[Git][security-tracker-team/security-tracker][master] Add some new pytorch issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Sep 26 20:37:19 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
daa1a061 by Salvatore Bonaccorso at 2025-09-26T21:36:55+02:00
Add some new pytorch issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -254,15 +254,30 @@ CVE-2025-55551 (An issue in the component torch.linalg.lu of pytorch v2.8.0 allo
CVE-2025-48707 (An issue was discovered in Stormshield Network Security (SNS) before 5 ...)
NOT-FOR-US: Stormshield Network Security (SNS)
CVE-2025-46153 (PyTorch before 3.7.0 has a bernoulli_p decompose function in decomposi ...)
- TODO: check
+ - pytorch <unfixed>
+ NOTE: https://github.com/pytorch/pytorch/issues/142853
+ NOTE: https://github.com/pytorch/pytorch/pull/143460
+ NOTE: Fixed by: https://github.com/pytorch/pytorch/commit/288aa873831057b1eb7d747914ec4fdc76c23a80 (v2.7.0-rc1)
CVE-2025-46152 (In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output ...)
- TODO: check
+ - pytorch <unfixed>
+ NOTE: https://github.com/pytorch/pytorch/issues/143555
+ NOTE: https://github.com/pytorch/pytorch/pull/143635
+ NOTE: Fixed by: https://github.com/pytorch/pytorch/commit/607884c9afeb29fd230ed2fbadae92377e47dc97 (v2.7.0-rc1)
CVE-2025-46150 (In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool ...)
- TODO: check
+ - pytorch <unfixed>
+ NOTE: https://github.com/pytorch/pytorch/issues/141538
+ NOTE: https://github.com/pytorch/pytorch/pull/144395
+ NOTE: Fixed by: https://github.com/pytorch/pytorch/commit/ccc2878c978258ec88f7ec591305ba5b13e06579 (v2.7.0-rc1)
CVE-2025-46149 (In PyTorch before 2.7.0, when inductor is used, nn.Fold has an asserti ...)
- TODO: check
+ - pytorch <unfixed>
+ NOTE: https://github.com/pytorch/pytorch/issues/147848
+ NOTE: https://github.com/pytorch/pytorch/pull/147961
+ NOTE: Fixed by: https://github.com/pytorch/pytorch/commit/be830c8b1c496277491bbbdd40a5cb35de17d5fb (v2.7.0-rc1)
CVE-2025-46148 (In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) ...)
- TODO: check
+ - pytorch <unfixed>
+ NOTE: https://github.com/pytorch/pytorch/issues/151198
+ NOTE: https://github.com/pytorch/pytorch/pull/152993
+ NOTE: Fixed by: https://github.com/pytorch/pytorch/commit/e5f869999cf5429e24fbb5c3923a5c795549b9e7 (v2.8.0-rc1)
CVE-2025-43993 (Dell Wireless 5932e and Qualcomm Snapdragon X62 Firmware and GNSS/GPS ...)
NOT-FOR-US: Dell / EMC
CVE-2025-43943 (Dell Cloud Disaster Recovery, version(s) prior to 19.20, contain(s) an ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/daa1a0618872cc035be6b976a182af25f2fe7442
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/daa1a0618872cc035be6b976a182af25f2fe7442
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250926/0ae46aec/attachment.htm>
More information about the debian-security-tracker-commits
mailing list