Interesting, the commit message quoted here is the commit immediately *before* the one that fixes CVE-2010-4258 (a0b0f58cdd32ab363a600a294ddaa90f0c32de8c vs. 33dd94ae1ccbfb7bf0fb6c692bc3d1c4269e6177). So I'm guessing someone's import scripts have an off-by-one or someone copy-pasted the wrong sha1 somewhere. Sorry for the confusion here, I thought I was fixing a CVE that had mistakenly gotten attached, but it looks like it's the description that somehow got pulled in from the wrong place, instead.
Interesting, the commit message quoted here is the commit immediately *before* the one that fixes CVE-2010-4258 (a0b0f58cdd32ab 363a600a294ddaa 90f0c32de8c vs. 33dd94ae1ccbfb7 bf0fb6c692bc3d1 c4269e6177) . So I'm guessing someone's import scripts have an off-by-one or someone copy-pasted the wrong sha1 somewhere. Sorry for the confusion here, I thought I was fixing a CVE that had mistakenly gotten attached, but it looks like it's the description that somehow got pulled in from the wrong place, instead.