home  bbs  files  messages ]

      ZZLI4416             linux.debian.bugs.dist             15094 messages      

[ previous | next | reply ]

[ list messages | list forums ]

  Msg # 14852 of 15094 on ZZLI4416, Monday 9-28-25, 1:55  
  From: SALVATORE BONACCORSO  
  To: ALL  
  Subj: Bug#1116538: pytorch: CVE-2025-46153  
 From: carnil@debian.org 
  
 Source: pytorch 
 Version: 2.6.0+dfsg-9 
 Severity: important 
 Tags: security upstream 
 Forwarded: https://github.com/pytorch/pytorch/issues/142853 
 X-Debbugs-Cc: carnil@debian.org, Debian Security Team  
  
 Hi, 
  
 The following vulnerability was published for pytorch. 
  
 CVE-2025-46153[0]: 
 | PyTorch before 3.7.0 has a bernoulli_p decompose function in 
 | decompositions.py even though it lacks full consistency with the 
 | eager CPU implementation, negatively affecting nn.Dropout1d, 
 | nn.Dropout2d, and nn.Dropout3d for fallback_random=True. 
  
  
 If you fix the vulnerability please also make sure to include the 
 CVE (Common Vulnerabilities & Exposures) id in your changelog entry. 
  
 For further information see: 
  
 [0] https://security-tracker.debian.org/tracker/CVE-2025-46153 
     https://www.cve.org/CVERecord?id=CVE-2025-46153 
 [1] https://github.com/pytorch/pytorch/issues/142853 
 [2] https://github.com/pytorch/pytorch/pull/143460 
 [3] https://github.com/pytorch/pytorch/commit/288aa873831057b1eb 
 d747914ec4fdc76c23a80 
  
 Please adjust the affected versions in the BTS as needed. 
  
 Regards, 
 Salvatore 
  
 --- SoupGate-Win32 v1.05 
  * Origin: you cannot sedate... all the things you hate (1:229/2) 

[ list messages | list forums | previous | next | reply ]

search for:

328,120 visits
(c) 1994,  bbs@darkrealms.ca