Posted by Lord Tuskington on Oct 19

Cyanogenmod does not seem to be capable of maintaining their external
dependencies with security patches. There are many unpatched flaws,
including the CVE-2014-0107 RCE flaw in Xalan-J. For more details, see:

http://lordtuskington.blogspot.com/2014/10/more-cyanogenmod-flaws-in-dependencies.html

Lord Tuskington
Chief Financial Pinniped
TuskCorp