more complete ADB UAF fix

Author: thestinger

static/releases.html

@@ -580,6 +580,7 @@ <h3><a href="#2025040700">2025040700</a></h3>
                         <li>rebased onto BP1A.250405.007.D1 Android Open Source Project release</li>
                         <li>remove code for Qualcomm XTRA (PSDS) privacy improvements since we no longer have any devices with Qualcomm GNSS and we can add it back in the future if we need it again rather than porting it forward under the assumption we'll be using it</li>
                         <li>fix upstream RecoverySystem.verifyPackage(...) vulnerability (this was not directly exploitable due to there being 2 layers of update package signature verification and downgrade protection, but the first layer of protection should work properly to avoid a vulnerability in the 2nd layer being exploited)</li>
+                        <li>Android Debug Bridge: more complete fix for upstream use-after-free bug for network-based connections which is being caught by our always enabled hardware memory tagging support for the base OS in hardened_malloc</li>
                         <li>kernel (6.1): update to latest GKI LTS branch revision</li>
                         <li>kernel (6.6): update to latest GKI LTS branch revision including update to 6.6.83</li>
                         <li>Seedvault: update to 15-5.5 (will be replaced with a better backup implementation in the future)</li>