels.html b/en/devices/architecture/kernel/modular-kernels.html
index 70debebe..fd1d8706 100644
--- a/en/devices/architecture/kernel/modular-kernels.html
+++ b/en/devices/architecture/kernel/modular-kernels.html
@@ -331,9 +331,6 @@ CUSTOM_IMAGE_VERITY_BLOCK_DEVICE := /dev/block/…./by-name/odm
<code>fstab</code> file fragments. For example, when specifying an entry to
mount <code>/vendor</code> in the device tree, the <code>fstab</code> file must
not repeat that entry.</li>
-<li>Only <code>/system</code>, <code>/odm</code>, or <code>/vendor</code> can be
-mounted early. Android does not include support to mount any other partitions in
-<code>init</code> first stage.</li>
<li>Partitions requiring <code>verifyatboot</code> <strong>must not</strong> be
early mounted (doing so is unsupported).</li>
<li>The verity mode/state for verified partitions must be specified in kernel
@@ -457,9 +454,6 @@ for AVB</a>.</li>
<code>fstab</code> file fragments. For example, if you specify an entry to mount
<code>/vendor</code> in the device tree, the <code>fstab</code> file must not
repeat that entry.</li>
-<li>Only <code>/system</code>, <code>/odm</code>, or <code>/vendor</code> can be
-mounted early. Android does not include support to mount any other partitions in
-<code>init</code> first stage.</li>
<li>VBoot 2.0 does not support <code>verifyatboot</code>, regardless of whether
early mount is enabled or not.</li>
<li>The verity mode/state for verified partitions must be specified in kernel
diff --git a/en/devices/input/touch-devices.html b/en/devices/input/touch-devices.html
index 8cbcc66b..e3126ed8 100644
--- a/en/devices/input/touch-devices.html
+++ b/en/devices/input/touch-devices.html
@@ -226,7 +226,8 @@ and <code>MotionEvent.ACTION_HOVER_EXIT</code>.</p>
detect the capabilities of the device.</p>
<p>For example, if the device reports the <code>BTN_TOUCH</code> key code, the system will
assume that <code>BTN_TOUCH</code> will always be used to indicate whether the tool is
-actually touching the screen or is merely in range and hovering.</p>
+ actually touching the screen. Therefore, <code>BTN_TOUCH</code> should not be used to indicate
+ that the tool is merely in the range and hovering.</p>
</li>
<li>
<p>Single-touch devices use the following Linux input events:</p>
@@ -564,7 +565,7 @@ the characteristics of touches using device-specific units.</p>
<p>For example, many touch devices measure the touch contact area
using an internal device-specific scale, such as the total number of
sensor nodes that were triggered by the touch. This raw size value would
-not be meaningful applications because they would need to know about the
+not be meaningful to applications because they would need to know about the
physical size and other characteristics of the touch device sensor nodes.</p>
<p>The system uses calibration parameters encoded in input device configuration
files to decode, transform, and normalize the values reported by the touch
diff --git a/en/devices/tech/admin/enterprise-telephony.html b/en/devices/tech/admin/enterprise-telephony.html
index aee11f3a..95d73bd0 100644
--- a/en/devices/tech/admin/enterprise-telephony.html
+++ b/en/devices/tech/admin/enterprise-telephony.html
@@ -77,7 +77,7 @@ for contacts in their Dialer Contacts and SMS/MMS Messaging apps.</p>
Cross profile contact search should be implemented using the Enterprise Contacts
API (<code>ContactsContract.Contacts.ENTERPRISE_CONTENT_FILTER_URI</code> etc.), which can be found
in the <a
-href="http://developer.android.com/preview/features/afw.html#contacts">EMM developer's overview</a>
+href="https://developers.google.com/android/work/overview#contacts">EMM developer's overview</a>
on the Android EMM Developers site.
</p>
diff --git a/en/security/_toc.yaml b/en/security/_toc.yaml
index ae1f236f..e125d205 100644
--- a/en/security/_toc.yaml
+++ b/en/security/_toc.yaml
@@ -47,6 +47,8 @@ toc:
section:
- title: 2018 Bulletins
section:
+ - title: May
+ path: /security/bulletin/2018-05-01
- title: April
path: /security/bulletin/2018-04-01
- title: March
@@ -133,6 +135,8 @@ toc:
path: /security/bulletin/pixel/index
- title: 2018 Bulletins
section:
+ - title: May
+ path: /security/bulletin/pixel/2018-05-01
- title: April
path: /security/bulletin/pixel/2018-04-01
- title: March
diff --git a/en/security/bulletin/2018-04-01.html b/en/security/bulletin/2018-04-01.html
index 21bb5aa5..567a352d 100644
--- a/en/security/bulletin/2018-04-01.html
+++ b/en/security/bulletin/2018-04-01.html
@@ -385,13 +385,6 @@ process.</p>
<td>NFC driver</td>
</tr>
<tr>
- <td>CVE-2017-5754</td>
- <td>A-69856074<a href="#asterisk">*</a></td>
- <td>ID</td>
- <td>High</td>
- <td>Memory mapping</td>
- </tr>
- <tr>
<td>CVE-2017-16534</td>
<td>A-69052594<br />
<a href="https://github.com/torvalds/linux/commit/2e1c42391ff2556387b3cb6308b24f6f65619feb">
@@ -2696,5 +2689,11 @@ security bulletins.
<td>April 4, 2018</td>
<td>Bulletin revised to include AOSP links.</td>
</tr>
+ <tr>
+ <td>1.2</td>
+ <td>May 1, 2018</td>
+ <td>Bulletin revised to remove CVE-2017-5754 from the Kernel Components section. It now appears
+ in the May 2018 bulletin.</td>
+ </tr>
</table>
</body></html>
diff --git a/en/security/bulletin/2018-05-01.html b/en/security/bulletin/2018-05-01.html
new file mode 100644
index 00000000..bc45a35b
--- /dev/null
+++ b/en/security/bulletin/2018-05-01.html
@@ -0,0 +1,604 @@
+<html devsite>
+ <head>
+ <title>Android Security Bulletin—May 2018</title>
+ <meta name="project_path" value="/_project.yaml" />
+ <meta name="book_path" value="/_book.yaml" />
+ </head>
+ <body>
+ <!--
+ Copyright 2018 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ //www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<p><em>Published May 7, 2018</em></p>
+
+<p>
+The Android Security Bulletin contains details of security vulnerabilities
+affecting Android devices. Security patch levels of 2018-05-05 or later address
+all of these issues. To learn how to check a device's security patch level, see
+<a href="https://support.google.com/pixelphone/answer/4457705">Check & update
+your Android version</a>.
+</p>
+<p>
+Android partners are notified of all issues at least a month before publication.
+Source code patches for these issues will be released to the Android Open Source
+Project (AOSP) repository in the next 48 hours. We will revise this bulletin with
+the AOSP links when they are available.
+</p>
+<p>
+The most severe of these issues is a critical security vulnerability in Media
+framework that could enable a remote attacker using a specially crafted file to
+execute arbitrary code within the context of a privileged process. The
+<a href="/security/overview/updates-resources.html#severity">severity
+assessment</a> is based on the effect that exploiting the vulnerability would
+possibly have on an affected device, assuming the platform and service
+mitigations are turned off for development purposes or if successfully bypassed.
+</p>
+<p>
+We have had no reports of active customer exploitation or abuse of these newly
+reported issues. Refer to the <a href="#mitigations">Android and Google Play
+Protect mitigations</a> section for details on the
+<a href="/security/enhancements/index.html">Android security platform protections</a>
+and Google Play Protect, which improve the security of the Android platform.
+</p>
+<p class="note">
+<strong>Note:</strong> Information on the latest over-the-air update (OTA) and
+firmware images for Google devices is available in the
+<a href="/security/bulletin/pixel/2018-05-01.html">May
+2018 Pixel&hairsp;/&hairsp;Nexus Security Bulletin</a>.
+</p>
+
+
+<h2 id="mitigations">Android and Google service mitigations</h2>
+
+<p>
+This is a summary of the mitigations provided by the
+<a href="/security/enhancements/index.html">Android security platform</a>
+and service protections such as
+<a href="https://www.android.com/play-protect">Google Play Protect</a>.
+These capabilities reduce the likelihood that security vulnerabilities
+could be successfully exploited on Android.
+</p>
+<ul>
+<li>Exploitation for many issues on Android is made more difficult by
+enhancements in newer versions of the Android platform. We encourage all users
+to update to the latest version of Android where possible.</li>
+<li>The Android security team actively monitors for abuse through
+<a href="https://www.android.com/play-protect">Google Play Protect</a>
+and warns users about
+<a href="/security/reports/Google_Android_Security_PHA_classifications.pdf">Potentially
+Harmful Applications</a>. Google Play Protect is enabled by default on devices
+with <a href="http://www.android.com/gms">Google Mobile Services</a>, and is
+especially important for users who install apps from outside of Google
+Play.</li>
+</ul>
+
+<h2 id="2018-05-01-details">2018-05-01 security patch level vulnerability details</h2>
+
+<p>
+In the sections below, we provide details for each of the security
+vulnerabilities that apply to the 2018-05-01 patch level. Vulnerabilities are
+grouped under the component that they affect. There is a description of the
+issue and a table with the CVE, associated references,
+<a href="#type">type of vulnerability</a>,
+<a href="/security/overview/updates-resources.html#severity">severity</a>,
+and updated AOSP versions (where applicable). When available, we link the public
+change that addressed the issue to the bug ID, like the AOSP change list. When
+multiple changes relate to a single bug, additional references are linked to
+numbers following the bug ID.
+</p>
+
+<h3 id="android-runtime">Android runtime</h3>
+<p>The most severe vulnerability in this section could enable a remote attacker
+to access data normally accessible only to locally installed applications with
+permissions.</p>
+
+<table>
+ <col width="17%">
+ <col width="19%">
+ <col width="9%">
+ <col width="14%">
+ <col width="39%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Type</th>
+ <th>Severity</th>
+ <th>Updated AOSP versions</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-13309</td>
+ <td>A-73251618</td>
+ <td>ID</td>
+ <td>High</td>
+ <td>8.1</td>
+ </tr>
+</table>
+
+
+<h3 id="framework">Framework</h3>
+<p>The most severe vulnerability in this section could enable a local malicious
+application to bypass user interaction requirements in order to gain access to
+additional permissions.</p>
+
+<table>
+ <col width="17%">
+ <col width="19%">
+ <col width="9%">
+ <col width="14%">
+ <col width="39%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Type</th>
+ <th>Severity</th>
+ <th>Updated AOSP versions</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-13310</td>
+ <td>A-71992105</td>
+ <td>EoP</td>
+ <td>High</td>
+ <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-13311</td>
+ <td>A-73252178</td>
+ <td>EoP</td>
+ <td>High</td>
+ <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ </tr>
+</table>
+
+
+<h3 id="media-framework">Media framework</h3>
+<p>The most severe vulnerability in this section could enable a local malicious
+application to bypass user interaction requirements in order to gain access to
+additional permissions.</p>
+
+<table>
+ <col width="17%">
+ <col width="19%">
+ <col width="9%">
+ <col width="14%">
+ <col width="39%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Type</th>
+ <th>Severity</th>
+ <th>Updated AOSP versions</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-13312</td>
+ <td>A-73085795</td>
+ <td>EoP</td>
+ <td>High</td>
+ <td>8.0</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-13313</td>
+ <td>A-74114680</td>
+ <td>DoS</td>
+ <td>High</td>
+ <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ </tr>
+</table>
+
+
+<h3 id="system">System</h3>
+<p>The most severe vulnerability in this section could enable a local malicious
+application to bypass user interaction requirements in order to gain access to
+additional permissions.</p>
+
+<table>
+ <col width="17%">
+ <col width="19%">
+ <col width="9%">
+ <col width="14%">
+ <col width="39%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Type</th>
+ <th>Severity</th>
+ <th>Updated AOSP versions</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-13314</td>
+ <td>A-63000005</td>
+ <td>EoP</td>
+ <td>High</td>
+ <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-13315</td>
+ <td>A-70721937</td>
+ <td>EoP</td>
+ <td>High</td>
+ <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ </tr>
+</table>
+
+
+<h2 id="2018-05-05-details">2018-05-05 security patch level vulnerability details</h2>
+
+<p>
+In the sections below, we provide details for each of the security
+vulnerabilities that apply to the 2018-05-05 patch level. Vulnerabilities are
+grouped under the component that they affect and include details such as the
+CVE, associated references, <a href="#type">type of vulnerability</a>,
+<a href="/security/overview/updates-resources.html#severity">severity</a>,
+component (where applicable), and updated AOSP versions (where applicable). When
+available, we link the public change that addressed the issue to the bug ID,
+like the AOSP change list. When multiple changes relate to a single bug,
+additional references are linked to numbers following the bug ID.
+</p>
+
+<h3 id="kernel-components">Kernel components</h3>
+<p>The most severe vulnerability in this section could enable a local malicious
+application to bypass operating system protections that isolate application
+data from other applications.</p>
+
+<table>
+ <col width="17%">
+ <col width="19%">
+ <col width="9%">
+ <col width="14%">
+ <col width="39%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Type</th>
+ <th>Severity</th>
+ <th>Component</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-16643</td>
+ <td>A-69916367<br />
+ <a href="https://github.com/torvalds/linux/commit/a50829479f58416a013a4ccca791336af3c584c7">
+Upstream kernel</a></td>
+ <td>ID</td>
+ <td>High</td>
+ <td>USB driver</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-5754</td>
+ <td>A-69856074<a href="#asterisk">*</a></td>
+ <td>ID</td>
+ <td>High</td>
+ <td>Memory mapping</td>
+ </tr>
+</table>
+
+
+<h3 id="nvidia-components">NVIDIA components</h3>
+<p>The most severe vulnerability in this section could enable a local malicious
+application to execute arbitrary code within the context of the TEE.</p>
+
+<table>
+ <col width="17%">
+ <col width="19%">
+ <col width="9%">
+ <col width="14%">
+ <col width="39%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Type</th>
+ <th>Severity</th>
+ <th>Component</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-6289</td>
+ <td>A-72830049<a href="#asterisk">*</a></td>
+ <td>EoP</td>
+ <td>Critical</td>
+ <td>TEE</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-5715</td>
+ <td>A-71686116<a href="#asterisk">*</a></td>
+ <td>ID</td>
+ <td>High</td>
+ <td>TLK</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-6293</td>
+ <td>A-69377364<a href="#asterisk">*</a></td>
+ <td>EoP</td>
+ <td>High</td>
+ <td>NVIDIA Tegra X1 TZ</td>
+ </tr>
+</table>
+
+
+<h3 id="qualcomm-components">Qualcomm components</h3>
+<p>The most severe vulnerability in this section could enable a proximate
+attacker using a specially crafted file to execute arbitrary code within the
+context of a privileged process.</p>
+
+<table>
+ <col width="17%">
+ <col width="19%">
+ <col width="9%">
+ <col width="14%">
+ <col width="39%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Type</th>
+ <th>Severity</th>
+ <th>Component</th>
+ </tr>
+ <tr>
+ <td>CVE-2018-3580</td>
+ <td>A-72957507<br />
+ <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=55dcc8d5ae9611e772a7ba572755192cf5415f04">
+QC-CR#2149187</a></td>
+ <td>RCE</td>
+ <td>Critical</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-5841</td>
+ <td>A-72957293<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=c3b82b337b1bbe854d330fc248b389b1ff11c248">
+QC-CR#2073502</a></td>
+ <td>EoP</td>
+ <td>High</td>
+ <td>DCC</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-5850</td>
+ <td>A-72957135<br />
+ <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=58b04ed29f44a8b49e0fa2f22b2a0ecf87324243">
+QC-CR#2141458</a></td>
+ <td>EoP</td>
+ <td>High</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-5846</td>
+ <td>A-71501683<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=616bb99045d728088b445123dfdff8eadcc27090">
+QC-CR#2120063</a></td>
+ <td>EoP</td>
+ <td>High</td>
+ <td>Radio internet packet accelerator</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-5845</td>
+ <td>A-71501680<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=a989f5c6398175cc7354b9cdf0424449f8dd9860">
+QC-CR#2119081</a></td>
+ <td>EoP</td>
+ <td>High</td>
+ <td>GPU</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-5840</td>
+ <td>A-71501678<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=5d1c951ee0e3b06f96736eed25869bbfaf77efbc">
+QC-CR#2052024</a></td>
+ <td>EoP</td>
+ <td>High</td>
+ <td>GPU</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18154</td>
+ <td>A-62872238<a href="#asterisk">*</a><br />
+ QC-CR#2109325</td>
+ <td>EoP</td>
+ <td>High</td>
+ <td>Libgralloc</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-3578</td>
+ <td>A-72956999<br />
+ <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=0f22d9370eb848ee751a94a7ff472c335e934890">
+QC-CR#2145573</a></td>
+ <td>EoP</td>
+ <td>High</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-3565</td>
+ <td>A-72957234<br />
+ <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=ab91234d52984a86a836561578c8ab85cf0b5f2f">
+QC-CR#2138555</a></td>
+ <td>EoP</td>
+ <td>High</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-13077</td>
+ <td>A-77481464<a href="#asterisk">*</a></td>
+ <td>EoP</td>
+ <td>High</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-3562</td>
+ <td>A-72957526<br />
+ <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=7e82edc9f1ed60fa99dd4da29f91c4ad79470d7e">QC-CR#2147955</a>
+ [<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=70a5ee609ef6199dfcd8cce6198edc6f48b16bec">2</a>]</td>
+ <td>DoS</td>
+ <td>High</td>
+ <td>WLAN</td>
+ </tr>
+</table>
+
+<h2 id="common-questions-and-answers">Common questions and answers</h2>
+<p>
+This section answers common questions that may occur after reading this
+bulletin.</p>
+
+<p><strong>1. How do I determine if my device is updated to address these issues?
