Verified 1.1ubuntu1.18.04.7~16.04.2 on Ubuntu Xenial.

I changed a different, but equivalent way of verifying the fix,
in /var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_xenial-updates_main_binary-amd64_Packages I bumped the version of bash-doc to 4.3-14ubuntu1.3, bumped git's version in updates to 1:2.7.4-0ubuntu1.7 and made git depend on bash-doc (>= 4.3-14ubuntu1) in both -updates and -security.

Bash-doc was not installed originally on the system.

With unfixed u-u it fails to upgrade git:
root@x-uu-ref:~# unattended-upgrade --dry-run --verbose --debug
Initial blacklisted packages: 
Initial whitelisted packages: 
Starting unattended upgrades script
Allowed origins are: ['o=Ubuntu,a=xenial', 'o=Ubuntu,a=xenial-security', 'o=UbuntuESM,a=xenial']
Checking: git ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'archive.ubuntu.com' isTrusted:True>])
pkgs that look like they should be upgraded: 
Fetched 0 B in 0s (0 B/s)                                                                                         
fetch.run() result: 0
blacklist: []
whitelist: []
No packages found that can be upgraded unattended and no pending auto-removals
root@x-uu-ref:~# vi /var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_xenial-updates_main_binary-amd64_Packages
root@x-uu-ref:~# vi /var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_xenial-updates_main_binary-amd64_Packages
root@x-uu-ref:~# unattended-upgrade --dry-run --verbose --debug
Initial blacklisted packages: 
Initial whitelisted packages: 
Starting unattended upgrades script
Allowed origins are: ['o=Ubuntu,a=xenial', 'o=Ubuntu,a=xenial-security', 'o=UbuntuESM,a=xenial']
adjusting candidate version: 'git=1:2.7.4-0ubuntu1.6'
Checking: git ([<Origin component:'main' archive:'xenial-security' origin:'Ubuntu' label:'Ubuntu' site:'security.ubuntu.com' isTrusted:True>])
pkg 'bash-doc' not in allowed origin
sanity check failed
adjusting candidate version: 'git=1:2.7.4-0ubuntu1.6'
pkgs that look like they should be upgraded: 
Fetched 0 B in 0s (0 B/s)                                                                                          
fetch.run() result: 0
blacklist: []
whitelist: []
Option --dry-run given, *not* performing real actions
Packages that will be upgraded: 
adjusting candidate version: 'git=1:2.7.4-0ubuntu1.6'
Packages that are auto removed: 'libfreetype6'
Packages were successfully auto-removed
InstCount=0 DelCount=0 BrokenCount=0

With fixed u-u, git is upgraded:
root@x-uu-verify:~# unattended-upgrade --dry-run --verbose --debug
Initial blacklisted packages: 
Initial whitelisted packages: 
Starting unattended upgrades script
Allowed origins are: o=Ubuntu,a=xenial, o=Ubuntu,a=xenial-security, o=UbuntuESM,a=xenial
Using (^linux-image-[0-9]+\.[0-9\.]+-.*|^linux-headers-[0-9]+\.[0-9\.]+-.*|^linux-image-extra-[0-9]+\.[0-9\.]+-.*|^linux-modules-[0-9]+\.[0-9\.]+-.*|^linux-modules-extra-[0-9]+\.[0-9\.]+-.*|^linux-signed-image-[0-9]+\.[0-9\.]+-.*|^kfreebsd-image-[0-9]+\.[0-9\.]+-.*|^kfreebsd-headers-[0-9]+\.[0-9\.]+-.*|^gnumach-image-[0-9]+\.[0-9\.]+-.*|^.*-modules-[0-9]+\.[0-9\.]+-.*|^.*-kernel-[0-9]+\.[0-9\.]+-.*|^linux-backports-modules-.*-[0-9]+\.[0-9\.]+-.*|^linux-modules-.*-[0-9]+\.[0-9\.]+-.*|^linux-tools-[0-9]+\.[0-9\.]+-.*|^linux-cloud-tools-[0-9]+\.[0-9\.]+-.*) regexp to find kernel packages
Using (^linux-image-4\.18\.0\-17\-generic$|^linux-headers-4\.18\.0\-17\-generic$|^linux-image-extra-4\.18\.0\-17\-generic$|^linux-modules-4\.18\.0\-17\-generic$|^linux-modules-extra-4\.18\.0\-17\-generic$|^linux-signed-image-4\.18\.0\-17\-generic$|^kfreebsd-image-4\.18\.0\-17\-generic$|^kfreebsd-headers-4\.18\.0\-17\-generic$|^gnumach-image-4\.18\.0\-17\-generic$|^.*-modules-4\.18\.0\-17\-generic$|^.*-kernel-4\.18\.0\-17\-generic$|^linux-backports-modules-.*-4\.18\.0\-17\-generic$|^linux-modules-.*-4\.18\.0\-17\-generic$|^linux-tools-4\.18\.0\-17\-generic$|^linux-cloud-tools-4\.18\.0\-17\-generic$) regexp to find running kernel packages
Checking: git ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'archive.ubuntu.com' isTrusted:True>])
adjusting candidate version: git=1:2.7.4-0ubuntu1.6
adjusting candidate version: bash-doc=4.3-14ubuntu1.2
pkgs that look like they should be upgraded: git
Get:1 http://security.ubuntu.com/ubuntu xenial-security/main amd64 bash-doc all 4.3-14ubuntu1.2 [1151 kB]         
Fetched 1151 kB in 0s (0 B/s)                                                                                     
fetch.run() result: 0
<apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 0 IsTrusted: 1 FileSize: 1150602 DestFile:'/var/cache/apt/archives/bash-doc_4.3-14ubuntu1.2_all.deb' DescURI: 'http://security.ubuntu.com/ubuntu/pool/main/b/bash/bash-doc_4.3-14ubuntu1.2_all.deb' ID:1 ErrorText: ''>
check_conffile_prompt(/var/cache/apt/archives/bash-doc_4.3-14ubuntu1.2_all.deb)
No conffiles in deb /var/cache/apt/archives/bash-doc_4.3-14ubuntu1.2_all.deb (There is no member named 'conffiles')
<apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 1 IsTrusted: 1 FileSize: 3175852 DestFile:'/var/cache/apt/archives/git_1%3a2.7.4-0ubuntu1.6_amd64.deb' DescURI: 'http://security.ubuntu.com/ubuntu/pool/main/g/git/git_2.7.4-0ubuntu1.6_amd64.deb' ID:0 ErrorText: ''>
check_conffile_prompt(/var/cache/apt/archives/git_1%3a2.7.4-0ubuntu1.6_amd64.deb)
found pkg: git
conffile line: /etc/bash_completion.d/git-prompt -
blacklist: []
whitelist: []
Option --dry-run given, *not* performing real actions
Packages that will be upgraded: git
Writing dpkg log to /var/log/unattended-upgrades/unattended-upgrades-dpkg.log
adjusting candidate version: bash-doc=4.3-14ubuntu1.2
adjusting candidate version: git=1:2.7.4-0ubuntu1.6
applying set ['git', 'bash-doc']
/usr/bin/dpkg --status-fd 9 --unpack --auto-deconfigure /var/cache/apt/archives/bash-doc_4.3-14ubuntu1.2_all.deb /var/cache/apt/archives/git_1%3a2.7.4-0ubuntu1.6_amd64.deb 
/usr/bin/dpkg --status-fd 11 --configure bash-doc:all git:amd64 
/usr/bin/dpkg --status-fd 13 --configure --pending 
left to upgrade set()
All upgrades installed
InstCount=0 DelCount=0 BrokenCount=0