I don't know how a vulnerability report could be much better than that. It is a real vulnerability. The report includes a detailed analysis of where the vulnerability is. The bug has been validated, and the report includes exact reproduction instructions.
Because not disclosing an actual bug that could affect users would somehow be good?
Sorry, I just needed to vent. I see now that Google's AI bug report isn't as bad as I'd assumed.
They should have included a patch though and they should have contacted ffmpeg team first before spamming them with dozens of issues all at once.
So, this is the report they complained about: https://issuetracker.google.com/issues/440183164
I don't know how a vulnerability report could be much better than that. It is a real vulnerability. The report includes a detailed analysis of where the vulnerability is. The bug has been validated, and the report includes exact reproduction instructions.
How is that a bullshit bug report?
Fair enough, I hadn't seen the bug report and assumed it was the usual AI slop.
The one nice thing is Google had submit a real bug at least.
The human idiot "researchers" will send paragraph long automatically generated extortion threats over not sending HSTS header