[VIM] lbreakout security question

security curmudgeon jericho at attrition.org
Mon May 16 17:24:31 EDT 2005


I work with the Open Security Vulnerability Database (osvdb.org) and am 
trying to determine something about the security problems reported in the 
lbreakout game. Around Feb 22, 2004 Ulf Harnhammar from Debian found a 
local overflow in the HOME environment variable. Debian provided a patch 
for their users, but there was no indication if the original package was 
updated with a fix.

A couple days ago, the Freshmeat mail list indicated a new version of 
lbreakout was available. Checking the details, it said that a security 
patch was applied. The changelog credits "U.H." (Ulf Harnhammar I assume) 
but shows a date of 05/02/14, about one year after the overflow issue.

Can you confirm if these are the same vulnerability?




More information about the VIM mailing list