http://www.openwall.com/lists/oss-security/2015/09/21/7 There is a new release available but it predates the discovery of this issue. I'm not seeing a fix that can be applied just yet but in the meantime let's get a PR in and start documenting progress on the issue.
Assign to maintainer