From 3f7c541bd174b292214f6b951d27f07db7c0e4a1 Mon Sep 17 00:00:00 2001 From: "haowen.han@mthreads.com" Date: Mon, 13 May 2024 13:29:55 +0800 Subject: [PATCH] Revert "[cherry-pick]update pdsa-2023-019 (#60649)" This reverts commit ccdf5282b0b0aa495b59dfd5aa9d23e659b09147. --- security/README.md | 2 +- security/README_cn.md | 2 +- security/README_ja.md | 2 +- security/advisory/pdsa-2023-019.md | 4 ++-- security/advisory/pdsa-2023-019_cn.md | 4 ++-- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/security/README.md b/security/README.md index 7a1c6df5a5f7a..9bcc28bc31895 100644 --- a/security/README.md +++ b/security/README.md @@ -13,7 +13,7 @@ We regularly publish security advisories about using PaddlePaddle. | [PDSA-2023-022](./advisory/pdsa-2023-022.md) | FPE in paddle.argmin and paddle.argmax | < 2.6.0 | Peng Zhou (zpbrent) from Shanghai University | | | [PDSA-2023-021](./advisory/pdsa-2023-021.md) | Null pointer dereference in paddle.crop | < 2.6.0 | Peng Zhou (zpbrent) from Shanghai University | | | [PDSA-2023-020](./advisory/pdsa-2023-020.md) | Command injection in _wget_download | < 2.6.0 | huntr.com | | -| [PDSA-2023-019](./advisory/pdsa-2023-019.md) | Command injection in get_online_pass_interval | < 2.6.0 | huntr.com and leeya_bug | | +| [PDSA-2023-019](./advisory/pdsa-2023-019.md) | Command injection in get_online_pass_interval | < 2.6.0 | huntr.com | | | [PDSA-2023-018](./advisory/pdsa-2023-018.md) | Heap buffer overflow in paddle.repeat_interleave | < 2.6.0 | Tong Liu of CAS-IIE | | | [PDSA-2023-017](./advisory/pdsa-2023-017.md) | FPE in paddle.amin | < 2.6.0 | Tong Liu of CAS-IIE | | | [PDSA-2023-016](./advisory/pdsa-2023-016.md) | Stack overflow in paddle.linalg.lu_unpack | < 2.6.0 | Tong Liu of CAS-IIE | | diff --git a/security/README_cn.md b/security/README_cn.md index 7022221643a42..0cd8a9743b5be 100644 --- a/security/README_cn.md +++ b/security/README_cn.md @@ -13,7 +13,7 @@ | [PDSA-2023-022](./advisory/pdsa-2023-022_cn.md) | FPE in paddle.argmin and paddle.argmax | < 2.6.0 | Peng Zhou (zpbrent) from Shanghai University | | | [PDSA-2023-021](./advisory/pdsa-2023-021_cn.md) | Null pointer dereference in paddle.crop | < 2.6.0 | Peng Zhou (zpbrent) from Shanghai University | | | [PDSA-2023-020](./advisory/pdsa-2023-020_cn.md) | Command injection in _wget_download | < 2.6.0 | huntr.com | | -| [PDSA-2023-019](./advisory/pdsa-2023-019_cn.md) | Command injection in get_online_pass_interval | < 2.6.0 | huntr.com and leeya_bug | | +| [PDSA-2023-019](./advisory/pdsa-2023-019_cn.md) | Command injection in get_online_pass_interval | < 2.6.0 | huntr.com | | | [PDSA-2023-018](./advisory/pdsa-2023-018_cn.md) | Heap buffer overflow in paddle.repeat_interleave | < 2.6.0 | Tong Liu of CAS-IIE | | | [PDSA-2023-017](./advisory/pdsa-2023-017_cn.md) | FPE in paddle.amin | < 2.6.0 | Tong Liu of CAS-IIE | | | [PDSA-2023-016](./advisory/pdsa-2023-016_cn.md) | Stack overflow in paddle.linalg.lu_unpack | < 2.6.0 | Tong Liu of CAS-IIE | | diff --git a/security/README_ja.md b/security/README_ja.md index 2711a91396b5e..1841cfe8aa6fb 100644 --- a/security/README_ja.md +++ b/security/README_ja.md @@ -13,7 +13,7 @@ PaddlePaddle の使用に関するセキュリティ勧告を定期的に発表 | [PDSA-2023-022](./advisory/pdsa-2023-022.md) | FPE in paddle.argmin and paddle.argmax | < 