Bug#1116536: marked as done (pytorch: CVE-2025-55552)

Fri, 02 Jan 2026 02:04:27 -0800 

Your message dated Fri, 02 Jan 2026 10:00:21 +0000
with message-id <[email protected]>
and subject line Bug#1116536: fixed in pytorch 2.9.0+dfsg-1~exp1
has caused the Debian Bug report #1116536,
regarding pytorch: CVE-2025-55552
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1116536: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116536
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: pytorch
Version: 2.6.0+dfsg-9
Severity: important
Tags: security upstream
Forwarded: https://github.com/pytorch/pytorch/issues/147847
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

Hi,

The following vulnerability was published for pytorch.

CVE-2025-55552[0]:
| pytorch v2.8.0 was discovered to display unexpected behavior when
| the components torch.rot90 and torch.randn_like are used together.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-55552
    https://www.cve.org/CVERecord?id=CVE-2025-55552
[1] https://github.com/pytorch/pytorch/issues/147847

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: pytorch
Source-Version: 2.9.0+dfsg-1~exp1
Done: Shengqi Chen <[email protected]>

We believe that the bug you reported is fixed in the latest version of
pytorch, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Shengqi Chen <[email protected]> (supplier of updated pytorch package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 28 Dec 2025 23:37:08 +0800
Source: pytorch
Binary: libtorch-dev libtorch-test libtorch-test-dbgsym libtorch2.9 
libtorch2.9-dbgsym python3-torch python3-torch-dbgsym
Architecture: source amd64
Version: 2.9.0+dfsg-1~exp1
Distribution: experimental
Urgency: medium
Maintainer: Debian Deep Learning Team <[email protected]>
Changed-By: Shengqi Chen <[email protected]>
Description:
 libtorch-dev - Tensors and Dynamic neural networks in Python (Development 
Files)
 libtorch-test - Tensors and Dynamic neural networks in Python (Test Binaries)
 libtorch2.9 - Tensors and Dynamic neural networks in Python (Shared Objects)
 python3-torch - Tensors and Dynamic neural networks in Python (Python 
Interface)
Closes: 1102229 1102230 1102231 1102233 1103455 1116531 1116532 1116533 1116535 
1116536 1116538 1116539 1116540 1116541 1116542 1124061
Changes:
 pytorch (2.9.0+dfsg-1~exp1) experimental; urgency=medium
 .
   * d/copyright: exclude more bundled third-party sources from source tar.
   * New upstream version 2.9.0+dfsg.
     + bump SONAME to libtorch2.9.
     + update embedded version of kineto and pocketfft.
     + d/copyright: change path of embedded folders.
     + fix CVE-2025-2953  (closes: #1102229).
     + fix CVE-2025-2998  (closes: #1102230).
     + fix CVE-2025-2999  (closes: #1102231).
