Divya: Yes, a CVE was requested in private from our CNA yesterday shortly following Joshua's review of the proposed patch, and I updated the bug title earlier today once I received it. Next step is to propose a coordinated disclosure date and then send a pre-OSSA to our downstream stakeholders providing them with advance copies of the impact description and patch.
Divya: Yes, a CVE was requested in private from our CNA yesterday shortly following Joshua's review of the proposed patch, and I updated the bug title earlier today once I received it. Next step is to propose a coordinated disclosure date and then send a pre-OSSA to our downstream stakeholders providing them with advance copies of the impact description and patch.