Comment 8 for bug 1938670

Please review the proposed advisory text and affected version ranges in https://review.opendev.org/804116 and, if that looks correct, I'll apply to MITRE for a CVE using that description.

Jake: I've credited the discovery to "Jake Yip" and "Nectar" but please let me know if you'd like to go by a different name and/or list a different organizational affiliation (the university, maybe something else?). Thanks!