10000 Request to cherrypick a fix into v1.13.1 (v1.8 has a CVE) · Issue #98115 · pytorch/pytorch · GitHub
[go: up one dir, main page]
Skip to content
Request to cherrypick a fix into v1.13.1 (v1.8 has a CVE) #98115
New issue
New issue
Open
Open
Request to cherrypick a fix into v1.13.1 (v1.8 has a CVE)#98115
Labels
module: binariesAnything related to official binaries that we release to userstriagedThis issue has been looked at a team member, and triaged and prioritized into an appropriate module
@shahsmit1

Description

@shahsmit1
shahsmit1
opened on Apr 1, 2023

🐛 Describe the bug

We ran into a CVE on v1.8, details at https://nvd.nist.gov/vuln/detail/CVE-2022-45907. The CVE got fixed in v1.13.1 but this version has a bazel bug which stops us from using it: #92096 (comment).

Since, 1.8 -> 2.0.0 is a major version upgrade (which is a risk for us), the request is to cherrypick the fix for the bazel issue to 1.13: Fix is #92122.

Versions

N/A

cc @seemethere @malfet

Metadata

Metadata

Assignees

No one assigned

    Labels

    module: binariesAnything related to official binaries that we release to userstriagedThis issue has been looked at a team member, and triaged and prioritized into an appropriate module

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      0