The inverse is also true, that packets could be passed when they should be blocked. If I am explicitly blocking a packet in group 1, but it would be passed by a broader statement in group 2, and the order of those groups flips, I am now passing that packet. This is the basis for considering this bug to be a vulnerability.
The argument is whether or not publicizing the details will be more of a benefit to the community than a risk.
The inverse is also true, that packets could be passed when they should be blocked. If I am explicitly blocking a packet in group 1, but it would be passed by a broader statement in group 2, and the order of those groups flips, I am now passing that packet. This is the basis for considering this bug to be a vulnerability.
The argument is whether or not publicizing the details will be more of a benefit to the community than a risk.