CVE-2019-13917 (https://nvd.nist.gov/vuln/detail/CVE-2019-13917): Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain).
New GLSA request filed.
This issue was resolved and addressed in GLSA 201909-06 at https://security.gentoo.org/glsa/201909-06 by GLSA coordinator Thomas Deutschmann (whissi).