Backport fix for CVE-2022-23593 to 2.7.x release?

Anfernee_Xu · March 17, 2022, 2:46am

Noticed that the fix for https://nvd.nist.gov/vuln/detail/CVE-2022-23593 is only available in 2.8.0 and the last sentence attached to the CVE is little confusing:

The fix will be included in TensorFlow 2.8.0. This is the only affected version.

Does it mean 2.7.x don’t have this issue?
If yes, do we have plan to backport the fix to 2.7.x?

Thanks

chunduriv · October 4, 2022, 12:46pm

The problem only existed in TF 2.8.0. Hence there is no need to back port the fix in lower versions. Thank you.

Topic		Replies	Views
Versioning of CVE patches General Discussion tensorflow	2	565	October 28, 2022
TensorFlow r2.8 branch cut, December 16 Announcements release	8	3130	February 2, 2022
TensorFlow 2.9-rc Release Date General Discussion release_candidate	1	1129	October 3, 2022
TensorFlow r2.6 branch cut, June 24 Announcements release	0	1594	June 2, 2021
Tensorflow2.6 accuracy lower than Tensorflow2.0 General Discussion help_request , models , training	1	1080	September 9, 2022