Bump tensorflow from 2.5.0 to 2.5.1
Created by: dependabot[bot]
Bumps tensorflow from 2.5.0 to 2.5.1.
Release notes
Sourced from tensorflow's releases.
TensorFlow 2.5.1
Release 2.5.1
This release introduces several vulnerability fixes:
- Fixes a heap out of bounds access in sparse reduction operations (CVE-2021-37635)
- Fixes a floating point exception in
SparseDenseCwiseDiv
(CVE-2021-37636)- Fixes a null pointer dereference in
CompressElement
(CVE-2021-37637)- Fixes a null pointer dereference in
RaggedTensorToTensor
(CVE-2021-37638)- Fixes a null pointer dereference and a heap OOB read arising from operations restoring tensors (CVE-2021-37639)
- Fixes an integer division by 0 in sparse reshaping (CVE-2021-37640)
- Fixes a division by 0 in
ResourceScatterDiv
(CVE-2021-37642)- Fixes a heap OOB in
RaggedGather
(CVE-2021-37641)- Fixes a
std::abort
raised fromTensorListReserve
(CVE-2021-37644)- Fixes a null pointer dereference in
MatrixDiagPartOp
(CVE-2021-37643)- Fixes an integer overflow due to conversion to unsigned (CVE-2021-37645)
- Fixes a bad allocation error in
StringNGrams
caused by integer conversion (CVE-2021-37646)- Fixes a null pointer dereference in
SparseTensorSliceDataset
(CVE-2021-37647)- Fixes an incorrect validation of
SaveV2
inputs (CVE-2021-37648)- Fixes a null pointer dereference in
UncompressElement
(CVE-2021-37649)- Fixes a segfault and a heap buffer overflow in
{Experimental,}DatasetToTFRecord
(CVE-2021-37650)- Fixes a heap buffer overflow in
FractionalAvgPoolGrad
(CVE-2021-37651)- Fixes a use after free in boosted trees creation (CVE-2021-37652)
- Fixes a division by 0 in
ResourceGather
(CVE-2021-37653)- Fixes a heap OOB and a
CHECK
fail inResourceGather
(CVE-2021-37654)- Fixes a heap OOB in
ResourceScatterUpdate
(CVE-2021-37655)- Fixes an undefined behavior arising from reference binding to nullptr in
RaggedTensorToSparse
(CVE-2021-37656)- Fixes an undefined behavior arising from reference binding to nullptr in
MatrixDiagV*
ops (CVE-2021-37657)- Fixes an undefined behavior arising from reference binding to nullptr in
MatrixSetDiagV*
ops (CVE-2021-37658)- Fixes an undefined behavior arising from reference binding to nullptr and heap OOB in binary cwise ops (CVE-2021-37659)
- Fixes a division by 0 in inplace operations (CVE-2021-37660)
- Fixes a crash caused by integer conversion to unsigned (CVE-2021-37661)
- Fixes an undefined behavior arising from reference binding to nullptr in boosted trees (CVE-2021-37662)
- Fixes a heap OOB in boosted trees (CVE-2021-37664)
- Fixes vulnerabilities arising from incomplete validation in
QuantizeV2
(CVE-2021-37663)- Fixes vulnerabilities arising from incomplete validation in MKL requantization (CVE-2021-37665)
- Fixes an undefined behavior arising from reference binding to nullptr in
RaggedTensorToVariant
(CVE-2021-37666)- Fixes an undefined behavior arising from reference binding to nullptr in unicode encoding (CVE-2021-37667)
- Fixes an FPE in
tf.raw_ops.UnravelIndex
(CVE-2021-37668)- Fixes a crash in NMS ops caused by integer conversion to unsigned (CVE-2021-37669)
- Fixes a heap OOB in
UpperBound
andLowerBound
(CVE-2021-37670)- Fixes an undefined behavior arising from reference binding to nullptr in map operations (CVE-2021-37671)
- Fixes a heap OOB in
SdcaOptimizerV2
(CVE-2021-37672)- Fixes a
CHECK
-fail inMapStage
(CVE-2021-37673)- Fixes a vulnerability arising from incomplete validation in
MaxPoolGrad
(CVE-2021-37674)- Fixes an undefined behavior arising from reference binding to nullptr in shape inference (CVE-2021-37676)
- Fixes a division by 0 in most convolution operators (CVE-2021-37675)
- Fixes vulnerabilities arising from missing validation in shape inference for
Dequantize
(CVE-2021-37677)- Fixes an arbitrary code execution due to YAML deserialization (CVE-2021-37678)
- Fixes a heap OOB in nested
tf.map_fn
withRaggedTensor
s (CVE-2021-37679)
... (truncated)
Changelog
Sourced from tensorflow's changelog.
