I learned that OpenSSL has a practice not to assign CVE for side channel attack to localhost.

When I asked an allocation from Debian pool, my intention was one for libgcrypt. Then, reporter used it for multiple vulnerabilities among different libraries.