Update release notes for the new patch release

tensorflow · Aug 7, 2021 · bee1dc4 · bee1dc4
1 parent 47beb4c
commit bee1dc4
Showing 1 changed file with 64 additions and 0 deletions.
diff --git a/RELEASE.md b/RELEASE.md
@@ -1,3 +1,67 @@
+# Release 2.5.1
+
+This release introduces several vulnerability fixes:
+
+* Fixes a heap out of bounds access in sparse reduction operations [CVE-2021-37635](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37635)
+* Fixes a floating point exception in `SparseDenseCwiseDiv` [CVE-2021-37636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37636)
+* Fixes a null pointer dereference in `CompressElement` [CVE-2021-37637](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37637)
+* Fixes a null pointer dereference in `RaggedTensorToTensor` [CVE-2021-37638](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37638)
+* Fixes a null pointer dereference and a heap OOB read arising from operations restoring tensors [CVE-2021-37639](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37639)
+* Fixes an integer division by 0 in sparse reshaping [CVE-2021-37640](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37640)
+* Fixes a division by 0 in `ResourceScatterDiv` [CVE-2021-37642](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37642)
+* Fixes a heap OOB in `RaggedGather` [CVE-2021-37641](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37641)
+* Fixes a `std::abort` raised from `TensorListReserve` [CVE-2021-37644](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37644)
+* Fixes a null pointer dereference in `MatrixDiagPartOp` [CVE-2021-37643](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37643)
+* Fixes an integer overflow due to conversion to unsigned [CVE-2021-37645](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37645)
+* Fixes a bad allocation error in `StringNGrams` caused by integer conversion [CVE-2021-37646](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37646)
+* Fixes a null pointer dereference in `SparseTensorSliceDataset` [CVE-2021-37647](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37647)
+* Fixes an incorrect validation of `SaveV2` inputs [CVE-2021-37648](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37648)
+* Fixes a null pointer dereference in `UncompressElement` [CVE-2021-37649](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37649)
+* Fixes a segfault and a heap buffer overflow in `{Experimental,}DatasetToTFRecord` [CVE-2021-37650](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37650)
+* Fixes a heap buffer overflow in `FractionalAvgPoolGrad` [CVE-2021-37651](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37651)
+* Fixes a use after free in boosted trees creation [CVE-2021-37652](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37652)
+* Fixes a division by 0 in `ResourceGather` [CVE-2021-37653](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37653)
+* Fixes a heap OOB and a `CHECK` fail in `ResourceGather` [CVE-2021-37654](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37654)
+* Fixes a heap OOB in `ResourceScatterUpdate` [CVE-2021-37655](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37655)
+* Fixes an undefined behavior arising from reference binding to nullptr in `RaggedTensorToSparse` [CVE-2021-37656](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37656)
+* Fixes an undefined behavior arising from reference binding to nullptr in `MatrixDiagV*` ops [CVE-2021-37657](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37657)
+* Fixes an undefined behavior arising from reference binding to nullptr in `MatrixSetDiagV*` ops [CVE-2021-37658](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37658)
+* Fixes an undefined behavior arising from reference binding to nullptr and heap OOB in binary cwise ops [CVE-2021-37659](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37659)
+* Fixes a division by 0 in inplace operations [CVE-2021-37660](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37660)
+* Fixes a crash caused by integer conversion to unsigned [CVE-2021-37661](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37661)
+* Fixes an undefined behavior arising from reference binding to nullptr in boosted trees [CVE-2021-37662](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37662)
+* Fixes a heap OOB in boosted trees [CVE-2021-37664](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37664)
+* Fixes vulnerabilities arising from incomplete validation in `QuantizeV2` [CVE-2021-37663](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37663)
+* Fixes vulnerabilities arising from incomplete validation in MKL requantization [CVE-2021-37665](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37665)
+* Fixes an undefined behavior arising from reference binding to nullptr in `RaggedTensorToVariant` [CVE-2021-37666](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37666)
+* Fixes an undefined behavior arising from reference binding to nullptr in unicode encoding [CVE-2021-37667](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37667)
+* Fixes an FPE in `tf.raw_ops.UnravelIndex` [CVE-2021-37668](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37668)
+* Fixes a crash in NMS ops caused by integer conversion to unsigned [CVE-2021-37669](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37669)
+* Fixes a heap OOB in `UpperBound` and `LowerBound` [CVE-2021-37670](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37670)
+* Fixes an undefined behavior arising from reference binding to nullptr in map operations [CVE-2021-37671](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37671)
+* Fixes a heap OOB in `SdcaOptimizerV2` [CVE-2021-37672](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37672)
+* Fixes a `CHECK`-fail in `MapStage` [CVE-2021-37673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37673)
+* Fixes a vulnerability arising from incomplete validation in `MaxPoolGrad` [CVE-2021-37674](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37674)
+* Fixes an undefined behavior arising from reference binding to nullptr in shape inference [CVE-2021-37676](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37676)
+* Fixes a division by 0 in most convolution operators [CVE-2021-37675](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37675)
+* Fixes vulnerabilities arising from missing validation in shape inference for `Dequantize` [CVE-2021-37677](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37677)
+* Fixes an arbitrary code execution due to YAML deserialization [CVE-2021-37678](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37678)
+* Fixes a heap OOB in nested `tf.map_fn` with `RaggedTensor`s [CVE-2021-37679](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37679)
+* Fixes a division by zero in TFLite [CVE-2021-37680](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37680)
+* Fixes an NPE in TFLite [CVE-2021-37681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37681)
+* Fixes a vulnerability arising from use of unitialized value in TFLite [CVE-2021-37682](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37682)
+* Fixes an FPE in TFLite division operations [CVE-2021-37683](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37683)
+* Fixes an FPE in TFLite pooling operations [CVE-2021-37684](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37684)
+* Fixes an infinite loop in TFLite [CVE-2021-37686](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37686)
+* Fixes a heap OOB in TFLite [CVE-2021-37685](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37685)
+* Fixes a heap OOB in TFLite's `Gather*` implementations [CVE-2021-37687](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37687)
+* Fixes an undefined behavior arising from null pointer dereference in TFLite [CVE-2021-37688](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37688)
+* Fixes an undefined behavior arising from null pointer dereference in TFLite MLIR optimizations [CVE-2021-37689](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37689)
+* Fixes a FPE in LSH in TFLite [CVE-2021-37691](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37691)
+* Fixes a segfault on strings tensors with mismatched dimensions, arising in Go code [CVE-2021-37692](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37692)
+* Fixes a use after free and a potential segfault in shape inference functions [CVE-2021-37690](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37690)
+* Updates `curl` to `7.77.0` to handle [CVE-2021-22876](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22876), [CVE-2021-22897](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22897), [CVE-2021-22898](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22898), and [CVE-2021-22901](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22901).
+
 # Release 2.5.0
 
 ## Major Features and Improvements