Be more specific in news

python · encukou · Mar 18, 2025 · Aug 6, 2024 · Oct 21, 2024 · Jan 18, 2025
commit 45159cd073c5ec45edd374842a06aa3cdae25aba
diff --git a/Misc/NEWS.d/next/Security/2024-08-06-12-27-34.gh-issue-121284.8rwPxe.rst b/Misc/NEWS.d/next/Security/2024-08-06-12-27-34.gh-issue-121284.8rwPxe.rst
@@ -1,4 +1,7 @@
-Fix a problem where email.policy.default header refolding could incorrectly
-convert an RFC 2047 encoded-word containing commas or other special
-characters to unencoded, unquoted text, enabling sender or recipient
-spoofing via a carefully crafted display-name.
+Fix bug in the folding of rfc2047 encoded-words when flattening an email message
+using a modern email policy. Previously when an encoded-word was too long
+for a line, it would be decoded, split across lines, and re-encoded. But commas
+and other special characters in the original text could be left unencoded and
+unquoted. This could theoretically be used to spoof header lines using
+a carefully constructed encoded-word if the resulting rendered email was
+transmitted or re-parsed.