Google RC29 and RC30 updates for the Google Android T-Mobile G1 cam out under a dubious cloud of mystery, but gave a general view of what the updates did for the G1. Now however, if you are a G1-er and interested, the Google Android Security Team has explains the updates themselves.
The RC29 fixed the issue that potentially allowed malicious websites take over the browser, but also apparently fixed 2 other bugs, a universal cross-site scripting problem which also could give control over the browser, and an exploit which let people Android’s locking mechanism.
The RC30 update fixed the reboot issue but also 2 bugs which were related to the Webkit, which again would allow someone to take command of the browser and also gain access to the T-Mobile G1’s memory to gain online privileges and read cookies. However, Google states they will wait until all G1-ers have access to the updates before releasing all the details.
Source — talkandroid