[cherry-pick]update pdsa-2023-019 (#60649)

* update 2023 security advisory, test=document_fix * update pdsa-2023-019, test=document_fix
PaddlePaddle · Jan 9, 2024 · ccdf528 · ccdf528
1 parent bbc13eb
commit ccdf528
Show file tree

Hide file tree

Showing 5 changed files with 7 additions and 7 deletions.
diff --git a/security/README.md b/security/README.md
@@ -13,7 +13,7 @@ We regularly publish security advisories about using PaddlePaddle.
 | [PDSA-2023-022](./advisory/pdsa-2023-022.md) | FPE in paddle.argmin and paddle.argmax               |      < 2.6.0      | Peng Zhou (zpbrent) from Shanghai University                    |                        |
 | [PDSA-2023-021](./advisory/pdsa-2023-021.md) | Null pointer dereference in paddle.crop              |      < 2.6.0      | Peng Zhou (zpbrent) from Shanghai University                    |                        |
 | [PDSA-2023-020](./advisory/pdsa-2023-020.md) | Command injection in _wget_download                  |      < 2.6.0      | huntr.com                                                       |                        |
-| [PDSA-2023-019](./advisory/pdsa-2023-019.md) | Command injection in get_online_pass_interval        |      < 2.6.0      | huntr.com                                                       |                        |
+| [PDSA-2023-019](./advisory/pdsa-2023-019.md) | Command injection in get_online_pass_interval        |      < 2.6.0      | huntr.com and leeya_bug                                         |                        |
 | [PDSA-2023-018](./advisory/pdsa-2023-018.md) | Heap buffer overflow in paddle.repeat_interleave     |      < 2.6.0      | Tong Liu of CAS-IIE                                             |                        |
 | [PDSA-2023-017](./advisory/pdsa-2023-017.md) | FPE in paddle.amin                                   |      < 2.6.0      | Tong Liu of CAS-IIE                                             |                        |
 | [PDSA-2023-016](./advisory/pdsa-2023-016.md) | Stack overflow in paddle.linalg.lu_unpack            |      < 2.6.0      | Tong Liu of CAS-IIE                                             |                        |

diff --git a/security/README_cn.md b/security/README_cn.md
@@ -13,7 +13,7 @@
 | [PDSA-2023-022](./advisory/pdsa-2023-022_cn.md) | FPE in paddle.argmin and paddle.argmax               |   < 2.6.0   | Peng Zhou (zpbrent) from Shanghai University                    |    |
 | [PDSA-2023-021](./advisory/pdsa-2023-021_cn.md) | Null pointer dereference in paddle.crop              |   < 2.6.0   | Peng Zhou (zpbrent) from Shanghai University                    |    |
 | [PDSA-2023-020](./advisory/pdsa-2023-020_cn.md) | Command injection in _wget_download                  |   < 2.6.0   | huntr.com                                                       |    |
-| [PDSA-2023-019](./advisory/pdsa-2023-019_cn.md) | Command injection in get_online_pass_interval        |   < 2.6.0   | huntr.com                                                       |    |
+| [PDSA-2023-019](./advisory/pdsa-2023-019_cn.md) | Command injection in get_online_pass_interval        |   < 2.6.0   | huntr.com and leeya_bug                                         |    |
 | [PDSA-2023-018](./advisory/pdsa-2023-018_cn.md) | Heap buffer overflow in paddle.repeat_interleave     |   < 2.6.0   | Tong Liu of CAS-IIE                                             |    |
 | [PDSA-2023-017](./advisory/pdsa-2023-017_cn.md) | FPE in paddle.amin                                   |   < 2.6.0   | Tong Liu of CAS-IIE                                             |    |
 | [PDSA-2023-016](./advisory/pdsa-2023-016_cn.md) | Stack overflow in paddle.linalg.lu_unpack            |   < 2.6.0   | Tong Liu of CAS-IIE                                             |    |

