Add TODO item for CVE-2019-20892

It has been claimed that the issue does not affect 5.7.3, but this should be proven first. While it is correct that the poc does not trigger the issue, we need to find where the issue has been introduced.
author: Salvatore Bonaccorso <carnil@debian.org> 2020-07-06 17:58:19 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2020-07-06 17:58:19 +0200
commit: 7ac78dd934bea5f6ea8bc4a817873672c97e03db (patch)
tree: 04bc48f216847e6a0192eae1862e454f03612bb9 /data
parent: bfd99bdd15be5d14fa370f4d5427ed8dd25ce685 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/data/CVE/list b/data/CVE/list
index ace83345d9..7aa86de91b 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1380,6 +1380,7 @@ CVE-2019-20892 (net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStat
 	NOTE: https://github.com/net-snmp/net-snmp/commit/87bd90d04f20dd3f73e3e7e631a442ccd419b9d3
 	NOTE: Extra patches to address memory leaks:
 	NOTE: https://salsa.debian.org/debian/net-snmp/-/merge_requests/3
+	TODO: It is claimed that the issue does not affect older versions than 5.8, but no source evidence has been yet shown
 CVE-2019-20891 (WooCommerce before 3.6.5, when it handles CSV imports of products, has ...)
 	NOT-FOR-US: WooCommerce
 CVE-2020-14929 (Alpine before 2.23 silently proceeds to use an insecure connection aft ...)
author	Salvatore Bonaccorso <carnil@debian.org>	2020-07-06 17:58:19 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2020-07-06 17:58:19 +0200
commit	7ac78dd934bea5f6ea8bc4a817873672c97e03db (patch)
tree	04bc48f216847e6a0192eae1862e454f03612bb9 /data
parent	bfd99bdd15be5d14fa370f4d5427ed8dd25ce685 (diff)