I've marked the OpenStack Security Advisory task for this bug incomplete because the vulnerability management team is waiting for Nova core security reviewers to triage/confirm/reproduce the issue and determine a probable fix. Once we get closer to having a good grasp of the details there, the OSSA task will begin to separately progress through impact description drafting and review, CVE request and assignment, downstream notification and finally public disclosure (hopefully) synchronized with publication of the finalized patches. Hopefully that answers your questions.
I've marked the OpenStack Security Advisory task for this bug incomplete because the vulnerability management team is waiting for Nova core security reviewers to triage/ confirm/ reproduce the issue and determine a probable fix. Once we get closer to having a good grasp of the details there, the OSSA task will begin to separately progress through impact description drafting and review, CVE request and assignment, downstream notification and finally public disclosure (hopefully) synchronized with publication of the finalized patches. Hopefully that answers your questions.