https://bugs.librdf.org/mantis/view.php?id=650 or https://www.golem.de/news/linux-distributionen-warum-ein-sicherheitsfix-drei-jahre-nicht-ankam-2011-152105.html
Moin moin That should already be adressed; See r554670 and r554671 mfg Tobias
If I read the golem article, the CVE covers another bug, which is indeed fixed by the two revisions. Hanno links a new bug which has no CVE and no fix as of now.
(In reply to Kurt Jaeger from comment #2) The link is at the very end of the article, bug 650