Update GHSA-c5x2-p679-95wc.json with two new supplementary fix patches

[decsecre583]

Updates

• References

Comments

• These patches are across different branches but all serving as the supplementary fixes.
• Add a patch commit tensorflow/tensorflow@965b97e as it is a subsequent supplementary fix for the vulnerability.
• Add a patch commit tensorflow/tensorflow@8774b05 as it is a subsequent supplementary fix for the vulnerability.

[helixplant]

Hi @decsecre583,
Thank you for your interest in TensorFlow and GHSA-c5x2-p679-95wc, but we're not accepting the pull request because the scope of GHSA-c5x2-p679-95wc is limited to the vulnerability and its immediate fix, not later supplementary commits.

[decsecre583]

@helixplant Thank you for you quick feedback! I believe this fix is related to the vulnerability because the CVE description highlights a null pointer dereference issue in tf.raw_ops.SparseTensorSliceDataset due to improper validation when either indices or values are empty.

• The initial commit directly addresses this by enforcing that 'when indices are empty then the values must be empty too (and the reverse),' which is confirmed by adding a test for invalid sparse tensor inputs.
• The subsequent commit further enhanced the fix by adding comprehensive input validation to ensure that indices, values, and dense_shape are structurally consistent and non-empty before any operations are performed, preventing null pointer dereference. So only these two commits work together the vulenrability is completely fixed.
• Could you review the commits again to include the necessary fixes for the sake of the community to avoid incomplete fix alone? Many thx!