It seems obvious why you wouldn't get critical details for an unfixed vulnerabillity like this. If there was a security patch available, you would get that, instead of "Upgrade now". -- http://scribu.net