Skip to content

Commit 2743ff9

Browse files
mihaimaruseacmihaimaruseac
committed
Update release notes with the security updates.
1 parent a10858d commit 2743ff9

1 file changed

Lines changed: 62 additions & 0 deletions

File tree

RELEASE.md

Lines changed: 62 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -112,6 +112,68 @@
112112
* `tf.image.crop_and_resize` gradient w.r.t. either `image` or `boxes`. See PR [48905](https://github.com/tensorflow/tensorflow/pull/48905).
113113
* `tf.sparse.sparse_dense_matmul` forwards. See PR [50355](https://github.com/tensorflow/tensorflow/pull/50355).
114114

115+
## Security
116+
117+
* Fixes a heap out of bounds access in sparse reduction operations [CVE-2021-37635](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37635)
118+
* Fixes a floating point exception in `SparseDenseCwiseDiv` [CVE-2021-37636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37636)
119+
* Fixes a null pointer dereference in `CompressElement` [CVE-2021-37637](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37637)
120+
* Fixes a null pointer dereference in `RaggedTensorToTensor` [CVE-2021-37638](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37638)
121+
* Fixes a null pointer dereference and a heap OOB read arising from operations restoring tensors [CVE-2021-37639](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37639)
122+
* Fixes an integer division by 0 in sparse reshaping [CVE-2021-37640](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37640)
123+
* Fixes a division by 0 in `ResourceScatterDiv` [CVE-2021-37642](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37642)
124+
* Fixes a heap OOB in `RaggedGather` [CVE-2021-37641](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37641)
125+
* Fixes a `std::abort` raised from `TensorListReserve` [CVE-2021-37644](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37644)
126+
* Fixes a null pointer dereference in `MatrixDiagPartOp` [CVE-2021-37643](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37643)
127+
* Fixes an integer overflow due to conversion to unsigned [CVE-2021-37645](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37645)
128+
* Fixes a bad allocation error in `StringNGrams` caused by integer conversion [CVE-2021-37646](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37646)
129+
* Fixes a null pointer dereference in `SparseTensorSliceDataset` [CVE-2021-37647](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37647)
130+
* Fixes an incorrect validation of `SaveV2` inputs [CVE-2021-37648](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37648)
131+
* Fixes a null pointer dereference in `UncompressElement` [CVE-2021-37649](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37649)
132+
* Fixes a segfault and a heap buffer overflow in `{Experimental,}DatasetToTFRecord` [CVE-2021-37650](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37650)
133+
* Fixes a heap buffer overflow in `FractionalAvgPoolGrad` [CVE-2021-37651](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37651)
134+
* Fixes a use after free in boosted trees creation [CVE-2021-37652](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37652)
135+
* Fixes a division by 0 in `ResourceGather` [CVE-2021-37653](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37653)
136+
* Fixes a heap OOB and a `CHECK` fail in `ResourceGather` [CVE-2021-37654](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37654)
137+
* Fixes a heap OOB in `ResourceScatterUpdate` [CVE-2021-37655](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37655)
138+
* Fixes an undefined behavior arising from reference binding to nullptr in `RaggedTensorToSparse` [CVE-2021-37656](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37656)
139+
* Fixes an undefined behavior arising from reference binding to nullptr in `MatrixDiagV*` ops [CVE-2021-37657](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37657)
140+
* Fixes an undefined behavior arising from reference binding to nullptr in `MatrixSetDiagV*` ops [CVE-2021-37658](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37658)
141+
* Fixes an undefined behavior arising from reference binding to nullptr and heap OOB in binary cwise ops [CVE-2021-37659](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37659)
142+
* Fixes a division by 0 in inplace operations [CVE-2021-37660](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37660)
143+
* Fixes a crash caused by integer conversion to unsigned [CVE-2021-37661](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37661)
144+
* Fixes an undefined behavior arising from reference binding to nullptr in boosted trees [CVE-2021-37662](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37662)
145+
* Fixes a heap OOB in boosted trees [CVE-2021-37664](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37664)
146+
* Fixes vulnerabilities arising from incomplete validation in `QuantizeV2` [CVE-2021-37663](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37663)
147+
* Fixes vulnerabilities arising from incomplete validation in MKL requantization [CVE-2021-37665](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37665)
148+
* Fixes an undefined behavior arising from reference binding to nullptr in `RaggedTensorToVariant` [CVE-2021-37666](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37666)
149+
* Fixes an undefined behavior arising from reference binding to nullptr in unicode encoding [CVE-2021-37667](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37667)
150+
* Fixes an FPE in `tf.raw_ops.UnravelIndex` [CVE-2021-37668](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37668)
151+
* Fixes a crash in NMS ops caused by integer conversion to unsigned [CVE-2021-37669](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37669)
152+
* Fixes a heap OOB in `UpperBound` and `LowerBound` [CVE-2021-37670](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37670)
153+
* Fixes an undefined behavior arising from reference binding to nullptr in map operations [CVE-2021-37671](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37671)
154+
* Fixes a heap OOB in `SdcaOptimizerV2` [CVE-2021-37672](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37672)
155+
* Fixes a `CHECK`-fail in `MapStage` [CVE-2021-37673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37673)
156+
* Fixes a vulnerability arising from incomplete validation in `MaxPoolGrad` [CVE-2021-37674](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37674)
157+
* Fixes an undefined behavior arising from reference binding to nullptr in shape inference [CVE-2021-37676](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37676)
158+
* Fixes a division by 0 in most convolution operators [CVE-2021-37675](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37675)
159+
* Fixes vulnerabilities arising from missing validation in shape inference for `Dequantize` [CVE-2021-37677](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37677)
160+
* Fixes an arbitrary code execution due to YAML deserialization [CVE-2021-37678](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37678)
161+
* Fixes a heap OOB in nested `tf.map_fn` with `RaggedTensor`s [CVE-2021-37679](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37679)
162+
* Fixes a division by zero in TFLite [CVE-2021-37680](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37680)
163+
* Fixes an NPE in TFLite [CVE-2021-37681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37681)
164+
* Fixes a vulnerability arising from use of unitialized value in TFLite [CVE-2021-37682](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37682)
165+
* Fixes an FPE in TFLite division operations [CVE-2021-37683](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37683)
166+
* Fixes an FPE in TFLite pooling operations [CVE-2021-37684](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37684)
167+
* Fixes an infinite loop in TFLite [CVE-2021-37686](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37686)
168+
* Fixes a heap OOB in TFLite [CVE-2021-37685](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37685)
169+
* Fixes a heap OOB in TFLite's `Gather*` implementations [CVE-2021-37687](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37687)
170+
* Fixes an undefined behavior arising from null pointer dereference in TFLite [CVE-2021-37688](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37688)
171+
* Fixes an undefined behavior arising from null pointer dereference in TFLite MLIR optimizations [CVE-2021-37689](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37689)
172+
* Fixes a FPE in LSH in TFLite [CVE-2021-37691](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37691)
173+
* Fixes a segfault on strings tensors with mismatched dimensions, arising in Go code [CVE-2021-37692](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37692)
174+
* Fixes a use after free and a potential segfault in shape inference functions [CVE-2021-37690](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37690)
175+
* Updates `curl` to `7.77.0` to handle [CVE-2021-22876](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22876), [CVE-2021-22897](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22897), [CVE-2021-22898](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22898), and [CVE-2021-22901](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22901).
176+
115177
## Thanks to our Contributors
116178

117179
This release contains contributions from many people at Google, as well as:

0 commit comments

Comments
 (0)