Overview
Request 884730 accepted
- Update to 1.15.5:
* Note that this is the last patch release for the
TensorFlow 1.x series.
* Fixes an access to unitialized memory in Eigen code
(CVE-2020-26266)
* Fixes a security vulnerability caused by lack of
validation in tf.raw_ops.DataFormatVecPermute and
tf.raw_ops.DataFormatDimMap (CVE-2020-26267)
* Fixes a vulnerability caused by attempting to write to
immutable memory region in tf.raw_ops.ImmutableConst
(CVE-2020-26268
* Fixes a CHECK-fail in LSTM with zero-length input
(CVE-2020-26270)
* Fixes a security vulnerability caused by accessing heap
data outside of bounds when loading a specially crafted
SavedModel (CVE-2020-26271)
* Updates libjpeg-turbo to 2.0.5 to handle CVE-2020-13790.
* Updates junit to 4.13.1 to handle CVE-2020-15250.
* Updates PCRE to 8.44 to handle CVE-2019-20838 and
CVE-2020-14155.
* Updates sqlite3 to 3.44.0 to keep in sync with master branch.
- Fix links to some of the bundled libs
- Add grpc-4566c2a.tar.gz instead of systemlib
* needs grpc-pr18950-bazel.patch
- BuildRequire numpy-devel < 1.19. This effectively disables the
failing build of tensorflow 1.x on Tumbleweed.
- Created by bnavigator
- In state accepted
- Package maintainers: Guillaume_G, bnavigator, and mslacken
- Open review for mslacken
Request History
bnavigator created request
- Update to 1.15.5:
* Note that this is the last patch release for the
TensorFlow 1.x series.
* Fixes an access to unitialized memory in Eigen code
(CVE-2020-26266)
* Fixes a security vulnerability caused by lack of
validation in tf.raw_ops.DataFormatVecPermute and
tf.raw_ops.DataFormatDimMap (CVE-2020-26267)
* Fixes a vulnerability caused by attempting to write to
immutable memory region in tf.raw_ops.ImmutableConst
(CVE-2020-26268
* Fixes a CHECK-fail in LSTM with zero-length input
(CVE-2020-26270)
* Fixes a security vulnerability caused by accessing heap
data outside of bounds when loading a specially crafted
SavedModel (CVE-2020-26271)
* Updates libjpeg-turbo to 2.0.5 to handle CVE-2020-13790.
* Updates junit to 4.13.1 to handle CVE-2020-15250.
* Updates PCRE to 8.44 to handle CVE-2019-20838 and
CVE-2020-14155.
* Updates sqlite3 to 3.44.0 to keep in sync with master branch.
- Fix links to some of the bundled libs
- Add grpc-4566c2a.tar.gz instead of systemlib
* needs grpc-pr18950-bazel.patch
- BuildRequire numpy-devel < 1.19. This effectively disables the
failing build of tensorflow 1.x on Tumbleweed.
mslacken accepted request
Won't submit to factory, but added you also as maintainer
Build looks good, but I missed the plan how to proceed with numpy?
There is no plan. If you need, you can keep tensorflow 1 in the devel project for SLE/Leap as long as numpy is below 1.19 there.
But Factory can't have tensorflow 1 -- https://build.opensuse.org/request/show/884728
We will keep it here in the devel project, thanks for the update.