From d40d2c27171744d371cea2b05e71807145ebc487 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 25 Jan 2022 21:52:23 +0100
Subject: Update information on CVE-2021-23450/dojo

---
 data/CVE/list.2021 | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index 67a1b74c3d..46aba1388d 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -56567,10 +56567,9 @@ CVE-2021-23452 (This affects all versions of package x-assign. The global proto
 CVE-2021-23451
 	RESERVED
 CVE-2021-23450 (All versions of package dojo are vulnerable to Prototype Pollution via ...)
-	- dojo 1.15.4+dfsg1-1
-	[stretch] - dojo <not-affected> (Vulnerable code introduced later)
-	NOTE: https://github.com/dojo/dojo/commit/4c39c14349408fc8274e19b399ffc660512ed07c
+	- dojo <unfixed>
 	NOTE: https://github.com/advisories/GHSA-m8gw-hjpr-rjv7
+	NOTE: Fixed by: https://github.com/dojo/dojo/commit/b7b8b279f3e082e9d4b54144fe831bdc77b2e0c9
 CVE-2021-23449 (This affects the package vm2 before 3.9.4 via a Prototype Pollution at ...)
 	NOT-FOR-US: vm2 JS
 	NOTE: https://github.com/patriksimek/vm2
-- 
cgit v1.2.3