Comment 8 for bug 1940450

It looks like the Ubuntu package providing the vulnerable code is most likely python3-xstatic-bootstrap-scss but I couldn't figure out how to select it as an affected project, so I marked this as affecting cloud-archive for now. I'm leaving the report private in order to allow the Ubuntu package maintainers to decide whether to switch it to public.