CVE-2022-45907: In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely. Patch at: https://github.com/pytorch/pytorch/commit/767f6aa49fe20a2766b9843d01e3b7f7793df6a3
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1b1b577bb33b34295e8cad2294c5486ee50200cf commit 1b1b577bb33b34295e8cad2294c5486ee50200cf Author: Alfredo Tupone <tupone@gentoo.org> AuthorDate: 2022-11-30 18:12:11 +0000 Commit: Alfredo Tupone <tupone@gentoo.org> CommitDate: 2022-11-30 18:13:03 +0000 sci-libs/pytorch: fix CVE-2022-45907 Bug: https://bugs.gentoo.org/883381 Signed-off-by: Alfredo Tupone <tupone@gentoo.org> sci-libs/pytorch/Manifest | 1 - .../files/pytorch-1.12.0-CVE-2022-45907.patch | 59 ++++++++++++++++++++++ sci-libs/pytorch/metadata.xml | 11 ---- sci-libs/pytorch/pytorch-1.11.0.ebuild | 58 --------------------- ...orch-1.12.0.ebuild => pytorch-1.12.0-r1.ebuild} | 3 +- 5 files changed, 61 insertions(+), 71 deletions(-)
Thanks, all done!