Earlier this week, we were noticed that an USSD vulnerability was discovered in Android. After doing a bit of research, we came to understand the nature of the vulnerability: intents can basically dial a number and start a call without asking confirmation to the user. That could seem harmless at first sight, but it turns out it also works with USSD codes, and some of them are very powerful. This is mostly the case of vendor-specific USSD codes (that are not included in Replicant), which could erase the phone's user data.
What's also problematic about this is that web pages can trigger such intents
(through an iframe with the tel: prefix for instance).
Since this vulnerability was present in our Replicant images (although the
damage was reduced as we don't include vendor-specific USSD codes), we decided
to include the fix in our code base and release new images. That's nearly the
only new feature of these images (Galaxy S also got a nasty graphic bug
fixed).
You can download the images from the ReplicantImages page and find installation instructions as well as build guides on the Replicant wiki.