Fabien Potencier discovered that twig, a template engine for PHP, didnot correctly enforce sandboxing. This could result in potentialinformation disclosure.
More info:
https://www.debian.org/security/2019/dsa-4419
A vulnerability was discovered in the Dovecot email server. When readingFTS or POP3-UIDL headers from the Dovecot index, the input buffer sizeis not bounds-checked. An attacker with the ability to modify dovecotindexes, can take advantage of this flaw for privilege escalation or theexecution of arbitrary code with the permissions of the dovecot user.Only installations using the FTS or pop3 migration plugins are affected.
More info:
https://www.debian.org/security/2019/dsa-4418
A vulnerability was discovered in the Dovecot email server. When readingFTS or POP3-UIDL headers from the Dovecot index, the input buffer sizeis not bounds-checked. An attacker with the ability to modify dovecotindexes, can take advantage of this flaw for privilege escalation or theexecution of arbitrary code with the permissions of the dovecot user.Only installations using the FTS or pop3 migration plugins are affected.
More info:
https://www.debian.org/security/2019/dsa-4418
