Bump tensorflow from 2.6.0 to 2.6.1 in /flaskProject #24

dependabot · 2021-11-11T01:19:24Z

Bumps tensorflow from 2.6.0 to 2.6.1.

Release notes

TensorFlow 2.6.1

Release 2.6.1

This release introduces several vulnerability fixes:

Fixes a code injection issue in saved_model_cli (CVE-2021-41228)

Fixes a vulnerability due to use of uninitialized value in Tensorflow (CVE-2021-41225)

Fixes a heap OOB in FusedBatchNorm kernels (CVE-2021-41223)

Fixes an arbitrary memory read in ImmutableConst (CVE-2021-41227)

Fixes a heap OOB in SparseBinCount (CVE-2021-41226)

Fixes a heap OOB in SparseFillEmptyRows (CVE-2021-41224)

Fixes a segfault due to negative splits in SplitV (CVE-2021-41222)

Fixes segfaults and vulnerabilities caused by accesses to invalid memory during shape inference in Cudnn* ops (CVE-2021-41221)

Fixes a null pointer exception when Exit node is not preceded by Enter op (CVE-2021-41217)

Fixes an integer division by 0 in tf.raw_ops.AllToAll (CVE-2021-41218)

Fixes a use after free and a memory leak in CollectiveReduceV2 (CVE-2021-41220)

Fixes an undefined behavior via nullptr reference binding in sparse matrix multiplication (CVE-2021-41219)

Fixes a heap buffer overflow in Transpose (CVE-2021-41216)

Prevents deadlocks arising from mutually recursive tf.function objects (CVE-2021-41213)

Fixes a null pointer exception in DeserializeSparse (CVE-2021-41215)

Fixes an undefined behavior arising from reference binding to nullptr in tf.ragged.cross (CVE-2021-41214)

Fixes a heap OOB read in tf.ragged.cross (CVE-2021-41212)

Fixes a heap OOB in shape inference for QuantizeV2 (CVE-2021-41211)

Fixes a heap OOB read in all tf.raw_ops.QuantizeAndDequantizeV* ops (CVE-2021-41205)

Fixes an FPE in ParallelConcat (CVE-2021-41207)

Fixes FPE issues in convolutions with zero size filters (CVE-2021-41209)

Fixes a heap OOB read in tf.raw_ops.SparseCountSparseOutput (CVE-2021-41210)

Fixes vulnerabilities caused by incomplete validation in boosted trees code (CVE-2021-41208)

Fixes vulnerabilities caused by incomplete validation of shapes in multiple TF ops (CVE-2021-41206)

Fixes a segfault produced while copying constant resource tensor (CVE-2021-41204)

Fixes a vulnerability caused by unitialized access in EinsumHelper::ParseEquation (CVE-2021-41201)

Fixes several vulnerabilities and segfaults caused by missing validation during checkpoint loading (CVE-2021-41203)

Fixes an overflow producing a crash in tf.range (CVE-2021-41202)

Fixes an overflow producing a crash in tf.image.resize when size is large (CVE-2021-41199)

Fixes an overflow producing a crash in tf.tile when tiling tensor is large (CVE-2021-41198)

Fixes a vulnerability produced due to incomplete validation in tf.summary.create_file_writer (CVE-2021-41200)

Fixes multiple crashes due to overflow and CHECK-fail in ops with large tensor shapes (CVE-2021-41197)

Fixes a crash in max_pool3d when size argument is 0 or negative (CVE-2021-41196)

Fixes a crash in tf.math.segment_* operations (CVE-2021-41195)

Updates curl to 7.78.0 to handle CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-22925, and CVE-2021-22926.

Changelog

Sourced from tensorflow's changelog.

Release 2.6.1

This release introduces several vulnerability fixes:

Fixes a code injection issue in saved_model_cli (CVE-2021-41228)

Fixes a vulnerability due to use of uninitialized value in Tensorflow (CVE-2021-41225)

Fixes a heap OOB in FusedBatchNorm kernels (CVE-2021-41223)

Fixes an arbitrary memory read in ImmutableConst (CVE-2021-41227)

Fixes a heap OOB in SparseBinCount (CVE-2021-41226)

Fixes a heap OOB in SparseFillEmptyRows (CVE-2021-41224)

Fixes a segfault due to negative splits in SplitV (CVE-2021-41222)

Fixes segfaults and vulnerabilities caused by accesses to invalid memory during shape inference in Cudnn* ops (CVE-2021-41221)

Fixes a null pointer exception when Exit node is not preceded by Enter op (CVE-2021-41217)

Fixes an integer division by 0 in tf.raw_ops.AllToAll (CVE-2021-41218)

Fixes a use after free and a memory leak in CollectiveReduceV2 (CVE-2021-41220)

Fixes an undefined behavior via nullptr reference binding in sparse matrix multiplication (CVE-2021-41219)

Fixes a heap buffer overflow in Transpose (CVE-2021-41216)

Prevents deadlocks arising from mutually recursive tf.function objects (CVE-2021-41213)

Fixes a null pointer exception in DeserializeSparse (CVE-2021-41215)

Fixes an undefined behavior arising from reference binding to nullptr in tf.ragged.cross (CVE-2021-41214)

Fixes a heap OOB read in tf.ragged.cross (CVE-2021-41212)

Fixes a heap OOB in shape inference for QuantizeV2 (CVE-2021-41211)

Fixes a heap OOB read in all tf.raw_ops.QuantizeAndDequantizeV* ops (CVE-2021-41205)

Fixes an FPE in ParallelConcat (CVE-2021-41207)

Fixes FPE issues in convolutions with zero size filters (CVE-2021-41209)

Fixes a heap OOB read in tf.raw_ops.SparseCountSparseOutput (CVE-2021-41210)

... (truncated)

Commits

3aa40c3 Merge pull request #52889 from tensorflow/fix-build-1-on-r2.6
1a97260 Upper bound tensorflow_estimator to match release
b03a4f1 Merge pull request #52874 from tensorflow-jenkins/relnotes-2.6.1-11115
1067732 Update RELEASE.md
7882f9c Merge pull request #52875 from tensorflow-jenkins/version-numbers-2.6.1-6784
bf0618d Update version numbers to 2.6.1
edf2a35 Insert release notes place-fill
ea77035 Merge pull request #52865 from tensorflow/fix-build-2-on-r2.6
c42e447 Merge pull request #52864 from tensorflow/fix-build-1-on-r2.6
f0258a5 Fix build on tensorflow/core/kernels/boosted_trees/stats_ops.cc
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
@dependabot use these labels will set the current labels as the default for future PRs for this repo and language
@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [tensorflow](https://github.com/tensorflow/tensorflow) from 2.6.0 to 2.6.1. - [Release notes](https://github.com/tensorflow/tensorflow/releases) - [Changelog](https://github.com/tensorflow/tensorflow/blob/master/RELEASE.md) - [Commits](tensorflow/tensorflow@v2.6.0...v2.6.1) --- updated-dependencies: - dependency-name: tensorflow dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot · 2022-01-31T22:28:12Z