Work is still in progress.

From my point of view it is not a real security flaw anyway. What is described in the CVE is a simple unhandled out of memory exception, which stops ST from working, in some rare and certain cases.

It neigher can be used by externals to compromise your PC and won’t be triggered with enough RAM in your box.

It even took me a while to reproduce and I was never faced to this issue in real life.

This will be fixed in the next release.

Just to follow up on this, the issue was reproduced and fixed in build 3143, aka Sublime Text 3.0.