Debian Security Advisory DSA 791-1 - Max Vozeler discovered that the lockmail program from maildrop, a simple mail delivery agent with filtering abilities, does not drop group privileges before executing commands given on the commandline, allowing an attacker to execute arbitrary commands under with group mail privileges.
584cfb606501f55a12f62374974c15e0a1de581a87b4f136e5a4aa5a0d9d4e73