Defender still

Hi,
Defender still writes:
WordPress Vulnerability Version: 4.9.5
WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)

I have version 4.9.5

So is this vulnerability in version 4.9.5 too? And why it is not fixed so long time?

Thanks,
Jiri