Replicant

Thanks a lot for providing that patchset!

I've merged them all to my local repo and successfully compiled/reflashed/tested Replicant 4.2 on my i9100.

I've attached your patchset again, with the suffix -reviewed. I've modified the header of your patches inside of this attachment a bit. I added a Signed-off-by: {'From:' contact of the originally patch header}, followed by your Signed-off-by line, finalized with my Tested-by line. Hope that's ok?

I've looked through the August patches, provided by Google (https://groups.google.com/forum/#!topic/android-security-updates/Ugvu3fi6RQM) a bit and completed the overview as follows:

CVE-2015-1538: Integer overflows during MP4 atom processing

ANDROID-20139950:
https://android.googlesource.com/platform/frameworks/av/+/cf1581c66c2ad8c5b1aaca2e43e350cf5974f46d
https://android.googlesource.com/platform/frameworks/av/+/2434839bbd168469f80dd9a22f1328bc81046398
Affected versions: 5.1 and below
Result: already included in the stagefright patchset: http://redmine.replicant.us/issues/1287

CVE-2015-1539: An integer underflow in ESDS processing

ANDROID-20139950: https://android.googlesource.com/platform/frameworks/av/+/5e751957ba692658b7f67eb03ae5ddb2cd3d970c
Affected versions: 5.1 and below
Result: already included in the stagefright patchset: http://redmine.replicant.us/issues/1287

CVE-2015-3824: Integer overflow in libstagefright when parsing the MPEG4 tx3g atom

ANDROID-20923261: https://android.googlesource.com/platform/frameworks/av/+/463a6f807e187828442949d1924e143cf07778c6
Affected versions: Android 5.1 and below
Result: already included in the stagefright patchset: http://redmine.replicant.us/issues/1287

CVE-2015-3827: Integer underflow in libstagefright when processing MPEG4 covr atoms

ANDROID-20923261: https://android.googlesource.com/platform/frameworks/av/+/f4a88c8ed4f8186b3d6e2852993e063fc33ff231
Affected versions: Android 5.1 and below
Result: already included in the stagefright patchset: http://redmine.replicant.us/issues/1287

CVE-2015-3829: Integer overflow in libstagefright processing MPEG4 covr atoms when chunk_data_size is SIZE_MAX

ANDROID-20923261: https://android.googlesource.com/platform/frameworks/av/+/2674a7218eaa3c87f2ee26d26da5b9170e10f859
Affected versions: Android 5.1 and below
Result: already included in the stagefright patchset: http://redmine.replicant.us/issues/1287

CVE-2015-3828: Integer underflow in libstagefright if size is below 6 while processing 3GPP metadata

ANDROID-20923261: https://android.googlesource.com/platform/frameworks/av/+/f4f7e0c102819f039ebb1972b3dba1d3186bc1d1
Affected versions: Android 5.0 and above
Result: codebase checked, not needed on Replicant 4.2.

CVE-2015-3831: Buffer overflow in mediaserver BpMediaHTTPConnection

ANDROID-19400722: https://android.googlesource.com/platform/frameworks/av/+/51504928746edff6c94a1c498cf99c0a83bedaed
Affected versions: 5.0 and 5.1
Result: codebase checked, not needed on Replicant 4.2.

CVE-2015-3837: Memory Corruption in OpenSSLX509Certificate Deserialization

ANDROID-21437603: https://android.googlesource.com/platform/external/conscrypt/+/edf7055461e2d7fa18de5196dca80896a56e3540
Affected versions: 5.1 and below
Result: codebase checked, not needed on Replicant 4.2.

CVE-2015-1541: AppWidgetServiceImpl can create IntentSender with system privileges

ANDROID-19618745: https://android.googlesource.com/platform/frameworks/base/+/0b98d304c467184602b4c6bce76fda0b0274bc07
Affected versions: 5.1 only
Result: codebase checked, not needed on Replicant 4.2.

CVE-2015-3833: Mitigation bypass of restrictions on getRecentTasks()

ANDROID-20034603: https://android.googlesource.com/platform/frameworks/base/+/aaa0fee0d7a8da347a0c47cef5249c70efee209e
Affected versions: 5.0 and 5.1
Result: codebase checked, not needed on Replicant 4.2.

CVE-2015-3826: Unbounded buffer read in libstagefright while parsing 3GPP metadata

ANDROID-20923261: https://android.googlesource.com/platform/frameworks/av/+/f4f7e0c102819f039ebb1972b3dba1d3186bc1d1
Affected versions: 5.0 and 5.1
Result: codebase checked, not needed on Replicant 4.2.

CVE-2015-3835: Buffer overflow in libstagefright OMXNodeInstance::emptyBuffer

ANDROID-20634516:
https://android.googlesource.com/platform/frameworks/av/+/086d84f45ab7b64d1a7ed7ac8ba5833664a6a5ab
Result: Included in Wolfgang Wiedmeyer's patchset -> 0006-DO-NOT-MERGE-IOMX-Add-buffer-range-check-to-emptyBuf.patch
https://android.googlesource.com/platform/frameworks/av/+/3cb1b6944e776863aea316e25fdc16d7f9962902
Result: codebase checked, not needed on Replicant 4.2.
Affected versions: 5.1 and below

