send_status_line() uses the HTTP request 'Version' header which doesn't seem exist in any official standard.
As there is no validation on the value of the Version header this allows anyone to inject what ever they want into the HTTP response line.
It's a very obscure vector and probably not much use to anyone, PHP prevents header splitting as of 4.4.2 and 5.1.2. You'd have to find a server which doesn't set SERVER_PROTOCOL for starters which I bet would be pretty difficult!
Per previous discussions PHPBB3-10029 I believe it is best if we just remove the Version header check all together.