Debian hasn't fixed this yet in their packaging so you might want to work around that if you are using that as a salt-master server.

https://security-tracker.debian.org/tracker/CVE-2020-11651