experiments/STT-tensorflow
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix links in the TensorFlow Security Advisories

Browse Source 
PiperOrigin-RevId: 198762795
This commit is contained in:
Frank Chen 2018-05-31 12:38:35 -07:00 committed by TensorFlower Gardener
parent 519189837b
commit ff28cfe18d
7 changed files with 14 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
tensorflow/security/advisory/tfsa-2018-001.md
View File

@ -21,8 +21,8 @@ TensorFlow 1.3.0, 1.3.1, 1.4.0, 1.4.1, 1.5.0, 1.5.1, 1.6.0
### Mitigation ### Mitigation
We have patched the vulnerability in GitHub commits We have patched the vulnerability in GitHub commit
[https://github.com/tensorflow/tensorflow/commit/49f73c55d56edffebde4bca4a407ad69c1cae4333c55](49f73c55). [49f73c55](https://github.com/tensorflow/tensorflow/commit/49f73c55d56edffebde4bca4a407ad69c1cae4333c55).
If users are running TensorFlow in production or on untrusted data, they are If users are running TensorFlow in production or on untrusted data, they are
encouraged to apply this patch. encouraged to apply this patch.

2
tensorflow/security/advisory/tfsa-2018-002.md
View File

@ -21,7 +21,7 @@ TensorFlow 1.0.0, 1.0.1, 1.1.0, 1.2.0, 1.2.1, 1.3.0, 1.3.1, 1 1.4.1, 1.5.0, 1.5.
### Mitigation ### Mitigation
We have patched the vulnerability in GitHub commit We have patched the vulnerability in GitHub commit
[https://github.com/tensorflow/tensorflow/commit/c48431588e7cf8aff61d4c299231e3e925144df8](c4843158). [c4843158](https://github.com/tensorflow/tensorflow/commit/c48431588e7cf8aff61d4c299231e3e925144df8).
If users are running TensorFlow in production or on untrusted data, they are If users are running TensorFlow in production or on untrusted data, they are
encouraged to apply this patch. encouraged to apply this patch.

4
tensorflow/security/advisory/tfsa-2018-003.md
View File

@ -35,8 +35,8 @@ TensorFlow 1.5.0, 1.5.1, 1.6.0, 1.7.0
### Mitigation ### Mitigation
We have patched the vulnerability in GitHub commits [https://github.com/tensorflow/tensorflow/commit/41335abb46f80ca644b5738550daef6136ba5476](41335abb) and We have patched the vulnerability in GitHub commits [41335abb](https://github.com/tensorflow/tensorflow/commit/41335abb46f80ca644b5738550daef6136ba5476) and
[https://github.com/tensorflow/tensorflow/commit/41335abb46f80ca644b5738550daef6136ba5476](41335abb) and [8badd11d](https://github.com/tensorflow/tensorflow/commit/8badd11d875a826bd318ed439909d5c47a7fb811).
If users are running the TensorFlow TFLite TOCO compiler in production or on If users are running the TensorFlow TFLite TOCO compiler in production or on
untrusted data, they are encouraged to apply this patch. untrusted data, they are encouraged to apply this patch.

2
tensorflow/security/advisory/tfsa-2018-004.md
View File

@ -22,7 +22,7 @@ TensorFlow 1.0.0, 1.0.1, 1.1.0, 1.2.0, 1.2.1, 1.3.0, 1.3.1, 1.4.0, 1.4.1, 1.5.0,
### Mitigation ### Mitigation
We have patched the vulnerability in GitHub commit We have patched the vulnerability in GitHub commit
[https://github.com/tensorflow/tensorflow/commit/d107fee1e4a9a4462f01564798d345802acc2aef](d107fee1). [d107fee1](https://github.com/tensorflow/tensorflow/commit/d107fee1e4a9a4462f01564798d345802acc2aef).
If users are running TensorFlow on untrusted meta checkpoints, such as those If users are running TensorFlow on untrusted meta checkpoints, such as those
downloaded from the Internet, in production or on untrusted data, they are downloaded from the Internet, in production or on untrusted data, they are
encouraged to apply this patch. encouraged to apply this patch.

