I'm sure it did, but this is the classic debate about disclosure: disclosing before the fix means that there will be more attackers. Not disclosing means anyone already exploiting the vulnerability is unwarned and defenseless. And sometimes, disclosing before a fix means the fix suddenly has resources and priority it didn't before.

I usually hear about 90 day disclosure, not 160(ish). I'm not saying there should have been disclosure before the fix in this case...but I'd rather see more discussion on that than yet another vendorware complaint. (which are valid, but hardly news)