I have empirical reasons to believe that the fix for CVE-2019-3689 (cf. #940848) will take care of this bug as well.