[VIM] lbreakout security question
jericho at attrition.org
Mon May 16 17:24:31 EDT 2005
I work with the Open Security Vulnerability Database (osvdb.org) and am
trying to determine something about the security problems reported in the
lbreakout game. Around Feb 22, 2004 Ulf Harnhammar from Debian found a
local overflow in the HOME environment variable. Debian provided a patch
for their users, but there was no indication if the original package was
updated with a fix.
A couple days ago, the Freshmeat mail list indicated a new version of
lbreakout was available. Checking the details, it said that a security
patch was applied. The changelog credits "U.H." (Ulf Harnhammar I assume)
but shows a date of 05/02/14, about one year after the overflow issue.
Can you confirm if these are the same vulnerability?
More information about the VIM