Unfortunately upstream remained silend on questions back. And the scope
of CVE-2019-1010083, which was assigned by DWF CNA, remains unclear. It
only reference the 1.0 upstream release. It might be duplicate of
CVE-2018-1000656 or not. It might as well just refer to a incomplete fix
for CVE-2018-1000656 which was released in 1.0.

MITRE decided thus to only add a note of "may overlap" for it as per the
above it is very unclear for which scope CVE-2019-1010083 was assigned.