Yes, please do not close security-related bugs for yourself, but assign them back to us (security-team@), so we can have another look at it. We will close the bug once all necessary updates have been released. It seems that this issue has been solved with pull request #9376 (https://github.com/opencv/opencv/pull/9376), the same as for CVE-2017-12604 (issue #9309). Unfortunately a lot of code has been re-factored with this request, so it is not apparent (by a quick look) what the actual fix is. More unfortunate is, that there are not a lot of details about the CVEs either, but given that the one is a "double free" and the other one is a "out of bounds write", they are no duplicates.