[Git][security-tracker-team/security-tracker][master] first batch of tensorflow updates

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
86835dc6 by Moritz Muehlenhoff at 2025-09-02T09:02:23+02:00
first batch of tensorflow updates

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -35438,7 +35438,8 @@ CVE-2025-0667 (Improper Neutralization of Input During Web Page Generation (XSS
 CVE-2025-0666 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
 	NOT-FOR-US: BOINC server (src:boinc only covers the client)
 CVE-2025-0649 (Incorrect JSON input stringificationin Google's Tensorflow serving ver ...)
-	- tensorflow <itp> (bug #804612)
+	- tensorflow <unfixed>
+	NOTE: https://github.com/tensorflow/serving/commit/6cb013167d13f2ed3930aabb86dbc2c8c53f5adf (2.18.0-rc0)
 CVE-2024-12120 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-27533 (Memory Allocation with Excessive Size Value vulnerability in Apache Ac ...)
@@ -118280,7 +118281,10 @@ CVE-2023-48396 (Web Authentication vulnerability in Apache SeaTunnel.Since the j
 CVE-2023-38001 (IBM Aspera Orchestrator 4.0.1 is vulnerable to cross-site request forg ...)
 	NOT-FOR-US: IBM
 CVE-2023-33976 (TensorFlow is an end-to-end open source platform for machine learning. ...)
-	- tensorflow <itp> (bug #804612)
+	- tensorflow <not-affected> (Fixed before initial upload to the archive)
+	NOTE: https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gjh7-xx4r-x345
+	NOTE: https://github.com/tensorflow/tensorflow/commit/6fa05df43b00038b048f4f0e51ef522da6532fec (2.12.1)
+	NOTE: https://github.com/tensorflow/tensorflow/commit/915884fdf5df34aaedd00fc6ace33a2cfdefa586 (v2.13.0-rc0)
 CVE-2024-7252 (Comodo Internet Security Pro cmdagent Link Following Local Privilege E ...)
 	NOT-FOR-US: Comodo
 CVE-2024-7251 (Comodo Internet Security Pro cmdagent Link Following Local Privilege E ...)
@@ -226412,7 +226416,9 @@ CVE-2023-27581 (github-slug-action is a GitHub Action to expose slug value of Gi
 CVE-2023-27580 (CodeIgniter Shield provides authentication and authorization for the C ...)
 	- codeigniter <itp> (bug #471583)
 CVE-2023-27579 (TensorFlow is an end-to-end open source platform for machine learning. ...)
-	- tensorflow <itp> (bug #804612)
+	- tensorflow <not-affected> (Fixed before initial upload to the archive)
+	NOTE: https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5w96-866f-6rm8
+	NOTE: https://github.com/tensorflow/tensorflow/commit/34f8368c535253f5c9cb3a303297743b62442aaa (v2.12.0-rc0)
 CVE-2023-27578 (Galaxy is an open-source platform for data analysis. All supported ver ...)
 	NOT-FOR-US: Galaxy
 CVE-2023-27577 (flarum is a forum software package for building communities. In versio ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86835dc64f71d9db5096c7ece4991f0b9c677f7f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86835dc64f71d9db5096c7ece4991f0b9c677f7f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250902/0f8d107e/attachment.htm>