Comment 12 for bug 1928780

Yes, I think this should better get into the -security pocket, since this bug may allow someone to perform Invalid Curve Attacks.

I think I'll also update the information type to public security.