Release 2.0.3
Bug Fixes and Other Changes
- Fixes an undefined behavior causing a segfault in
tf.raw_ops.Switch(CVE-2020-15190) - Fixes three vulnerabilities in conversion to DLPack format (CVE-2020-15191, CVE-2020-15192, CVE-2020-15193)
- Fixes two vulnerabilities in
SparseFillEmptyRowsGrad(CVE-2020-15194, CVE-2020-15195) - Fixes an integer truncation vulnerability in code using the work sharder API (CVE-2020-15202)
- Fixes a format string vulnerability in
tf.strings.as_string(CVE-2020-15203) - Fixes segfault raised by calling session-only ops in eager mode (CVE-2020-15204)
- Fixes data leak and potential ASLR violation from
tf.raw_ops.StringNGrams(CVE-2020-15205) - Fixes segfaults caused by incomplete
SavedModelvalidation (CVE-2020-15206) - Fixes a data corruption due to a bug in negative indexing support in TFLite (CVE-2020-15207)
- Fixes a data corruption due to dimension mismatch in TFLite (CVE-2020-15208)
- Fixes several vulnerabilities in TFLite saved model format (CVE-2020-15209, CVE-2020-15210, CVE-2020-15211)
- Updates
sqlite3to3.33.00to handle CVE-2020-9327, CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13871, and CVE-2020-15358. - Pins
numpyto 1.18.5 to prevent ABI breakage when compiling code that uses both NumPy and TensorFlow headers.