Comment 11 for bug 1795800

The OpenStack Vulnerability Management Team only requests CVE assignments to track vulnerabilities corresponding to fixes they're announcing via OpenStack Security Advisory publications, but anyone can request a CVE assignment from MITRE for any issue they'd like to track (or assign one themselves directly if they're a CNA). Please don't let the ongoing conversation stop you from obtaining a CVE for this particular bug if you want one, but please note within the bug report if you do so in order that we might avoid future duplication.

Technically this concern is already disclosed to the public by nature of being a public bug report (I just now noticed I failed to clean up the embargo preamble in the description when making it public in October, but have gone ahead and taken care of it just now). Further, as it's tagged "security" all comments are also being copied to the public openstack-security mailing list (I have no idea what "OpenStack Maintainers" is in your last comment): http://lists.openstack.org/pipermail/openstack-security/2018-December/