Comment 6 for bug 1449260

A patch was pushed in public to https://review.openstack.org/179429 mentioning the vulnerability and this bug, so we're going to need to assume this is now disclosed and continue working it as a public security bug.