As there have been no objections to my proposal to treat this as security hardening, I'm switching our advisory task to won't fix status indicating we won't publish any formal security advisory about it. This decision can of course be reversed if people feel differently about the relative severity and practicality of exploits for it.
As there have been no objections to my proposal to treat this as security hardening, I'm switching our advisory task to won't fix status indicating we won't publish any formal security advisory about it. This decision can of course be reversed if people feel differently about the relative severity and practicality of exploits for it.