aglinxinyuan opened a new issue, #6218:
URL: https://github.com/apache/texera/issues/6218

   ### Task Summary
   
   Dependabot flags `torch` in 
[`amber/operator-requirements.txt`](https://github.com/apache/texera/blob/main/amber/operator-requirements.txt)
 for **CVE-2025-3000** / 
[GHSA-rrmf-rvhw-rf47](https://github.com/advisories/GHSA-rrmf-rvhw-rf47) — a 
`torch.jit.script` memory-corruption (segfault when compiling a scripted class 
with a list attribute). CVSS 5.3, `AV:L/AC:L/PR:L`, affected range `<= 2.12.0`, 
**no upstream patched version**.
   
   Only the **non-Linux** pin is inside the affected range; the Linux x86_64 
pin is already safe:
   
   | Platform | Current pin | In `<= 2.12.0` range? |
   | --- | --- | --- |
   | Linux x86_64 | `2.12.1+cpu` | No — already out of range |
   | macOS / Windows / other | `2.12.0` | **Yes — flagged** |
   
   Because the advisory's upper bound is `2.12.0`, moving to `2.12.1` clears 
the alert even though GitHub records no "patched" version — that's exactly why 
the Linux line (`2.12.1+cpu`) is not flagged.
   
   ### Proposed fix
   
   Bump the non-Linux pin `2.12.0 → 2.12.1`, aligning it with the Linux line:
   
   ```
   Before:  non-Linux  torch==2.12.0   -> in CVE-2025-3000 range -> Dependabot 
alert
   After:   non-Linux  torch==2.12.1   -> out of range          -> alert cleared
   ```
   
   - `2.12.1` ships the same cp312 wheel matrix as `2.12.0` (`win_amd64`, 
`macosx_*_arm64`), so platform coverage is unchanged — a patch-level move 
within the same release series.
   - 
[`amber/LICENSE-binary-python`](https://github.com/apache/texera/blob/main/amber/LICENSE-binary-python)
 already records `torch==2.12.1` (generated from the Linux resolution), so 
there is **no license-binary drift**.
   
   ### Reachability / risk
   
   `torch.jit.script` is **never called** in Texera. `torch` is only a 
transitive runtime dependency of `transformers` (the HuggingFace operators); no 
Python module imports `torch` directly. The advisory further requires a local 
attacker who authors the scripted class. The vulnerable path is therefore 
unreachable — this bump is dependency hygiene to clear the Dependabot alert, 
not a fix for a reachable exploit.
   
   ### Task Type
   
   - [x] DevOps / Deployment / CI
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to