[$] Smuggling email inside of email

Normally, when a new vulnerability is discovered and releases arecoordinated with those affected, the announcement is done ata convenient time-not generally right before the end-of-year holidays, forexample. The SMTPSmuggling vulnerability has taken a different path, however, with itsannouncement landing on December18. That may well have beenunpleasant for some administrators that had not yet updated, but it wasparticularly problematic for some projects that had not been made aware of the vulnerability atall-though it was known to affect several open-source mailers.