+</strong></p>
+<p>To learn how to check a device's security patch level, see
+<a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Check
+and update your Android version</a>.</p>
+<ul>
+<li>Security patch levels of 2018-05-01 or later address all issues associated
+with the 2018-05-01 security patch level.</li>
+<li>Security patch levels of 2018-05-05 or later address all issues associated
+with the 2018-05-05 security patch level and all previous patch levels.</li>
+</ul>
+<p>
+Device manufacturers that include these updates should set the patch string
+level to:
+</p>
+<ul>
+<li>[ro.build.version.security_patch]:[2018-05-01]</li>
+<li>[ro.build.version.security_patch]:[2018-05-05]</li>
+</ul>
+<p>
+<strong>2. Why does this bulletin have two security patch levels?</strong>
+</p>
+<p>
+This bulletin has two security patch levels so that Android partners have the
+flexibility to fix a subset of vulnerabilities that are similar across all
+Android devices more quickly. Android partners are encouraged to fix all issues
+in this bulletin and use the latest security patch level.
+</p>
+<ul>
+<li>Devices that use the 2018-05-01 security patch level must include all issues
+associated with that security patch level, as well as fixes for all issues
+reported in previous security bulletins.</li>
+<li>Devices that use the security patch level of 2018-05-05 or newer must
+include all applicable patches in this (and previous) security
+bulletins.</li>
+</ul>
+<p>
+Partners are encouraged to bundle the fixes for all issues they are addressing
+in a single update.
+</p>
+<p id="type">
+<strong>3. What do the entries in the <em>Type</em> column mean?</strong>
+</p>
+<p>
+Entries in the <em>Type</em> column of the vulnerability details table reference
+the classification of the security vulnerability.
+</p>
+<table>
+ <col width="25%">
+ <col width="75%">
+ <tr>
+ <th>Abbreviation</th>
+ <th>Definition</th>
+ </tr>
+ <tr>
+ <td>RCE</td>
+ <td>Remote code execution</td>
+ </tr>
+ <tr>
+ <td>EoP</td>
+ <td>Elevation of privilege</td>
+ </tr>
+ <tr>
+ <td>ID</td>
+ <td>Information disclosure</td>
+ </tr>
+ <tr>
+ <td>DoS</td>
+ <td>Denial of service</td>
+ </tr>
+ <tr>
+ <td>N/A</td>
+ <td>Classification not available</td>
+ </tr>
+</table>
+<p>
+<strong>4. What do the entries in the <em>References</em> column mean?</strong>
+</p>
+<p>
+Entries under the <em>References</em> column of the vulnerability details table
+may contain a prefix identifying the organization to which the reference value
+belongs.
+</p>
+<table>
+ <col width="25%">
+ <col width="75%">
+ <tr>
+ <th>Prefix</th>
+ <th>Reference</th>
+ </tr>
+ <tr>
+ <td>A-</td>
+ <td>Android bug ID</td>
+ </tr>
+ <tr>
+ <td>QC-</td>
+ <td>Qualcomm reference number</td>
+ </tr>
+ <tr>
+ <td>M-</td>
+ <td>MediaTek reference number</td>
+ </tr>
+ <tr>
+ <td>N-</td>
+ <td>NVIDIA reference number</td>
+ </tr>
+ <tr>
+ <td>B-</td>
+ <td>Broadcom reference number</td>
+ </tr>
+</table>
+<p id="asterisk">
+<strong>5. What does a * next to the Android bug ID in the <em>References</em>
+column mean?</strong>
+</p>
+<p>
+Issues that are not publicly available have a * next to the Android bug ID in
+the <em>References</em> column. The update for that issue is generally contained
+in the latest binary drivers for Nexus devices available from the <a
+href="https://developers.google.com/android/nexus/drivers">Google Developer
+site</a>.
+</p>
+<p>
+<strong>6. Why are security vulnerabilities split between this bulletin and
+device/partner security bulletins, such as the Pixel&hairsp;/&hairsp;Nexus bulletin?</strong>
+</p>
+<p>
+Security vulnerabilities that are documented in this security bulletin are
+required in order to declare the latest security patch level on Android devices.
+Additional security vulnerabilities that are documented in the
+device&hairsp;/&hairsp;partner security bulletins are not required for declaring
+a security patch level. Android device and chipset manufacturers are encouraged
+to document the presence of other fixes on their devices through their own security
+websites, such as the
+<a href="https://security.samsungmobile.com/securityUpdate.smsb">Samsung</a>,
+<a href="https://lgsecurity.lge.com/security_updates.html">LGE</a>, or
+<a href="/security/bulletin/pixel/">Pixel&hairsp;/&hairsp;Nexus</a>
+security bulletins.
+</p>
+<h2 id="versions">Versions</h2>
+<table>
+ <col width="25%">
+ <col width="25%">
+ <col width="50%">
+ <tr>
+ <th>Version</th>
+ <th>Date</th>
+ <th>Notes</th>
+ </tr>
+ <tr>
+ <td>1.0</td>
+ <td>May 7, 2018</td>
+ <td>Bulletin published.</td>
+ </tr>
+</table>
+</body>
+</html>
diff --git a/en/security/bulletin/2018.html b/en/security/bulletin/2018.html
index 58c206cc..ec4bfbad 100644
--- a/en/security/bulletin/2018.html
+++ b/en/security/bulletin/2018.html
@@ -37,6 +37,22 @@ of all bulletins, see the <a href="/security/bulletin/index.html">Android Securi
<th>Security patch level</th>
</tr>
<tr>
+ <td><a href="/security/bulletin/2018-05-01.html">May 2018</a></td>
+ <td>Coming soon
+ <!--
+ <a href="/security/bulletin/2018-05-01.html">English</a>&nbsp;/
+ <a href="/security/bulletin/2018-05-01.html?hl=ja">日本語</a>&nbsp;/
+ <a href="/security/bulletin/2018-05-01.html?hl=ko">한국어</a>&nbsp;/
+ <a href="/security/bulletin/2018-05-01.html?hl=ru">ру́сский</a>&nbsp;/
+ <a href="/security/bulletin/2018-05-01.html?hl=zh-cn">中文&nbsp;(中国)</a>&nbsp;/
+ <a href="/security/bulletin/2018-05-01.html?hl=zh-tw">中文&nbsp;(台灣)</a>
+ -->
+ </td>
+ <td>May 7, 2018</td>
+ <td>2018-05-01<br>
+ 2018-05-05</td>
+ </tr>
+ <tr>
<td><a href="/security/bulletin/2018-04-01.html">April 2018</a></td>
<td>Coming soon
<!--
@@ -49,19 +65,18 @@ of all bulletins, see the <a href="/security/bulletin/index.html">Android Securi
-->
</td>
<td>April 2, 2018</td>
- <td>2018-04-05</td>
+ <td>2018-04-01<br>
+ 2018-04-05</td>
</tr>
<tr>
<td><a href="/security/bulletin/2018-03-01.html">March 2018</a></td>
- <td>Coming soon
- <!--
+ <td>
<a href="/security/bulletin/2018-03-01.html">English</a>&nbsp;/
<a href="/security/bulletin/2018-03-01.html?hl=ja">日本語</a>&nbsp;/
<a href="/security/bulletin/2018-03-01.html?hl=ko">한국어</a>&nbsp;/
<a href="/security/bulletin/2018-03-01.html?hl=ru">ру́сский</a>&nbsp;/
<a href="/security/bulletin/2018-03-01.html?hl=zh-cn">中文&nbsp;(中国)</a>&nbsp;/
<a href="/security/bulletin/2018-03-01.html?hl=zh-tw">中文&nbsp;(台灣)</a>
- -->
</td>
<td>March 2018</td>
<td>2018-03-01<br>
diff --git a/en/security/bulletin/_translation.yaml b/en/security/bulletin/_translation.yaml
index af2c6b7f..37f58a17 100644
--- a/en/security/bulletin/_translation.yaml
+++ b/en/security/bulletin/_translation.yaml
@@ -31,6 +31,10 @@ ignore_paths:
- /security/bulletin/2015-10-01
- /security/bulletin/2015-09-01
- /security/bulletin/2015-08-01
+- /security/bulletin/pixel/2017
+- /security/bulletin/pixel/2017-12-01
+- /security/bulletin/pixel/2017-11-01
+- /security/bulletin/pixel/2017-10-01
enable_continuous_translation: True
title: Android Security Bulletins
description: Translations for Android Security Bulletins
diff --git a/en/security/bulletin/index.html b/en/security/bulletin/index.html
index b4bac017..7761d8fd 100644
--- a/en/security/bulletin/index.html
+++ b/en/security/bulletin/index.html
@@ -68,6 +68,22 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi
<th>Security patch level</th>
</tr>
<tr>
+ <td><a href="/security/bulletin/2018-05-01.html">May 2018</a></td>
+ <td>Coming soon
+ <!--
+ <a href="/security/bulletin/2018-05-01.html">English</a>&nbsp;/
+ <a href="/security/bulletin/2018-05-01.html?hl=ja">日本語</a>&nbsp;/
+ <a href="/security/bulletin/2018-05-01.html?hl=ko">한국어</a>&nbsp;/
+ <a href="/security/bulletin/2018-05-01.html?hl=ru">ру́сский</a>&nbsp;/
+ <a href="/security/bulletin/2018-05-01.html?hl=zh-cn">中文&nbsp;(中国)</a>&nbsp;/
+ <a href="/security/bulletin/2018-05-01.html?hl=zh-tw">中文&nbsp;(台灣)</a>
+ -->
+ </td>
+ <td>May 7, 2018</td>
+ <td>2018-05-01<br>
+ 2018-05-05</td>
+ </tr>
+ <tr>
<td><a href="/security/bulletin/2018-04-01.html">April 2018</a></td>
<td>Coming soon
<!--
@@ -80,19 +96,18 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi
-->
</td>
<td>April 2, 2018</td>
- <td>2018-04-05</td>
+ <td>2018-04-01<br>
+ 2018-04-05</td>
</tr>
<tr>
<td><a href="/security/bulletin/2018-03-01.html">March 2018</a></td>
- <td>Coming soon
- <!--
+ <td>
<a href="/security/bulletin/2018-03-01.html">English</a>&nbsp;/
<a href="/security/bulletin/2018-03-01.html?hl=ja">日本語</a>&nbsp;/
<a href="/security/bulletin/2018-03-01.html?hl=ko">한국어</a>&nbsp;/
<a href="/security/bulletin/2018-03-01.html?hl=ru">ру́сский</a>&nbsp;/
<a href="/security/bulletin/2018-03-01.html?hl=zh-cn">中文&nbsp;(中国)</a>&nbsp;/
<a href="/security/bulletin/2018-03-01.html?hl=zh-tw">中文&nbsp;(台灣)</a>
- -->
</td>
<td>March 5, 2018</td>
<td>2018-03-01<br>
diff --git a/en/security/bulletin/pixel/2018-05-01.html b/en/security/bulletin/pixel/2018-05-01.html
new file mode 100644
index 00000000..2532c0af
--- /dev/null
+++ b/en/security/bulletin/pixel/2018-05-01.html
@@ -0,0 +1,619 @@
+<html devsite>
+ <head>
+ <title>Pixel&hairsp;/&hairsp;Nexus Security Bulletin—May 2018</title>
+ <meta name="project_path" value="/_project.yaml" />
+ <meta name="book_path" value="/_book.yaml" />
+ </head>
+ <body>
+ <!--
+ Copyright 2018 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ //www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<p><em>Published May 7, 2018</em></p>
+
+<p>
+The Pixel&hairsp;/&hairsp;Nexus Security Bulletin contains details of security
+vulnerabilities and functional improvements affecting
+<a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">supported
+Google Pixel and Nexus devices</a> (Google devices).
+For Google devices, security patch levels of 2018-05-05 or later address all
+issues in this bulletin and all issues in the May 2018 Android Security
+Bulletin. To learn how to check a device's security patch level, see
+<a href="https://support.google.com/pixelphone/answer/4457705">Check & update your
+Android version</a>.
+</p>
+<p>
+All supported Google devices will receive an update to the 2018-05-05 patch
+level. We encourage all customers to accept these updates to their devices.
+</p>
+<p class="note">
+<strong>Note:</strong> The Google device firmware images are available on the
+<a href="https://developers.google.com/android/nexus/images">Google Developer
+site</a>.
+</p>
+<h2 id="announcements">Announcements</h2>
+<p>In addition to the security vulnerabilities described in the May 2018
+Android Security Bulletin, Pixel and Nexus devices also contain patches for the
+security vulnerabilities described below. Partners were notified of these issues
+at least a month ago and may choose to incorporate them as part of their device
+updates.</p>
+<h2 id="security-patches">Security patches</h2>
+<p>
+Vulnerabilities are grouped under the component that they affect. There is a
+description of the issue and a table with the CVE, associated references,
+<a href="#type">type of vulnerability</a>,
+<a href="https://source.android.com/security/overview/updates-resources.html#severity">severity</a>,
+and updated Android Open Source Project (AOSP) versions (where applicable). When
+available, we link the public change that addressed the issue to the bug ID,
+like the AOSP change list. When multiple changes relate to a single bug,
+additional references are linked to numbers following the bug ID.
