Comment 11 for bug 1618615

Anyone's welcome to request CVE assignment for a bug, though it looks like the OpenStack VMT considers this impractical to exploit and so doesn't plan to issue an advisory for it.

Before possibly switching to a public bug report, I'm subscribing the security team reviewers for a second opinion.