Thanks a lot for providing that patchset!
I've merged them all to my local repo and successfully compiled/reflashed/tested Replicant 4.2 on my i9100.
I've attached your patchset again, with the suffix -reviewed. I've modified the header of your patches inside of this attachment a bit. I added a Signed-off-by: {'From:' contact of the originally patch header}, followed by your Signed-off-by line, finalized with my Tested-by line. Hope that's ok?
I've looked through the August patches, provided by Google (https://groups.google.com/forum/#!topic/android-security-updates/Ugvu3fi6RQM) a bit and completed the overview as follows:
CVE-2015-1538: Integer overflows during MP4 atom processing
ANDROID-20139950:
https://android.googlesource.com/platform/frameworks/av/+/cf1581c66c2ad8c5b1aaca2e43e350cf5974f46d
https://android.googlesource.com/platform/frameworks/av/+/2434839bbd168469f80dd9a22f1328bc81046398
Affected versions: 5.1 and below
Result: already included in the stagefright patchset: http://redmine.replicant.us/issues/1287
CVE-2015-1539: An integer underflow in ESDS processing
ANDROID-20139950: https://android.googlesource.com/platform/frameworks/av/+/5e751957ba692658b7f67eb03ae5ddb2cd3d970c
Affected versions: 5.1 and below
Result: already included in the stagefright patchset: http://redmine.replicant.us/issues/1287
CVE-2015-3824: Integer overflow in libstagefright when parsing the MPEG4 tx3g atom
ANDROID-20923261: https://android.googlesource.com/platform/frameworks/av/+/463a6f807e187828442949d1924e143cf07778c6
Affected versions: Android 5.1 and below
Result: already included in the stagefright patchset: http://redmine.replicant.us/issues/1287
CVE-2015-3827: Integer underflow in libstagefright when processing MPEG4 covr atoms
ANDROID-20923261: https://android.googlesource.com/platform/frameworks/av/+/f4a88c8ed4f8186b3d6e2852993e063fc33ff231
Affected versions: Android 5.1 and below
Result: already included in the stagefright patchset: http://redmine.replicant.us/issues/1287
CVE-2015-3829: Integer overflow in libstagefright processing MPEG4 covr atoms when chunk_data_size is SIZE_MAX
ANDROID-20923261: https://android.googlesource.com/platform/frameworks/av/+/2674a7218eaa3c87f2ee26d26da5b9170e10f859
Affected versions: Android 5.1 and below
Result: already included in the stagefright patchset: http://redmine.replicant.us/issues/1287
CVE-2015-3828: Integer underflow in libstagefright if size is below 6 while processing 3GPP metadata
ANDROID-20923261: https://android.googlesource.com/platform/frameworks/av/+/f4f7e0c102819f039ebb1972b3dba1d3186bc1d1
Affected versions: Android 5.0 and above
Result: codebase checked, not needed on Replicant 4.2.
CVE-2015-3831: Buffer overflow in mediaserver BpMediaHTTPConnection
ANDROID-19400722: https://android.googlesource.com/platform/frameworks/av/+/51504928746edff6c94a1c498cf99c0a83bedaed
Affected versions: 5.0 and 5.1
Result: codebase checked, not needed on Replicant 4.2.
CVE-2015-3837: Memory Corruption in OpenSSLX509Certificate Deserialization
ANDROID-21437603: https://android.googlesource.com/platform/external/conscrypt/+/edf7055461e2d7fa18de5196dca80896a56e3540
Affected versions: 5.1 and below
Result: codebase checked, not needed on Replicant 4.2.
CVE-2015-1541: AppWidgetServiceImpl can create IntentSender with system privileges
ANDROID-19618745: https://android.googlesource.com/platform/frameworks/base/+/0b98d304c467184602b4c6bce76fda0b0274bc07
Affected versions: 5.1 only
Result: codebase checked, not needed on Replicant 4.2.
CVE-2015-3833: Mitigation bypass of restrictions on getRecentTasks()
ANDROID-20034603: https://android.googlesource.com/platform/frameworks/base/+/aaa0fee0d7a8da347a0c47cef5249c70efee209e
Affected versions: 5.0 and 5.1
Result: codebase checked, not needed on Replicant 4.2.
CVE-2015-3826: Unbounded buffer read in libstagefright while parsing 3GPP metadata
ANDROID-20923261: https://android.googlesource.com/platform/frameworks/av/+/f4f7e0c102819f039ebb1972b3dba1d3186bc1d1
Affected versions: 5.0 and 5.1
Result: codebase checked, not needed on Replicant 4.2.
CVE-2015-3835: Buffer overflow in libstagefright OMXNodeInstance::emptyBuffer
ANDROID-20634516:
https://android.googlesource.com/platform/frameworks/av/+/086d84f45ab7b64d1a7ed7ac8ba5833664a6a5ab
Result: Included in Wolfgang Wiedmeyer's patchset -> 0006-DO-NOT-MERGE-IOMX-Add-buffer-range-check-to-emptyBuf.patch
https://android.googlesource.com/platform/frameworks/av/+/3cb1b6944e776863aea316e25fdc16d7f9962902
Result: codebase checked, not needed on Replicant 4.2.
