From e5e2db412ce30806805c4e3e3b8b5644729bd27b Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 26 Jan 2022 09:58:05 +0100
Subject: Add CVE-2022-0338/loguru

I'm marking this as unimportant as the action taken by upstream seems to
be to clarify the documentation with respect to security considerations
to be taken and documenting best practices.
---
 data/CVE/list.2022 | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/data/CVE/list.2022 b/data/CVE/list.2022
index ceb76a8a34..864c8bcac7 100644
--- a/data/CVE/list.2022
+++ b/data/CVE/list.2022
@@ -319,7 +319,10 @@ CVE-2022-23849
 CVE-2022-0339
 	RESERVED
 CVE-2022-0338 (Improper Privilege Management in Conda loguru prior to 0.5.3. ...)
-	TODO: check
+	- loguru <unfixed> (unimportant)
+	NOTE: https://huntr.dev/bounties/359bea50-2bc6-426a-b2f9-175d401b1ed0/
+	NOTE: Document best practices for security: https://github.com/delgan/loguru/commit/ea39375e62f9b8f18e2ca798a5c0fb8c972b7eaa
+	NOTE: loguru documents security considerations and best practices to follow
 CVE-2022-23848
 	RESERVED
 CVE-2022-23847
-- 
cgit v1.2.3