I've added a "won't fix" security advisory task for tracking purposes just now, to indicate that the OpenStack Vulnerability Management Team doesn't expect to distribute a public advisory for this report since it does not oversee reports of suspected vulnerabilities for Mistral. However, we're happy to assist the Mistral team with any logistics and coordination if they wish.
I've added a "won't fix" security advisory task for tracking purposes just now, to indicate that the OpenStack Vulnerability Management Team doesn't expect to distribute a public advisory for this report since it does not oversee reports of suspected vulnerabilities for Mistral. However, we're happy to assist the Mistral team with any logistics and coordination if they wish.