[Git][security-tracker-team/security-tracker][master] Add CVE-2022-0338/loguru
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jan 26 08:59:57 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bade5a4a by Salvatore Bonaccorso at 2022-01-26T09:58:05+01:00
Add CVE-2022-0338/loguru
I'm marking this as unimportant as the action taken by upstream seems to
be to clarify the documentation with respect to security considerations
to be taken and documenting best practices.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -655,7 +655,10 @@ CVE-2022-23849
CVE-2022-0339
RESERVED
CVE-2022-0338 (Improper Privilege Management in Conda loguru prior to 0.5.3. ...)
- TODO: check
+ - loguru <unfixed> (unimportant)
+ NOTE: https://huntr.dev/bounties/359bea50-2bc6-426a-b2f9-175d401b1ed0/
+ NOTE: Document best practices for security: https://github.com/delgan/loguru/commit/ea39375e62f9b8f18e2ca798a5c0fb8c972b7eaa
+ NOTE: loguru documents security considerations and best practices to follow
CVE-2022-23848
RESERVED
CVE-2022-23847
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bade5a4a2609205ebab035b7848eb5391eb57947
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bade5a4a2609205ebab035b7848eb5391eb57947
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220126/afe89535/attachment.htm>
More information about the debian-security-tracker-commits
mailing list