CVE-2015-6616... As far as I can tell this problem applies only to Lollipop and Marshmallow releases before January 2016, so it shouldn't apply to KitKat or the latest Lollipop build? Don't know why your tool reports it as open... CVE-2015-3636 is not fixed, but the patch applies cleanly to my tree, so expect to find it in the next build. CVE-2014-3153 is already fixed. CVE-2013-6282 is already fixed as well. Don't know why your tool reports these vulnerabilities as open?