Univention Bugzilla – Bug 37369
bsd-mailx: Command injection (3.2)
Last modified: 2014-12-19 14:02:18 CET
An undocumented feature in mailx (the implementation of the mail command) allows the execution of arbitrary commands if the email address is obtained from a remote source (CVE-2014-7844)
squeeze-lts imported. Tests (amd64): OK Advisory: 2014-12-18-bsd-mailx.yaml
Update ok, YAML file ok.
http://errata.univention.de/ucs/3.2/261.html