Comment 25 for bug 1401170

Looks like the impact is limited and could be mistaken for normal activity, so I propose class C1 (i.e. not issue an OSSA, even if some parties may decide to issue a CVE about it)