+</p>
+
+<h3 id="framework">Framework</h3>
+
+<table>
+ <col width="17%">
+ <col width="19%">
+ <col width="9%">
+ <col width="14%">
+ <col width="39%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Type</th>
+ <th>Severity</th>
+ <th>Updated AOSP versions</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-13316</td>
+ <td>A-73311729</td>
+ <td>ID</td>
+ <td>Moderate</td>
+ <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ </tr>
+</table>
+
+<h3 id="media-framework">Media framework</h3>
+
+<table>
+ <col width="17%">
+ <col width="19%">
+ <col width="9%">
+ <col width="14%">
+ <col width="39%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Type</th>
+ <th>Severity</th>
+ <th>Updated AOSP versions</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-13317</td>
+ <td>A-73172046</td>
+ <td>ID</td>
+ <td>Moderate</td>
+ <td>8.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-13318</td>
+ <td>A-73782357</td>
+ <td>ID</td>
+ <td>Moderate</td>
+ <td>8.1</td>
+ </tr>
+ <tr>
+ <td rowspan="2">CVE-2017-13319</td>
+ <td rowspan="2">A-71868329</td>
+ <td>ID</td>
+ <td>Moderate</td>
+ <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ </tr>
+ <tr>
+ <td>DoS</td>
+ <td>High</td>
+ <td>6.0, 6.0.1</td>
+ </tr>
+ <tr>
+ <td rowspan="2">CVE-2017-13320</td>
+ <td rowspan="2">A-72764648</td>
+ <td>ID</td>
+ <td>Moderate</td>
+ <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ </tr>
+ <tr>
+ <td>DoS</td>
+ <td>High</td>
+ <td>6.0, 6.0.1</td>
+ </tr>
+</table>
+
+<h3 id="system">System</h3>
+
+<table>
+ <col width="17%">
+ <col width="19%">
+ <col width="9%">
+ <col width="14%">
+ <col width="39%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Type</th>
+ <th>Severity</th>
+ <th>Updated AOSP versions</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-13323</td>
+ <td>A-73826242</td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-13321</td>
+ <td>A-70986337</td>
+ <td>ID</td>
+ <td>Moderate</td>
+ <td>8.0, 8.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-13322</td>
+ <td>A-67862398</td>
+ <td>DoS</td>
+ <td>Moderate</td>
+ <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ </tr>
+</table>
+
+<h3 id="kernel-components">Kernel components</h3>
+
+<table>
+ <col width="17%">
+ <col width="19%">
+ <col width="9%">
+ <col width="14%">
+ <col width="39%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Type</th>
+ <th>Severity</th>
+ <th>Component</th>
+ </tr>
+ <tr>
+ <td>CVE-2018-5344</td>
+ <td>A-72867809<br />
+ <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5">
+Upstream kernel</a></td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>Block driver</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-15129</td>
+ <td>A-72961054<br />
+ <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=21b5944350052d2583e82dd59b19a9ba94a007f0">
+Upstream kernel</a></td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>Network namespace</td>
+ </tr>
+</table>
+
+<h3 id="nvidia-components">NVIDIA components</h3>
+
+<table>
+ <col width="17%">
+ <col width="19%">
+ <col width="9%">
+ <col width="14%">
+ <col width="39%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Type</th>
+ <th>Severity</th>
+ <th>Component</th>
+ </tr>
+ <tr>
+ <td>CVE-2018-6254</td>
+ <td>A-64340684<a href="#asterisk">*</a></td>
+ <td>ID</td>
+ <td>Moderate</td>
+ <td>Media server</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-6246</td>
+ <td>A-69383916<a href="#asterisk">*</a></td>
+ <td>ID</td>
+ <td>Moderate</td>
+ <td>Widevine trustlet</td>
+ </tr>
+</table>
+
+
+<h3 id="qualcomm-components">Qualcomm components</h3>
+
+
+<table>
+ <col width="17%">
+ <col width="19%">
+ <col width="9%">
+ <col width="14%">
+ <col width="39%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Type</th>
+ <th>Severity</th>
+ <th>Component</th>
+ </tr>
+ <tr>
+ <td>CVE-2018-5849</td>
+ <td>A-72957611<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=b17c33ea2dafc8fd11b5050d750fefe0b53f226b">
+QC-CR#2131811</a></td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>QTEECOM</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-5851</td>
+ <td>A-72957505<br />
+ <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=103f385783f368cc5cd3c125390e6dfd43c36096">QC-CR#2146869</a>
+[<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=a9068fbb6bad55c9ecc80b9c3935969c8820c425">2</a>]</td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-5842</td>
+ <td>A-72957257<br />
+ <a
+href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=f05883b3d442a7eb9df46a6bde08f1d5cdfc8133">QC-CR#2113219</a>
+[<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=21b91d4faa275d7b1ae58ad6a549cfa801066dfe">2</a>]</td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-5848</td>
+ <td>A-72957178<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=6e5a9b32503d37a202fccc5d24b189ae6107a256">
+QC-CR#2126062</a></td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>WIGIG</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-5853</td>
+ <td>A-71714212<a href="#asterisk">*</a><br />
+ QC-CR#2178082<br />
+ QC-CR#2043277</td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>Networking subsystem</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-5843</td>
+ <td>A-71501685<br />
+ <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=ea4459a044783649b1695653f848647c68bee69d">
+QC-CR#2113385</a></td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>Modem driver</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-5844</td>
+ <td>A-71501682<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=f8ed842bb3f4620eafa2669e0f534ce4c3ac6f07">
+QC-CR#2118860</a></td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>Video device</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-5847</td>
+ <td>A-71501681<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=3ddf48ce0377d71c86ff09d199f0307dad39fdd5">
+QC-CR#2120955</a></td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>Snapdragon display engine</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-3582</td>
+ <td>A-72956801<br />
+ <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=db5ee07b422f0d49ecf992b0b050c9266b0eb8e7">
+QC-CR#2149531</a></td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-3581</td>
+ <td>A-72957725<br />
+ <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=becb9c5aaa05137ce1002f77f8a7d9e7e0799268">QC-CR#2150359</a>
+ [<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=43c8a7f083c56b2f6aeac6d77721f5a70bdba99c">2</a>]</td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-3576</td>
+ <td>A-72957337<br />
+ <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=bdf6936cd49a1e43184c7ff1635126fca946a995">
+QC-CR#2128512</a></td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-3572</td>
+ <td>A-72957724<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=b11e3a50197e73e397c36d335d56d905b99eb02c">QC-CR#2145996</a>
+ [<a href="https://source.codeaurora.org/quic/la/platform/vendor/opensource/audio-kernel/commit/?id=fbf66aa0c6ae84db64bdf0b8f3c3a32370c70c67">2</a>]</td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>Audio</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-3571</td>
+ <td>A-72957527<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=db41c9cc35d82238a4629e5ff29ba0c6b80b2cd6">
+QC-CR#2132332</a></td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>Kgsl</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18153</td>
+ <td>A-35470735<a href="#asterisk">*</a><br />
+ QC-CR#2021363</td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>Qcacld-2.0</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-18070</td>
+ <td>A-72441280<br />
+ <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=dc6c24b0a660d643c90a9cede1be4bdd44509b3e">
+QC-CR#2114348</a></td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-15857</td>
+ <td>A-65122765<a href="#asterisk">*</a><br />
+ QC-CR#2111672<br />
+ QC-CR#2152401<br />
+ QC-CR#2152399<br />
+ QC-CR#2153841</td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>Camera</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-15854</td>
+ <td>A-71501688<br />
+ <a href=" https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=aef5f626a7454844cc695a827cb87f89b37501e7">
+QC-CR#2114396</a></td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-15843</td>
+ <td>A-72956941<br />
+ <a
+href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=a549abd08f3a52593d9602128c63c1212e90984b">QC-CR#2032076</a>
+[<a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=e05adec18cbc3c9213cc293441a2be8683339b4a">2</a>]</td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>Floor_vote driver</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-15842</td>
+ <td>A-72957040<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=c4ab75dfc22f644fb5ee70bd515aaf633761cd3b">QC-CR#2123291</a>
+ [<a href="https://source.codeaurora.org/quic/la/platform/vendor/opensource/audio-kernel/commit/?id=6d42b0e51ed7f8e51397d89af66c1453beba51cd">2</a>]</td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>Qdsp6v2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-15832</td>
+ <td>A-70237689<br />
+ <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=2b087bc5d5bdc18f9bc75148bd8b176a676b910a">
+QC-CR#2114756</a></td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>WLAN</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-5852</td>
+ <td>A-70242505<a href="#asterisk">*</a><br />
+ QC-CR#2169379</td>
+ <td>ID</td>
+ <td>Moderate</td>
+ <td>Ipa driver</td>
+ </tr>
+ <tr>
+ <td>CVE-2018-3579</td>
+ <td>A-72957564<br />
+ <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=c2ce7b9c46d24a30901a402f3d4892b905b7d8e8">
+QC-CR#2149720</a></td>
+ <td>ID</td>
+ <td>Moderate</td>
+ <td>WLAN</td>
+ </tr>
+</table>
+
+<h2 id="functional-patches">Functional patches</h2>
+<p>
+These updates are included for affected Pixel devices to address functionality
+issues not related to the security of Pixel devices. The table includes
+associated references; the affected category, such as Bluetooth or mobile data;
+and a summary of the issue.
+</p>
+<table>
+ <tr>
+ <th>References</th>
+ <th>Category</th>
+ <th>Improvements</th>
+ <th>Devices</th>
+ </tr>
+ <tr>
+ <td>A-68840121</td>
+ <td>Performance</td>
+ <td>Improve Multitouch Detection</td>
+ <td>All</td>
+ </tr>
+ <tr>
+ <td>A-72851087</td>
+ <td>Power</td>
+ <td>Adjust Pixel XL charging behavior</td>
+ <td>Pixel XL</td>
+ </tr>
+</table>
+
+<h2 id="common-questions-and-answers">Common questions and answers</h2>
+<p>
+This section answers common questions that may occur after reading this
+bulletin.
+</p>
+<p>
+<strong>1. How do I determine if my device is updated to address these issues?
+</strong>
+</p>
+<p>
+Security patch levels of 2018-05-05 or later address all issues associated with
+the 2018-05-05 security patch level and all previous patch levels. To learn how
+to check a device's security patch level, read the instructions on the <a
+href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel
+and Nexus update schedule</a>.
+</p>
+<p id="type">
+<strong>2. What do the entries in the <em>Type</em> column mean?</strong>
+</p>
+<p>
+Entries in the <em>Type</em> column of the vulnerability details table reference
+the classification of the security vulnerability.
+</p>
+<table>
+ <col width="25%">
+ <col width="75%">
+ <tr>
+ <th>Abbreviation</th>
+ <th>Definition</th>
+ </tr>
+ <tr>
+ <td>RCE</td>
+ <td>Remote code execution</td>
+ </tr>
+ <tr>
+ <td>EoP</td>
+ <td>Elevation of privilege</td>
+ </tr>
+ <tr>
+ <td>ID</td>
+ <td>Information disclosure</td>
+ </tr>
+ <tr>
+ <td>DoS</td>
+ <td>Denial of service</td>
+ </tr>
+ <tr>
+ <td>N/A</td>
+ <td>Classification not available</td>
+ </tr>
+</table>
+<p>
+<strong>3. What do the entries in the <em>References</em> column mean?</strong>
+</p>
+<p>
+Entries under the <em>References</em> column of the vulnerability details table
+may contain a prefix identifying the organization to which the reference value
+belongs.
+</p>
+<table>
+ <col width="25%">
+ <col width="75%">
+ <tr>
+ <th>Prefix</th>
+ <th>Reference</th>
+ </tr>
+ <tr>
+ <td>A-</td>
+ <td>Android bug ID</td>
+ </tr>
+ <tr>
+ <td>QC-</td>
+ <td>Qualcomm reference number</td>
+ </tr>
+ <tr>
+ <td>M-</td>
+ <td>MediaTek reference number</td>
+ </tr>
+ <tr>
+ <td>N-</td>
+ <td>NVIDIA reference number</td>
+ </tr>
+ <tr>
+ <td>B-</td>
+ <td>Broadcom reference number</td>
+ </tr>
+</table>
+<p id="asterisk">
+<strong>4. What does a * next to the Android bug ID in the <em>References</em>
+column mean?</strong>
+</p>
+<p>
+Issues that are not publicly available have a * next to the Android bug ID in
+the <em>References</em> column. The update for that issue is generally contained
+in the latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.
+</p>
+<p>
+<strong>5. Why are security vulnerabilities split between this bulletin and the
+Android Security Bulletins?</strong>
+</p>
+<p>
+Security vulnerabilities that are documented in the Android Security Bulletins
+are required in order to declare the latest security patch level on Android
+devices. Additional security vulnerabilities, such as those documented in this
+bulletin are not required for declaring a security patch level.
