Sourced fromtensorflow's releases.

TensorFlow 2.9.3

Release 2.9.3

This release introduces several vulnerability fixes:

• Fixes an overflow intf.keras.losses.poisson (CVE-2022-41887)
• Fixes a heap OOB failure inThreadUnsafeUnigramCandidateSampler caused by missing validation (CVE-2022-41880)
• Fixes a segfault inndarray_tensor_bridge (CVE-2022-41884)
• Fixes an overflow inFusedResizeAndPadConv2D (CVE-2022-41885)
• Fixes a overflow inImageProjectiveTransformV2 (CVE-2022-41886)
• Fixes an FPE intf.image.generate_bounding_box_proposals on GPU (CVE-2022-41888)
• Fixes a segfault inpywrap_tfe_src caused by invalid attributes (CVE-2022-41889)
• Fixes aCHECK fail inBCast (CVE-2022-41890)
• Fixes a segfault inTensorListConcat (CVE-2022-41891)
• Fixes aCHECK_EQ fail inTensorListResize (CVE-2022-41893)
• Fixes an overflow inCONV_3D_TRANSPOSE on TFLite (CVE-2022-41894)
• Fixes a heap OOB inMirrorPadGrad (CVE-2022-41895)
• Fixes a crash inMfcc (CVE-2022-41896)
• Fixes a heap OOB inFractionalMaxPoolGrad (CVE-2022-41897)
• Fixes aCHECK fail inSparseFillEmptyRowsGrad (CVE-2022-41898)
• Fixes aCHECK fail inSdcaOptimizer (CVE-2022-41899)
• Fixes a heap OOB inFractionalAvgPool andFractionalMaxPool(CVE-2022-41900)
• Fixes aCHECK_EQ inSparseMatrixNNZ (CVE-2022-41901)
• Fixes an OOB write in grappler (CVE-2022-41902)
• Fixes a overflow inResizeNearestNeighborGrad (CVE-2022-41907)
• Fixes aCHECK fail inPyFunc (CVE-2022-41908)
• Fixes a segfault inCompositeTensorVariantToComponents (CVE-2022-41909)
• Fixes a invalid char to bool conversion in printing a tensor (CVE-2022-41911)
• Fixes a heap overflow inQuantizeAndDequantizeV2 (CVE-2022-41910)
• Fixes aCHECK failure inSobolSample via missing validation (CVE-2022-35935)
• Fixes aCHECK fail inTensorListScatter andTensorListScatterV2 in eager mode (CVE-2022-35935)

TensorFlow 2.9.2

Release 2.9.2

This releases introduces several vulnerability fixes:

• Fixes aCHECK failure in tf.reshape caused by overflows (CVE-2022-35934)
• Fixes aCHECK failure inSobolSample caused by missing validation (CVE-2022-35935)
• Fixes an OOB read inGather_nd op in TF Lite (CVE-2022-35937)
• Fixes aCHECK failure inTensorListReserve caused by missing validation (CVE-2022-35960)
• Fixes an OOB write inScatter_nd op in TF Lite (CVE-2022-35939)
• Fixes an integer overflow inRaggedRangeOp (CVE-2022-35940)
• Fixes aCHECK failure inAvgPoolOp (CVE-2022-35941)
• Fixes aCHECK failures inUnbatchGradOp (CVE-2022-35952)
• Fixes a segfault TFLite converter on per-channel quantized transposed convolutions (CVE-2022-36027)
• Fixes aCHECK failures inAvgPool3DGrad (CVE-2022-35959)
• Fixes aCHECK failures inFractionalAvgPoolGrad (CVE-2022-35963)
• Fixes a segfault inBlockLSTMGradV2 (CVE-2022-35964)
• Fixes a segfault inLowerBound andUpperBound (CVE-2022-35965)

... (truncated)

Sourced fromtensorflow's changelog.

