It seems this problem is adressed more globally as per bug #897599: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897599
Which led to fix for CVE-2018-1108 being reverted (temporarily ?), as per DSA 2018-4096: https://www.debian.org/security/2018/dsa-4196 -- Cédric Dufour @ Idiap Research Institute
