The alternative is that, assuming it's confirmed to be an exploitable condition in the kilo release (it sounds like it is?), it gets fixed in master and backported after release... at which point we'll need to issue an advisory because it was a vulnerability in a supported release at that point. The VMT can accommodate this if it's what's needed.
The alternative is that, assuming it's confirmed to be an exploitable condition in the kilo release (it sounds like it is?), it gets fixed in master and backported after release... at which point we'll need to issue an advisory because it was a vulnerability in a supported release at that point. The VMT can accommodate this if it's what's needed.