From ff28cfe18d69657cafcddadff6a36eb040c0cd7d Mon Sep 17 00:00:00 2001 From: Frank Chen <frankchn@google.com> Date: Thu, 31 May 2018 12:38:35 -0700 Subject: [PATCH] Fix links in the TensorFlow Security Advisories PiperOrigin-RevId: 198762795 --- tensorflow/security/advisory/tfsa-2018-001.md | 4 ++-- tensorflow/security/advisory/tfsa-2018-002.md | 2 +- tensorflow/security/advisory/tfsa-2018-003.md | 4 ++-- tensorflow/security/advisory/tfsa-2018-004.md | 2 +- tensorflow/security/advisory/tfsa-2018-005.md | 2 +- tensorflow/security/advisory/tfsa-2018-006.md | 2 +- tensorflow/security/index.md | 12 ++++++------ 7 files changed, 14 insertions(+), 14 deletions(-) diff --git a/tensorflow/security/advisory/tfsa-2018-001.md b/tensorflow/security/advisory/tfsa-2018-001.md index e62757fb5fe..bb97543a219 100644 --- a/tensorflow/security/advisory/tfsa-2018-001.md +++ b/tensorflow/security/advisory/tfsa-2018-001.md @@ -21,8 +21,8 @@ TensorFlow 1.3.0, 1.3.1, 1.4.0, 1.4.1, 1.5.0, 1.5.1, 1.6.0 ### Mitigation -We have patched the vulnerability in GitHub commits -[https://github.com/tensorflow/tensorflow/commit/49f73c55d56edffebde4bca4a407ad69c1cae4333c55](49f73c55). +We have patched the vulnerability in GitHub commit +[49f73c55](https://github.com/tensorflow/tensorflow/commit/49f73c55d56edffebde4bca4a407ad69c1cae4333c55). If users are running TensorFlow in production or on untrusted data, they are encouraged to apply this patch. diff --git a/tensorflow/security/advisory/tfsa-2018-002.md b/tensorflow/security/advisory/tfsa-2018-002.md index baf3fb418e6..fad7fdd40f6 100644 --- a/tensorflow/security/advisory/tfsa-2018-002.md +++ b/tensorflow/security/advisory/tfsa-2018-002.md @@ -21,7 +21,7 @@ TensorFlow 1.0.0, 1.0.1, 1.1.0, 1.2.0, 1.2.1, 1.3.0, 1.3.1, 1 1.4.1, 1.5.0, 1.5. ### Mitigation We have patched the vulnerability in GitHub commit -[https://github.com/tensorflow/tensorflow/commit/c48431588e7cf8aff61d4c299231e3e925144df8](c4843158). +[c4843158](https://github.com/tensorflow/tensorflow/commit/c48431588e7cf8aff61d4c299231e3e925144df8). If users are running TensorFlow in production or on untrusted data, they are encouraged to apply this patch. diff --git a/tensorflow/security/advisory/tfsa-2018-003.md b/tensorflow/security/advisory/tfsa-2018-003.md index e20e358f29f..747d37064c0 100644 --- a/tensorflow/security/advisory/tfsa-2018-003.md +++ b/tensorflow/security/advisory/tfsa-2018-003.md @@ -35,8 +35,8 @@ TensorFlow 1.5.0, 1.5.1, 1.6.0, 1.7.0 ### Mitigation -We have patched the vulnerability in GitHub commits [https://github.com/tensorflow/tensorflow/commit/41335abb46f80ca644b5738550daef6136ba5476](41335abb) and -[https://github.com/tensorflow/tensorflow/commit/41335abb46f80ca644b5738550daef6136ba5476](41335abb) and +We have patched the vulnerability in GitHub commits [41335abb](https://github.com/tensorflow/tensorflow/commit/41335abb46f80ca644b5738550daef6136ba5476) and +[8badd11d](https://github.com/tensorflow/tensorflow/commit/8badd11d875a826bd318ed439909d5c47a7fb811). If users are running the TensorFlow TFLite TOCO compiler in production or on untrusted data, they are encouraged to apply this patch. diff --git a/tensorflow/security/advisory/tfsa-2018-004.md b/tensorflow/security/advisory/tfsa-2018-004.md index d1722472882..3af28defa13 100644 --- a/tensorflow/security/advisory/tfsa-2018-004.md +++ b/tensorflow/security/advisory/tfsa-2018-004.md @@ -22,7 +22,7 @@ TensorFlow 1.0.0, 1.0.1, 1.1.0, 1.2.0, 1.2.1, 1.3.0, 1.3.1, 1.4.0, 1.4.1, 1.5.0, ### Mitigation We have patched the vulnerability in GitHub commit -[https://github.com/tensorflow/tensorflow/commit/d107fee1e4a9a4462f01564798d345802acc2aef](d107fee1). +[d107fee1](https://github.com/tensorflow/tensorflow/commit/d107fee1e4a9a4462f01564798d345802acc2aef). If users are running TensorFlow on untrusted meta checkpoints, such as those downloaded from the Internet, in production