http://bugzilla.spamassassin.org/show_bug.cgi?id=3180
Summary: rewrite_no_report_safe() can lose non-SA headers
Product: Spamassassin
Version: SVN Trunk (Latest Devel Version)
Platform: All
OS/Version: All
Status: NEW
Severity: major
Priority: P3
Component: Libraries
AssignedTo: [EMAIL PROTECTED]
ReportedBy: [EMAIL PROTECTED]
A problem with the handling of whitespace in rewrite_no_report_safe()
(PerMsgStatus.pm) causes headers which do NOT begin "X-Spam-" to be lost if they
immediately follow a blank X-Spam-* header. This can happen, for example, when
an upstream version of SA gives a negative score, and the last header to be
added is X-Spam-Level. I suppose it could also potentially be exploited to hide
tracking information, given knowledge of the header ordering.
By contrast, the whitespace handling in remove_spamassassin_markup() (ie.
"spamassassin -d") seems to be correct.
For example:
---------- message before passing through SA -----------
Message-ID: <[EMAIL PROTECTED]>
X-Spam-Checker-Version: SpamAssassin
X-Spam-Status: No, hits=-4.7 required=5.0 tests=AWL,BAYES_00 autolearn=ham
X-Spam-Level:
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
test test test
---------- message after passing through SA -----------
Message-ID: <[EMAIL PROTECTED]>
Content-Type: TEXT/PLAIN; charset=US-ASCII
test test test
-------------------------------------------------------
Note that MIME-Version has disappeared!
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
