An official security bulletin has been issued and assigned CVE Candidate status, describing the vulnerability, supplying a work around, patch or link to updated sources.