The title was "made up", I'll give you that, but it's a pretty good paraphrase of the commit title to add context.
The old link also tells you it's a fix for a vulnerability, and also explains how it affects all platforms, and also talks about the use cases etc etc.
The only thing it doesn't have is a CVE number, which I don't think is all that important.
The official announcement tells your that there's a vuln, it's considered important enough to break things and that it's out right now. The other thing tells you someone committed something a few weeks ago. The missing context also helps drive a lot of under-informed grumpy threads, rather than bettter-informed grumpy comments/threads. There'd have probably been fewer grumpy threads with the better link.
They both say right at the top that it's a vulnerability, and the old title put the breakage front and center. So I don't know what you mean by missing context.
The context of one is 'someone committed a thing a few weeks ago and it does a thing, according to someone posting to HN'. The context of the other is 'one of the biggest git users on the planet tells you there's git vuln, fix out right now'.
I don't know, it really doesn't sound like a real CVE - maybe add some setting I guess for those worried? Others bring up good points, if your attacker can write to C:\ you probably have other issues.
On top of that, it breaks completely valid functionality - someones 'bug' is someone elses feature.
The old link also tells you it's a fix for a vulnerability, and also explains how it affects all platforms, and also talks about the use cases etc etc.
The only thing it doesn't have is a CVE number, which I don't think is all that important.