Cyanogenmod does not seem to be capable of maintaining their external
dependencies with security patches. There are many unpatched flaws,
including the CVE-2014-0107 RCE flaw in Xalan-J. For more details, see:
http://lordtuskington.blogspot.com/2014/10/more-cyanogenmod-flaws-in-dependencies.html
After reading el reg's article regarding a cyanogenmod MITM flaw, I started
looking through the code to see if I could find it. It didn't take long.
This finding was not what users are led to believe by cyanogenmod's blog
post:
http://www.cyanogenmod.org/blog/in-response-to-the-register-mitm-artic
