From 0941e7f42661e92760636e631343381a89af081f Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sat, 27 Feb 2021 11:43:15 +0100
Subject: Three more salt issues

---
 data/CVE/2020.list | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'data/CVE/2020.list')

diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index be67e1c233..4dd50f23ed 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1398,7 +1398,8 @@ CVE-2020-35664 (An issue was discovered in Acronis Cyber Protect before 15 Updat
 CVE-2020-35663
 	RESERVED
 CVE-2020-35662 (In SaltStack Salt before 3002.5, when authenticating to services using ...)
-	TODO: check
+	- salt <unfixed>
+	NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
 CVE-2020-35661
 	RESERVED
 CVE-2020-35660
@@ -4378,7 +4379,8 @@ CVE-2020-28975 (** DISPUTED ** svm_predict_values in svm.cpp in Libsvm v324, as
 CVE-2020-28973
 	RESERVED
 CVE-2020-28972 (In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsp ...)
-	TODO: check
+	- salt <unfixed>
+	NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
 CVE-2020-26235 (In Rust time crate from version 0.2.7 and before version 0.2.23, unix- ...)
 	- rust-time <not-affected> (Vulnerable methods introduced in v0.2.7)
 	NOTE: https://github.com/time-rs/time/security/advisories/GHSA-wcg3-cvx6-7396
@@ -6031,7 +6033,8 @@ CVE-2020-28245
 CVE-2020-28244
 	RESERVED
 CVE-2020-28243 (An issue was discovered in SaltStack Salt before 3002.5. The minion's  ...)
-	TODO: check
+	- salt <unfixed>
+	NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
 CVE-2020-28242 (An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 1 ...)
 	- asterisk 1:16.15.0~dfsg-1 (bug #974713)
 	[buster] - asterisk <no-dsa> (Minor issue)
-- 
cgit v1.2.3