Comment 24 for bug 1875299

My understanding of Alex's suggestion in comment 2 is that upstream don't consider this to be a security vulnerability and in Ubuntu the security team doesn't see a reason to diverge from that opinion. So we'll treat this as a non-security fix for now and follow the process for a regular bugfix.

Note that this means that users who opt for security updates only will not receive this fix.

If this position changes (for example if you convince upstream that it is a security issue and a CVE is warranted) then the Ubuntu security team can always rebuild and push the fix to the security pocket later, to also give the fix to users opting for security updates only.