Add CVE-2022-0338/loguru

I'm marking this as unimportant as the action taken by upstream seems to be to clarify the documentation with respect to security considerations to be taken and documenting best practices.
author: Salvatore Bonaccorso <carnil@debian.org> 2022-01-26 09:58:05 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2022-01-26 09:58:05 +0100
commit: 3de1b74c2aefbd6c3ad97790c3ce244ee37bdb75 (patch)
tree: 77668ba614f119ad54c6116772cadc87c6620391
parent: 531d24942225d343e54aa73c559503df9c691c63 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/data/CVE/2022.list b/data/CVE/2022.list
index ceb76a8a34..864c8bcac7 100644
--- a/data/CVE/2022.list
+++ b/data/CVE/2022.list
@@ -319,7 +319,10 @@ CVE-2022-23849
 CVE-2022-0339
 	RESERVED
 CVE-2022-0338 (Improper Privilege Management in Conda loguru prior to 0.5.3. ...)
-	TODO: check
+	- loguru <unfixed> (unimportant)
+	NOTE: https://huntr.dev/bounties/359bea50-2bc6-426a-b2f9-175d401b1ed0/
+	NOTE: Document best practices for security: https://github.com/delgan/loguru/commit/ea39375e62f9b8f18e2ca798a5c0fb8c972b7eaa
+	NOTE: loguru documents security considerations and best practices to follow
 CVE-2022-23848
 	RESERVED
 CVE-2022-23847
author	Salvatore Bonaccorso <carnil@debian.org>	2022-01-26 09:58:05 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2022-01-26 09:58:05 +0100
commit	3de1b74c2aefbd6c3ad97790c3ce244ee37bdb75 (patch)
tree	77668ba614f119ad54c6116772cadc87c6620391
parent	531d24942225d343e54aa73c559503df9c691c63 (diff)