From 7ac78dd934bea5f6ea8bc4a817873672c97e03db Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Mon, 6 Jul 2020 17:58:19 +0200
Subject: Add TODO item for CVE-2019-20892

It has been claimed that the issue does not affect 5.7.3, but this
should be proven first. While it is correct that the poc does not
trigger the issue, we need to find where the issue has been introduced.
---
 data/CVE/list | 1 +
 1 file changed, 1 insertion(+)

(limited to 'data')

diff --git a/data/CVE/list b/data/CVE/list
index ace83345d9..7aa86de91b 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1380,6 +1380,7 @@ CVE-2019-20892 (net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStat
 	NOTE: https://github.com/net-snmp/net-snmp/commit/87bd90d04f20dd3f73e3e7e631a442ccd419b9d3
 	NOTE: Extra patches to address memory leaks:
 	NOTE: https://salsa.debian.org/debian/net-snmp/-/merge_requests/3
+	TODO: It is claimed that the issue does not affect older versions than 5.8, but no source evidence has been yet shown
 CVE-2019-20891 (WooCommerce before 3.6.5, when it handles CSV imports of products, has ...)
 	NOT-FOR-US: WooCommerce
 CVE-2020-14929 (Alpine before 2.23 silently proceeds to use an insecure connection aft ...)
-- 
cgit v1.2.3