Comment 22 for bug 1562175

Given that this is mostly an accounting bug, giving the attacker some ability to trigger copies of an object in a container they don't control but no ability to actually alter the content, I'm curious if anyone feels this warrants a backport to supported stable branches (stable/liberty and stable/mitaka for now). If it's deemed severe and someone is willing to work on getting backports merged then I'll gladly draft an impact description and get the ball rolling on CVE assignment and subsequent advisory. If not, then this is more likely just a class B1 (or perhaps C1) in our taxonomy (in which case the OSSN editors may be interested in drafting a note about the associated risks). https://security.openstack.org/vmt-process.html#incident-report-taxonomy

I've added a new OSSN bugtask so we can get some input from the OSSN editors on which path makes more sense in this case.