Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
86835dc6 by Moritz Muehlenhoff at 2025-09-02T09:02:23+02:00
first batch of tensorflow updates
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -35438,7 +35438,8 @@ CVE-2025-0667 (Improper Neutralization of Input During
Web Page Generation (XSS
CVE-2025-0666 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
NOT-FOR-US: BOINC server (src:boinc only covers the client)
CVE-2025-0649 (Incorrect JSON input stringificationin Google's Tensorflow
serving ver ...)
- - tensorflow <itp> (bug #804612)
+ - tensorflow <unfixed>
+ NOTE:
https://github.com/tensorflow/serving/commit/6cb013167d13f2ed3930aabb86dbc2c8c53f5adf
(2.18.0-rc0)
CVE-2024-12120 (The Royal Elementor Addons and Templates plugin for WordPress
is vulne ...)
NOT-FOR-US: WordPress plugin
CVE-2025-27533 (Memory Allocation with Excessive Size Value vulnerability in
Apache Ac ...)
@@ -118280,7 +118281,10 @@ CVE-2023-48396 (Web Authentication vulnerability in
Apache SeaTunnel.Since the j
CVE-2023-38001 (IBM Aspera Orchestrator 4.0.1 is vulnerable to cross-site
request forg ...)
NOT-FOR-US: IBM
CVE-2023-33976 (TensorFlow is an end-to-end open source platform for machine
learning. ...)
- - tensorflow <itp> (bug #804612)
+ - tensorflow <not-affected> (Fixed before initial upload to the archive)
+ NOTE:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gjh7-xx4r-x345
+ NOTE:
https://github.com/tensorflow/tensorflow/commit/6fa05df43b00038b048f4f0e51ef522da6532fec
(2.12.1)
+ NOTE:
https://github.com/tensorflow/tensorflow/commit/915884fdf5df34aaedd00fc6ace33a2cfdefa586
(v2.13.0-rc0)
CVE-2024-7252 (Comodo Internet Security Pro cmdagent Link Following Local
Privilege E ...)
NOT-FOR-US: Comodo
CVE-2024-7251 (Comodo Internet Security Pro cmdagent Link Following Local
Privilege E ...)
@@ -226412,7 +226416,9 @@ CVE-2023-27581 (github-slug-action is a GitHub Action
to expose slug value of Gi
CVE-2023-27580 (CodeIgniter Shield provides authentication and authorization
for the C ...)
- codeigniter <itp> (bug #471583)
CVE-2023-27579 (TensorFlow is an end-to-end open source platform for machine
learning. ...)
- - tensorflow <itp> (bug #804612)
+ - tensorflow <not-affected> (Fixed before initial upload to the archive)
+ NOTE:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5w96-866f-6rm8
+ NOTE:
https://github.com/tensorflow/tensorflow/commit/34f8368c535253f5c9cb3a303297743b62442aaa
(v2.12.0-rc0)
CVE-2023-27578 (Galaxy is an open-source platform for data analysis. All
supported ver ...)
NOT-FOR-US: Galaxy
CVE-2023-27577 (flarum is a forum software package for building communities.
In versio ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86835dc64f71d9db5096c7ece4991f0b9c677f7f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86835dc64f71d9db5096c7ece4991f0b9c677f7f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
