Comment 16 for bug 1192966

@Thierry Sorry this looks like it slipped through the cracks. It looks like it was decided not to assign this a CVE within setuptools for this. As such I think that this probably doesn't warrant a ossa either. I think it is probably safe to fix this one in the open if any code changes need to be made.