|
|
|
@@ -52,8 +52,6 @@ The VMT consists of vulnerability management experts in the community. The team |
|
|
|
|
|
|
|
## MindSpore Security Note (SN) |
|
|
|
|
|
|
|
### MindSpore 1.2 |
|
|
|
|
|
|
|
| CVE list | Third party version | Suggestion | |
|
|
|
| ---- | ---- | ---- | |
|
|
|
| [CVE-2019-18348](https://nvd.nist.gov/vuln/detail/CVE-2019-18348), [CVE-2020-8315](https://nvd.nist.gov/vuln/detail/CVE-2020-8315), [CVE-2020-8492](https://nvd.nist.gov/vuln/detail/CVE-2020-8492), [CVE-2020-27619](https://nvd.nist.gov/vuln/detail/CVE-2020-27619), [CVE-2021-3426](https://nvd.nist.gov/vuln/detail/CVE-2021-3426), [CVE-2021-23336](https://nvd.nist.gov/vuln/detail/CVE-2021-23336), [CVE-2019-20907](https://nvd.nist.gov/vuln/detail/CVE-2019-20907), [CVE-2021-3177](https://nvd.nist.gov/vuln/detail/CVE-2021-3177) | Python 3.7.5 | | |
|
|
|
@@ -64,4 +62,7 @@ The VMT consists of vulnerability management experts in the community. The team |
|
|
|
| [CVE-2021-25289](https://nvd.nist.gov/vuln/detail/CVE-2021-25289), [CVE-2021-25290](https://nvd.nist.gov/vuln/detail/CVE-2021-25290), [CVE-2021-25291](https://nvd.nist.gov/vuln/detail/CVE-2021-25291), [CVE-2021-25292](https://nvd.nist.gov/vuln/detail/CVE-2021-25292), [CVE-2021-25293](https://nvd.nist.gov/vuln/detail/CVE-2021-25293), [CVE-2021-27921](https://nvd.nist.gov/vuln/detail/CVE-2021-27921), [CVE-2021-27922](https://nvd.nist.gov/vuln/detail/CVE-2021-27922), [CVE-2021-27923](https://nvd.nist.gov/vuln/detail/CVE-2021-27923) | Pillow < 8.1.1 | Upgrade to latest Pillow (8.2.0) | |
|
|
|
| [CVE-2021-25287](https://nvd.nist.gov/vuln/detail/CVE-2021-25287), [CVE-2021-25288](https://nvd.nist.gov/vuln/detail/CVE-2021-25288), [CVE-2021-28675](https://nvd.nist.gov/vuln/detail/CVE-2021-28675), [CVE-2021-28676](https://nvd.nist.gov/vuln/detail/CVE-2021-28676), [CVE-2021-28677](https://nvd.nist.gov/vuln/detail/CVE-2021-28677), [CVE-2021-28678](https://nvd.nist.gov/vuln/detail/CVE-2021-28678) | Pillow < 8.2.0 | Upgrade to latest Pillow (8.2.0) | |
|
|
|
| [CVE-2021-34552](https://nvd.nist.gov/vuln/detail/CVE-2021-34552) | Pillow <= 8.2.0 | Upgrade to latest Pillow (8.4.0) | |
|
|
|
| [CVE-2021-41496](https://nvd.nist.gov/vuln/detail/CVE-2021-41496) | NumPy < 1.19 | Upgrade NumPy version >= 1.22.0 | |
|
|
|
| [CVE-2021-34141](https://nvd.nist.gov/vuln/detail/CVE-2021-34141) | NumPy < 1.22.0 | Upgrade NumPy version >= 1.22.0 | |
|
|
|
| [CVE-2021-41495](https://nvd.nist.gov/vuln/detail/CVE-2021-41495) | NumPy <= 1.22.0 | Refer [issue](https://gitee.com/mindspore/mindspore/issues/I4NRZ9?from=project-issue) | |
|
|
|
|