     + fix CVE-2025-3001  (closes: #1102233).
     + fix CVE-2025-3730  (closes: #1103455).
     + fix CVE-2025-55560 (closes: #1116531).
     + fix CVE-2025-55558 (closes: #1116532).
     + fix CVE-2025-55557 (closes: #1116533).
     + fix CVE-2025-55553 (closes: #1116535).
     + fix CVE-2025-55552 (closes: #1116536).
     + fix CVE-2025-46153 (closes: #1116538).
     + fix CVE-2025-46152 (closes: #1116539).
     + fix CVE-2025-46150 (closes: #1116540).
     + fix CVE-2025-46149 (closes: #1116541).
     + fix CVE-2025-46148 (closes: #1116542).
     + Update lintian-overrides patterns.
   * d/control:
     + bump std-ver to 4.7.3 (no changes required).
     + add libconcurrentqueue-dev in B-D.
     + add new Python B-Ds from pyproject.toml.
   * d/patches:
     + refresh existing patches, remove applied.
     + add missing gloo to libraries needed by tests.
     + do not link libtorch_python against libtorch.
   * d/: switch to llvm-21 toolchain (closes: #1124061).
   * Switch to PEP-517 build system:
     + d/control: add pybuild-plugin-pyproject in B-D.
     + d/rules: use pip to build instead of directly calling setup.py.
Checksums-Sha1:
 e599d618ba07b4954fa6f9baa6e03611fe11092e 3807 pytorch_2.9.0+dfsg-1~exp1.dsc
 ce6edf7fce23dff9ce68bef91ca8fdf2606ebde7 33031796 
pytorch_2.9.0+dfsg.orig.tar.xz
 a107369399f41e19ff0016a1e8ebcf5c7b9c2376 219080 
pytorch_2.9.0+dfsg-1~exp1.debian.tar.xz
 3ecf01e738c503a66a14f1c4f67356639fd7dde5 2749080 
libtorch-dev_2.9.0+dfsg-1~exp1_amd64.deb
 848c127f026d5c1d5787d0663331730f5be2bfed 60508844 
libtorch-test-dbgsym_2.9.0+dfsg-1~exp1_amd64.deb
 d71a4ef1d36e62b4af26491171d071e5adced8d3 8537612 
libtorch-test_2.9.0+dfsg-1~exp1_amd64.deb
 adbe7c198ab460b95fc577112224b0ee7325009c 347039092 
libtorch2.9-dbgsym_2.9.0+dfsg-1~exp1_amd64.deb
 cf20c3a7caf0e7b83a9c76aea0100a9c3db4c1e0 62743412 
libtorch2.9_2.9.0+dfsg-1~exp1_amd64.deb
 3c977249d79133cd69a48b95fcc326a50080e9e6 45250212 
python3-torch-dbgsym_2.9.0+dfsg-1~exp1_amd64.deb
 0bef293295c84741d84b2b6440d71f613df08d9d 10909288 
python3-torch_2.9.0+dfsg-1~exp1_amd64.deb
 2a5bf2bba0dc1f15248263a0178c7255623c7143 15899 
pytorch_2.9.0+dfsg-1~exp1_amd64.buildinfo
Checksums-Sha256:
 eeda654ce497e3697615c75a9b60b453c1b3898e295db23a7a687100d7bc8968 3807 
pytorch_2.9.0+dfsg-1~exp1.dsc
 0f7e118be257a8b9c44c4d94d71d5c6cc543c60a58f0e3e44d0c5599d91bc0e2 33031796 
pytorch_2.9.0+dfsg.orig.tar.xz
 3a185b87f07b746e5fef6ac044cc5e15a35f8a57c969c7bc54483b22ffd0277d 219080 
pytorch_2.9.0+dfsg-1~exp1.debian.tar.xz
 71f31f52a08087bbf6bc5a7f25f47ca6596f50d5e10a70918c3805c6788230d9 2749080 
libtorch-dev_2.9.0+dfsg-1~exp1_amd64.deb
 517aebb5ef58ed0363c412c9517a961a5a1b05f3c8f5fa8ccd778f220845ce23 60508844 
libtorch-test-dbgsym_2.9.0+dfsg-1~exp1_amd64.deb
