Bug#1116543: marked as done (pytorch: CVE-2025-46148)

Debian Bug Tracking System Sun, 17 May 2026 21:07:21 -0700

Your message dated Mon, 18 May 2026 04:04:20 +0000
with message-id <[email protected]>
and subject line Bug#1116543: fixed in pytorch 2.12.0+dfsg2-1
has caused the Debian Bug report #1116543,
regarding pytorch: CVE-2025-46148
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1116543: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116543
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Source: pytorch
Version: 2.6.0+dfsg-9
Severity: important
Tags: security upstream
Forwarded: https://github.com/pytorch/pytorch/issues/151198
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

Hi,

The following vulnerability was published for pytorch.

CVE-2025-46148[0]:
| In PyTorch through 2.6.0, when eager is used,
| nn.PairwiseDistance(p=2) produces incorrect results.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-46148
    https://www.cve.org/CVERecord?id=CVE-2025-46148
[1] https://github.com/pytorch/pytorch/issues/151198
[2] https://github.com/pytorch/pytorch/pull/152993
[3] 
https://github.com/pytorch/pytorch/commit/e5f869999cf5429e24fbb5c3923a5c795549b9e7

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: pytorch
Source-Version: 2.12.0+dfsg2-1
Done: Aron Xu <[email protected]>

We believe that the bug you reported is fixed in the latest version of
pytorch, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Aron Xu <[email protected]> (supplier of updated pytorch package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 18 May 2026 11:44:58 +0800
Source: pytorch
Architecture: source
Version: 2.12.0+dfsg2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Deep Learning Team <[email protected]>
Changed-By: Aron Xu <[email protected]>
Closes: 1116543 1126723
Changes:
 pytorch (2.12.0+dfsg2-1) unstable; urgency=medium
 .
   * Upload to unstable. Fixes:
     - CVE-2025-46148, Closes: #1116543
     - CVE-2026-24747, Closes: #1126723
Checksums-Sha1:
 0a0d27367969e77c2642205f4f35d1f859692fa0 3518 pytorch_2.12.0+dfsg2-1.dsc
 9dea2aefe95df6a74ea58f208feed4fcf5170288 253980 
pytorch_2.12.0+dfsg2-1.debian.tar.xz
 70f429826f36aa31cd7b463ce1785e8833967540 8533 
pytorch_2.12.0+dfsg2-1_source.buildinfo
Checksums-Sha256:
 8e85002d5b826c797bbaf1baa40f9d147300dad1a53d4067baf966b7819272e6 3518 
pytorch_2.12.0+dfsg2-1.dsc
 483ece3e4e57ede7637184c9a62a454fccfb8121d3783b8ccc360eae131ed076 253980 
pytorch_2.12.0+dfsg2-1.debian.tar.xz
 3b40e31e575001041ec6f2534d85d2a13ec9bb6aab07843b188dbc8480fe60aa 8533 
pytorch_2.12.0+dfsg2-1_source.buildinfo
Files:
 5d3c0652e5db6fc372aa7203209e65cf 3518 science optional 
pytorch_2.12.0+dfsg2-1.dsc
 c08c44278da6aeb0a95d4160140924e4 253980 science optional 
pytorch_2.12.0+dfsg2-1.debian.tar.xz
 668c6b035af7d0691c85828483ba591c 8533 science optional 
pytorch_2.12.0+dfsg2-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEExq6D0hxncEPaPayX+GQ1dHE8m64FAmoKjTMACgkQ+GQ1dHE8
m655jwgA15rx5XVRF3fTOyF0IZAp4s+PDxxLZUsODnPm8BeYsFvXOpUwsu8FB38B
fzkcLw4U4C/FuenvQhGxkE9bh8DkChz0Wst6L2CrkpeMArG5ePPuJYzoZLlEnU29
dQ3AWFqH1sQ9WnHlf13ZUy2fQztPSVkYHvhJeoWcc5b+x3WGTR7icZunPhfd7eQH
GlMLXE7Cdb8z6NttIE06Zymz1oSM81mFrUK67IkyWSwshmtpJUvwIcy69o1Xdpsu
xX6KhniJtPZNhF+SzXqkHwxxmVfu0mDv3WqPioggg6JWOlnj73ZTWpABb8dId0fL
022pMCjhwrhDgwYqu/wO/4o8IEaO7Q==
=Av6S
-----END PGP SIGNATURE-----

pgpdX02bVq0YB.pgp
Description: PGP signature

--- End Message ---

Bug#1116543: marked as done (pytorch: CVE-2025-46148)

Reply via email to