From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250])
 by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u8NCXPiE013343
 for <selinux@tycho.nsa.gov>; Fri, 23 Sep 2016 08:33:25 -0400
From: "Secunia Research" <vuln@secunia.com>
To: <selinux@tycho.nsa.gov>
Cc: <vuln@secunia.com>
References: <7803DB77C012DF4F825DB4445A696E5721643060@SCHEXMB1.acresso.com>
In-Reply-To: <7803DB77C012DF4F825DB4445A696E5721643060@SCHEXMB1.acresso.com>
Subject: [Secunia Research] policycoreutils Vulnerability - Request for Details
Date: Fri, 23 Sep 2016 14:33:08 +0200
Message-ID: <005b01d21596$a3a0d570$eae28050$@secunia.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
List-Id: "Security-Enhanced Linux \(SELinux\) mailing list"
 <selinux.tycho.nsa.gov>
List-Post: <mailto:selinux@tycho.nsa.gov>
List-Help: <mailto:selinux-request@tycho.nsa.gov?subject=help>

Hello,

We are currently processing a vulnerability report published by a third-party [1] for policycoreutils and are currently evaluating
it to publish a Secunia Advisory for this. Please see the original report for details.

We would appreciate to receive your comments on this issue to properly evaluate the report.

* Can you confirm the vulnerability?
* Which products and versions are affected by the vulnerability?
* When do you expect to release fixed versions?
* Are there any mitigating factors or recommended workarounds?

Reference:
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838599

Many thanks and best regards,
Laurent Delosieres 
Security Specialist 

Secunia Research at Flexera Software

Rued Langgaardsvej 8
2300 Copenhagen S
Denmark
Phone +45 7020 5144
Fax +45 7020 5145

http://www.flexerasoftware.com