Release 2.5.1
This release introduces several vulnerability fixes:
- Fixes a heap out of bounds access in sparse reduction operations (CVE-2021-37635)
- Fixes a floating point exception in
SparseDenseCwiseDiv
(CVE-2021-37636)- Fixes a null pointer dereference in
CompressElement
(CVE-2021-37637)- Fixes a null pointer dereference in
RaggedTensorToTensor
(CVE-2021-37638)- Fixes a null pointer dereference and a heap OOB read arising from operations restoring tensors (CVE-2021-37639)
- Fixes an integer division by 0 in sparse reshaping (CVE-2021-37640)
- Fixes a division by 0 in
ResourceScatterDiv
(CVE-2021-37642)- Fixes a heap OOB in
RaggedGather
(CVE-2021-37641)- Fixes a
std::abort
raised fromTensorListReserve
(CVE-2021-37644)- Fixes a null pointer dereference in
MatrixDiagPartOp
(CVE-2021-37643)- Fixes an integer overflow due to conversion to unsigned (CVE-2021-37645)
- Fixes a bad allocation error in
StringNGrams
caused by integer conversion (CVE-2021-37646)- Fixes a null pointer dereference in
SparseTensorSliceDataset
(CVE-2021-37647)- Fixes an incorrect validation of
SaveV2
inputs (CVE-2021-37648)- Fixes a null pointer dereference in
UncompressElement
(CVE-2021-37649)- Fixes a segfault and a heap buffer overflow in
{Experimental,}DatasetToTFRecord
(CVE-2021-37650)- Fixes a heap buffer overflow in
FractionalAvgPoolGrad
(CVE-2021-37651)- Fixes a use after free in boosted trees creation (CVE-2021-37652)
- Fixes a division by 0 in
ResourceGather
(CVE-2021-37653)- Fixes a heap OOB and a
CHECK
fail inResourceGather
(CVE-2021-37654)- Fixes a heap OOB in
ResourceScatterUpdate
(CVE-2021-37655)- Fixes an undefined behavior arising from reference binding to nullptr in
RaggedTensorToSparse
... (truncated)
Commits
-
8222c1c
Merge pull request #51381 from tensorflow/mm-fix-r2.5-build -
d584260
Disable broken/flaky test -
f6c6ce3
Merge pull request #51367 from tensorflow-jenkins/version-numbers-2.5.1-17468 -
3ca7812
Update version numbers to 2.5.1 -
4fdf683
Merge pull request #51361 from tensorflow/mm-update-relnotes-on-r2.5 -
05fc01a
Put CVE numbers for fixes in parentheses -
bee1dc4
Update release notes for the new patch release -
47beb4c
Merge pull request #50597 from kruglov-dmitry/v2.5.0-sync-abseil-cmake-bazel -
6f39597
Merge pull request #49383 from ashahab/abin-load-segfault-r2.5 -
0539b34
Merge pull request #48979 from liufengdb/r2.5-cherrypick - Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebase
will rebase this PR -
@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it -
@dependabot merge
will merge this PR after your CI passes on it -
@dependabot squash and merge
will squash and merge this PR after your CI passes on it -
@dependabot cancel merge
will cancel a previously requested merge and block automerging -
@dependabot reopen
will reopen this PR if it is closed -
@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -
@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language -
@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language -
@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language -
@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.