Regardless, the maintenance release contains fixes for eight vulnerabilities strictly related to LG phones. One is rated as critical, two are rated as high, four are moderate, and the last is low. The fixes will prevent an application that logs personal information to storage from being started without user consent, stop malicious apps from executing arbitrary code, close an exploit that leads to read/write access to kernel memory, and close off other vulnerabilities. LG describes the one critical vulnerability as "most severe," with its possibility of enabling remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files.
The update is yet to go live, and in a sort of unprecedented move, LG's announcement actually precludes Google's official Android security bulletin for January 2017. We reckon the update will be released soon, with announcements by Google and other manufacturers such as Samsung going live as well.
source: LG Security Bulletin