Bastian Blank discovered a vulnerability in bsmtpd, a batched SMTP mailer for sendmail and postfix. Unsanitised addresses can cause the execution of arbitrary commands during alleged mail delivery.
For the stable distribution (woody) this problem has been fixed in version 2.3pl8b-12woody1.
For the unstable distribution (sid) this problem has been fixed in version 2.3pl8b-16.
We recommend that you upgrade your bsmtpd package.