Confirm 0.62 and earlier could allow remote attackers to execute arbitrary code via an e-mail header that contains shell metacharacters such as ", `, |, ;, or $.