Univention Bugzilla – Bug 37370
bsd-mailx: Command injection (4.0)
Last modified: 2015-01-13 11:25:16 CET
An undocumented feature in mailx (the implementation of the mail command) allows the execution of arbitrary commands if the email address is obtained from a remote source (CVE-2014-7844)
A fixed package has been built. YAML file: 2015-01-12-bsd-mailx.yaml
Tests: OK Advisory: OK
http://errata.univention.de/ucs/4.0/25.html