Release 2.9.3

This release introduces several vulnerability fixes:

• Fixes an overflow intf.keras.losses.poisson (CVE-2022-41887)
• Fixes a heap OOB failure inThreadUnsafeUnigramCandidateSampler caused by missing validation (CVE-2022-41880)
• Fixes a segfault inndarray_tensor_bridge (CVE-2022-41884)
• Fixes an overflow inFusedResizeAndPadConv2D (CVE-2022-41885)
• Fixes a overflow inImageProjectiveTransformV2 (CVE-2022-41886)
• Fixes an FPE intf.image.generate_bounding_box_proposals on GPU (CVE-2022-41888)
• Fixes a segfault inpywrap_tfe_src caused by invalid attributes (CVE-2022-41889)
• Fixes aCHECK fail inBCast (CVE-2022-41890)
• Fixes a segfault inTensorListConcat (CVE-2022-41891)
• Fixes aCHECK_EQ fail inTensorListResize (CVE-2022-41893)
• Fixes an overflow inCONV_3D_TRANSPOSE on TFLite (CVE-2022-41894)
• Fixes a heap OOB inMirrorPadGrad (CVE-2022-41895)
• Fixes a crash inMfcc (CVE-2022-41896)
• Fixes a heap OOB inFractionalMaxPoolGrad (CVE-2022-41897)
• Fixes aCHECK fail inSparseFillEmptyRowsGrad (CVE-2022-41898)
• Fixes aCHECK fail inSdcaOptimizer (CVE-2022-41899)
• Fixes a heap OOB inFractionalAvgPool andFractionalMaxPool(CVE-2022-41900)
• Fixes aCHECK_EQ inSparseMatrixNNZ (CVE-2022-41901)
• Fixes an OOB write in grappler (CVE-2022-41902)
• Fixes a overflow inResizeNearestNeighborGrad (CVE-2022-41907)
• Fixes aCHECK fail inPyFunc (CVE-2022-41908)
• Fixes a segfault inCompositeTensorVariantToComponents (CVE-2022-41909)
• Fixes a invalid char to bool conversion in printing a tensor (CVE-2022-41911)
• Fixes a heap overflow inQuantizeAndDequantizeV2 (CVE-2022-41910)
• Fixes aCHECK failure inSobolSample via missing validation (CVE-2022-35935)
• Fixes aCHECK fail inTensorListScatter andTensorListScatterV2 in eager mode (CVE-2022-35935)

Release 2.8.4

This release introduces several vulnerability fixes:

• Fixes a heap OOB failure inThreadUnsafeUnigramCandidateSampler caused by missing validation (CVE-2022-41880)
• Fixes a segfault inndarray_tensor_bridge (CVE-2022-41884)
• Fixes an overflow inFusedResizeAndPadConv2D (CVE-2022-41885)
• Fixes a overflow inImageProjectiveTransformV2 (CVE-2022-41886)
• Fixes an FPE intf.image.generate_bounding_box_proposals on GPU (CVE-2022-41888)
• Fixes a segfault inpywrap_tfe_src caused by invalid attributes (CVE-2022-41889)
• Fixes aCHECK fail inBCast (CVE-2022-41890)
• Fixes a segfault inTensorListConcat (CVE-2022-41891)
• Fixes aCHECK_EQ fail inTensorListResize (CVE-2022-41893)
• Fixes an overflow inCONV_3D_TRANSPOSE on TFLite (CVE-2022-41894)
• Fixes a heap OOB inMirrorPadGrad (CVE-2022-41895)
• Fixes a crash inMfcc (CVE-2022-41896)
• Fixes a heap OOB inFractionalMaxPoolGrad (CVE-2022-41897)
• Fixes aCHECK fail inSparseFillEmptyRowsGrad (CVE-2022-41898)
• Fixes aCHECK fail inSdcaOptimizer (CVE-2022-41899)

... (truncated)

• a5ed5f3 Merge pull request#58584 from tensorflow/vinila21-patch-2
• 258f9a1 Update py_func.cc
• cd27cfb Merge pull request#58580 from tensorflow-jenkins/version-numbers-2.9.3-24474
• 3e75385 Update version numbers to 2.9.3
• bc72c39 Merge pull request#58482 from tensorflow-jenkins/relnotes-2.9.3-25695
• 3506c90 Update RELEASE.md
• 8dcb48e Update RELEASE.md
• 4f34ec8 Merge pull request#58576 from pak-laura/c2.99f03a9d3bafe902c1e6beb105b2f2417...
• 6fc67e4 Replace CHECK with returning an InternalError on failing to create python tuple
• 5dbe90a Merge pull request#58570 from tensorflow/r2.9-7b174a0f2e4
• Additional commits viewable incompare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from theSecurity Alerts page.