+</p>
+<h2 id="versions">Versions</h2>
+<table>
+ <col width="25%">
+ <col width="25%">
+ <col width="50%">
+ <tr>
+ <th>Version</th>
+ <th>Date</th>
+ <th>Notes</th>
+ </tr>
+ <tr>
+ <td>1.0</td>
+ <td>May 7, 2018</td>
+ <td>Bulletin published.</td>
+ </tr>
+</table>
+
+ </body>
+</html>
diff --git a/en/security/bulletin/pixel/2018.html b/en/security/bulletin/pixel/2018.html
index f4a08522..a2597f50 100644
--- a/en/security/bulletin/pixel/2018.html
+++ b/en/security/bulletin/pixel/2018.html
@@ -39,6 +39,21 @@ Bulletins</a> homepage.</p>
<th>Security patch level</th>
</tr>
<tr>
+ <td><a href="/security/bulletin/pixel/2018-05-01.html">May 2018</a></td>
+ <td>Coming soon
+ <!--
+ <a href="/security/bulletin/pixel/2018-05-01.html">English</a>&nbsp;/
+ <a href="/security/bulletin/pixel/2018-05-01.html?hl=ja">日本語</a>&nbsp;/
+ <a href="/security/bulletin/pixel/2018-05-01.html?hl=ko">한국어</a>&nbsp;/
+ <a href="/security/bulletin/pixel/2018-05-01.html?hl=ru">ру́сский</a>&nbsp;/
+ <a href="/security/bulletin/pixel/2018-05-01.html?hl=zh-cn">中文&nbsp;(中国)</a>&nbsp;/
+ <a href="/security/bulletin/pixel/2018-05-01.html?hl=zh-tw">中文&nbsp;(台灣)</a>
+ -->
+ </td>
+ <td>May 7, 2018</td>
+ <td>2018-05-05</td>
+ </tr>
+ <tr>
<td><a href="/security/bulletin/pixel/2018-04-01.html">April 2018</a></td>
<td>Coming soon
<!--
@@ -50,20 +65,20 @@ Bulletins</a> homepage.</p>
<a href="/security/bulletin/pixel/2018-04-01.html?hl=zh-tw">中文&nbsp;(台灣)</a>
-->
</td>
- <td>April 2018</td>
+ <td>April 2, 2018</td>
<td>2018-04-05</td>
</tr>
<tr>
<td><a href="/security/bulletin/pixel/2018-03-01.html">March 2018</a></td>
- <td>Coming soon
- <!--
+ <td>
<a href="/security/bulletin/pixel/2018-03-01.html">English</a>&nbsp;/
<a href="/security/bulletin/pixel/2018-03-01.html?hl=ja">日本語</a>&nbsp;/
<a href="/security/bulletin/pixel/2018-03-01.html?hl=ko">한국어</a>&nbsp;/
<a href="/security/bulletin/pixel/2018-03-01.html?hl=ru">ру́сский</a>&nbsp;/
+ <!--
<a href="/security/bulletin/pixel/2018-03-01.html?hl=zh-cn">中文&nbsp;(中国)</a>&nbsp;/
- <a href="/security/bulletin/pixel/2018-03-01.html?hl=zh-tw">中文&nbsp;(台灣)</a>
-->
+ <a href="/security/bulletin/pixel/2018-03-01.html?hl=zh-tw">中文&nbsp;(台灣)</a>
</td>
<td>March 2018</td>
<td>2018-03-05</td>
diff --git a/en/security/bulletin/pixel/index.html b/en/security/bulletin/pixel/index.html
index 95f1eafd..73e6d0f7 100644
--- a/en/security/bulletin/pixel/index.html
+++ b/en/security/bulletin/pixel/index.html
@@ -24,7 +24,7 @@
<p>This page contains the available Pixel&hairsp;/&hairsp;Nexus monthly
bulletins. These bulletins supplement the
-<a href="/security/bulletin">Android Security Bulletins</a> with
+<a href="/security/bulletin">Android Security Bulletins</a> with
additional security patches and functional improvements on Pixel and Nexus
devices. These bulletins apply to
<a href="https://support.google.com/nexus/answer/4457705">supported Pixel and
@@ -59,6 +59,21 @@ AOSP 24&ndash;48 hours after the Pixel&hairsp;/&hairsp;Nexus bulletin is release
<th>Security patch level</th>
</tr>
<tr>
+ <td><a href="/security/bulletin/pixel/2018-05-01.html">May 2018</a></td>
+ <td>Coming soon
+ <!--
+ <a href="/security/bulletin/pixel/2018-05-01.html">English</a>&nbsp;/
+ <a href="/security/bulletin/pixel/2018-05-01.html?hl=ja">日本語</a>&nbsp;/
+ <a href="/security/bulletin/pixel/2018-05-01.html?hl=ko">한국어</a>&nbsp;/
+ <a href="/security/bulletin/pixel/2018-05-01.html?hl=ru">ру́сский</a>&nbsp;/
+ <a href="/security/bulletin/pixel/2018-05-01.html?hl=zh-cn">中文&nbsp;(中国)</a>&nbsp;/
+ <a href="/security/bulletin/pixel/2018-05-01.html?hl=zh-tw">中文&nbsp;(台灣)</a>
+ -->
+ </td>
+ <td>May 7, 2018</td>
+ <td>2018-05-05</td>
+ </tr>
+ <tr>
<td><a href="/security/bulletin/pixel/2018-04-01.html">April 2018</a></td>
<td>Coming soon
<!--
@@ -70,20 +85,20 @@ AOSP 24&ndash;48 hours after the Pixel&hairsp;/&hairsp;Nexus bulletin is release
<a href="/security/bulletin/pixel/2018-04-01.html?hl=zh-tw">中文&nbsp;(台灣)</a>
-->
</td>
- <td>April 2018</td>
+ <td>April 2, 2018</td>
<td>2018-04-05</td>
</tr>
<tr>
<td><a href="/security/bulletin/pixel/2018-03-01.html">March 2018</a></td>
- <td>Coming soon
- <!--
+ <td>
<a href="/security/bulletin/pixel/2018-03-01.html">English</a>&nbsp;/
<a href="/security/bulletin/pixel/2018-03-01.html?hl=ja">日本語</a>&nbsp;/
<a href="/security/bulletin/pixel/2018-03-01.html?hl=ko">한국어</a>&nbsp;/
<a href="/security/bulletin/pixel/2018-03-01.html?hl=ru">ру́сский</a>&nbsp;/
+ <!--
<a href="/security/bulletin/pixel/2018-03-01.html?hl=zh-cn">中文&nbsp;(中国)</a>&nbsp;/
- <a href="/security/bulletin/pixel/2018-03-01.html?hl=zh-tw">中文&nbsp;(台灣)</a>
-->
+ <a href="/security/bulletin/pixel/2018-03-01.html?hl=zh-tw">中文&nbsp;(台灣)</a>
</td>
<td>March 5, 2018</td>
<td>2018-03-05</td>
diff --git a/en/security/overview/acknowledgements.html b/en/security/overview/acknowledgements.html
index bd66f9dc..e621c0a9 100644
--- a/en/security/overview/acknowledgements.html
+++ b/en/security/overview/acknowledgements.html
@@ -37,6 +37,59 @@ Rewards</a> program.</p>
<p>In 2018, the security acknowledgements are listed by month. In prior years,
acknowledgements were listed together.</p>
+<h4 id="may-2018">May</h4>
+<table>
+ <col width="70%">
+ <col width="30%">
+ <tr>
+ <th>Researchers</th>
+ <th>CVEs</th>
+ </tr>
+ <tr>
+ <td>Corinna Vinschen</td>
+ <td>CVE-2018-5853</td>
+ </tr>
+ <tr>
+ <td>derrek (<a href="https://twitter.com/derrekr6">&#64;derrekr6</a>)</td>
+ <td>CVE-2017-6293, CVE-2018-6246</td>
+ </tr>
+ <tr>
+ <td>Gengjia Chen (<a href="https://twitter.com/chengjia4574">&#64;chengjia4574</a>) and
+ <a href="http://weibo.com/jfpan">pjf</a> of IceSword Lab, Qihoo 360 Technology Co. Ltd.</td>
+ <td>CVE-2017-18153</td>
+ </tr>
+ <tr>
+ <td><a href="mailto:arnow117@gmail.com">Hanxiang Wen</a> and Mingjian Zhou (周明建)
+ (<a href="https://twitter.com/Mingjian_Zhou">&#64;Mingjian_Zhou</a>) of
+ <a href="http://c0reteam.org">C0RE</a> Team</td>
+ <td>CVE-2017-18154</td>
+ </tr>
+ <tr>
+ <td>Hongli Han (<a href="https://twitter.com/HexB1n">&#64;HexB1n</a>) and Mingjian Zhou (周明建)
+ (<a href="https://twitter.com/Mingjian_Zhou">&#64;Mingjian_Zhou</a>) of
+ <a href="http://c0reteam.org">C0RE Team</a></td>
+ <td>CVE-2018-6254</td>
+ </tr>
+ <tr>
+ <td>Joshua Steiner of Introne Apps</td>
+ <td>CVE-2017-13322</td>
+ </tr>
+ <tr>
+ <td><a href="https://github.com/michalbednarski">Michał Bednarski</a></td>
+ <td>CVE-2017-13310, CVE-2017-13311</td>
+ </tr>
+ <tr>
+ <td>Pengfei Ding (丁鹏飞), Chenfu Bao (包沉浮), and Lenx Wei (韦韬) of Baidu X-Lab (百度安全实验室)</td>
+ <td>CVE-2017-15857, CVE-2018-5852</td>
+ </tr>
+ <tr>
+ <td><a href="http://weibo.com/ele7enxxh">Zinuo Han</a> of Chengdu Security Response Center,
+ Qihoo 360 Technology Co. Ltd</td>
+ <td>CVE-2017-13321, CVE-2017-13315, CVE-2017-13318, CVE-2017-13323, CVE-2017-13312,
+ CVE-2017-13319, CVE-2017-13317</td>
+ </tr>
+</table>
+
<h4 id="apr-2018">April</h4>
@@ -81,7 +134,7 @@ acknowledgements were listed together.</p>
</td>
</tr>
<tr>
- <td>Dinesh Venkatesan (<a href="https://twitter.com/malwareresearch">@malwareresearch</a>) of
+ <td>Dinesh Venkatesan (<a href="https://twitter.com/malwareresearch">&#64;malwareresearch</a>) of
Symantec
</td>
<td>CVE-2017-13295
@@ -94,14 +147,14 @@ acknowledgements were listed together.</p>
</td>
</tr>
<tr>
- <td>En He (<a href="https://twitter.com/heeeeen4x">@heeeeen4x</a>) and Bo Liu of
+ <td>En He (<a href="https://twitter.com/heeeeen4x">&#64;heeeeen4x</a>) and Bo Liu of
<a href="http://www.ms509.com">MS509Team</a>
</td>
<td>CVE-2017-13294
</td>
</tr>
<tr>
- <td>Eric Leong (<a href="https://twitter.com/ericwleong">@ericwleong</a>)
+ <td>Eric Leong (<a href="https://twitter.com/ericwleong">&#64;ericwleong</a>)
</td>
<td>CVE-2017-13301
</td>
@@ -113,26 +166,26 @@ acknowledgements were listed together.</p>
</td>
</tr>
<tr>
- <td>Haosheng Wang (<a href="https://twitter.com/gnehsoah">@gnehsoah</a>)
+ <td>Haosheng Wang (<a href="https://twitter.com/gnehsoah">&#64;gnehsoah</a>)
</td>
<td>CVE-2017-13280
</td>
</tr>
<tr>
- <td>Jean-Baptiste Cayrou (<a href="https://twitter.com/jbcayrou">@jbcayrou</a>)
+ <td>Jean-Baptiste Cayrou (<a href="https://twitter.com/jbcayrou">&#64;jbcayrou</a>)
</td>
<td>CVE-2017-13284
</td>
</tr>
<tr>
- <td>Jianjun Dai (<a href="https://twitter.com/Jioun_dai">@Jioun_dai</a>) and Guang Gong of Alpha
+ <td>Jianjun Dai (<a href="https://twitter.com/Jioun_dai">&#64;Jioun_dai</a>) and Guang Gong of Alpha
Team, Qihoo 360 Technology Co. Ltd
</td>
<td>CVE-2017-13291, CVE-2017-13283, CVE-2017-13282, CVE-2017-13281, CVE-2017-13267
</td>
</tr>
<tr>
- <td>Patrick Delvenne (<a href="https://twitter.com/wintzx">@wintzx</a>) of Orange Labs
+ <td>Patrick Delvenne (<a href="https://twitter.com/wintzx">&#64;wintzx</a>) of Orange Labs
</td>
<td>CVE-2018-3584
</td>
@@ -156,7 +209,7 @@ acknowledgements were listed together.</p>
</td>
</tr>
<tr>
- <td>Weichao Sun of Alibaba Inc (<a href="https://twitter.com/sunblate">@sunblate</a>)
+ <td>Weichao Sun of Alibaba Inc (<a href="https://twitter.com/sunblate">&#64;sunblate</a>)
</td>
<td>CVE-2017-13277
</td>
@@ -169,7 +222,7 @@ acknowledgements were listed together.</p>
</td>
</tr>
<tr>
- <td>Yonggang Guo (<a href="https://twitter.com/guoygang">@guoygang</a>) of IceSword Lab,
+ <td>Yonggang Guo (<a href="https://twitter.com/guoygang">&#64;guoygang</a>) of IceSword Lab,
Qihoo 360 Technology Co. Ltd
</td>
<td>CVE-2017-8269, CVE-2017-13307, CVE-2018-5826
@@ -222,7 +275,7 @@ Zhou (周明建)</td>
<td>CVE-2018-3560</td>
</tr>
<tr>
- <td>Jianjun Dai (<a href="https://twitter.com/jioun_dai">@Jioun_dai</a>) and
+ <td>Jianjun Dai (<a href="https://twitter.com/jioun_dai">&#64;Jioun_dai</a>) and
Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd.</td>
<td>CVE-2017-13266, CVE-2017-13256, CVE-2017-13255</td>
</tr>
@@ -231,16 +284,16 @@ Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd.</td>
<td>CVE-2017-13258</td>
</tr>
<tr>
- <td>Hongli Han (<a href="https://twitter.com/hexb1n">@hexb1n</a>), <a
+ <td>Hongli Han (<a href="https://twitter.com/hexb1n">&#64;hexb1n</a>), <a
href="mailto:shaodacheng2016@gmail.com">Dacheng Shao</a>, and Mingjian Zhou
-(周明建) (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>) of <a
+(周明建) (<a href="https://twitter.com/Mingjian_Zhou">&#64;Mingjian_Zhou</a>) of <a
href="http://c0reteam.org">C0RE Team</a></td>
<td>CVE-2017-6287</td>
</tr>
<tr>
- <td>Hongli Han (<a href="https://twitter.com/HexB1n">@HexB1n</a>) and
+ <td>Hongli Han (<a href="https://twitter.com/HexB1n">&#64;HexB1n</a>) and
Mingjian Zhou (周明建)(<a
-href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>) of <a
+href="https://twitter.com/Mingjian_Zhou">&#64;Mingjian_Zhou</a>) of <a
href="http://c0reteam.org">C0RE Team</a></td>
<td>CVE-2017-6286, CVE-2017-6285, CVE-2017-6281</td>
</tr>
@@ -256,7 +309,7 @@ CVE-2017-15814</td>
</tr>
<tr>
<td>Tamir Zahavi-Brunner (<a
-href="https://twitter.com/tamir_zb">@tamir_zb</a>) of Zimperium zLabs Team</td>
+href="https://twitter.com/tamir_zb">&#64;tamir_zb</a>) of Zimperium zLabs Team</td>
<td>CVE-2017-13253</td>
</tr>
<tr>
@@ -264,7 +317,7 @@ href="https://twitter.com/tamir_zb">@tamir_zb</a>) of Zimperium zLabs Team</td>
<td>CVE-2017-13249, CVE-2017-13248, CVE-2017-13264</td>
</tr>
<tr>
- <td>Wish Wu (<a href=" https://twitter.com/wish_wu">@wish_wu</a> <a
+ <td>Wish Wu (<a href=" https://twitter.com/wish_wu">&#64;wish_wu</a> <a
href="http://www.weibo.com/wishlinux">吴潍浠</a> 此彼) of Ant-financial Light-Year
Security Lab</td>
<td>CVE-2017-13259, CVE-2017-13272</td>
@@ -274,7 +327,7 @@ Security Lab</td>
<td>CVE-2017-13257, CVE-2017-13268</td>
</tr>
<tr>
- <td>Yonggang Guo (<a href="https://twitter.com/guoygang">@guoygang</a>) of
+ <td>Yonggang Guo (<a href="https://twitter.com/guoygang">&#64;guoygang</a>) of
IceSword Lab, Qihoo 360 Technology Co. Ltd.</td>
<td>CVE-2017-13271</td>
</tr>
@@ -300,8 +353,8 @@ Response Center of Qihoo 360 Technology Co. Ltd.</td>
</tr>
<tr>
<td>Aaron Willey, autoprime (<a
-href="https://twitter.com/utoprime?lang=en">@utoprime</a>), and Tyler Montgomery
-(<a href="https://twitter.com/tylerfixer">@tylerfixer</a>) of Team Codefire
+href="https://twitter.com/utoprime?lang=en">&#64;utoprime</a>), and Tyler Montgomery
+(<a href="https://twitter.com/tylerfixer">&#64;tylerfixer</a>) of Team Codefire
</td>
<td>CVE-2017-13238
</td>
@@ -320,7 +373,7 @@ Alpha Team, Qihoo 360 Technology Co. Ltd.
</td>
</tr>
<tr>
- <td>En He (<a href="https://twitter.com/heeeeen4x">@heeeeen4x</a>) and Bo Liu
+ <td>En He (<a href="https://twitter.com/heeeeen4x">&#64;heeeeen4x</a>) and Bo Liu
of <a href="http://www.ms509.com">MS509Team</a>
</td>
<td>CVE-2017-13242
@@ -339,17 +392,17 @@ of <a href="http://www.ms509.com">MS509Team</a>
</td>
</tr>
<tr>
- <td>Hongli Han (<a href="https://twitter.com/HexB1n">@HexB1n</a>), <a
+ <td>Hongli Han (<a href="https://twitter.com/HexB1n">&#64;HexB1n</a>), <a
href="mailto:shaodacheng2016@gmail.com">Dacheng Shao</a> and Mingjian Zhou (<a
-href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>) of <a
+href="https://twitter.com/Mingjian_Zhou">&#64;Mingjian_Zhou</a>) of <a
href="http://c0reteam.org">C0RE Team</a>
</td>
<td>CVE-2017-6258
</td>
</tr>
<tr>
- <td>Hongli Han (<a href="https://twitter.com/HexB1n">@HexB1n</a>), Mingjian
-Zhou (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>) of <a
+ <td>Hongli Han (<a href="https://twitter.com/HexB1n">&#64;HexB1n</a>), Mingjian
+Zhou (<a href="https://twitter.com/Mingjian_Zhou">&#64;Mingjian_Zhou</a>) of <a
href="http://c0reteam.org">C0RE Team</a>
</td>
<td>CVE-2017-17767, CVE-2017-6279
@@ -357,7 +410,7 @@ href="http://c0reteam.org">C0RE Team</a>
</tr>
<tr>
<td>Mingjian Zhou (周明建) (<a
-href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>) of <a
+href="https://twitter.com/Mingjian_Zhou">&#64;Mingjian_Zhou</a>) of <a
href="http://c0reteam.org">C0RE Team</a>
</td>
<td>CVE-2017-13241, CVE-2017-13231
@@ -371,7 +424,7 @@ href="http://c0reteam.org">C0RE Team</a>
</tr>
<tr>
<td><a href="mailto:jiych.guru@gmail.com">Niky1235</a> (<a
-href="https://twitter.com/jiych_guru">@jiych_guru</a>)
+href="https://twitter.com/jiych_guru">&#64;jiych_guru</a>)
</td>
<td>CVE-2017-13230, CVE-2017-13234
</td>
@@ -384,7 +437,7 @@ href="https://twitter.com/jiych_guru">@jiych_guru</a>)
</tr>
<tr>
<td>Qidan He (<a
-href="https://twitter.com/flanker_hqd?lang=en">@flanker_hqd</a>) of PDD Security
+href="https://twitter.com/flanker_hqd?lang=en">&#64;flanker_hqd</a>) of PDD Security
Team
</td>
<td>CVE-2017-13246
@@ -397,7 +450,7 @@ Team
</td>
</tr>
<tr>
- <td>Yonggang Guo (<a href="https://twitter.com/guoygang">@guoygang</a>) of
+ <td>Yonggang Guo (<a href="https://twitter.com/guoygang">&#64;guoygang</a>) of
IceSword Lab, Qihoo 360 Technology Co. Ltd.
