This is a really crisp explain of the mechanics of both exploits from John Wagnon of F5:
Thanks for those links, and for classifying them by depth.
I see several others have posted additional links.
As you might expect Patrick Gray has a good and relevant interview, in the 10-Jan episode, with Matt Tait.
https://risky.biz/RB482/ ( starts about 2/3 in )
Good depth, and succinct.
Awesome stuff mates. Thanks