From 3de1b74c2aefbd6c3ad97790c3ce244ee37bdb75 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 26 Jan 2022 09:58:05 +0100
Subject: Add CVE-2022-0338/loguru

I'm marking this as unimportant as the action taken by upstream seems to
be to clarify the documentation with respect to security considerations
to be taken and documenting best practices.
---
 data/CVE/2022.list | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/data/CVE/2022.list b/data/CVE/2022.list
index ceb76a8a34..864c8bcac7 100644
--- a/data/CVE/2022.list
+++ b/data/CVE/2022.list
@@ -319,7 +319,10 @@ CVE-2022-23849
 CVE-2022-0339
 	RESERVED
 CVE-2022-0338 (Improper Privilege Management in Conda loguru prior to 0.5.3. ...)
-	TODO: check
+	- loguru <unfixed> (unimportant)
+	NOTE: https://huntr.dev/bounties/359bea50-2bc6-426a-b2f9-175d401b1ed0/
+	NOTE: Document best practices for security: https://github.com/delgan/loguru/commit/ea39375e62f9b8f18e2ca798a5c0fb8c972b7eaa
+	NOTE: loguru documents security considerations and best practices to follow
 CVE-2022-23848
 	RESERVED
 CVE-2022-23847
-- 
cgit v1.2.3