diff --git a/security/README_ja.md b/security/README_ja.md
@@ -13,7 +13,7 @@ PaddlePaddle の使用に関するセキュリティ勧告を定期的に発表
 | [PDSA-2023-022](./advisory/pdsa-2023-022.md) | FPE in paddle.argmin and paddle.argmax               |   < 2.6.0   | Peng Zhou (zpbrent) from Shanghai University                    |      |
 | [PDSA-2023-021](./advisory/pdsa-2023-021.md) | Null pointer dereference in paddle.crop              |   < 2.6.0   | Peng Zhou (zpbrent) from Shanghai University                    |      |
 | [PDSA-2023-020](./advisory/pdsa-2023-020.md) | Command injection in _wget_download                  |   < 2.6.0   | huntr.com                                                       |      |
-| [PDSA-2023-019](./advisory/pdsa-2023-019.md) | Command injection in get_online_pass_interval        |   < 2.6.0   | huntr.com                                                       |      |
+| [PDSA-2023-019](./advisory/pdsa-2023-019.md) | Command injection in get_online_pass_interval        |   < 2.6.0   | huntr.com and leeya_bug                                         |      |
 | [PDSA-2023-018](./advisory/pdsa-2023-018.md) | Heap buffer overflow in paddle.repeat_interleave     |   < 2.6.0   | Tong Liu of CAS-IIE                                             |      |
 | [PDSA-2023-017](./advisory/pdsa-2023-017.md) | FPE in paddle.amin                                   |   < 2.6.0   | Tong Liu of CAS-IIE                                             |      |
 | [PDSA-2023-016](./advisory/pdsa-2023-016.md) | Stack overflow in paddle.linalg.lu_unpack            |   < 2.6.0   | Tong Liu of CAS-IIE                                             |      |

diff --git a/security/advisory/pdsa-2023-019.md b/security/advisory/pdsa-2023-019.md
@@ -23,7 +23,7 @@ online_pass_interval = fleet_util.get_online_pass_interval(
 
 ### Patches
 
-We have patched the issue in commit [1aae481dfd7d2055c801563e254f1484b974b68e](https://github.com/PaddlePaddle/Paddle/pull/60023/commits/1aae481dfd7d2055c801563e254f1484b974b68e).
+We have patched the issue in commits [1aae481dfd7d2055c801563e254f1484b974b68e](https://github.com/PaddlePaddle/Paddle/pull/60023/commits/1aae481dfd7d2055c801563e254f1484b974b68e), [c62d87eb91c84154af40946f17205d86f608866b](https://github.com/PaddlePaddle/Paddle/pull/60544/commits/c62d87eb91c84154af40946f17205d86f608866b) and [f8560c903c80450e37b8f304a9cd8207678f2f83](https://github.com/PaddlePaddle/Paddle/pull/60615/commits/f8560c903c80450e37b8f304a9cd8207678f2f83).
 The fix will be included in PaddlePaddle 2.6.0.
 
 ### For more information
@@ -32,4 +32,4 @@ Please consult [our security guide](../../SECURITY.md) for more information rega
 
 ### Attribution
 
-This vulnerability has been reported by huntr.com.
+This vulnerability has been reported by huntr.com and leeya_bug.
diff --git a/security/advisory/pdsa-2023-019_cn.md b/security/advisory/pdsa-2023-019_cn.md
@@ -23,7 +23,7 @@ online_pass_interval = fleet_util.get_online_pass_interval(
 
 ### 补丁
 
-我们在commit [1aae481dfd7d2055c801563e254f1484b974b68e](https://github.com/PaddlePaddle/Paddle/pull/60023/commits/1aae481dfd7d2055c801563e254f1484b974b68e)中对此问题进行了补丁。
+我们在commits [1aae481dfd7d2055c801563e254f1484b974b68e](https://github.com/PaddlePaddle/Paddle/pull/60023/commits/1aae481dfd7d2055c801563e254f1484b974b68e)、[c62d87eb91c84154af40946f17205d86f608866b](https://github.com/PaddlePaddle/Paddle/pull/60544/commits/c62d87eb91c84154af40946f17205d86f608866b) 和 [f8560c903c80450e37b8f304a9cd8207678f2f83](https://github.com/PaddlePaddle/Paddle/pull/60615/commits/f8560c903c80450e37b8f304a9cd8207678f2f83) 中对此问题进行了补丁。
 修复将包含在飞桨2.6.0版本当中。
 
 ### 更多信息
@@ -32,4 +32,4 @@ online_pass_interval = fleet_util.get_online_pass_interval(
 
 ### 贡献者
 
-此漏洞由 huntr.com 提交。
+此漏洞由 huntr.com 和 leeya_bug 提交。