On 2025-10-27 09:34:03 -0700 (-0700), Alan Coopersmith wrote: [...]
The vendor was contacted early about this disclosure but did not respond in any way.
[...]
With the flood of dubious reports being submitted by anyone who can thumb some words into an LLM prompt and not bother to check the results for hallucinated nonsense, I've taken to ignoring or summarily closing such submissions to projects I work on as not worth my time to respond. This is probably yet another sign that the CVE system needs an overhaul or it's going to get ignored when it becomes as overwhelmed with "AI noise" as everything else (not saying these reports were necessarily machine-generated, but it's reaching the point where open source projects with limited resources have no choice but to silently bin such nonsense to /dev/null).
-- Jeremy Stanley
signature.asc
Description: PGP signature
