Frank, Unfortunately Google does a very poor job of tracking and communicating this type of information. The bug numbers you're referring to are internal and accessible only to Google employees.
There are more if you look on OSVDB, though they require a license for using their data. I understand the need for this type of information and am working with the other droidsec members (http://www.droidsec.org/) to try to fix the situation. Unfortunately, it's rather slow going and only a side project for most of the members. If you'd like to discuss your approach further, I'm open to providing you some pointers for where to look. Joshua On Friday, March 21, 2014 2:11:45 AM UTC-5, Frank wrote: > > Hi, > > I am currently doing a project on Android vulnerabilities, first I need to > find out why many of vulnerabilities happen, and how do these > vulnerabilities eventually get fixed. Then I am supposed to characterize > various Android vulnerabilities and their fixes. > > The problem is: The Android vulnerabilities I could access now are still > too few, I could only access the 32 vulnerabilities in > http://www.cvedetails.com/vulnerability-list/vendor_id-1224/product_id-19997/Google-Android.html. > > So, I wonder how can I find or if there is a bigger vulnerability database > for Android? Because more cases will make the work more convincing. > > Another problem is: When I was trying to find the fixes in Android git, I > found that the committers often referred to bug reports with 7-bits ID like > "bug 7454567", which can not be found in "Android Open Source Project - > Issue Tracker". I wonder how can I access the bug reports with this kind > of "7-bits bug ID". > > It will be very kind of you if you can help me. > > Frank > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/d/optout.