or on untrusted data, they are encouraged to apply this patch. diff --git a/tensorflow/security/advisory/tfsa-2018-005.md b/tensorflow/security/advisory/tfsa-2018-005.md index 1c91567db59..c0f339fd976 100644 --- a/tensorflow/security/advisory/tfsa-2018-005.md +++ b/tensorflow/security/advisory/tfsa-2018-005.md @@ -22,7 +22,7 @@ TensorFlow 1.1.0, 1.2.0, 1.2.1, 1.3.0, 1.3.1, 1.4.0, 1.4.1, 1.5.0, 1.5.1, 1.6.0, ### Mitigation We have patched the vulnerability in GitHub commit -[https://github.com/tensorflow/tensorflow/commit/dfa9921e6343727b05f42f8d4a918b19528ff994](dfa9921e) +[dfa9921e](https://github.com/tensorflow/tensorflow/commit/dfa9921e6343727b05f42f8d4a918b19528ff994) by upgrading the version of the snappy library used by TensorFlow to v1.1.7. If users are loading untrusted checkpoints in TensorFlow, we encourage users to diff --git a/tensorflow/security/advisory/tfsa-2018-006.md b/tensorflow/security/advisory/tfsa-2018-006.md index a1d1a9f3d1a..17f514d8d2b 100644 --- a/tensorflow/security/advisory/tfsa-2018-006.md +++ b/tensorflow/security/advisory/tfsa-2018-006.md @@ -21,7 +21,7 @@ TensorFlow 1.1.0, 1.2.0, 1.2.1, 1.3.0, 1.3.1, 1.4.0, 1.4.1, 1.5.0, 1.5.1, 1.6.0, ### Mitigation We have patched the vulnerability in GitHub commit -[https://github.com/tensorflow/tensorflow/commit/c89ab82a82585cdaa90bf4911980e9e845909e78](c89ab82a). +[c89ab82a](https://github.com/tensorflow/tensorflow/commit/c89ab82a82585cdaa90bf4911980e9e845909e78). If users are loading untrusted configurations in TensorFlow, we encourage users to apply the patch to upgrade snappy or upgrade the version of TensorFlow they diff --git a/tensorflow/security/index.md b/tensorflow/security/index.md index c1f9f1da746..44f51ad07b1 100644 --- a/tensorflow/security/index.md +++ b/tensorflow/security/index.md @@ -8,11 +8,11 @@ in [https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md](SECURITY.m | Advisory Number | Type | Versions affected | Reported by | Additional Information | |-----------------|--------------------|:-----------------:|-----------------------|-----------------------------| -| TFSA-2018-006 | Crafted Configuration File results in Invalid Memory Access | <= 1.7 | Blade Team of Tencent | | -| TFSA-2018-005 | Old Snappy Library Usage Resulting in Memcpy Parameter Overlap | <= 1.7 | Blade Team of Tencent | | -| TFSA-2018-004 | Checkpoint Meta File Out-of-Bounds Read | <= 1.7 | Blade Team of Tencent | | -| TFSA-2018-003 | TensorFlow Lite TOCO FlatBuffer Parsing Vulnerability | <= 1.7 | Blade Team of Tencent | | -| TFSA-2018-002 | GIF File Parsing Null Pointer Dereference Error | <= 1.5 | Blade Team of Tencent | | -| TFSA-2018-001 | BMP File Parser Out-of-bounds Read | <= 1.6 | Blade Team of Tencent | | +| [TFSA-2018-006](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-006.md) | Crafted Configuration File results in Invalid Memory Access | <= 1.7 | Blade Team of Tencent | | +| [TFSA-2018-005](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-005.md) | Old Snappy Library Usage Resulting in Memcpy Parameter Overlap | <= 1.7 | Blade Team of Tencent | | +| [TFSA-2018-004](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-004.md) | Checkpoint Meta File Out-of-Bounds Read | <= 1.7 | Blade Team of Tencent | | +| [TFSA-2018-003](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-003.md) | TensorFlow Lite TOCO FlatBuffer Parsing Vulnerability | <= 1.7 | Blade Team of Tencent | | +| [TFSA-2018-002](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-002.md) | GIF File Parsing Null Pointer Dereference Error | <= 1.5 | Blade Team of Tencent | | +| [TFSA-2018-001](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-001.md) | BMP File Parser Out-of-bounds Read | <= 1.6 | Blade Team of Tencent | | | - | Out Of Bounds Read | <=1.4 | Blade Team of Tencent | [issue report](https://github.com/tensorflow/tensorflow/issues/14959) |