Comment # 2 on bug 1143409 from Aleksa Sarai

I've already submitted the v19.03.1 update to Factory (and it's been merged
already) as well as SLE. Since this bug was opened after submission, I'll add
the reference for future package updates (since the CVE is referenced in the
changelog already).