Anyone's welcome to request CVE assignment for a bug, though it looks like the OpenStack VMT considers this impractical to exploit and so doesn't plan to issue an advisory for it.
Before possibly switching to a public bug report, I'm subscribing the security team reviewers for a second opinion.
Anyone's welcome to request CVE assignment for a bug, though it looks like the OpenStack VMT considers this impractical to exploit and so doesn't plan to issue an advisory for it.
Before possibly switching to a public bug report, I'm subscribing the security team reviewers for a second opinion.