From http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9456: Public POC is available. I haven't seen any indication in the release notes that this has been fixed, nor here.