It was discovered that bsd-mailx, an implementation of the "mail" command, had an undocumented feature which treats syntactically valid email addresses as shell commands to execute. Users who need this feature can re-enable it using the "expandaddr" in an appropriate mailrc file. This update also removes the obsolete -T option. An older security vulnerability, CVE-2004-2771, ha ...