</td>
<td>CVE-2017-13273
@@ -439,12 +492,12 @@ href="https://labs.mwrinfosecurity.com/">MWR Labs</a></td>
<td>CVE-2017-13212</td>
</tr>
<tr>
- <td>Andy Tyler (<a href="https://twitter.com/ticarpi">@ticarpi</a>) of <a
+ <td>Andy Tyler (<a href="https://twitter.com/ticarpi">&#64;ticarpi</a>) of <a
href="http://www.e2e-assure.com ">e2e-assure</a></td>
<td>CVE-2017-0846</td>
</tr>
<tr>
- <td>Baozeng Ding (<a href="https://twitter.com/sploving1">@sploving</a>),
+ <td>Baozeng Ding (<a href="https://twitter.com/sploving1">&#64;sploving</a>),
Chengming Yang, and Yang Song of Pandora Lab, Ali Security</td>
<td>CVE-2017-13222, CVE-2017-13220</td>
</tr>
@@ -458,7 +511,7 @@ Chengming Yang, and Yang Song of Pandora Lab, Ali Security</td>
</tr>
<tr>
<td><a href="mailto:zc1991@mail.ustc.edu.cn">Chi Zhang</a> and Mingjian Zhou
-(<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>) of <a
+(<a href="https://twitter.com/Mingjian_Zhou">&#64;Mingjian_Zhou</a>) of <a
href="http://c0reteam.org">C0RE Team</a></td>
<td>CVE-2017-13178, CVE-2017-13179</td>
</tr>
@@ -467,19 +520,19 @@ href="http://c0reteam.org">C0RE Team</a></td>
<td>CVE-2017-13209</td>
</tr>
<tr>
- <td>Haosheng Wang (<a href="https://twitter.com/gnehsoah">@gnehsoah</a>)</td>
+ <td>Haosheng Wang (<a href="https://twitter.com/gnehsoah">&#64;gnehsoah</a>)</td>
<td>CVE-2017-13198</td>
</tr>
<tr>
- <td>Hongli Han (<a href="https://twitter.com/HexB1n">@HexB1n</a>) and
-Mingjian Zhou (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>)
+ <td>Hongli Han (<a href="https://twitter.com/HexB1n">&#64;HexB1n</a>) and
+Mingjian Zhou (<a href="https://twitter.com/Mingjian_Zhou">&#64;Mingjian_Zhou</a>)
of <a href="http://c0reteam.org">C0RE Team</a></td>
<td>CVE-2017-13183, CVE-2017-13180</td>
</tr>
<tr>
- <td>Hongli Han (<a href="https://twitter.com/HexB1n">@HexB1n</a>), <a
+ <td>Hongli Han (<a href="https://twitter.com/HexB1n">&#64;HexB1n</a>), <a
href="mailto:shaodacheng2016@gmail.com">Dacheng Shao</a>, and Mingjian Zhou (<a
-href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>) of <a
+href="https://twitter.com/Mingjian_Zhou">&#64;Mingjian_Zhou</a>) of <a
href="http://c0reteam.org">C0RE Team</a></td>
<td>CVE-2017-13194</td>
</tr>
@@ -489,13 +542,13 @@ href="http://c0reteam.org">C0RE Team</a></td>
</tr>
<tr>
<td>Mingjian Zhou (周明建) (<a
-href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>) of <a
+href="https://twitter.com/Mingjian_Zhou">&#64;Mingjian_Zhou</a>) of <a
href="http://c0reteam.org">C0RE Team</a></td>
<td>CVE-2017-13184, CVE-2017-13201</td>
</tr>
<tr>
<td><a href="mailto:jiych.guru@gmail.com">Niky1235</a> (<a
-href="https://twitter.com/jiych_guru">@jiych_guru</a>)</td>
+href="https://twitter.com/jiych_guru">&#64;jiych_guru</a>)</td>
<td>CVE-2017-0855, CVE-2017-13195, CVE-2017-13181</td>
</tr>
<tr>
@@ -510,7 +563,7 @@ Academy of Sciences</td>
<td>CVE-2017-13176</td>
</tr>
<tr>
- <td>V.E.O (<a href="https://twitter.com/vysea">@VYSEa</a>) of <a
+ <td>V.E.O (<a href="https://twitter.com/vysea">&#64;VYSEa</a>) of <a
href="http://blog.trendmicro.com/trendlabs-security-intelligence/category/mobile/">Mobile
Threat Response Team</a>, <a href="http://www.trendmicro.com">Trend Micro</a></td>
<td>CVE-2017-13196, CVE-2017-13186</td>
@@ -524,12 +577,12 @@ Threat Response Team</a>, <a href="http://www.trendmicro.com">Trend Micro</a></t
<td>CVE-2017-13217</td>
</tr>
<tr>
- <td>Yangkang (<a href="https://twitter.com/dnpushme">@dnpushme</a>) of
+ <td>Yangkang (<a href="https://twitter.com/dnpushme">&#64;dnpushme</a>) of
Qihoo360 Qex Team</td>
<td>CVE-2017-13200</td>
</tr>
<tr>
- <td>Yongke Wang (<a href="https://twitter.com/Rudykewang">@Rudykewang</a>)
+ <td>Yongke Wang (<a href="https://twitter.com/Rudykewang">&#64;Rudykewang</a>)
and Yuebin Sun of <a href="http://xlab.tencent.com">Tencent's Xuanwu Lab</a></td>
<td>CVE-2017-13202</td>
</tr>
@@ -577,7 +630,7 @@ Response Center, Qihoo 360 Technology Co. Ltd.</td>
<td>CVE-2017-0650</td>
</tr>
<tr>
- <td>Ao Wang (<a href="https://twitter.com/ArayzSegment">@ArayzSegment</a>) of
+ <td>Ao Wang (<a href="https://twitter.com/ArayzSegment">&#64;ArayzSegment</a>) of
<a href="https://www.pwnzen.com/">Pangu Team</a></td>
<td>CVE-2017-0691, CVE-2017-0700</td>
</tr>
@@ -591,7 +644,7 @@ Barbara</td>
<td>CVE-2017-0650</td>
</tr>
<tr>
- <td>Baozeng Ding (<a href="https://twitter.com/sploving1">@sploving1</a>) of
+ <td>Baozeng Ding (<a href="https://twitter.com/sploving1">&#64;sploving1</a>) of
Alibaba Mobile Security Group</td>
<td>CVE-2017-0463, CVE-2017-0506, CVE-2017-0711, CVE-2017-0741,
CVE-2017-0742, CVE-2017-0751, CVE-2017-0796, CVE-2017-0798, CVE-2017-0800,
@@ -599,7 +652,7 @@ CVE-2017-0827, CVE-2017-0843, CVE-2017-0864, CVE-2017-9703, CVE-2017-9708,
CVE-2017-11000, CVE-2017-11059, CVE-2017-13170</td>
</tr>
<tr>
- <td>Ben Actis (<a href="https://twitter.com/ben_ra">@Ben_RA</a>)</td>
+ <td>Ben Actis (<a href="https://twitter.com/ben_ra">&#64;Ben_RA</a>)</td>
<td>CVE-2016-8461</td>
</tr>
<tr>
@@ -647,7 +700,7 @@ href="https://c0reteam.org/">C0RE Team</a></td>
CVE-2017-0836, CVE-2017-0857, CVE-2017-0880, CVE-2017-13166</td>
</tr>
<tr>
- <td>Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>)
+ <td>Chiachih Wu (<a href="https://twitter.com/chiachih_wu">&#64;chiachih_wu</a>)
of <a href="http://c0reteam.org/">C0RE Team</a></td>
<td>CVE-2016-8425, CVE-2016-8426, CVE-2016-8430, CVE-2016-8431,
CVE-2016-8432, CVE-2016-8449, CVE-2016-8435, CVE-2016-8480, CVE-2016-8481,
@@ -661,7 +714,7 @@ Response Center, Qihoo 360 Technology Co. Ltd.</td>
<td>CVE-2017-0758</td>
</tr>
<tr>
- <td>Cong Zheng (<a href="https://twitter.com/shellcong">@shellcong</a>) of
+ <td>Cong Zheng (<a href="https://twitter.com/shellcong">&#64;shellcong</a>) of
Palo Alto Networks</td>
<td>CVE-2017-0752</td>
</tr>
@@ -688,19 +741,19 @@ href="http://c0reteam.org/">C0RE Team</a></td>
CVE-2017-13160</td>
</tr>
<tr>
- <td>Daxing Guo (<a href="https://twitter.com/freener0">@freener0</a>) of
+ <td>Daxing Guo (<a href="https://twitter.com/freener0">&#64;freener0</a>) of
Xuanwu Lab, Tencent</td>
<td>CVE-2017-0386, CVE-2017-0553, CVE-2017-0585, CVE-2017-0706</td>
</tr>
<tr>
<td><a href="mailto:derrek.haxx@gmail.com">derrek</a> (<a
-href="https://twitter.com/derrekr6">@derrekr6</a>)</td>
+href="https://twitter.com/derrekr6">&#64;derrekr6</a>)</td>
<td>CVE-2016-8413, CVE-2016-8477, CVE-2017-0392, CVE-2017-0521,
CVE-2017-0531, CVE-2017-0576, CVE-2017-8260</td>
</tr>
<tr>
- <td>Di Shen (<a href="https://twitter.com/returnsme">@returnsme</a>) of
-KeenLab (<a href="https://twitter.com/keen_lab">@keen_lab</a>), Tencent</td>
+ <td>Di Shen (<a href="https://twitter.com/returnsme">&#64;returnsme</a>) of
+KeenLab (<a href="https://twitter.com/keen_lab">&#64;keen_lab</a>), Tencent</td>
<td>CVE-2016-8412, CVE-2016-8427, CVE-2016-8444, CVE-2016-10287,
CVE-2017-0334, CVE-2017-0403, CVE-2017-0427, CVE-2017-0456, CVE-2017-0457,
CVE-2017-0525, CVE-2017-8265</td>
@@ -727,7 +780,7 @@ CVE-2017-0525, CVE-2017-8265</td>
<td>CVE-2017-0692, CVE-2017-0694, CVE-2017-0771, CVE-2017-0774, CVE-2017-0775</td>
</tr>
<tr>
- <td>En He (<a href="http://twitter.com/heeeeen4x">@heeeeen4x</a>) of <a
+ <td>En He (<a href="http://twitter.com/heeeeen4x">&#64;heeeeen4x</a>) of <a
href="http://www.ms509.com/">MS509Team</a></td>
<td>CVE-2017-0394, CVE-2017-0490, CVE-2017-0601, CVE-2017-0639,
CVE-2017-0645, CVE-2017-0784, CVE-2017-11042</td>
@@ -756,7 +809,7 @@ CVE-2017-0645, CVE-2017-0784, CVE-2017-11042</td>
</tr>
<tr>
<td>Gengjia Chen (<a
-href="https://twitter.com/chengjia4574">@chengjia4574</a>) of IceSword Lab,
+href="https://twitter.com/chengjia4574">&#64;chengjia4574</a>) of IceSword Lab,
Qihoo 360 Technology Co. Ltd.</td>
<td>CVE-2016-8464, CVE-2016-10285, CVE-2016-10288, CVE-2016-10290,
CVE-2016-10294, CVE-2016-10295, CVE-2016-10296, CVE-2017-0329, CVE-2017-0332,
@@ -769,7 +822,7 @@ CVE-2017-9691, CVE-2017-10997</td>
</tr>
<tr>
<td>Godzheng (郑文选 <a
-href="https://twitter.com/virtualseekers">@VirtualSeekers</a>) of Tencent PC
+href="https://twitter.com/virtualseekers">&#64;VirtualSeekers</a>) of Tencent PC
Manager</td>
<td>CVE-2017-0602, CVE-2017-0646</td>
</tr>
@@ -782,7 +835,7 @@ Manager</td>
<td>CVE-2017-0781, CVE-2017-0782, CVE-2017-0783, CVE-2017-0785</td>
</tr>
<tr>
- <td>Guang Gong (龚广) (<a href="http://twitter.com/oldfresher">@oldfresher</a>)
+ <td>Guang Gong (龚广) (<a href="http://twitter.com/oldfresher">&#64;oldfresher</a>)
of Alpha Team, <a href="http://www.360.com/">Qihoo 360 Technology Co. Ltd.</a></td>
<td>CVE-2016-8415, CVE-2016-8419, CVE-2016-8420, CVE-2016-8421,
CVE-2016-8454, CVE-2016-8455, CVE-2016-8456, CVE-2016-8457, CVE-2016-8465,
@@ -837,7 +890,7 @@ CVE-2017-0792, CVE-2017-0825, CVE-2017-6424</td>
</tr>
<tr>
<td><a href="mailto:hlhan@bupt.edu.cn">Hongli Han</a>
- (<a href="https://twitter.com/HexB1n">@HexB1n</a>) of
+ (<a href="https://twitter.com/HexB1n">&#64;HexB1n</a>) of
<a href="http://c0reteam.org/">C0RE Team</a></td>
<td>CVE-2017-0384, CVE-2017-0385, CVE-2017-0731, CVE-2017-0739,
CVE-2017-13154, CVE-2017-6276
@@ -848,7 +901,7 @@ CVE-2017-0792, CVE-2017-0825, CVE-2017-6424</td>
<td>CVE-2017-0753</td>
</tr>
<tr>
- <td>Ian Foster (<a href="https://twitter.com/lanrat">@lanrat</a>)</td>
+ <td>Ian Foster (<a href="https://twitter.com/lanrat">&#64;lanrat</a>)</td>
<td>CVE-2017-0554</td>
</tr>
<tr>
@@ -873,18 +926,18 @@ CVE-2017-0792, CVE-2017-0825, CVE-2017-6424</td>
</tr>
<tr>
<td>Jeremy Huang
- (<a href="https://twitter.com/bittorrent3389">@bittorrent3389</a>)
+ (<a href="https://twitter.com/bittorrent3389">&#64;bittorrent3389</a>)
of King Team</td>
<td>CVE-2017-13172</td>
</tr>
<tr>
- <td>Jianjun Dai (<a href="https://twitter.com/Jioun_dai">@Jioun_dai</a>) of
+ <td>Jianjun Dai (<a href="https://twitter.com/Jioun_dai">&#64;Jioun_dai</a>) of
<a href="https://skyeye.360safe.com/">Qihoo 360 Skyeye Labs</a></td>
<td>CVE-2017-0478, CVE-2017-0541, CVE-2017-0559</td>
</tr>
<tr>
<td>Jianqiang Zhao (<a
-href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>) of IceSword Lab,
+href="https://twitter.com/jianqiangzhao">&#64;jianqiangzhao</a>) of IceSword Lab,
Qihoo 360</td>
<td>CVE-2016-5346, CVE-2016-8416, CVE-2016-8475, CVE-2016-8478,
CVE-2017-0445, CVE-2017-0458, CVE-2017-0459, CVE-2017-0518, CVE-2017-0519,
@@ -896,7 +949,7 @@ CVE-2017-8261, CVE-2017-8268, CVE-2017-9718, CVE-2017-1000380</td>
<td>CVE-2017-0698</td>
</tr>
<tr>
- <td>Jon Sawyer (<a href="http://twitter.com/jcase">@jcase</a>)</td>
+ <td>Jon Sawyer (<a href="http://twitter.com/jcase">&#64;jcase</a>)</td>
<td>CVE-2016-8461, CVE-2016-8462</td>
</tr>
<tr>
