I am marking this as a public security as we need to let the operators know of such failure scenarios. There's no exploit at the user level so this was never a candidate for private security.
I am marking this as a public security as we need to let the operators know of such failure scenarios. There's no exploit at the user level so this was never a candidate for private security.