Package : salt
CVE ID : CVE-2020-16846 CVE-2020-17490 CVE-2020-25592
Several vulnerabilities were discovered in salt, a powerful remote
execution manager. The flaws could result in authentication bypass and invocation of Salt SSH, creation of certificates with weak file
permissions via the TLS execution module or shell injections with the
Salt API using the SSH client.
For the stable distribution (buster), these problems have been fixed in