CVE-2015-3843: Applications can intercept or emulate SIM commands to Telephony

ANDROID-21697171:
https://android.googlesource.com/platform/frameworks/opt/telephony/+/b48581401259439dc5ef6dcf8b0f303e4cbefbe9
Result: Included in Wolfgang Wiedmeyer's patchset -> 0007-DO-NOT-MERGE-Change-to-add-STK_PERMISSION-for-stk-re.patch
https://android.googlesource.com/platform/packages/apps/Stk/+/1d8e00160c07ae308e5b460214eb2a425b93ccf7
Result: Included in Wolfgang Wiedmeyer's patchset -> 0008-DO-NOT-MERGE-Change-to-add-STK_PERMISSION-for-stk-re.patch
https://android.googlesource.com/platform/frameworks/base/+/a5e904e7eb3aaec532de83ca52e24af18e0496b4
Result: Included in Wolfgang Wiedmeyer's patchset -> 0009-DO-NOT-MERGE-Change-to-add-STK_PERMISSION-for-stk-re.patch
https://android.googlesource.com/platform/packages/services/Telephony/+/fcb1d13c320dd1a6350bc7af3166929b4d54a456
Result: codebase checked, not needed on Replicant 4.2.
Affected versions: 5.1 and below

CVE-2015-3836: Buffer overflow in Sonivox Parse_wave

ANDROID-21132860: https://android.googlesource.com/platform/external/sonivox/+/e999f077f6ef59d20282f1e04786816a31fb8be6
Affected versions: 5.1 and below
Result: Included in Wolfgang Wiedmeyer's patchset -> 0001-DLS-parser-fix-wave-pool-size-check.patch

CVE-2015-3832: Buffer overflows in libstagefright MPEG4Extractor.cpp

ANDROID-19641538: https://android.googlesource.com/platform/frameworks/av/+/d48f0f145f8f0f4472bc0af668ac9a8bce44ba9b
Affected versions: 5.1 and below
Result: Included in Wolfgang Wiedmeyer's patchset -> 0002-DO-NOT-MERGE-Add-AUtils-isInRange-and-use-it-to-dete.patch

CVE-2015-0973: Vulnerability in libpng: Overflow in png_Read_IDAT_data

ANDROID-19499430: https://android.googlesource.com/platform/external/libpng/+/dd0ed46397a05ae69dc8c401f5711f0db0a964fa
Affected versions: 5.1 and below
Result: Included in Wolfgang Wiedmeyer's patchset -> 0003-Backport-of-fix-for-CVE-2015-0973-to-libpng-1.2.patch

CVE-2015-1863: Remotely exploitable memcpy() overflow in p2p_add_device() in wpa_supplicant

ANDROID-20076874: https://android.googlesource.com/platform/external/wpa_supplicant_8/+/4cf0f2d0d869c35a9ec4432861d5efa8ead4279c
Affected versions: 5.1 and below
Result: Included in Wolfgang Wiedmeyer's patchset -> 0004-P2P-Validate-SSID-element-length-before-copying-it.patch

CVE-2015-3834: Buffer overflow in mediaserver BnHDCP

ANDROID-20222489: https://android.googlesource.com/platform/frameworks/av/+/c82e31a7039a03dca7b37c65b7890ba5c1e18ced
Affected versions: 5.1 and below
Result: Included in Wolfgang Wiedmeyer's patchset -> 0005-HDCP-buffer-over-flow-check-DO-NOT-MERGE.patch

CVE-2015-3842: Heap overflow in mediaserver AudioPolicyManager::getInputForAttr()

ANDROID-21953516: https://android.googlesource.com/platform/frameworks/av/+/aeea52da00d210587fb3ed895de3d5f2e0264c88
Affected versions: 5.1 and below
Already included in the MediaServer patch: http://redmine.replicant.us/issues/1299

CVE-2015-1536: Vulnerability in Bitmap unmarshalling

ANDROID-19666945: https://android.googlesource.com/platform/frameworks/base/+/d44e5bde18a41beda39d49189bef7f2ba7c8f3cb
Affected versions: 5.1 and below
Result: Included in Wolfgang Wiedmeyer's patchset -> 0010-Fix-for-CVE-2015-1536.patch

CVE-2015-3844: ActivityManagerService.getProcessRecordLocked() may load a system UID application into the wrong process

ANDROID-21669445: https://android.googlesource.com/platform/frameworks/base/+/e3cde784e3d99966f313fe00dcecf191f6a44a31
Affected versions: 5.1 and below
Result: Included in Wolfgang Wiedmeyer's patchset -> 0012-Prevent-system-uid-component-from-running-in-an-app.patch

There is another patch in the patchset: 0011-add-operator-for-SkAutoTDelete.patch
IMHO this isn't a patch of Google's monthly (August) patch-release. All I've found (with a quick search) is this:
https://github.com/android/platform_external_skia/commit/1790e25e1829ed4091fb149764425df7a3c9c0e0
https://github.com/android/platform_external_skia/commit/4f7ec55f7128e971318adc11f07fc485c4d50bc5
@Wolfgang Wiedmeyer: would you, (or anybody else) provide some more informations about that patch, please?

You won't find this patch anywhere. As I already wrote:

There is also a small change in external/skia necessary for this patch to work. Please review carefully!

The security patch for CVE-2015-1536 changes the type of bitmap from SkBitmap* to SkAutoTDelete<SkBitmap>. The problem is that the code expects elements of bitmap to be accessible by the ->() operator and this operator is not supported by the SkAutoTDelete class in Replicant. So I added the operator as it is implemented in later versions of Skia. That's all what the additional patch is doing.

Sorry, my bad. Of course you're right.

This issue has been closed because Replicant 4.2 is no longer supported or maintained.