Tristan's updated impact description in comment #10 looks good to me, though we should probably wait to request a CVE assignment from our CNA until keystone-coresec reviewers have triaged and confirmed the report.
Tristan's updated impact description in comment #10 looks good to me, though we should probably wait to request a CVE assignment from our CNA until keystone-coresec reviewers have triaged and confirmed the report.