OK... Red Hat noticed the new candidate and passed that onto vendor-sec, and I sent vendor-sec the details of my analysis. First comment has been that it looks like everything had been covered by other CVEs or were defensive tactics. Hold onto your hats... - Steve