Comment 2 for bug 2037511

Not sure if we want to fix this CVE, this is really a breaking change w.r.t. new behaviour, and changing behaviour in stable is painful.
If somebody from security team has a different opinion let me know, and I can try to upload an SRU of the new release