Be more specific in news

Author: medmunds

Misc/NEWS.d/next/Security/2024-08-06-12-27-34.gh-issue-121284.8rwPxe.rst

@@ -1,4 +1,7 @@
-Fix a problem where email.policy.default header refolding could incorrectly
-convert an RFC 2047 encoded-word containing commas or other special
-characters to unencoded, unquoted text, enabling sender or recipient
-spoofing via a carefully crafted display-name.
+Fix bug in the folding of rfc2047 encoded-words when flattening an email message
+using a modern email policy. Previously when an encoded-word was too long
+for a line, it would be decoded, split across lines, and re-encoded. But commas
+and other special characters in the original text could be left unencoded and
+unquoted. This could theoretically be used to spoof header lines using
+a carefully constructed encoded-word if the resulting rendered email was
+transmitted or re-parsed.