Dear Maintainer, We've attempted to re-produce this problem on Debian 10.1 with apache2=2.4.38-3+deb10u1.
It does not seem to be an issue, even though both current versions of Apache2 (for Stretch and for Buster) have had the CVE-2019-10092 patch applied. It remains an issue for 2.4.25-3+deb9u8. Thanks DC --
