[Git][security-tracker-team/security-tracker][master] Three more salt issues

Salvatore Bonaccorso carnil at debian.org
Sat Feb 27 10:43:39 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b148a321 by Salvatore Bonaccorso at 2021-02-27T11:43:15+01:00
Three more salt issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15335,7 +15335,8 @@ CVE-2020-35664 (An issue was discovered in Acronis Cyber Protect before 15 Updat
 CVE-2020-35663
 	RESERVED
 CVE-2020-35662 (In SaltStack Salt before 3002.5, when authenticating to services using ...)
-	TODO: check
+	- salt <unfixed>
+	NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
 CVE-2020-35661
 	RESERVED
 CVE-2020-35660
@@ -23308,7 +23309,8 @@ CVE-2020-28975 (** DISPUTED ** svm_predict_values in svm.cpp in Libsvm v324, as
 CVE-2020-28973
 	RESERVED
 CVE-2020-28972 (In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsp ...)
-	TODO: check
+	- salt <unfixed>
+	NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
 CVE-2020-26235 (In Rust time crate from version 0.2.7 and before version 0.2.23, unix- ...)
 	- rust-time <not-affected> (Vulnerable methods introduced in v0.2.7)
 	NOTE: https://github.com/time-rs/time/security/advisories/GHSA-wcg3-cvx6-7396
@@ -27652,7 +27654,8 @@ CVE-2020-28245
 CVE-2020-28244
 	RESERVED
 CVE-2020-28243 (An issue was discovered in SaltStack Salt before 3002.5. The minion's  ...)
-	TODO: check
+	- salt <unfixed>
+	NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
 CVE-2020-28242 (An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 1 ...)
 	- asterisk 1:16.15.0~dfsg-1 (bug #974713)
 	[buster] - asterisk <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b148a32113fa91dc67982e5cfed61b3db701b79c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b148a32113fa91dc67982e5cfed61b3db701b79c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210227/7377895b/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list