I don't see that any info on the CVE or the patch has been published, so unless they're a distro maintainer leaking info, they're talking out their ass.
I skimmed through that yesterday and didn’t see any mentioning of a buffer overflow. I’ll have to check that again later when I can sit down to look at my laptop.