cgiemail and cgiecho Multiple Security Vulnerabilities (CVE-2017-5613)

> [] SEC-212 Format string injection
>
> The ability to supply arbitrary format strings to cgiemail and
> cgiecho allowed code execution whenever a user was able to provide a
> cgiemail template file.

Use CVE-2017-5613.

> [] SEC-214 Open redirect
>
> The cgiemail and cgiecho binaries served as an open redirect due to
> their handling of the success and failure parameters.

Use CVE-2017-5614.

> [] SEC-215 HTTP header injection
>
> The handling of redirects in cgiemail and cgiecho did not protect
> against the injection of additional HTTP headers.

Use CVE-2017-5615.

> [] Reflected XSS vulnerability
>
> The “addendum” parameter was reflected without any escaping in
> success and error messages produced by cgiemail and cgiecho.

Use CVE-2017-5616.