From bf7d964b45311c1ff9a63d54ec7913b096f4c4a6 Mon Sep 17 00:00:00 2001
From: Neil Williams <codehelp@debian.org>
Date: Tue, 25 Jan 2022 14:29:39 +0000
Subject: Add CVE-2021-23567 colors.js <not-affected>

---
 data/CVE/list.2021 | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index 4478d733e3..2a73934e81 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -56312,7 +56312,9 @@ CVE-2021-23569
 CVE-2021-23568 (The package extend2 before 1.0.1 are vulnerable to Prototype Pollution ...)
 	NOT-FOR-US: extend2 (fork of node-extend which is not affected)
 CVE-2021-23567 (The package colors after 1.4.0 are vulnerable to Denial of Service (Do ...)
-	TODO: check
+	- colors.js <not-affected> (Vulnerable code never in a released Debian version)
+	NOTE: https://github.com/Marak/colors.js/issues/285
+	NOTE: https://github.com/Marak/colors.js/commit/074a0f8ed0c31c35d13d28632bd8a049ff136fb6
 CVE-2021-23566 (The package nanoid before 3.1.31 are vulnerable to Information Exposur ...)
 	NOT-FOR-US: Node nanoid (NaN0-1D)
 CVE-2021-23565
-- 
cgit v1.2.3