Fabien Potencier discovered that twig, a template engine for PHP, didnot correctly enforce sandboxing. This could result in potentialinformation disclosure.
More info:
https://www.debian.org/security/2019/dsa-4419
A vulnerability was discovered in the Dovecot email server. When readingFTS or POP3-UIDL headers from the Dovecot index, the input buffer sizeis not bounds-checked. An attacker with the ability to modify dovecotindexes, can take advantage of this flaw for privilege escalation or theexecution of arbitrary code with the permissions of the dovecot user.Only installations using the FTS or pop3 migration plugins are affected.
More info:
https://www.debian.org/security/2019/dsa-4418
Multiple security issues have been found in the Thunderbird mail client,which could lead to the execution of arbitrary code or denial of service.
More info:
https://www.debian.org/security/2019/dsa-4420
