diff --git a/security/cve-report_en.md b/security/cve-report_en.md index 9a67d0f..bd856eb 100644 --- a/security/cve-report_en.md +++ b/security/cve-report_en.md @@ -52,8 +52,6 @@ The VMT consists of vulnerability management experts in the community. The team ## MindSpore Security Note (SN) -### MindSpore 1.2 - | CVE list | Third party version | Suggestion | | ---- | ---- | ---- | | [CVE-2019-18348](https://nvd.nist.gov/vuln/detail/CVE-2019-18348), [CVE-2020-8315](https://nvd.nist.gov/vuln/detail/CVE-2020-8315), [CVE-2020-8492](https://nvd.nist.gov/vuln/detail/CVE-2020-8492), [CVE-2020-27619](https://nvd.nist.gov/vuln/detail/CVE-2020-27619), [CVE-2021-3426](https://nvd.nist.gov/vuln/detail/CVE-2021-3426), [CVE-2021-23336](https://nvd.nist.gov/vuln/detail/CVE-2021-23336), [CVE-2019-20907](https://nvd.nist.gov/vuln/detail/CVE-2019-20907), [CVE-2021-3177](https://nvd.nist.gov/vuln/detail/CVE-2021-3177) | Python 3.7.5 | | @@ -64,4 +62,7 @@ The VMT consists of vulnerability management experts in the community. The team | [CVE-2021-25289](https://nvd.nist.gov/vuln/detail/CVE-2021-25289), [CVE-2021-25290](https://nvd.nist.gov/vuln/detail/CVE-2021-25290), [CVE-2021-25291](https://nvd.nist.gov/vuln/detail/CVE-2021-25291), [CVE-2021-25292](https://nvd.nist.gov/vuln/detail/CVE-2021-25292), [CVE-2021-25293](https://nvd.nist.gov/vuln/detail/CVE-2021-25293), [CVE-2021-27921](https://nvd.nist.gov/vuln/detail/CVE-2021-27921), [CVE-2021-27922](https://nvd.nist.gov/vuln/detail/CVE-2021-27922), [CVE-2021-27923](https://nvd.nist.gov/vuln/detail/CVE-2021-27923) | Pillow < 8.1.1 | Upgrade to latest Pillow (8.2.0) | | [CVE-2021-25287](https://nvd.nist.gov/vuln/detail/CVE-2021-25287), [CVE-2021-25288](https://nvd.nist.gov/vuln/detail/CVE-2021-25288), [CVE-2021-28675](https://nvd.nist.gov/vuln/detail/CVE-2021-28675), [CVE-2021-28676](https://nvd.nist.gov/vuln/detail/CVE-2021-28676), [CVE-2021-28677](https://nvd.nist.gov/vuln/detail/CVE-2021-28677), [CVE-2021-28678](https://nvd.nist.gov/vuln/detail/CVE-2021-28678) | Pillow < 8.2.0 | Upgrade to latest Pillow (8.2.0) | | [CVE-2021-34552](https://nvd.nist.gov/vuln/detail/CVE-2021-34552) | Pillow <= 8.2.0 | Upgrade to latest Pillow (8.4.0) | +| [CVE-2021-41496](https://nvd.nist.gov/vuln/detail/CVE-2021-41496) | NumPy < 1.19 | Upgrade NumPy version >= 1.22.0 | +| [CVE-2021-34141](https://nvd.nist.gov/vuln/detail/CVE-2021-34141) | NumPy < 1.22.0 | Upgrade NumPy version >= 1.22.0 | +| [CVE-2021-41495](https://nvd.nist.gov/vuln/detail/CVE-2021-41495) | NumPy <= 1.22.0 | Refer [issue](https://gitee.com/mindspore/mindspore/issues/I4NRZ9?from=project-issue) | diff --git a/security/cve-report_zh_cn.md b/security/cve-report_zh_cn.md index 305f0b5..b18b5dd 100644 --- a/security/cve-report_zh_cn.md +++ b/security/cve-report_zh_cn.md @@ -54,8 +54,6 @@ MindSpore作为一个同时支持端/边缘/云场景的训练推理框架,在 第三方的开源组件部分漏洞需要用户自行修复: -### MindSpore 1.2 - | CVE 列表 | 第三方组件 | 建议 | | ---- | ---- | ---- | | [CVE-2019-18348](https://nvd.nist.gov/vuln/detail/CVE-2019-18348), [CVE-2020-8315](https://nvd.nist.gov/vuln/detail/CVE-2020-8315), [CVE-2020-8492](https://nvd.nist.gov/vuln/detail/CVE-2020-8492), [CVE-2020-27619](https://nvd.nist.gov/vuln/detail/CVE-2020-27619), [CVE-2021-3426](https://nvd.nist.gov/vuln/detail/CVE-2021-3426), [CVE-2021-23336](https://nvd.nist.gov/vuln/detail/CVE-2021-23336), [CVE-2019-20907](https://nvd.nist.gov/vuln/detail/CVE-2019-20907), [CVE-2021-3177](https://nvd.nist.gov/vuln/detail/CVE-2021-3177) | Python 3.7.5 | | @@ -66,4 +64,7 @@ MindSpore作为一个同时支持端/边缘/云场景的训练推理框架,在 | [CVE-2021-25289](https://nvd.nist.gov/vuln/detail/CVE-2021-25289), [CVE-2021-25290](https://nvd.nist.gov/vuln/detail/CVE-2021-25290), [CVE-2021-25291](https://nvd.nist.gov/vuln/detail/CVE-2021-25291), [CVE-2021-25292](https://nvd.nist.gov/vuln/detail/CVE-2021-25292), [CVE-2021-25293](https://nvd.nist.gov/vuln/detail/CVE-2021-25293), [CVE-2021-27921](https://nvd.nist.gov/vuln/detail/CVE-2021-27921), [CVE-2021-27922](https://nvd.nist.gov/vuln/detail/CVE-2021-27922), [CVE-2021-27923](https://nvd.nist.gov/vuln/detail/CVE-2021-27923) | Pillow < 8.1.1 | 升级至最新的Pillow版本(8.2.0) | | [CVE-2021-25287](https://nvd.nist.gov/vuln/detail/CVE-2021-25287), [CVE-2021-25288](https://nvd.nist.gov/vuln/detail/CVE-2021-25288), [CVE-2021-28675](https://nvd.nist.gov/vuln/detail/CVE-2021-28675), [CVE-2021-28676](https://nvd.nist.gov/vuln/detail/CVE-2021-28676), [CVE-2021-28677](https://nvd.nist.gov/vuln/detail/CVE-2021-28677), [CVE-2021-28678](https://nvd.nist.gov/vuln/detail/CVE-2021-28678) | Pillow < 8.2.0 | 升级至最新的Pillow版本(8.2.0) | | [CVE-2021-34552](https://nvd.nist.gov/vuln/detail/CVE-2021-34552) | Pillow <= 8.2.0 | 升级至最新的Pillow版本(8.4.0) | +| [CVE-2021-41496](https://nvd.nist.gov/vuln/detail/CVE-2021-41496) | NumPy < 1.19 | 升级NumPy版本 >= 1.22.0 | +| [CVE-2021-34141](https://nvd.nist.gov/vuln/detail/CVE-2021-34141) | NumPy < 1.22.0 | 升级NumPy版本 >= 1.22.0 | +| [CVE-2021-41495](https://nvd.nist.gov/vuln/detail/CVE-2021-41495) | NumPy <= 1.22.0 | 可参考[issue](https://gitee.com/mindspore/mindspore/issues/I4NRZ9?from=project-issue) |