- revert to 1.3.5e for the security update as 1.3.6b doesn't build - add debian patches which fix CVE-2019-12815 and CVE-2019-18217 (mga#25287)