"An attacker could craft an email address used to send out an email and inject code that would be executed by the system shell.
All users who are using sendmail to deliver their system email and running a 2.2.14 or earlier release of Mail should upgrade immediately."