Drupal security advisory - Linefeeds and carriage returns were not being stripped from email headers, raising the possibility of bogus headers being inserted into outgoing email. This could lead to Drupal sites being used to send unwanted email.
1593c14061e40cbca8c0485ff8815eba5d4b704873ddee25db55fc17670c175f