There's a potential buffer overflow in utils.c:checkmailpath() function
where unchecked strings from the MAILCHECK variable are copied to a
buffer. This bug corresponds to CVE-2018-1100 and credit to Richard
Maciel Costa for finding it.
This issue was resolved and addressed in
GLSA 201805-10 at https://security.gentoo.org/glsa/201805-10
by GLSA coordinator Christopher Diaz Riveros (chrisadr).