Subject line handling passes newlines through, allowing injection attacks when passed untrusted data

[erno]

...