From 46e43cc2ede070cf1d0bdefdf1df982378b52d46 Mon Sep 17 00:00:00 2001
From: Neil Williams <codehelp@debian.org>
Date: Tue, 25 Jan 2022 11:52:22 +0000
Subject: Add CVE-2021-23450 as fixed in dojo

---
 data/CVE/list.2021 | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index 9317095238..c0a7a68a3c 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -56540,7 +56540,10 @@ CVE-2021-23452 (This affects all versions of package x-assign. The global proto
 CVE-2021-23451
 	RESERVED
 CVE-2021-23450 (All versions of package dojo are vulnerable to Prototype Pollution via ...)
-	TODO: check
+	- dojo 1.15.4+dfsg1-1
+	[stretch] - dojo <not-affected> (Vulnerable code introduced later)
+	NOTE: https://github.com/dojo/dojo/commit/4c39c14349408fc8274e19b399ffc660512ed07c
+	NOTE: https://github.com/advisories/GHSA-m8gw-hjpr-rjv7
 CVE-2021-23449 (This affects the package vm2 before 3.9.4 via a Prototype Pollution at ...)
 	NOT-FOR-US: vm2 JS
 	NOTE: https://github.com/patriksimek/vm2
-- 
cgit v1.2.3