I have filed #954023 and prepared upload for Debian Stretch to prevent higher versions in older releases. Still no feedback from debian-release-team.
But in this particular case it should not be a problem, if Stretch will have an older version for the moment. During the upgrade Jessie->Stretch the Jessie-version(3.20181128.1~deb8u1) will not be upgraded to the older vulnerable Stretch-version (3.20160316.3). The Jessie fixed version can live in the meantime in the Stretch. Best regards Anton
