[Git][security-tracker-team/security-tracker][master] more pytorch issues fixed in sid
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon May 18 16:28:05 BST 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9337922e by Moritz Muehlenhoff at 2026-05-18T17:24:30+02:00
more pytorch issues fixed in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -104672,7 +104672,7 @@ CVE-2025-57446 (An issue in O-RAN Near Realtime RIC ric-plt-submgr in the J-Rele
CVE-2025-57317 (apidoc-core is the core parser library to generate apidoc result follo ...)
NOT-FOR-US: apidoc-core
CVE-2025-55560 (An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when ...)
- - pytorch <unfixed> (bug #1116531)
+ - pytorch 2.12.0+dfsg2-1 (bug #1116531)
[trixie] - pytorch <no-dsa> (Minor issue)
[bookworm] - pytorch <no-dsa> (Minor issue)
[bullseye] - pytorch <postponed> (Minor issue)
@@ -104684,7 +104684,7 @@ CVE-2025-55559 (An issue was discovered TensorFlow v2.18.0. A Denial of Service
NOTE: https://github.com/tensorflow/tensorflow/issues/84205
NOTE: Negligible security impact
CVE-2025-55558 (A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consis ...)
- - pytorch <unfixed> (bug #1116532)
+ - pytorch 2.12.0+dfsg2-1 (bug #1116532)
[trixie] - pytorch <no-dsa> (Minor issue)
[bookworm] - pytorch <no-dsa> (Minor issue)
[bullseye] - pytorch <postponed> (Minor issue)
@@ -104693,7 +104693,7 @@ CVE-2025-55558 (A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model
NOTE: https://github.com/pytorch/pytorch/commit/68a7501dabb147d9fe7f343a33e1b91bacd3682b (v2.8.0-rc1)
NOTE: https://github.com/pytorch/pytorch/commit/1eea2c4fe35ffbdcbfccbeb7ac6c3ec02137385d (v2.9.0-rc1)
CVE-2025-55557 (A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of ...)
- - pytorch <unfixed> (bug #1116533)
+ - pytorch 2.12.0+dfsg2-1 (bug #1116533)
[trixie] - pytorch <no-dsa> (Minor issue)
[bookworm] - pytorch <no-dsa> (Minor issue)
[bullseye] - pytorch <postponed> (Minor issue)
@@ -104710,7 +104710,7 @@ CVE-2025-55554 (pytorch v2.8.0 was discovered to contain an integer overflow in
[bullseye] - pytorch <postponed> (Minor issue)
NOTE: https://github.com/pytorch/pytorch/issues/151510
CVE-2025-55553 (A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allo ...)
- - pytorch <unfixed> (bug #1116535)
+ - pytorch 2.12.0+dfsg2-1 (bug #1116535)
[trixie] - pytorch <no-dsa> (Minor issue)
[bookworm] - pytorch <no-dsa> (Minor issue)
[bullseye] - pytorch <postponed> (Minor issue)
@@ -104718,13 +104718,13 @@ CVE-2025-55553 (A syntax error in the component proxy_tensor.py of pytorch v2.7.
NOTE: https://github.com/pytorch/pytorch/pull/154645
NOTE: https://github.com/pytorch/pytorch/commit/f9dc20c7a3409865ff72c02575068edc1797473f (v2.8.0-rc1)
CVE-2025-55552 (pytorch v2.8.0 was discovered to display unexpected behavior when the ...)
- - pytorch <unfixed> (bug #1116536)
+ - pytorch 2.12.0+dfsg2-1 (bug #1116536)
[trixie] - pytorch <no-dsa> (Minor issue)
[bookworm] - pytorch <no-dsa> (Minor issue)
[bullseye] - pytorch <postponed> (Minor issue)
NOTE: https://github.com/pytorch/pytorch/issues/147847
CVE-2025-55551 (An issue in the component torch.linalg.lu of pytorch v2.8.0 allows att ...)
- - pytorch <unfixed> (bug #1116537)
+ - pytorch 2.12.0+dfsg2-1 (bug #1116537)
[trixie] - pytorch <no-dsa> (Minor issue)
[bookworm] - pytorch <no-dsa> (Minor issue)
[bullseye] - pytorch <postponed> (Minor issue)
@@ -104732,7 +104732,7 @@ CVE-2025-55551 (An issue in the component torch.linalg.lu of pytorch v2.8.0 allo
CVE-2025-48707 (An issue was discovered in Stormshield Network Security (SNS) before 5 ...)
NOT-FOR-US: Stormshield Network Security (SNS)
CVE-2025-46153 (PyTorch before 3.7.0 has a bernoulli_p decompose function in decomposi ...)
- - pytorch <unfixed> (bug #1116538)
+ - pytorch 2.12.0+dfsg2-1 (bug #1116538)
[trixie] - pytorch <no-dsa> (Minor issue)
[bookworm] - pytorch <no-dsa> (Minor issue)
[bullseye] - pytorch <postponed> (Minor issue)
@@ -104740,7 +104740,7 @@ CVE-2025-46153 (PyTorch before 3.7.0 has a bernoulli_p decompose function in dec
NOTE: https://github.com/pytorch/pytorch/pull/143460
NOTE: Fixed by: https://github.com/pytorch/pytorch/commit/288aa873831057b1eb7d747914ec4fdc76c23a80 (v2.7.0-rc1)
CVE-2025-46152 (In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output ...)
