Pan 0.13.3 and earlier allows remote attackers to cause a denial of service (crash) via a news post with a long author email address.