Based on discussion between VMT members and others in the OpenStack Security SIG during the 2023.1 PTG, it's presumed that all maintained branches of affected projects are no longer subject to this problem. Since it was fixed in master and then the affected branches eventually aged out of maintenance, we're treating it as effectively class B1 per our report taxonomy: https://security.openstack.org/vmt-process.html#report-taxonomy
Based on discussion between VMT members and others in the OpenStack Security SIG during the 2023.1 PTG, it's presumed that all maintained branches of affected projects are no longer subject to this problem. Since it was fixed in master and then the affected branches eventually aged out of maintenance, we're treating it as effectively class B1 per our report taxonomy: https:/ /security. openstack. org/vmt- process. html#report- taxonomy