So they didn't disclose the bug publically... They simply disclosed that there was a bug.

That isn't IMO disclosure. Nearly anything has a bug if you look hard enough.

I don't remember what your post originally said, but posting about a vulnerability is not the same as disclosing the vulnerability. Especially when you're asking for a contact.

The difference, in case you really want to know is that one actually tells everyone what the issue is, another tells everyone that there is an issue.