Well if this bug is affecting something that has been release, (iiuc it will be ==14.0.10, ==15.0.8 and ==16.0.3), then we need another CVE.
If this new bug is caused by the previous OSSA-2017-005, then I think we should proceed with an errata and amend the new CVE to the previous OSSA.
Well if this bug is affecting something that has been release, (iiuc it will be ==14.0.10, ==15.0.8 and ==16.0.3), then we need another CVE.
If this new bug is caused by the previous OSSA-2017-005, then I think we should proceed with an errata and amend the new CVE to the previous OSSA.