Another information: the CVE is only relevant if you use the Security Manager. So there's a good chance you wouldn't have been affected anyway.

That being said, it would really be good to go to the bottom of it so I would really appreciate if you could help us discover where this bogus information comes from.