From a quick look at the CveLinkView class (what is behind the +linkcve form), the "NNNN-NNNN is not a known CVE sequence number" error message could never be displayed to the user (since they get redirected back to the bug page).
The check to see whether the CVE exists should be moved to a validate() method.
From a quick look at the CveLinkView class (what is behind the +linkcve form), the "NNNN-NNNN is not a known CVE sequence number" error message could never be displayed to the user (since they get redirected back to the bug page).
The check to see whether the CVE exists should be moved to a validate() method.