Release 2.3.1
Bug Fixes and Other Changes
- Fixes an undefined behavior causing a segfault in
tf.raw_ops.Switch
(CVE-2020-15190) - Fixes three vulnerabilities in conversion to DLPack format (CVE-2020-15191, CVE-2020-15192, CVE-2020-15193)
- Fixes two vulnerabilities in
SparseFillEmptyRowsGrad
(CVE-2020-15194, CVE-2020-15195) - Fixes several vulnerabilities in
RaggedCountSparseOutput
andSparseCountSparseOutput
operations (CVE-2020-15196, CVE-2020-15197, CVE-2020-15198, CVE-2020-15199, CVE-2020-15200, CVE-2020-15201) - Fixes an integer truncation vulnerability in code using the work sharder API (CVE-2020-15202)
- Fixes a format string vulnerability in
tf.strings.as_string
(CVE-2020-15203) - Fixes segfault raised by calling session-only ops in eager mode (CVE-2020-15204)
- Fixes data leak and potential ASLR violation from
tf.raw_ops.StringNGrams
(CVE-2020-15205) - Fixes segfaults caused by incomplete
SavedModel
validation (CVE-2020-15206) - Fixes a data corruption due to a bug in negative indexing support in TFLite (CVE-2020-15207)
- Fixes a data corruption due to dimension mismatch in TFLite (CVE-2020-15208)
- Fixes several vulnerabilities in TFLite saved model format (CVE-2020-15209, CVE-2020-15210, CVE-2020-15211)
- Fixes several vulnerabilities in TFLite implementation of segment sum (CVE-2020-15212, CVE-2020-15213, CVE-2020-15214)
- Updates
sqlite3
to3.33.00
to handle CVE-2020-15358. - Fixes deprecated usage of
collections
API - Removes
scipy
dependency fromsetup.py
since TensorFlow does not need it to install the pip package