Short story: You can usually fix these vulnerabilities by upgrading and updating your packages. Do this by running this in a shell:
sudo apt-get update; sudo apt-get upgrade
I would think this would be a “medium” priority for Mail-in-a-Box users, since I would think the vulnerability could only be exploited only by users logged in to Nextcloud, or any possible Nextcloud plugin installed. However, I am not an expert in this stuff.
Mail-in-a-Box uses PHP7 (I believe), since Nextcloud runs on PHP. These security vulnerabilities are in regards to php7.0 and php7.2 . According to Ubuntu “It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.”
CVE-2019-11034
Ubuntu: https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11034.html
Debian: CVE-2019-11034
Priority: Medium
(medium: “Open vulnerability that is a real problem and is exploitable for many users of the affected software. Examples include network daemon denial of service, cross-site scripting and gaining user privileges.”)
CVE-2019-11035
Ubuntu: https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11035.html
Debian: CVE-2019-11035
Priority: Medium
(medium: “Open vulnerability that is a real problem and is exploitable for many users of the affected software. Examples include network daemon denial of service, cross-site scripting and gaining user privileges.”)