Comment 13 for bug 1378450

Neutron core security reviewers need to review the patches attached to this bug and/or propose some new attachments. At the same time the vulnerability management team drafts an impact description, requests a CVE with that and schedules a disclosure date with sufficient time to warn downstream consumers and provide advance copies of the accepted patches. On the disclosure date the patches get pushed into Gerrit, rapidly approved and at the same time an advisory is published detailing the vulnerability. https://wiki.openstack.org/wiki/Vulnerability_Management