@@ -951,7 +1004,7 @@ href="http://c0reteam.org/">C0RE Team</a></td>
<td>CVE-2017-0491</td>
</tr>
<tr>
- <td>Marco Bartoli (<a href="https://twitter.com/wsxarcher">@wsxarcher</a>)</td>
+ <td>Marco Bartoli (<a href="https://twitter.com/wsxarcher">&#64;wsxarcher</a>)</td>
<td>CVE-2017-0712</td>
</tr>
<tr>
@@ -971,13 +1024,13 @@ href="http://c0reteam.org/">C0RE Team</a></td>
<td>CVE-2017-0598, CVE-2017-0806, CVE-2017-0871</td>
</tr>
<tr>
- <td>Mike Anderson (<a href="https://twitter.com/manderbot">@manderbot</a>) of
+ <td>Mike Anderson (<a href="https://twitter.com/manderbot">&#64;manderbot</a>) of
Tesla Motors Product Security Team</td>
<td>CVE-2017-0327, CVE-2017-0328</td>
</tr>
<tr>
<td>Mingjian Zhou (<a
-href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>) of <a
+href="https://twitter.com/Mingjian_Zhou">&#64;Mingjian_Zhou</a>) of <a
href="http://c0reteam.org/">C0RE Team</a></td>
<td>CVE-2017-0383, CVE-2017-0417, CVE-2017-0418, CVE-2017-0425,
CVE-2017-0450, CVE-2017-0479, CVE-2017-0480, CVE-2017-0483, CVE-2017-0665,
@@ -997,11 +1050,11 @@ CVE-2017-13152, CVE-2017-13154, CVE-2017-13166, CVE-2017-13169, CVE-2017-14904
<td>CVE-2016-10276</td>
</tr>
<tr>
- <td>Nathan Crandall (<a href="https://twitter.com/natecray">@natecray</a>)</td>
+ <td>Nathan Crandall (<a href="https://twitter.com/natecray">&#64;natecray</a>)</td>
<td>CVE-2017-0535</td>
</tr>
<tr>
- <td>Nathan Crandall (<a href="https://twitter.com/natecray">@natecray</a>) of
+ <td>Nathan Crandall (<a href="https://twitter.com/natecray">&#64;natecray</a>) of
Tesla Motors Product Security Team</td>
<td>CVE-2017-0306, CVE-2017-0327, CVE-2017-0328, CVE-2017-0331,
CVE-2017-0606, CVE-2017-8242, CVE-2017-9679</td>
@@ -1016,7 +1069,7 @@ CVE-2017-0606, CVE-2017-8242, CVE-2017-9679</td>
</tr>
<tr>
<td><a href="mailto:jiych.guru@gmail.com">Niky1235</a> (<a
-href="https://twitter.com/jiych_guru">@jiych_guru</a>)</td>
+href="https://twitter.com/jiych_guru">&#64;jiych_guru</a>)</td>
<td>CVE-2017-0603, CVE-2017-0670, CVE-2017-0697, CVE-2017-0726, CVE-2017-0818</td>
</tr>
<tr>
@@ -1053,7 +1106,7 @@ CVE-2017-11060, CVE-2017-11061, CVE-2017-11064, CVE-2017-11089, CVE-2017-11090</
<td>CVE-2017-11046, CVE-2017-11091</td>
</tr>
<tr>
- <td>Peter Pi (<a href="https://twitter.com/heisecode">@heisecode</a>) of
+ <td>Peter Pi (<a href="https://twitter.com/heisecode">&#64;heisecode</a>) of
Trend Micro</td>
<td>CVE-2016-8424, CVE-2016-8428, CVE-2016-8429, CVE-2016-8460,
CVE-2016-8469, CVE-2016-8473, CVE-2016-8474</td>
@@ -1075,7 +1128,7 @@ CVE-2017-8270, CVE-2017-9691, CVE-2017-9718, CVE-2017-10997, CVE-2017-1000380</t
</tr>
<tr>
<td>Qidan He (何淇丹) (<a
-href="https://twitter.com/flanker_hqd">@flanker_hqd</a>) of KeenLab, Tencent
+href="https://twitter.com/flanker_hqd">&#64;flanker_hqd</a>) of KeenLab, Tencent
(腾讯科恩实验室)</td>
<td>CVE-2017-0325, CVE-2017-0337, CVE-2017-0382, CVE-2017-0427,
CVE-2017-0476, CVE-2017-0544, CVE-2017-0861, CVE-2017-0866, CVE-2017-13167,
@@ -1094,7 +1147,7 @@ CVE-2017-15868</td>
<td>CVE-2017-0522</td>
</tr>
<tr>
- <td>Roee Hay (<a href="https://twitter.com/roeehay">@roeehay</a>) of Aleph
+ <td>Roee Hay (<a href="https://twitter.com/roeehay">&#64;roeehay</a>) of Aleph
Research, HCL Technologies</td>
<td>CVE-2016-10277, CVE-2017-0563, CVE-2017-0582, CVE-2017-0648, CVE-2017-0829,
CVE-2017-13174</td>
@@ -1113,24 +1166,24 @@ Communications in DarkMatter</td>
<td>CVE-2017-0528</td>
</tr>
<tr>
- <td>salls (<a href="https://twitter.com/chris_salls">@chris_salls</a>) of
+ <td>salls (<a href="https://twitter.com/chris_salls">&#64;chris_salls</a>) of
Shellphish Grill Team, UC Santa Barbara</td>
<td>CVE-2017-0505, CVE-2017-13168</td>
</tr>
<tr>
<td><a href="mailto:sbauer@plzdonthack.me">Scott Bauer</a> (<a
-href="https://twitter.com/ScottyBauer1">@ScottyBauer1</a>)</td>
+href="https://twitter.com/ScottyBauer1">&#64;ScottyBauer1</a>)</td>
<td>CVE-2016-10274, CVE-2017-0339, CVE-2017-0405, CVE-2017-0504,
CVE-2017-0516, CVE-2017-0521, CVE-2017-0562, CVE-2017-0576, CVE-2017-0705,
CVE-2017-8259, CVE-2017-8260, CVE-2017-9680, CVE-2017-11053, CVE-2017-13160</td>
</tr>
<tr>
<td>Sean Beaupre (<a
-href="https://twitter.com/firewaterdevs">@firewaterdevs</a>)</td>
+href="https://twitter.com/firewaterdevs">&#64;firewaterdevs</a>)</td>
<td>CVE-2016-8461, CVE-2016-8462, CVE-2017-0455</td>
</tr>
<tr>
- <td>Seven Shen (<a href="https://twitter.com/lingtongshen">@lingtongshen</a>)
+ <td>Seven Shen (<a href="https://twitter.com/lingtongshen">&#64;lingtongshen</a>)
of Trend Micro Mobile Threat Research Team</td>
<td>CVE-2016-8418, CVE-2016-8466, CVE-2016-10231, CVE-2017-0449,
CVE-2017-0452, CVE-2017-0578, CVE-2017-0586, CVE-2017-0724, CVE-2017-0772,
@@ -1174,11 +1227,11 @@ CVE-2017-0436, CVE-2017-10661</td>
</tr>
<tr>
<td>Uma Sankar Pradhan (<a
-href="https://twitter.com/umasankar_iitd">@umasankar_iitd</a>)</td>
+href="https://twitter.com/umasankar_iitd">&#64;umasankar_iitd</a>)</td>
<td>CVE-2017-0560</td>
</tr>
<tr>
- <td>Valerio Costamagna (<a href="https://twitter.com/vaio_co">@vaio_co</a>)</td>
+ <td>Valerio Costamagna (<a href="https://twitter.com/vaio_co">&#64;vaio_co</a>)</td>
<td>CVE-2017-0712</td>
</tr>
<tr>
@@ -1188,7 +1241,7 @@ CVE-2017-0675, CVE-2017-0676, CVE-2017-0682, CVE-2017-0683, CVE-2017-0696,
CVE-2017-0699, CVE-2017-0701, CVE-2017-0702, CVE-2017-0716, CVE-2017-0757</td>
</tr>
<tr>
- <td>V.E.O (<a href="https://twitter.com/vysea">@VYSEa</a>) of Mobile Threat
+ <td>V.E.O (<a href="https://twitter.com/vysea">&#64;VYSEa</a>) of Mobile Threat
Research Team, <a href="http://www.trendmicro.com/">Trend Micro</a></td>
<td>CVE-2017-0381, CVE-2017-0424, CVE-2017-0466, CVE-2017-0467,
CVE-2017-0468, CVE-2017-0469, CVE-2017-0470, CVE-2017-0471, CVE-2017-0472,
@@ -1205,7 +1258,7 @@ CVE-2017-10662, CVE-2017-10663</td>
<td>CVE-2017-0522</td>
</tr>
<tr>
- <td>Weichao Sun (<a href="https://twitter.com/sunblate">@sunblate</a>) of
+ <td>Weichao Sun (<a href="https://twitter.com/sunblate">&#64;sunblate</a>) of
Alibaba Inc.</td>
<td>CVE-2017-0391, CVE-2017-0407, CVE-2017-0549, CVE-2017-0759</td>
</tr>
@@ -1226,12 +1279,12 @@ CVE-2017-0483, CVE-2017-0768, CVE-2017-0779, CVE-2017-0812, CVE-2017-0815,
CVE-2017-0816</td>
</tr>
<tr>
- <td>Wenlin Yang (<a href="https://twitter.com/wenlin_yang">@wenlin_yang</a>)
+ <td>Wenlin Yang (<a href="https://twitter.com/wenlin_yang">&#64;wenlin_yang</a>)
of Alpha Team, Qihoo 360 Technology Co. Ltd.</td>
<td>CVE-2017-0577, CVE-2017-0580</td>
</tr>
<tr>
- <td>Wish Wu (<a href="https://twitter.com/wish_wu">@wish_wu</a>) (<a
+ <td>Wish Wu (<a href="https://twitter.com/wish_wu">&#64;wish_wu</a>) (<a
href="http://www.weibo.com/wishlinux">吴潍浠</a> 此彼) of Ant-financial Light-Year
Security Lab</td>
<td>CVE-2017-0408, CVE-2017-0477, CVE-2017-11063, CVE-2017-11092</td>
@@ -1314,7 +1367,7 @@ CVE-2017-9708, CVE-2017-13170
<td>CVE-2017-0860</td>
</tr>
<tr>
- <td>Yangkang (<a href="https://twitter.com/dnpushme">@dnpushme</a>) of Qex
+ <td>Yangkang (<a href="https://twitter.com/dnpushme">&#64;dnpushme</a>) of Qex
Team, Qihoo 360</td>
<td>CVE-2017-0647, CVE-2017-0690, CVE-2017-0753</td>
</tr>
@@ -1329,12 +1382,12 @@ href="http://c0reteam.org/">C0RE Team</a></td>
</tr>
<tr>
<td>Yong Wang (王勇) (<a
-href="https://twitter.com/ThomasKing2014">@ThomasKing2014</a>) of Alibaba Inc.</td>
+href="https://twitter.com/ThomasKing2014">&#64;ThomasKing2014</a>) of Alibaba Inc.</td>
<td>CVE-2017-0404, CVE-2017-0588, CVE-2017-0842, CVE-2017-13164, CVE-2017-9708,
CVE-2017-13170 </td>
</tr>
<tr>
- <td>Yonggang Guo (<a href="https://twitter.com/guoygang">@guoygang</a>) of
+ <td>Yonggang Guo (<a href="https://twitter.com/guoygang">&#64;guoygang</a>) of
IceSword Lab, Qihoo 360 Technology Co. Ltd.</td>
<td>CVE-2016-10289, CVE-2017-0465, CVE-2017-0564, CVE-2017-0746,
CVE-2017-0749, CVE-2017-7370, CVE-2017-8267, CVE-2017-8269, CVE-2017-8271,
@@ -1372,22 +1425,22 @@ CVE-2017-8264, CVE-2017-10661, CVE-2017-14903</td>
<td>CVE-2017-0767, CVE-2017-0839, CVE-2017-0848</td>
</tr>
<tr>
- <td>Yuqi Lu (<a href="https://twitter.com/nikos233__">@nikos233</a>) of <a
+ <td>Yuqi Lu (<a href="https://twitter.com/nikos233__">&#64;nikos233</a>) of <a
href="http://c0reteam.org/">C0RE Team</a></td>
<td>CVE-2017-0383, CVE-2017-0401, CVE-2017-0417, CVE-2017-0425, CVE-2017-0483</td>
</tr>
<tr>
- <td>Yuxiang Li (<a href="https://twitter.com/xbalien29">@Xbalien29</a>) of
+ <td>Yuxiang Li (<a href="https://twitter.com/xbalien29">&#64;Xbalien29</a>) of
Tencent Security Platform Department</td>
<td>CVE-2017-0395, CVE-2017-0669, CVE-2017-0704</td>
</tr>
<tr>
- <td>Zach Riggle (<a href="https://twitter.com/ebeip90">@ebeip90</a>) of the
+ <td>Zach Riggle (<a href="https://twitter.com/ebeip90">&#64;ebeip90</a>) of the
Android Security Team</td>
<td>CVE-2017-0710</td>
</tr>
<tr>
- <td>Zhanpeng Zhao (行之) (<a href="https://twitter.com/0xr0ot">@0xr0ot</a>) of
+ <td>Zhanpeng Zhao (行之) (<a href="https://twitter.com/0xr0ot">&#64;0xr0ot</a>) of
Security Research Lab, <a href="http://www.cmcm.com/">Cheetah Mobile</a></td>
<td>CVE-2016-8451</td>
</tr>
@@ -1398,7 +1451,7 @@ Co. Ltd.</td>
</tr>
<tr>
<td><a href="mailto:zhouzhenster@gmail.com">Zhen Zhou</a> (<a
-href="https://twitter.com/henices">@henices</a>) of <a
+href="https://twitter.com/henices">&#64;henices</a>) of <a
href="http://www.nsfocus.com/">NSFocus</a></td>
<td>CVE-2017-0406</td>
</tr>
@@ -1457,12 +1510,12 @@ Telecommunications</a></p>
<p>Andrei Kapishnikov of Google</p>
-<p>Andy Tyler (<a href="https://twitter.com/ticarpi">@ticarpi</a>) of
+<p>Andy Tyler (<a href="https://twitter.com/ticarpi">&#64;ticarpi</a>) of
<a href="https://www.e2e-assure.com">e2e-assure</a></p>
-<p>Anestis Bechtsoudis (<a href="https://twitter.com/anestisb">@anestisb</a>) of CENSUS S.A.</p>
+<p>Anestis Bechtsoudis (<a href="https://twitter.com/anestisb">&#64;anestisb</a>) of CENSUS S.A.</p>
-<p>Ao Wang (<a href="https://twitter.com/ArayzSegment">@ArayzSegment</a>) of
+<p>Ao Wang (<a href="https://twitter.com/ArayzSegment">&#64;ArayzSegment</a>) of
<a href="http://www.pkav.net">PKAV</a>, Silence Information Technology</p>
<p>Askyshang of Security Platform Department, Tencent</p>
@@ -1487,7 +1540,7 @@ Telecommunications</a></p>
<p><a href="mailto:zc1991@mail.ustc.edu.cn">Chi Zhang</a> of <a
href="http://c0reteam.org">C0RE Team</a></p>
-<p>Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>) of
+<p>Chiachih Wu (<a href="https://twitter.com/chiachih_wu">&#64;chiachih_wu</a>) of
<a href="http://c0reteam.org">C0RE Team</a> from <a href="http://www.360safe.com/">Qihoo 360</a></p>
<p>Christian Seel</p>
@@ -1536,16 +1589,16 @@ Telecommunications</a></p>
