CVE-2020-26271

In affected versions of TensorFlow under certain cases, loading a saved model
can result in accessing uninitialized memory while building the computation
graph. The MakeEdge function creates an edge between one output tensor of the
src node (given by output_index) and the input slot of the dst node (given by
input_index). This is only possible if the types of the tensors on both sides
coincide, so the function begins by obtaining the corresponding DataType values
and comparing these for equality. However, there is no check that the indices
point to inside of the arrays they index into. Thus, this can result in
accessing data out of bounds of the corresponding heap allocated arrays. In most
scenarios, this can manifest as unitialized data access, but if the index points
far away from the boundaries of the arrays this can be used to leak addresses
from the library. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2,
and 2.4.0.

Affects Leap 15.2 and Factory in both packages. Also tensorflow2 is in a lower version in Factory than in Leap, that shouldn't be the case

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26271
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q263-fvxm-m5mw
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26271
https://github.com/tensorflow/tensorflow/commit/0cc38aaa4064fd9e79101994ce9872c6d91f816b