Browse Source

add CVE for numpy

pull/226/head
looop5 4 years ago
parent
commit
e453c1e375
2 changed files with 6 additions and 4 deletions
  1. +3
    -2
      security/cve-report_en.md
  2. +3
    -2
      security/cve-report_zh_cn.md

+ 3
- 2
security/cve-report_en.md View File

@@ -52,8 +52,6 @@ The VMT consists of vulnerability management experts in the community. The team

## MindSpore Security Note (SN)

### MindSpore 1.2

| CVE list | Third party version | Suggestion |
| ---- | ---- | ---- |
| [CVE-2019-18348](https://nvd.nist.gov/vuln/detail/CVE-2019-18348), [CVE-2020-8315](https://nvd.nist.gov/vuln/detail/CVE-2020-8315), [CVE-2020-8492](https://nvd.nist.gov/vuln/detail/CVE-2020-8492), [CVE-2020-27619](https://nvd.nist.gov/vuln/detail/CVE-2020-27619), [CVE-2021-3426](https://nvd.nist.gov/vuln/detail/CVE-2021-3426), [CVE-2021-23336](https://nvd.nist.gov/vuln/detail/CVE-2021-23336), [CVE-2019-20907](https://nvd.nist.gov/vuln/detail/CVE-2019-20907), [CVE-2021-3177](https://nvd.nist.gov/vuln/detail/CVE-2021-3177) | Python 3.7.5 | |
@@ -64,4 +62,7 @@ The VMT consists of vulnerability management experts in the community. The team
| [CVE-2021-25289](https://nvd.nist.gov/vuln/detail/CVE-2021-25289), [CVE-2021-25290](https://nvd.nist.gov/vuln/detail/CVE-2021-25290), [CVE-2021-25291](https://nvd.nist.gov/vuln/detail/CVE-2021-25291), [CVE-2021-25292](https://nvd.nist.gov/vuln/detail/CVE-2021-25292), [CVE-2021-25293](https://nvd.nist.gov/vuln/detail/CVE-2021-25293), [CVE-2021-27921](https://nvd.nist.gov/vuln/detail/CVE-2021-27921), [CVE-2021-27922](https://nvd.nist.gov/vuln/detail/CVE-2021-27922), [CVE-2021-27923](https://nvd.nist.gov/vuln/detail/CVE-2021-27923) | Pillow < 8.1.1 | Upgrade to latest Pillow (8.2.0) |
| [CVE-2021-25287](https://nvd.nist.gov/vuln/detail/CVE-2021-25287), [CVE-2021-25288](https://nvd.nist.gov/vuln/detail/CVE-2021-25288), [CVE-2021-28675](https://nvd.nist.gov/vuln/detail/CVE-2021-28675), [CVE-2021-28676](https://nvd.nist.gov/vuln/detail/CVE-2021-28676), [CVE-2021-28677](https://nvd.nist.gov/vuln/detail/CVE-2021-28677), [CVE-2021-28678](https://nvd.nist.gov/vuln/detail/CVE-2021-28678) | Pillow < 8.2.0 | Upgrade to latest Pillow (8.2.0) |
| [CVE-2021-34552](https://nvd.nist.gov/vuln/detail/CVE-2021-34552) | Pillow <= 8.2.0 | Upgrade to latest Pillow (8.4.0) |
| [CVE-2021-41496](https://nvd.nist.gov/vuln/detail/CVE-2021-41496) | NumPy < 1.19 | Upgrade NumPy version >= 1.22.0 |
| [CVE-2021-34141](https://nvd.nist.gov/vuln/detail/CVE-2021-34141) | NumPy < 1.22.0 | Upgrade NumPy version >= 1.22.0 |
| [CVE-2021-41495](https://nvd.nist.gov/vuln/detail/CVE-2021-41495) | NumPy <= 1.22.0 | Refer [issue](https://gitee.com/mindspore/mindspore/issues/I4NRZ9?from=project-issue) |


+ 3
- 2
security/cve-report_zh_cn.md View File

@@ -54,8 +54,6 @@ MindSpore作为一个同时支持端/边缘/云场景的训练推理框架,在

第三方的开源组件部分漏洞需要用户自行修复:

### MindSpore 1.2

| CVE 列表 | 第三方组件 | 建议 |
| ---- | ---- | ---- |
| [CVE-2019-18348](https://nvd.nist.gov/vuln/detail/CVE-2019-18348), [CVE-2020-8315](https://nvd.nist.gov/vuln/detail/CVE-2020-8315), [CVE-2020-8492](https://nvd.nist.gov/vuln/detail/CVE-2020-8492), [CVE-2020-27619](https://nvd.nist.gov/vuln/detail/CVE-2020-27619), [CVE-2021-3426](https://nvd.nist.gov/vuln/detail/CVE-2021-3426), [CVE-2021-23336](https://nvd.nist.gov/vuln/detail/CVE-2021-23336), [CVE-2019-20907](https://nvd.nist.gov/vuln/detail/CVE-2019-20907), [CVE-2021-3177](https://nvd.nist.gov/vuln/detail/CVE-2021-3177) | Python 3.7.5 | |
@@ -66,4 +64,7 @@ MindSpore作为一个同时支持端/边缘/云场景的训练推理框架,在
| [CVE-2021-25289](https://nvd.nist.gov/vuln/detail/CVE-2021-25289), [CVE-2021-25290](https://nvd.nist.gov/vuln/detail/CVE-2021-25290), [CVE-2021-25291](https://nvd.nist.gov/vuln/detail/CVE-2021-25291), [CVE-2021-25292](https://nvd.nist.gov/vuln/detail/CVE-2021-25292), [CVE-2021-25293](https://nvd.nist.gov/vuln/detail/CVE-2021-25293), [CVE-2021-27921](https://nvd.nist.gov/vuln/detail/CVE-2021-27921), [CVE-2021-27922](https://nvd.nist.gov/vuln/detail/CVE-2021-27922), [CVE-2021-27923](https://nvd.nist.gov/vuln/detail/CVE-2021-27923) | Pillow < 8.1.1 | 升级至最新的Pillow版本(8.2.0) |
| [CVE-2021-25287](https://nvd.nist.gov/vuln/detail/CVE-2021-25287), [CVE-2021-25288](https://nvd.nist.gov/vuln/detail/CVE-2021-25288), [CVE-2021-28675](https://nvd.nist.gov/vuln/detail/CVE-2021-28675), [CVE-2021-28676](https://nvd.nist.gov/vuln/detail/CVE-2021-28676), [CVE-2021-28677](https://nvd.nist.gov/vuln/detail/CVE-2021-28677), [CVE-2021-28678](https://nvd.nist.gov/vuln/detail/CVE-2021-28678) | Pillow < 8.2.0 | 升级至最新的Pillow版本(8.2.0) |
| [CVE-2021-34552](https://nvd.nist.gov/vuln/detail/CVE-2021-34552) | Pillow <= 8.2.0 | 升级至最新的Pillow版本(8.4.0) |
| [CVE-2021-41496](https://nvd.nist.gov/vuln/detail/CVE-2021-41496) | NumPy < 1.19 | 升级NumPy版本 >= 1.22.0 |
| [CVE-2021-34141](https://nvd.nist.gov/vuln/detail/CVE-2021-34141) | NumPy < 1.22.0 | 升级NumPy版本 >= 1.22.0 |
| [CVE-2021-41495](https://nvd.nist.gov/vuln/detail/CVE-2021-41495) | NumPy <= 1.22.0 | 可参考[issue](https://gitee.com/mindspore/mindspore/issues/I4NRZ9?from=project-issue) |


Loading…
Cancel
Save