<p><a href="mailto:talepis@unipi.gr">Efthimios Alepis</a> of University of Piraeus</p>
-<p>En He (<a href="https://twitter.com/heeeeen4x">@heeeeen4x</a>) of <a
+<p>En He (<a href="https://twitter.com/heeeeen4x">&#64;heeeeen4x</a>) of <a
href="http://www.ms509.com">MS509Team</a></p>
-<p>Gal Beniamini (<a href="https://twitter.com/@laginimaineb">@laginimaineb</a>,
+<p>Gal Beniamini (<a href="https://twitter.com/@laginimaineb">&#64;laginimaineb</a>,
<a href="http://bits-please.blogspot.com/">http://bits-please.blogspot.com</a>)</p>
-<p>Gengjia Chen (<a href="https://twitter.com/@chengjia4574">@chengjia4574</a>)
+<p>Gengjia Chen (<a href="https://twitter.com/@chengjia4574">&#64;chengjia4574</a>)
of Lab 0x031E, Qihoo 360 Technology Co. Ltd</p>
-<p>Gengming Liu (刘耕铭) (<a href="http://twitter.com/dmxcsnsbh">@dmxcsnsbh</a>)
+<p>Gengming Liu (刘耕铭) (<a href="http://twitter.com/dmxcsnsbh">&#64;dmxcsnsbh</a>)
of KeenLab, Tencent</p>
<p><a href="mailto:gpiskas@gmail.com">George Piskas</a> of
@@ -1555,7 +1608,7 @@ Telecommunications</a></p>
<p>Greg Kaiser of Google Android Team</p>
-<p>Guang Gong (龚广) (<a href="https://twitter.com/oldfresher">@oldfresher</a>)
+<p>Guang Gong (龚广) (<a href="https://twitter.com/oldfresher">&#64;oldfresher</a>)
of <a href="http://www.360.com/">Qihoo 360 Technology Co. Ltd.</a></p>
<p><a href="mailto:hzhan033@ucr.edu">Hang Zhang</a> of UC Riverside</p>
@@ -1585,15 +1638,15 @@ Telecommunications</a></p>
<p>Jeremy C. Joslin of Google</p>
-<p>jfang of KEEN lab, Tencent (<a href="https://twitter.com/k33nteam">@K33nTeam</a>)</p>
+<p>jfang of KEEN lab, Tencent (<a href="https://twitter.com/k33nteam">&#64;K33nTeam</a>)</p>
-<p>Jianqiang Zhao (<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>) of IceSword Lab, Qihoo 360</p>
+<p>Jianqiang Zhao (<a href="https://twitter.com/jianqiangzhao">&#64;jianqiangzhao</a>) of IceSword Lab, Qihoo 360</p>
-<p>Joshua Drake (<a href="https://twitter.com/jduck">@jduck</a>)</p>
+<p>Joshua Drake (<a href="https://twitter.com/jduck">&#64;jduck</a>)</p>
<p>Jouni Malinen PGP id EFC895FA</p>
-<p>Kai Lu (<a href="https://twitter.com/K3vinLuSec">@K3vinLuSec</a>) of
+<p>Kai Lu (<a href="https://twitter.com/K3vinLuSec">&#64;K3vinLuSec</a>) of
Fortinet's FortiGuard Labs</p>
<p>Kandala Shivaram reddy</p>
@@ -1613,8 +1666,8 @@ Fortinet's FortiGuard Labs</p>
<p>Makoto Onuki of Google</p>
-<p>Marco Grassi (<a href="https://twitter.com/marcograss">@marcograss</a>) of KeenLab
- (<a href="https://twitter.com/keen_lab">@keen_lab</a>), Tencent</p>
+<p>Marco Grassi (<a href="https://twitter.com/marcograss">&#64;marcograss</a>) of KeenLab
+ (<a href="https://twitter.com/keen_lab">&#64;keen_lab</a>), Tencent</p>
<p>Marco Nelissen of Google</p>
@@ -1628,7 +1681,7 @@ Fortinet's FortiGuard Labs</p>
<p>Max Spector of Google</p>
-<p>MengLuo Gou (<a href="https://twitter.com/idhyt3r">@idhyt3r</a>) of Bottle
+<p>MengLuo Gou (<a href="https://twitter.com/idhyt3r">&#64;idhyt3r</a>) of Bottle
Tech</p>
<p>Michał Bednarski (<a href="https://github.com/michalbednarski">github.com/michalbednarski</a>)</p>
@@ -1637,7 +1690,7 @@ Fortinet's FortiGuard Labs</p>
<p>Min Chong of Android Security</p>
-<p>Mingjian Zhou (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>)
+<p>Mingjian Zhou (<a href="https://twitter.com/Mingjian_Zhou">&#64;Mingjian_Zhou</a>)
of <a href="http://c0reteam.org">C0RE Team</a>, <a href="http://www.360safe.com/">Qihoo 360</a></p>
<p>Miriam Gershenson of Google</p>
@@ -1646,13 +1699,13 @@ Fortinet's FortiGuard Labs</p>
<p><a href="mailto:nasim@zamir.ca">Nasim Zamir</a></p>
-<p>Nathan Crandall (<a href="https://twitter.com/natecray">@natecray</a>) of
+<p>Nathan Crandall (<a href="https://twitter.com/natecray">&#64;natecray</a>) of
Tesla Motors Product Security Team</p>
-<p>Nico Golde (<a href="https://twitter.com/iamnion">@iamnion</a>) of Qualcomm Product Security Initiative</p>
+<p>Nico Golde (<a href="https://twitter.com/iamnion">&#64;iamnion</a>) of Qualcomm Product Security Initiative</p>
<p>Nightwatch Cybersecurity Research
- (<a href="https://twitter.com/nightwatchcyber">@nightwatchcyber</a>)</p>
+ (<a href="https://twitter.com/nightwatchcyber">&#64;nightwatchcyber</a>)</p>
<p>Ning You of Alibaba Mobile Security Group</p>
@@ -1666,7 +1719,7 @@ Tesla Motors Product Security Team</p>
<p>Pengfei Ding (丁鹏飞) of Baidu X-Lab</p>
-<p>Peter Pi (<a href="https://twitter.com/heisecode">@heisecode</a>) of Trend Micro</p>
+<p>Peter Pi (<a href="https://twitter.com/heisecode">&#64;heisecode</a>) of Trend Micro</p>
<p><a href="http://weibo.com/jfpan">pjf</a> of IceSword Lab, Qihoo 360</p>
@@ -1675,8 +1728,8 @@ Tesla Motors Product Security Team</p>
<p>Qianwei Hu (<a href="mailto:rayxcp@gmail.com">rayxcp@gmail.com</a>) of
<a href="http://www.wooyun.org/">WooYun TangLab</a></p>
-<p>Qidan He (<a href="https://twitter.com/@Flanker_hqd">@Flanker_hqd</a>) of
- KeenLab (<a href="https://twitter.com/keen_lab">@keen_lab</a>), Tencent</p>
+<p>Qidan He (<a href="https://twitter.com/@Flanker_hqd">&#64;Flanker_hqd</a>) of
+ KeenLab (<a href="https://twitter.com/keen_lab">&#64;keen_lab</a>), Tencent</p>
<p>Richard Shupak</p>
@@ -1691,7 +1744,7 @@ Tesla Motors Product Security Team</p>
<p>Romain Trouvé of
<a href="https://labs.mwrinfosecurity.com/">MWR Labs</a></p>
-<p>Ronald L. Loor Vargas (<a href="https://twitter.com/loor_rlv">@loor_rlv</a>)
+<p>Ronald L. Loor Vargas (<a href="https://twitter.com/loor_rlv">&#64;loor_rlv</a>)
of TEAM Lv51</p>
<p>Sagi Kedmi, IBM Security X-Force Researcher</p>
@@ -1701,20 +1754,20 @@ of TEAM Lv51</p>
<p>Santos Cordon of Google Telecom Team</p>
<p><a href="mailto:sbauer@plzdonthack.me">Scott Bauer</a>
- (<a href="https://twitter.com/ScottyBauer1">@ScottyBauer1</a>)</p>
+ (<a href="https://twitter.com/ScottyBauer1">&#64;ScottyBauer1</a>)</p>
-<p>Sen Nie (<a href="https://twitter.com/@nforest_">@nforest_</a>) of KEEN lab,
- Tencent (<a href="https://twitter.com/k33nteam">@K33nTeam</a>)</p>
+<p>Sen Nie (<a href="https://twitter.com/@nforest_">&#64;nforest_</a>) of KEEN lab,
+ Tencent (<a href="https://twitter.com/k33nteam">&#64;K33nTeam</a>)</p>
-<p>Sergey Bobrov (<a href="http://twitter.com/Black2Fan">@Black2Fan</a>) of
+<p>Sergey Bobrov (<a href="http://twitter.com/Black2Fan">&#64;Black2Fan</a>) of
Kaspersky Lab</p>
-<p>Seven Shen (<a href="https://twitter.com/@lingtongshen">@lingtongshen</a>)
+<p>Seven Shen (<a href="https://twitter.com/@lingtongshen">&#64;lingtongshen</a>)
of Trend Micro (<a href="http://www.trendmicro.com">www.trendmicro.com</a>)</p>
<p>Sharvil Nanavati of Google</p>
-<p>Shinjo Park (<a href="https://twitter.com/ad_ili_rai">@ad_ili_rai</a>) of
+<p>Shinjo Park (<a href="https://twitter.com/ad_ili_rai">&#64;ad_ili_rai</a>) of
<a href="http://www.isti.tu-berlin.de/security_in_telecommunications">Security in
Telecommunications</a></p>
@@ -1728,7 +1781,7 @@ Telecommunications</a></p>
<p>Tieyan Li of Huawei</p>
-<p>Tim Strazzere (<a href="https://twitter.com/timstrazz">@timstrazz</a>) of
+<p>Tim Strazzere (<a href="https://twitter.com/timstrazz">&#64;timstrazz</a>) of
SentinelOne / RedNaga</p>
<p>Tom Craig of Google X</p>
@@ -1740,7 +1793,7 @@ SentinelOne / RedNaga</p>
<p><a href="mailto:litongxin1991@gmail.com">Tongxin Li</a> of Peking University</p>
-<p>trotmaster (<a href="https://twitter.com/trotmaster99">@trotmaster99</a>)</p>
+<p>trotmaster (<a href="https://twitter.com/trotmaster99">&#64;trotmaster99</a>)</p>
<p>Vasily Vasilev</p>
@@ -1752,13 +1805,13 @@ SentinelOne / RedNaga</p>
<p>Vishwath Mohan of Android Security</p>
-<p>Wei Wei (<a href="https://twitter.com/Danny__Wei">@Danny__Wei</a>) of Xuanwu
+<p>Wei Wei (<a href="https://twitter.com/Danny__Wei">&#64;Danny__Wei</a>) of Xuanwu
LAB, Tencent</p>
-<p>Weichao Sun (<a href="https://twitter.com/sunblate">@sunblate</a>) of Alibaba Inc</p>
+<p>Weichao Sun (<a href="https://twitter.com/sunblate">&#64;sunblate</a>) of Alibaba Inc</p>
-<p>Wen Niu (<a href="https://twitter.com/NWMonster">@NWMonster</a>) of KeenLab
- (<a href="https://twitter.com/keen_lab">@keen_lab</a>), Tencent</p>
+<p>Wen Niu (<a href="https://twitter.com/NWMonster">&#64;NWMonster</a>) of KeenLab
+ (<a href="https://twitter.com/keen_lab">&#64;keen_lab</a>), Tencent</p>
<p><a href="mailto:vancouverdou@gmail.com">Wenke Dou</a> of <a href="http://c0reteam.org">C0RE Team</a></p>
@@ -1766,7 +1819,7 @@ SentinelOne / RedNaga</p>
<p>William Roberts (<a href="mailto:william.c.roberts@intel.com">william.c.roberts@intel.com</a>)</p>
-<p>Wish Wu (<a href="https://twitter.com/wish_wu">@wish_wu</a>) (<a
+<p>Wish Wu (<a href="https://twitter.com/wish_wu">&#64;wish_wu</a>) (<a
href="http://weibo.com/wishlinux">吴潍浠</a>) of <a
href="http://blog.trendmicro.com/trendlabs-security-intelligence/category/mobile/">Mobile
Threat Response Team</a>, <a href="http://www.trendmicro.com">Trend Micro
@@ -1780,7 +1833,7 @@ SentinelOne / RedNaga</p>
<p>Xiling Gong of Tencent Security Platform Department</p>
-<p>Xingyu He (何星宇) (<a href="https://twitter.com/Spid3r_">@Spid3r_</a>)
+<p>Xingyu He (何星宇) (<a href="https://twitter.com/Spid3r_">&#64;Spid3r_</a>)
of <a href="http://www.alibaba.com/">Alibaba Inc</a></p>
<p><a href="mailto:hanxinhui@pku.edu.cn">Xinhui Han</a> of Peking University</p>
@@ -1812,10 +1865,10 @@ SentinelOne / RedNaga</p>
<p>Yong Shi of Eagleye team, SCC, Huawei</p>
-<p>Yong Wang (王勇) (<a href="https://twitter.com/ThomasKing2014">@ThomasKing2014</a>)
+<p>Yong Wang (王勇) (<a href="https://twitter.com/ThomasKing2014">&#64;ThomasKing2014</a>)
of Alibaba Inc.</p>
-<p>Yongke Wang (<a href="https://twitter.com/Rudykewang">@Rudykewang</a>) of
+<p>Yongke Wang (<a href="https://twitter.com/Rudykewang">&#64;Rudykewang</a>) of
Xuanwu LAB, Tencent</p>
<p>Yongzheng Wu of Huawei</p>
@@ -1827,13 +1880,13 @@ of Alibaba Inc.</p>
<p><a href="http://yurushao.info">Yuru Shao</a> of University of Michigan Ann Arbor</p>
-<p>Yuxiang Li (<a href="https://twitter.com/xbalien29">@Xbalien29</a>) of
+<p>Yuxiang Li (<a href="https://twitter.com/xbalien29">&#64;Xbalien29</a>) of
Tencent Security Platform Department</p>
-<p>Zach Riggle (<a href="https://twitter.com/@ebeip90">@ebeip90</a>) of the
+<p>Zach Riggle (<a href="https://twitter.com/@ebeip90">&#64;ebeip90</a>) of the
Android Security Team</p>
-<p>Zhanpeng Zhao (行之) (<a href="https://twitter.com/0xr0ot">@0xr0ot</a>) of
+<p>Zhanpeng Zhao (行之) (<a href="https://twitter.com/0xr0ot">&#64;0xr0ot</a>) of
Security Research Lab, <a href="http://www.cmcm.com">Cheetah Mobile</a></p>
<p>Zhe Jin (金哲) of Chengdu Security Response Center, Qihoo 360 Technology Co.
