Comment 3 for bug 1686743

That all said, the scope of the libvirt / qemu bug was a local user information leak.

If Nova turns that compute-node local info leak, into a remote user information leak by publicizing the error message somewhere, that could be considered a genuinely new security bug in nova.