Work is still in progress.
From my point of view it is not a real security flaw anyway. What is described in the CVE is a simple unhandled out of memory exception, which stops ST from working, in some rare and certain cases.
It neigher can be used by externals to compromise your PC and won't be triggered with enough RAM in your box.
It even took me a while to reproduce and I was never faced to this issue in real life.