Comment 14 for bug 1479385

I've subscribed the OSSG core security reviewers too.

I'm dubious about keeping this bug private. At this point bug 1468946 is public and mostly explains the risk (without explicitly calling it a denial of service). The fix is public in master and seems very close to being approved. Making this bug public will also make it a lot easier to explain to the stable branch reviewers why the backports are urgent and can hopefully speed up resolution there.

Unless there are serious objections, I want to switch this bug to public security this Wednesday, August 19.