At LWN.net: A buffer overflow in mailx allows a local user to gain access to the
Debian resolved this problem by no longer shipping mailx setgid mail.
Progeny has decided to use Debian's fix. This means that on mail
systems that do not have world writable mail spools one will not be
able to properly lock one's mailbox.