mhn10 / edge-analytics-dashboard

A end to end system for running machine learning models on the edge through ARM platforms. Written in React JS, Node JS, Go, Python and implementing Gossip protocol.
https://mhn10.github.io/edge-analytics-dashboard/.
MIT License
2 stars 4 forks source link

Bump tensorflow-gpu from 1.9.0+nv18.8 to 2.5.3 in /Nvidia_Jetson_Codebase/Others/v1 #76

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 2 years ago

Bumps tensorflow-gpu from 1.9.0+nv18.8 to 2.5.3.

Release notes

Sourced from tensorflow-gpu's releases.

TensorFlow 2.5.3

Release 2.5.3

Note: This is the last release in the 2.5 series.

This releases introduces several vulnerability fixes:

  • Fixes a floating point division by 0 when executing convolution operators (CVE-2022-21725)
  • Fixes a heap OOB read in shape inference for ReverseSequence (CVE-2022-21728)
  • Fixes a heap OOB access in Dequantize (CVE-2022-21726)
  • Fixes an integer overflow in shape inference for Dequantize (CVE-2022-21727)
  • Fixes a heap OOB access in FractionalAvgPoolGrad (CVE-2022-21730)
  • Fixes an overflow and divide by zero in UnravelIndex (CVE-2022-21729)
  • Fixes a type confusion in shape inference for ConcatV2 (CVE-2022-21731)
  • Fixes an OOM in ThreadPoolHandle (CVE-2022-21732)
  • Fixes an OOM due to integer overflow in StringNGrams (CVE-2022-21733)
  • Fixes more issues caused by incomplete validation in boosted trees code (CVE-2021-41208)
  • Fixes an integer overflows in most sparse component-wise ops (CVE-2022-23567)
  • Fixes an integer overflows in AddManySparseToTensorsMap (CVE-2022-23568)
  • Fixes a number of CHECK-failures in MapStage (CVE-2022-21734)
  • Fixes a division by zero in FractionalMaxPool (CVE-2022-21735)
  • Fixes a number of CHECK-fails when building invalid/overflowing tensor shapes (CVE-2022-23569)
  • Fixes an undefined behavior in SparseTensorSliceDataset (CVE-2022-21736)
  • Fixes an assertion failure based denial of service via faulty bin count operations (CVE-2022-21737)
  • Fixes a reference binding to null pointer in QuantizedMaxPool (CVE-2022-21739)
  • Fixes an integer overflow leading to crash in SparseCountSparseOutput (CVE-2022-21738)
  • Fixes a heap overflow in SparseCountSparseOutput (CVE-2022-21740)
  • Fixes an FPE in BiasAndClamp in TFLite (CVE-2022-23557)
  • Fixes an FPE in depthwise convolutions in TFLite (CVE-2022-21741)
  • Fixes an integer overflow in TFLite array creation (CVE-2022-23558)
  • Fixes an integer overflow in TFLite (CVE-2022-23559)
  • Fixes a dangerous OOB write in TFLite (CVE-2022-23561)
  • Fixes a vulnerability leading to read and write outside of bounds in TFLite (CVE-2022-23560)
  • Fixes a set of vulnerabilities caused by using insecure temporary files (CVE-2022-23563)
  • Fixes an integer overflow in Range resulting in undefined behavior and OOM (CVE-2022-23562)
  • Fixes a vulnerability where missing validation causes tf.sparse.split to crash when axis is a tuple (CVE-2021-41206)
  • Fixes a CHECK-fail when decoding resource handles from proto (CVE-2022-23564)
  • Fixes a CHECK-fail with repeated AttrDef (CVE-2022-23565)
  • Fixes a heap OOB write in Grappler (CVE-2022-23566)
  • Fixes a CHECK-fail when decoding invalid tensors from proto (CVE-2022-23571)
  • Fixes an unitialized variable access in AssignOp (CVE-2022-23573)
  • Fixes an integer overflow in OpLevelCostEstimator::CalculateTensorSize (CVE-2022-23575)
  • Fixes an integer overflow in OpLevelCostEstimator::CalculateOutputSize (CVE-2022-23576)
  • Fixes a null dereference in GetInitOp (CVE-2022-23577)
  • Fixes a memory leak when a graph node is invalid (CVE-2022-23578)
  • Fixes an abort caused by allocating a vector that is too large (CVE-2022-23580)
  • Fixes multiple CHECK-failures during Grappler's IsSimplifiableReshape (CVE-2022-23581)
  • Fixes multiple CHECK-failures during Grappler's SafeToRemoveIdentity (CVE-2022-23579)
  • Fixes multiple CHECK-failures in TensorByteSize (CVE-2022-23582)
  • Fixes multiple CHECK-failures in binary ops due to type confusion (CVE-2022-23583)

... (truncated)

Changelog

Sourced from tensorflow-gpu's changelog.

Release 2.5.3

This releases introduces several vulnerability fixes:

  • Fixes a floating point division by 0 when executing convolution operators (CVE-2022-21725)
  • Fixes a heap OOB read in shape inference for ReverseSequence (CVE-2022-21728)
  • Fixes a heap OOB access in Dequantize (CVE-2022-21726)
  • Fixes an integer overflow in shape inference for Dequantize (CVE-2022-21727)
  • Fixes a heap OOB access in FractionalAvgPoolGrad (CVE-2022-21730)
  • Fixes an overflow and divide by zero in UnravelIndex (CVE-2022-21729)
  • Fixes a type confusion in shape inference for ConcatV2 (CVE-2022-21731)
  • Fixes an OOM in ThreadPoolHandle (CVE-2022-21732)
  • Fixes an OOM due to integer overflow in StringNGrams (CVE-2022-21733)
  • Fixes more issues caused by incomplete validation in boosted trees code (CVE-2021-41208)
  • Fixes an integer overflows in most sparse component-wise ops (CVE-2022-23567)
  • Fixes an integer overflows in AddManySparseToTensorsMap (CVE-2022-23568)
  • Fixes a number of CHECK-failures in MapStage (CVE-2022-21734)
  • Fixes a division by zero in FractionalMaxPool (CVE-2022-21735)
  • Fixes a number of CHECK-fails when building invalid/overflowing tensor shapes (CVE-2022-23569)
  • Fixes an undefined behavior in SparseTensorSliceDataset (CVE-2022-21736)
  • Fixes an assertion failure based denial of service via faulty bin count operations (CVE-2022-21737)
  • Fixes a reference binding to null pointer in QuantizedMaxPool (CVE-2022-21739)
  • Fixes an integer overflow leading to crash in SparseCountSparseOutput (CVE-2022-21738)
  • Fixes a heap overflow in SparseCountSparseOutput (CVE-2022-21740)
  • Fixes an FPE in BiasAndClamp in TFLite (CVE-2022-23557)
  • Fixes an FPE in depthwise convolutions in TFLite (CVE-2022-21741)

... (truncated)

Commits


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/mhn10/edge-analytics-dashboard/network/alerts).
vercel[bot] commented 2 years ago

This pull request is being automatically deployed with Vercel (learn more).
To see the status of your deployment, click below or on the icon next to each commit.

🔍 Inspect: https://vercel.com/mithunharikumar10/my-react-app/4QMFXJqafxGe83kcxppHPqDaaabU
✅ Preview: https://my-react-app-git-dependabot-pipnvidiaj-b1ac99-mithunharikumar10.vercel.app

dependabot[bot] commented 2 years ago

Superseded by #83.