“DrWhax” of the Tails project reported that Claws Mail is missing
range checks in some text conversion functions. A remote attacker
could exploit this to run arbitrary code under the account of a user
that receives a message from them using Claws Mail.
For the oldoldstable distribution (squeeze), these problems have been
fixed in version 3.7.6-4+squeeze2.
For the oldstable distribution (wheezy) and the stable distribution
(jessie), this will be fixed soon. These versions were built with
hardening features that make this issue harder to exploit.