Comment 6 for bug 1915308

Thanks, I've switched this to a normal public bug and set our security advisory task to Won't Fix indicating there shouldn't be any advisory publication required. The OpenStack VMT is treating this as a class E report (neither a vulnerability nor hardening opportunity) per our taxonomy: https://security.openstack.org/vmt-process.html#incident-report-taxonomy