The changelog does not mention the CVE, but i think it is actually solved in this version, not 0.7.7. If i turn out to be wrong, then the secfixes section can be amended again.