2
tensorflow/security/advisory/tfsa-2018-005.md
View File

@ -22,7 +22,7 @@ TensorFlow 1.1.0, 1.2.0, 1.2.1, 1.3.0, 1.3.1, 1.4.0, 1.4.1, 1.5.0, 1.5.1, 1.6.0,
### Mitigation ### Mitigation
We have patched the vulnerability in GitHub commit We have patched the vulnerability in GitHub commit
[https://github.com/tensorflow/tensorflow/commit/dfa9921e6343727b05f42f8d4a918b19528ff994](dfa9921e) [dfa9921e](https://github.com/tensorflow/tensorflow/commit/dfa9921e6343727b05f42f8d4a918b19528ff994)
by upgrading the version of the snappy library used by TensorFlow to v1.1.7. by upgrading the version of the snappy library used by TensorFlow to v1.1.7.
If users are loading untrusted checkpoints in TensorFlow, we encourage users to If users are loading untrusted checkpoints in TensorFlow, we encourage users to

2
tensorflow/security/advisory/tfsa-2018-006.md
View File

@ -21,7 +21,7 @@ TensorFlow 1.1.0, 1.2.0, 1.2.1, 1.3.0, 1.3.1, 1.4.0, 1.4.1, 1.5.0, 1.5.1, 1.6.0,
### Mitigation ### Mitigation
We have patched the vulnerability in GitHub commit We have patched the vulnerability in GitHub commit
[https://github.com/tensorflow/tensorflow/commit/c89ab82a82585cdaa90bf4911980e9e845909e78](c89ab82a). [c89ab82a](https://github.com/tensorflow/tensorflow/commit/c89ab82a82585cdaa90bf4911980e9e845909e78).
If users are loading untrusted configurations in TensorFlow, we encourage users If users are loading untrusted configurations in TensorFlow, we encourage users
to apply the patch to upgrade snappy or upgrade the version of TensorFlow they to apply the patch to upgrade snappy or upgrade the version of TensorFlow they

12
tensorflow/security/index.md
View File

@ -8,11 +8,11 @@ in [https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md](SECURITY.m
| Advisory Number | Type | Versions affected | Reported by | Additional Information | | Advisory Number | Type | Versions affected | Reported by | Additional Information |
|-----------------|--------------------|:-----------------:|-----------------------|-----------------------------| |-----------------|--------------------|:-----------------:|-----------------------|-----------------------------|
| TFSA-2018-006 | Crafted Configuration File results in Invalid Memory Access | <= 1.7 | Blade Team of Tencent | | | [TFSA-2018-006](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-006.md) | Crafted Configuration File results in Invalid Memory Access | <= 1.7 | Blade Team of Tencent | |
| TFSA-2018-005 | Old Snappy Library Usage Resulting in Memcpy Parameter Overlap | <= 1.7 | Blade Team of Tencent | | | [TFSA-2018-005](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-005.md) | Old Snappy Library Usage Resulting in Memcpy Parameter Overlap | <= 1.7 | Blade Team of Tencent | |
| TFSA-2018-004 | Checkpoint Meta File Out-of-Bounds Read | <= 1.7 | Blade Team of Tencent | | | [TFSA-2018-004](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-004.md) | Checkpoint Meta File Out-of-Bounds Read | <= 1.7 | Blade Team of Tencent | |
| TFSA-2018-003 | TensorFlow Lite TOCO FlatBuffer Parsing Vulnerability | <= 1.7 | Blade Team of Tencent | | | [TFSA-2018-003](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-003.md) | TensorFlow Lite TOCO FlatBuffer Parsing Vulnerability | <= 1.7 | Blade Team of Tencent | |
| TFSA-2018-002 | GIF File Parsing Null Pointer Dereference Error | <= 1.5 | Blade Team of Tencent | | | [TFSA-2018-002](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-002.md) | GIF File Parsing Null Pointer Dereference Error | <= 1.5 | Blade Team of Tencent | |
| TFSA-2018-001 | BMP File Parser Out-of-bounds Read | <= 1.6 | Blade Team of Tencent | | | [TFSA-2018-001](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-001.md) | BMP File Parser Out-of-bounds Read | <= 1.6 | Blade Team of Tencent | |
| - | Out Of Bounds Read | <=1.4 | Blade Team of Tencent | [issue report](https://github.com/tensorflow/tensorflow/issues/14959) | | - | Out Of Bounds Read | <=1.4 | Blade Team of Tencent | [issue report](https://github.com/tensorflow/tensorflow/issues/14959) |