 7fdacd32d37e5a73a0acaa30a38b262a9666070c7f9ecb75c21e98b78d302212 8537612 
libtorch-test_2.9.0+dfsg-1~exp1_amd64.deb
 7ad7a930562d64128377d91d925322795b739c521d0eafd6f9c1b79a6592dad1 347039092 
libtorch2.9-dbgsym_2.9.0+dfsg-1~exp1_amd64.deb
 d69bc633a36bd60f75f5fcd7a4adcd6fa3337498a8305e8e813e7ec7538fb13a 62743412 
libtorch2.9_2.9.0+dfsg-1~exp1_amd64.deb
 196ed599fb07b38079d4293c2b9e79d76d1120094a546e9d243dd3b6731df72d 45250212 
python3-torch-dbgsym_2.9.0+dfsg-1~exp1_amd64.deb
 f6ceb2557c7efd6a77bb3a9ec2f62bc5d2f47eada5e52ec5df8c17a891e13b77 10909288 
python3-torch_2.9.0+dfsg-1~exp1_amd64.deb
 e2f79998de7ea6b79870a6dc7e2771cbda4f97fc0ea0b1ca9f00ac271a1c39f9 15899 
pytorch_2.9.0+dfsg-1~exp1_amd64.buildinfo
Files:
 59389721cfcb147ca7ecd34960f3afa6 3807 science optional 
pytorch_2.9.0+dfsg-1~exp1.dsc
 db1b72fa8e37943d462508103adf3fcd 33031796 science optional 
pytorch_2.9.0+dfsg.orig.tar.xz
 22cf407fcac8d64ce64770678555495b 219080 science optional 
pytorch_2.9.0+dfsg-1~exp1.debian.tar.xz
 5989929929e86137245fc83fb7a9a04c 2749080 libdevel optional 
libtorch-dev_2.9.0+dfsg-1~exp1_amd64.deb
 d5991ac4a0df6e07b4da77ffc6e24ddf 60508844 debug optional 
libtorch-test-dbgsym_2.9.0+dfsg-1~exp1_amd64.deb
 4caf4aaac08efbd6ca460f7918e01338 8537612 libs optional 
libtorch-test_2.9.0+dfsg-1~exp1_amd64.deb
 221b3325e5f6cd6eb1857aef9e4e1519 347039092 debug optional 
libtorch2.9-dbgsym_2.9.0+dfsg-1~exp1_amd64.deb
 68a7c92f5cb281e13498c682ea2ad35e 62743412 libs optional 
libtorch2.9_2.9.0+dfsg-1~exp1_amd64.deb
 7ecfceef3bb99a8a372e48de0e8657b5 45250212 debug optional 
python3-torch-dbgsym_2.9.0+dfsg-1~exp1_amd64.deb
 0d1394778fd9d17b887e081edc57f070 10909288 python optional 
python3-torch_2.9.0+dfsg-1~exp1_amd64.deb
 de44db219f7fb5b06fd0d528e2e0d09c 15899 science optional 
pytorch_2.9.0+dfsg-1~exp1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE+Fg++qmpHzqjSzySzhGnsHs6uUYFAmlRUlQACgkQzhGnsHs6
uUbaAxAAgMQfFuihcho3vauPmkK3fT9MVexVYmlUHnimcjED0TJD2sDuHM5BhGbo
oyeGLoe9uGtaVfiSgI+DnnTcFA3EyIabkY91DJEjwaTnw4z9y7LurWwz0zgyETLN
LFb8sFkrQwGX9cy/SMSEtFfN8H8I9Qq4ReYNECuuQyu+kUuomXY+4wzWIB37FNPS
XXV+f/QwG550+wMs5+BS2dRCXhqiJEf25Ou7OcxIB5jxqNgsaAdoQofPJfcRPafq
MKRW5KO6ISDbc8U08YFxYn0Vt7ntb2qQfgPzLypuaviV+t1wPEC8LAhL/YiSp/34
48SSMbkAiuPvmq0nv/gd8Nnl7b2u2GmEM3VIKZNMD4fyw/1colV15AIvf2ZDzaxx
O1CqUOVGAdk0/PJuQ40fdlkdzhglrNrQW7Z7tRVZXOORmRmov4yX4hF4b0i9yj7v
0MVLwBsijCqUFpu0lZYGHkfMFpD4ok/Bkz4kQkfxXF6eeofLXtJ38P2uej3oM2mD
7E5UYj4QlaorDaetPVLu+sujo2dRlKRXI2fqYsFINBerr3VfEAw2MyETJN8xjKOe
9f2WLJDYSPA45zljWXmp2dzRUWQKVuIg+PYOkfPEVp+Wsmjtnu54aOFIFIxyh0Mx
p1h7IUIPTHHZ+4uz9C/7SOqUJXKKa6iy9/uJ588nyJ+ZAD63TOc=
=v2Qo
-----END PGP SIGNATURE-----

Attachment: pgpeMiC_sSs6c.pgp
Description: PGP signature


--- End Message ---

Reply via email to