**Please refer to tracker for full CVE details** It doesn't look like upstream has released a fixed version yet