2.6.0 | Peng Zhou (zpbrent) from Shanghai University | | | [PDSA-2023-021](./advisory/pdsa-2023-021.md) | Null pointer dereference in paddle.crop | < 2.6.0 | Peng Zhou (zpbrent) from Shanghai University | | | [PDSA-2023-020](./advisory/pdsa-2023-020.md) | Command injection in _wget_download | < 2.6.0 | huntr.com | | -| [PDSA-2023-019](./advisory/pdsa-2023-019.md) | Command injection in get_online_pass_interval | < 2.6.0 | huntr.com and leeya_bug | | +| [PDSA-2023-019](./advisory/pdsa-2023-019.md) | Command injection in get_online_pass_interval | < 2.6.0 | huntr.com | | | [PDSA-2023-018](./advisory/pdsa-2023-018.md) | Heap buffer overflow in paddle.repeat_interleave | < 2.6.0 | Tong Liu of CAS-IIE | | | [PDSA-2023-017](./advisory/pdsa-2023-017.md) | FPE in paddle.amin | < 2.6.0 | Tong Liu of CAS-IIE | | | [PDSA-2023-016](./advisory/pdsa-2023-016.md) | Stack overflow in paddle.linalg.lu_unpack | < 2.6.0 | Tong Liu of CAS-IIE | | diff --git a/security/advisory/pdsa-2023-019.md b/security/advisory/pdsa-2023-019.md index 78a7b6b3230f5..c496895190bc8 100644 --- a/security/advisory/pdsa-2023-019.md +++ b/security/advisory/pdsa-2023-019.md @@ -23,7 +23,7 @@ online_pass_interval = fleet_util.get_online_pass_interval( ### Patches -We have patched the issue in commits [1aae481dfd7d2055c801563e254f1484b974b68e](https://github.com/PaddlePaddle/Paddle/pull/60023/commits/1aae481dfd7d2055c801563e254f1484b974b68e), [c62d87eb91c84154af40946f17205d86f608866b](https://github.com/PaddlePaddle/Paddle/pull/60544/commits/c62d87eb91c84154af40946f17205d86f608866b) and [f8560c903c80450e37b8f304a9cd8207678f2f83](https://github.com/PaddlePaddle/Paddle/pull/60615/commits/f8560c903c80450e37b8f304a9cd8207678f2f83). +We have patched the issue in commit [1aae481dfd7d2055c801563e254f1484b974b68e](https://github.com/PaddlePaddle/Paddle/pull/60023/commits/1aae481dfd7d2055c801563e254f1484b974b68e). The fix will be included in PaddlePaddle 2.6.0. ### For more information @@ -32,4 +32,4 @@ Please consult [our security guide](../../SECURITY.md) for more information rega ### Attribution -This vulnerability has been reported by huntr.com and leeya_bug. +This vulnerability has been reported by huntr.com. diff --git a/security/advisory/pdsa-2023-019_cn.md b/security/advisory/pdsa-2023-019_cn.md index 096d4c191ebc2..8bab64810ad41 100644 --- a/security/advisory/pdsa-2023-019_cn.md +++ b/security/advisory/pdsa-2023-019_cn.md @@ -23,7 +23,7 @@ online_pass_interval = fleet_util.get_online_pass_interval( ### 补丁 -我们在commits [1aae481dfd7d2055c801563e254f1484b974b68e](https://github.com/PaddlePaddle/Paddle/pull/60023/commits/1aae481dfd7d2055c801563e254f1484b974b68e)、[c62d87eb91c84154af40946f17205d86f608866b](https://github.com/PaddlePaddle/Paddle/pull/60544/commits/c62d87eb91c84154af40946f17205d86f608866b) 和 [f8560c903c80450e37b8f304a9cd8207678f2f83](https://github.com/PaddlePaddle/Paddle/pull/60615/commits/f8560c903c80450e37b8f304a9cd8207678f2f83) 中对此问题进行了补丁。 +我们在commit [1aae481dfd7d2055c801563e254f1484b974b68e](https://github.com/PaddlePaddle/Paddle/pull/60023/commits/1aae481dfd7d2055c801563e254f1484b974b68e)中对此问题进行了补丁。 修复将包含在飞桨2.6.0版本当中。 ### 更多信息 @@ -32,4 +32,4 @@ online_pass_interval = fleet_util.get_online_pass_interval( ### 贡献者 -此漏洞由 huntr.com 和 leeya_bug 提交。 +此漏洞由 huntr.com 提交。