Add CVE-2022-0338/loguru

I'm marking this as unimportant as the action taken by upstream seems to be to clarify the documentation with respect to security considerations to be taken and documenting best practices.
author: Salvatore Bonaccorso <carnil@debian.org> 2022-01-26 09:58:05 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2022-01-26 09:58:05 +0100
commit: e5e2db412ce30806805c4e3e3b8b5644729bd27b (patch)
tree: 8f2e34afdb9c41cdb2ce890e7d3b3310b541b423
parent: 59c643332e723ce0fa7429334ede6ec9245a25fc (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/data/CVE/list.2022 b/data/CVE/list.2022
index ceb76a8a34..864c8bcac7 100644
--- a/data/CVE/list.2022
+++ b/data/CVE/list.2022
@@ -319,7 +319,10 @@ CVE-2022-23849
 CVE-2022-0339
 	RESERVED
 CVE-2022-0338 (Improper Privilege Management in Conda loguru prior to 0.5.3. ...)
-	TODO: check
+	- loguru <unfixed> (unimportant)
+	NOTE: https://huntr.dev/bounties/359bea50-2bc6-426a-b2f9-175d401b1ed0/
+	NOTE: Document best practices for security: https://github.com/delgan/loguru/commit/ea39375e62f9b8f18e2ca798a5c0fb8c972b7eaa
+	NOTE: loguru documents security considerations and best practices to follow
 CVE-2022-23848
 	RESERVED
 CVE-2022-23847
author	Salvatore Bonaccorso <carnil@debian.org>	2022-01-26 09:58:05 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2022-01-26 09:58:05 +0100
commit	e5e2db412ce30806805c4e3e3b8b5644729bd27b (patch)
tree	8f2e34afdb9c41cdb2ce890e7d3b3310b541b423
parent	59c643332e723ce0fa7429334ede6ec9245a25fc (diff)