That should already be adressed; See r554670 and r554671
If I read the golem article, the CVE covers another bug, which is indeed fixed by the two revisions. Hanno links a new bug which has no CVE and no fix as of now.
(In reply to Kurt Jaeger from comment #2)
The link is at the very end of the article, bug 650