Affected versions: 5.1 and below
CVE-2015-3843: Applications can intercept or emulate SIM commands to Telephony
ANDROID-21697171:
https://android.googlesource.com/platform/frameworks/opt/telephony/+/b48581401259439dc5ef6dcf8b0f303e4cbefbe9
Result: Included in Wolfgang Wiedmeyer's patchset -> 0007-DO-NOT-MERGE-Change-to-add-STK_PERMISSION-for-stk-re.patch
https://android.googlesource.com/platform/packages/apps/Stk/+/1d8e00160c07ae308e5b460214eb2a425b93ccf7
Result: Included in Wolfgang Wiedmeyer's patchset -> 0008-DO-NOT-MERGE-Change-to-add-STK_PERMISSION-for-stk-re.patch
https://android.googlesource.com/platform/frameworks/base/+/a5e904e7eb3aaec532de83ca52e24af18e0496b4
Result: Included in Wolfgang Wiedmeyer's patchset -> 0009-DO-NOT-MERGE-Change-to-add-STK_PERMISSION-for-stk-re.patch
https://android.googlesource.com/platform/packages/services/Telephony/+/fcb1d13c320dd1a6350bc7af3166929b4d54a456
Result: codebase checked, not needed on Replicant 4.2.
Affected versions: 5.1 and below
CVE-2015-3836: Buffer overflow in Sonivox Parse_wave
ANDROID-21132860: https://android.googlesource.com/platform/external/sonivox/+/e999f077f6ef59d20282f1e04786816a31fb8be6
Affected versions: 5.1 and below
Result: Included in Wolfgang Wiedmeyer's patchset -> 0001-DLS-parser-fix-wave-pool-size-check.patch
CVE-2015-3832: Buffer overflows in libstagefright MPEG4Extractor.cpp
ANDROID-19641538: https://android.googlesource.com/platform/frameworks/av/+/d48f0f145f8f0f4472bc0af668ac9a8bce44ba9b
Affected versions: 5.1 and below
Result: Included in Wolfgang Wiedmeyer's patchset -> 0002-DO-NOT-MERGE-Add-AUtils-isInRange-and-use-it-to-dete.patch
CVE-2015-0973: Vulnerability in libpng: Overflow in png_Read_IDAT_data
ANDROID-19499430: https://android.googlesource.com/platform/external/libpng/+/dd0ed46397a05ae69dc8c401f5711f0db0a964fa
Affected versions: 5.1 and below
Result: Included in Wolfgang Wiedmeyer's patchset -> 0003-Backport-of-fix-for-CVE-2015-0973-to-libpng-1.2.patch
CVE-2015-1863: Remotely exploitable memcpy() overflow in p2p_add_device() in wpa_supplicant
ANDROID-20076874: https://android.googlesource.com/platform/external/wpa_supplicant_8/+/4cf0f2d0d869c35a9ec4432861d5efa8ead4279c
Affected versions: 5.1 and below
Result: Included in Wolfgang Wiedmeyer's patchset -> 0004-P2P-Validate-SSID-element-length-before-copying-it.patch
CVE-2015-3834: Buffer overflow in mediaserver BnHDCP
ANDROID-20222489: https://android.googlesource.com/platform/frameworks/av/+/c82e31a7039a03dca7b37c65b7890ba5c1e18ced
Affected versions: 5.1 and below
Result: Included in Wolfgang Wiedmeyer's patchset -> 0005-HDCP-buffer-over-flow-check-DO-NOT-MERGE.patch
CVE-2015-3842: Heap overflow in mediaserver AudioPolicyManager::getInputForAttr()
ANDROID-21953516: https://android.googlesource.com/platform/frameworks/av/+/aeea52da00d210587fb3ed895de3d5f2e0264c88
Affected versions: 5.1 and below
Already included in the MediaServer patch: http://redmine.replicant.us/issues/1299
CVE-2015-1536: Vulnerability in Bitmap unmarshalling
ANDROID-19666945: https://android.googlesource.com/platform/frameworks/base/+/d44e5bde18a41beda39d49189bef7f2ba7c8f3cb
Affected versions: 5.1 and below
Result: Included in Wolfgang Wiedmeyer's patchset -> 0010-Fix-for-CVE-2015-1536.patch
CVE-2015-3844: ActivityManagerService.getProcessRecordLocked() may load a system UID application into the wrong process
ANDROID-21669445: https://android.googlesource.com/platform/frameworks/base/+/e3cde784e3d99966f313fe00dcecf191f6a44a31
Affected versions: 5.1 and below
Result: Included in Wolfgang Wiedmeyer's patchset -> 0012-Prevent-system-uid-component-from-running-in-an-app.patch
There is another patch in the patchset: 0011-add-operator-for-SkAutoTDelete.patch
IMHO this isn't a patch of Google's monthly (August) patch-release. All I've found (with a quick search) is this:
https://github.com/android/platform_external_skia/commit/1790e25e1829ed4091fb149764425df7a3c9c0e0
https://github.com/android/platform_external_skia/commit/4f7ec55f7128e971318adc11f07fc485c4d50bc5
@Wolfgang Wiedmeyer: would you, (or anybody else) provide some more informations about that patch, please?