On Dec/31, Willi Mann wrote: > I would like to get your input on bug #849531 [1]. > [...] > So my question is: Is it a security issue if a script sends e-mails > with encoding=utf-8, but potentially containing invalid utf-8 strings? > If yes, what would be the (minimum) requirements to address this > problem?
Reading all the bug comments, I feel you have the issue pretty much in check. Invalid utf-8 input can indeed cause problems (the xterm example was mentioned), but we'll leave it to upstream to figure out exactly *how* this should be resolved. Cheers, --Seb