Comment 4 for bug 1838473

The OpenStack VMT generally requests a CVE if we're going to be issuing an advisory, which we only do if there are backportable fixes available. So far there is no fix under review, so it's impossible to know at this point.