It is mentioned to be fixed in 7.2 and later.
But only recently, so my expectation would be that with the next minor release being pushed as security update anything >= Ubuntu 18.04 will be fixed.
That will be php 7.2.17 or later then (depending when/which CVEs are in it)
But as you called it "semi-fixed" it will only cover what was done upstream.
It is mentioned to be fixed in 7.2 and later.
But only recently, so my expectation would be that with the next minor release being pushed as security update anything >= Ubuntu 18.04 will be fixed.
That will be php 7.2.17 or later then (depending when/which CVEs are in it)
But as you called it "semi-fixed" it will only cover what was done upstream.