Comment 3 for bug 1892848

Apologies for letting this slip through the cracks for a month, I seem to have missed the initial notification for it. I'm hoping the Horizon security reviewers I've subscribed can pin down the version information from your report a bit more... there is no 3.10 tagged for the Horizon project (versioning skipped from 2015.1.4 in the Kilo release to 8.0.0 for the Liberty release). Neither can I find the fbfe127c87f2e860efa7806eb9f6d6847d56ba07 commit you referenced, nor am I sure why you included a link to an advisory we published in 2014.