I filed a security report on 16 September 2013 and received avast first reply on 17 September 2013.
I never received any updates about the vulnerability. I decided to check it today and found out that it is now patched. Just send them another email, i’ll wait and see what will happen next.