- - pytorch <unfixed> (bug #1116539)
+ - pytorch 2.12.0+dfsg2-1 (bug #1116539)
[trixie] - pytorch <no-dsa> (Minor issue)
[bookworm] - pytorch <no-dsa> (Minor issue)
[bullseye] - pytorch <postponed> (Minor issue)
@@ -104748,7 +104748,7 @@ CVE-2025-46152 (In PyTorch before 2.7.0, bitwise_right_shift produces incorrect
NOTE: https://github.com/pytorch/pytorch/pull/143635
NOTE: Fixed by: https://github.com/pytorch/pytorch/commit/607884c9afeb29fd230ed2fbadae92377e47dc97 (v2.7.0-rc1)
CVE-2025-46150 (In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool ...)
- - pytorch <unfixed> (bug #1116540)
+ - pytorch 2.12.0+dfsg2-1 (bug #1116540)
[trixie] - pytorch <no-dsa> (Minor issue)
[bookworm] - pytorch <no-dsa> (Minor issue)
[bullseye] - pytorch <postponed> (Minor issue)
@@ -104756,7 +104756,7 @@ CVE-2025-46150 (In PyTorch before 2.7.0, when torch.compile is used, FractionalM
NOTE: https://github.com/pytorch/pytorch/pull/144395
NOTE: Fixed by: https://github.com/pytorch/pytorch/commit/ccc2878c978258ec88f7ec591305ba5b13e06579 (v2.7.0-rc1)
CVE-2025-46149 (In PyTorch before 2.7.0, when inductor is used, nn.Fold has an asserti ...)
- - pytorch <unfixed> (bug #1116541)
+ - pytorch 2.12.0+dfsg2-1 (bug #1116541)
[trixie] - pytorch <no-dsa> (Minor issue)
[bookworm] - pytorch <no-dsa> (Minor issue)
[bullseye] - pytorch <postponed> (Minor issue)
@@ -156661,7 +156661,7 @@ CVE-2025-43703 (An issue was discovered in Ankitects Anki through 25.02. A craft
NOTE: https://github.com/ankitects/anki/pull/3925
NOTE: Issue exists because of an incomplete fix for CVE-2024-32484
CVE-2025-3730 (A vulnerability, which was classified as problematic, was found in PyT ...)
- - pytorch <unfixed> (bug #1103455)
+ - pytorch 2.12.0+dfsg2-1 (bug #1103455)
[trixie] - pytorch <no-dsa> (Minor issue)
[bookworm] - pytorch <no-dsa> (Minor issue)
[bullseye] - pytorch <postponed> (Minor issue; DoS)
@@ -163833,7 +163833,7 @@ CVE-2025-3003 (A vulnerability, which was classified as critical, was found in E
CVE-2025-3002 (A vulnerability, which was classified as critical, has been found in D ...)
NOT-FOR-US: Digital China
CVE-2025-3001 (A vulnerability classified as critical was found in PyTorch 2.6.0. Thi ...)
- - pytorch <unfixed> (bug #1102233)
+ - pytorch 2.12.0+dfsg2-1 (bug #1102233)
[trixie] - pytorch <no-dsa> (Minor issue)
[bookworm] - pytorch <no-dsa> (Minor issue)
[bullseye] - pytorch <postponed> (Minor issue)
@@ -164044,14 +164044,14 @@ CVE-2025-30005 (Xorcom CompletePBX is vulnerable to a path traversal via the Dia
CVE-2025-30004 (Xorcom CompletePBX is vulnerable to command injection in the administr ...)
NOT-FOR-US: Xorcom CompletePBX
CVE-2025-2999 (A vulnerability was found in PyTorch 2.6.0. It has been rated as criti ...)
- - pytorch <unfixed> (bug #1102231)
+ - pytorch 2.12.0+dfsg2-1 (bug #1102231)
[trixie] - pytorch <no-dsa> (Minor issue)
[bookworm] - pytorch <no-dsa> (Minor issue)
[bullseye] - pytorch <postponed> (Minor issue)
NOTE: https://github.com/pytorch/pytorch/issues/149622
NOTE: Fixed by: https://github.com/Nicoshev/pytorch/commit/494518046816d29099b7d056a74ffa5c244fdcdd
CVE-2025-2998 (A vulnerability was found in PyTorch 2.6.0. It has been declared as cr ...)
- - pytorch <unfixed> (bug #1102230)
+ - pytorch 2.12.0+dfsg2-1 (bug #1102230)
[trixie] - pytorch <no-dsa> (Minor issue)
[bookworm] - pytorch <no-dsa> (Minor issue)
[bullseye] - pytorch <postponed> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9337922e6078aeccf691604d46504a5fcd355424
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9337922e6078aeccf691604d46504a5fcd355424
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260518/132a5fb6/attachment.htm>
More information about the debian-security-tracker-commits
mailing list