@@ -1879,7 +1932,7 @@ of Alibaba Inc.</p>
<p>Gal Beniamini (<a href="http://bits-please.blogspot.com/">http://bits-please.blogspot.com</a>)</p>
-<p>Guang Gong (龚广) (<a href="https://twitter.com/oldfresher">@oldfresher</a>, higongguang@gmail.com) of <a href="http://www.360.cn/">Qihoo 360 Technology Co.Ltd</a></p>
+<p>Guang Gong (龚广) (<a href="https://twitter.com/oldfresher">&#64;oldfresher</a>, higongguang@gmail.com) of <a href="http://www.360.cn/">Qihoo 360 Technology Co.Ltd</a></p>
<p>Hongil Kim of System Security Lab, KAIST (hongilk@kaist.ac.kr)</p>
@@ -1890,7 +1943,7 @@ Aires Argentina</p>
<p>Jack Tang of Trend Micro (@jacktang310)</p>
-<p>jgor of <a href="http://security.utexas.edu/">The University of Texas at Austin</a> (<a href="https://twitter.com/indiecom">@indiecom</a>)</p>
+<p>jgor of <a href="http://security.utexas.edu/">The University of Texas at Austin</a> (<a href="https://twitter.com/indiecom">&#64;indiecom</a>)</p>
<p>Joaquín Rinaudo (@xeroxnir) of Programa STIC at Fundación Dr. Manuel Sadosky,
Buenos Aires Argentina</p>
@@ -1901,9 +1954,9 @@ Buenos Aires Argentina</p>
<p>Lei Wu of C0RE Team from Qihoo 360</p>
-<p>Marco Grassi (<a href="https://twitter.com/marcograss">@marcograss</a>) of <a href="http://k33nteam.org/">KeenTeam</a> (<a href="https://twitter.com/k33nteam">@K33nTeam</a>)</p>
+<p>Marco Grassi (<a href="https://twitter.com/marcograss">&#64;marcograss</a>) of <a href="http://k33nteam.org/">KeenTeam</a> (<a href="https://twitter.com/k33nteam">&#64;K33nTeam</a>)</p>
-<p>Mark Carter (<a href="https://twitter.com/hanpingchinese">@hanpingchinese</a>) of EmberMitre Ltd</p>
+<p>Mark Carter (<a href="https://twitter.com/hanpingchinese">&#64;hanpingchinese</a>) of EmberMitre Ltd</p>
<p>Martin Barbella, Google Chrome Security Team</p>
@@ -1936,7 +1989,7 @@ Secure Software Engineering Group</a>, EC SPRIDE Technische Universität</p>
<p>Steven Vittitoe of Google Project Zero</p>
<p>Tony Beltramelli (<a
-href="https://twitter.com/Tbeltramelli">@Tbeltramelli</a>) of <a
+href="https://twitter.com/Tbeltramelli">&#64;Tbeltramelli</a>) of <a
href="http://tonybeltramelli.com/">tonybeltramelli.com</a></p>
<p>Tzu-Yin (Nina) Tai</p>
@@ -1961,23 +2014,23 @@ href="http://tonybeltramelli.com/">tonybeltramelli.com</a></p>
<p>Aaron Mangel of <a href="https://banno.com/">Banno</a> (<a
href="mailto:amangel@gmail.com">amangel@gmail.com</a>)</p>
-<p>Alex Park (<a href="https://twitter.com/saintlinu">@saintlinu</a>)</p>
+<p>Alex Park (<a href="https://twitter.com/saintlinu">&#64;saintlinu</a>)</p>
<p>Alexandru Gheorghita</p>
<p><a href="https://twitter.com/isciurus">Andrey Labunets</a> of <a href="https://www.facebook.com">Facebook</a></p>
<p><a href="http://www.corkami.com">Ange Albertini</a> (<a
-href="https://twitter.com/angealbertini">@angealbertini</a>)</p>
+href="https://twitter.com/angealbertini">&#64;angealbertini</a>)</p>
<p>Axelle Apvrille of Fortinet, FortiGuards Labs</p>
-<p><a href="http://www.linkedin.com/in/danamodio">Dan Amodio</a> of <a href="https://www.aspectsecurity.com/">Aspect Security</a> (<a href="https://twitter.com/DanAmodio">@DanAmodio</a>)</p>
+<p><a href="http://www.linkedin.com/in/danamodio">Dan Amodio</a> of <a href="https://www.aspectsecurity.com/">Aspect Security</a> (<a href="https://twitter.com/DanAmodio">&#64;DanAmodio</a>)</p>
<p><a href="http://davidmurdoch.com">David Murdoch</a></p>
<p>Henry Hoggard of <a href="https://labs.mwrinfosecurity.com/">MWR Labs</a> (<a
-href="https://twitter.com/henryhoggard">@HenryHoggard</a>)</p>
+href="https://twitter.com/henryhoggard">&#64;HenryHoggard</a>)</p>
<p>Imre Rad of <a href="http://www.search-lab.hu/">Search-Lab Ltd.</a></p>
@@ -1992,20 +2045,20 @@ Security</a></p>
<p><a href="http://blog.redfern.me/">Joseph Redfern</a> of <a
href="https://labs.mwrinfosecurity.com/">MWR Labs</a> <br>(<a
-href="https://twitter.com/JosephRedfern">@JosephRedfern</a>)</p>
+href="https://twitter.com/JosephRedfern">&#64;JosephRedfern</a>)</p>
<p>Kunal Patel of <a href="https://www.samsungknox.com/">Samsung KNOX Security Team</a> (<a href="mailto:kunal.patel1@samsung.com">kunal.patel1@samsung.com</a>)</p>
<p><a href="http://www.linkedin.com/in/luander">Luander Michel Ribeiro</a> (<a
-href="https://twitter.com/luanderock">@luanderock</a>)</p>
+href="https://twitter.com/luanderock">&#64;luanderock</a>)</p>
<p><a href="http://homes.soic.indiana.edu/luyixing">Luyi Xing</a> of Indiana
University Bloomington (<a
href="mailto:xingluyi@gmail.com">xingluyi@gmail.com</a>)</p>
-<p>Marc Blanchou (<a href="https://twitter.com/marcblanchou">@marcblanchou</a>)</p>
+<p>Marc Blanchou (<a href="https://twitter.com/marcblanchou">&#64;marcblanchou</a>)</p>
-<p>Mathew Solnik (<a href="https://twitter.com/msolnik">@msolnik</a>)</p>
+<p>Mathew Solnik (<a href="https://twitter.com/msolnik">&#64;msolnik</a>)</p>
<p><a href="https://github.com/michalbednarski">Michał Bednarski</a></p>
@@ -2052,17 +2105,17 @@ href="mailto:litongxin1991@gmail.com">litongxin1991@gmail.com</a>)</p>
<p><a href="http://www.linkedin.com/in/tonytrummer/">Tony Trummer</a> of <a
href="http://www.themeninthemiddle.com">The Men in the Middle</a> <br>(<a
-href="https://twitter.com/SecBro1">@SecBro1</a>)</p>
+href="https://twitter.com/SecBro1">&#64;SecBro1</a>)</p>
<p><a href="https://www.linkedin.com/in/tdalvi">Tushar Dalvi</a> (<a
-href="https://twitter.com/tushardalvi">@tushardalvi</a>)</p>
+href="https://twitter.com/tushardalvi">&#64;tushardalvi</a>)</p>
<p><a href="https://plus.google.com/u/0/109528607786970714118">Valera
Neronov</a></p>
<p>Wang Tao of <a href="http://xteam.baidu.com">Baidu X-Team</a> (<a href="mailto:wintao@gmail.com">wintao@gmail.com</a>)</p>
-<p>Wang Yu of <a href="http://xteam.baidu.com">Baidu X-Team</a> (<a href="https://twitter.com/xi4oyu">@xi4oyu</a>)</p>
+<p>Wang Yu of <a href="http://xteam.baidu.com">Baidu X-Team</a> (<a href="https://twitter.com/xi4oyu">&#64;xi4oyu</a>)</p>
<p><a href="http://www.shackleton.io/">Will Shackleton</a> of <a href="https://www.facebook.com">Facebook</a></p>
@@ -2079,7 +2132,7 @@ href="mailto:xw7@indiana.edu">xw7@indiana.edu</a>)</p>
<p>Xiaoyong Zhou of <a
href="http://www.cs.indiana.edu/~zhou/">Indiana University Bloomington</a> <br>(<a
-href="https://twitter.com/xzhou">@xzhou</a>, <a
+href="https://twitter.com/xzhou">&#64;xzhou</a>, <a
href="mailto:zhou.xiaoyong@gmail.com">zhou.xiaoyong@gmail.com</a>)</p>
<p>Xinhui Han of Peking University (<a
@@ -2089,7 +2142,7 @@ href="mailto:hanxinhui@pku.edu.cn">hanxinhui@pku.edu.cn</a>)</p>
href="mailto:luc2yj@gmail.com">luc2yj@gmail.com</a>)</p>
<p><a href="http://www.androbugs.com">Yu-Cheng Lin 林禹成</a> (<a
-href="https://twitter.com/AndroBugs">@AndroBugs</a>)</p>
+href="https://twitter.com/AndroBugs">&#64;AndroBugs</a>)</p>
<p>Zhang Dong Hui of <a href="http://xteam.baidu.com">Baidu X-Team</a> (<a href="http://weibo.com/shineastdh">shineastdh</a>)</p>
@@ -2107,7 +2160,7 @@ of <a href="http://www.ecommera.com/">eCommera</a>
</a> (<a href="mailto:jon@cunninglogic.com">jon@cunninglogic.com</a>)</p>
<p>Joshua J. Drake of <a href="http://www.accuvant.com/">Accuvant LABS
-</a> (<a href="https://twitter.com/jduck">@jduck</a>)
+</a> (<a href="https://twitter.com/jduck">&#64;jduck</a>)
<a href="https://android-review.googlesource.com/#/q/change:72228+OR+change:72229">
<img style="vertical-align:middle" src="../images/patchreward.png"
alt="Patch Rewards Symbol" title="This person qualified for the Patch Rewards program!"></a></p>
@@ -2124,7 +2177,7 @@ href="mailto:xingluyi@gmail.com">xingluyi@gmail.com</a>)</p>
<p><a href="https://lacklustre.net/">Mike Ryan</a> of
<a href="https://isecpartners.com/">iSEC Partners</a>
-<br>(<a href="https://twitter.com/mpeg4codec">@mpeg4codec</a>,
+<br>(<a href="https://twitter.com/mpeg4codec">&#64;mpeg4codec</a>,
<a href="mailto:mikeryan@isecpartners.com">mikeryan@isecpartners.com
</a>)</p>
@@ -2135,7 +2188,7 @@ at Urbana-Champaign</a>
<p>Qualcomm Product Security Initiative</p>
-<p><a href="https://securityresear.ch/">Roee Hay</a> (<a href="https://twitter.com/roeehay">@roeehay</a>,
+<p><a href="https://securityresear.ch/">Roee Hay</a> (<a href="https://twitter.com/roeehay">&#64;roeehay</a>,
<a href="mailto:roeehay@gmail.com">roeehay@gmail.com</a>)</p>
<p>Robert Craig of <a href="https://www.nsa.gov/research/ia_research/">
@@ -2145,7 +2198,7 @@ Trusted Systems Research Group</a>, US National Security Agency
title="This person contributed code that improved Android security"></a></p>
<p>Ruben Santamarta of IOActive
-(<a href="https://twitter.com/reversemode">@reversemode</a>)</p>
+(<a href="https://twitter.com/reversemode">&#64;reversemode</a>)</p>
<p>Stephen Smalley of <a href="https://www.nsa.gov/research/ia_research/">
Trusted Systems Research Group</a>, US National Security Agency
@@ -2172,12 +2225,12 @@ alt="Patch Symbol" title="This person contributed code that improved Android sec
<div style="LINE-HEIGHT:25px;">
-<p>David Weinstein (<a href="https://twitter.com/insitusec">@insitusec</a>)
+<p>David Weinstein (<a href="https://twitter.com/insitusec">&#64;insitusec</a>)
of <a href="https://viaforensics.com/">viaForensics</a></p>
<p><a href="http://thejh.net/">Jann Horn</a></p>
-<p>Ravishankar Borgaonkari (<a href="https://twitter.com/raviborgaonkar">@raviborgaonkar</a>) of TU Berlin</p>
+<p>Ravishankar Borgaonkari (<a href="https://twitter.com/raviborgaonkar">&#64;raviborgaonkar</a>) of TU Berlin</p>
<p>Robert Craig of <a href="https://www.nsa.gov/research/ia_research/">
Trusted Systems Research Group</a>, US National Security Agency
@@ -2185,7 +2238,7 @@ Trusted Systems Research Group</a>, US National Security Agency
<img style="vertical-align:middle" src="../images/tiny-robot.png" alt="Patch Symbol"
title="This person contributed code that improved Android security"></a></p>
-<p><a href="https://securityresear.ch/">Roee Hay</a> (<a href="https://twitter.com/roeehay">@roeehay</a>,
+<p><a href="https://securityresear.ch/">Roee Hay</a> (<a href="https://twitter.com/roeehay">&#64;roeehay</a>,
<a href="mailto:roeehay@gmail.com">roeehay@gmail.com</a>)</p>
<p>Stephen Smalley of <a href="https://www.nsa.gov/research/ia_research/">
@@ -2208,7 +2261,7 @@ alt="Patch Symbol" title="This person contributed code that improved Android sec
<div style="LINE-HEIGHT:25px;">
-<p>Collin Mulliner of <a href="http://www.mulliner.org/collin/academic">MUlliNER.ORG</a> (<a href="https://twitter.com/collinrm">@collinrm</a>)</p>
+<p>Collin Mulliner of <a href="http://www.mulliner.org/collin/academic">MUlliNER.ORG</a> (<a href="https://twitter.com/collinrm">&#64;collinrm</a>)</p>
</div>
@@ -2216,9 +2269,9 @@ alt="Patch Symbol" title="This person contributed code that improved Android sec
<div style="LINE-HEIGHT:25px;">
-<p>Charlie Miller (<a href="https://twitter.com/0xcharlie">@0xcharlie</a>)</p>
+<p>Charlie Miller (<a href="https://twitter.com/0xcharlie">&#64;0xcharlie</a>)</p>
-<p>Collin Mulliner of <a href="http://www.mulliner.org/collin/academic">MUlliNER.ORG</a> (<a href="https://twitter.com/collinrm">@collinrm</a>)</p>
+<p>Collin Mulliner of <a href="http://www.mulliner.org/collin/academic">MUlliNER.ORG</a> (<a href="https://twitter.com/collinrm">&#64;collinrm</a>)</p>
</div>
diff --git a/en/setup/build/initializing.html b/en/setup/build/initializing.html
index c68f0773..24c697ff 100644
--- a/en/setup/build/initializing.html
+++ b/en/setup/build/initializing.html
@@ -159,7 +159,7 @@ environment</h2>
You will need a 64-bit version of Ubuntu. Ubuntu 14.04 is recommended.
</p>
<pre class="devsite-terminal devsite-click-to-copy">
-sudo apt-get install git-core gnupg flex bison gperf build-essential zip curl zlib1g-dev gcc-multilib g++-multilib libc6-dev-i386 lib32ncurses5-dev x11proto-core-dev libx11-dev lib32z-dev ccache libgl1-mesa-dev libxml2-utils xsltproc unzip
+sudo apt-get install git-core gnupg flex bison gperf build-essential zip curl zlib1g-dev gcc-multilib g++-multilib libc6-dev-i386 lib32ncurses5-dev x11proto-core-dev libx11-dev lib32z-dev libgl1-mesa-dev libxml2-utils xsltproc unzip
</pre>
<aside class="note"><strong>Note:</strong> To use SELinux tools for policy
analysis, also install the <code>python-networkx</code> package.
diff --git a/en/setup/build/requirements.html b/en/setup/build/requirements.html
index 0a1f4259..36df7fed 100644
--- a/en/setup/build/requirements.html
+++ b/en/setup/build/requirements.html
@@ -38,8 +38,7 @@
on 32-bit systems.
</li>
<li>At least 100GB of free disk space to checkout the code and an extra 150GB
- to build it. If you conduct multiple builds or employ ccache, you will need
- even more space.
+ to build it. If you conduct multiple builds, you will need even more space.
</li>
<li>If you are running Linux in a virtual machine, you need at
least 16GB of RAM/swap.
diff --git a/en/setup/start/build-numbers.html b/en/setup/start/build-numbers.html
index fb2f2d39..6889f568 100644
--- a/en/setup/start/build-numbers.html
+++ b/en/setup/start/build-numbers.html
@@ -235,6 +235,30 @@ following table.
</thead>
<tbody>
<tr>
+ <td>OPM4.171019.016.C1</td>
+ <td>android-8.1.0_r29</td>
+ <td>Oreo</td>
+ <td>Pixel C</td>
+ </tr>
+ <tr>
+ <td>OPM4.171019.016.B1</td>
+ <td>android-8.1.0_r28</td>
+ <td>Oreo</td>
+ <td>Pixel XL, Pixel, Pixel 2 XL, Pixel 2</td>
+ </tr>
+ <tr>
+ <td>OPM4.171019.016.A1</td>
+ <td>android-8.1.0_r27</td>
+ <td>Oreo</td>
+ <td>Nexus 5X</td>
+ </tr>
+ <tr>
+ <td>OPM2.171019.029.B1</td>
+ <td>android-8.1.0_r26</td>
+ <td>Oreo</td>
+ <td>Pixel 2 XL, Pixel 2</td>
+ </tr>
+ <tr>
<td>OPM4.171019.015.A1</td>
<td>android-8.1.0_r23</td>
<td>Oreo</td>
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-02 10:03:30 +0000