Comment 2 for bug 1424089

The patch says security hardening (which I think it probably is), making it class D (or maybe C1) in our incident report taxonomy. https://wiki.openstack.org/wiki/Vulnerability_Management#Incident_report_taxonomy

If you agree, we should switch the bug type from public security to public (and maybe add the "security" bug tag instead).