Hi everyone, I'm a product security engineer at Red Hat and we noticed that libsepol CVE-2021-36087 was assigned, and marked as resolved within the OSS-Fuzz project. The patch info provided for the CVE appears to be wrong, and after looking into the provided commits and commit ranges, these seem to be the wrong commits and commit ranges for this CVE. Would anyone be able to confirm if there is a fix for this CVE, and if so, point us towards the correct patch for this. All the best, Garrett
