[VIM] lbreakout security question

Mon May 16 17:24:31 EDT 2005

Hello,

I work with the Open Security Vulnerability Database (osvdb.org) and am 
trying to determine something about the security problems reported in the 
lbreakout game. Around Feb 22, 2004 Ulf Harnhammar from Debian found a 
local overflow in the HOME environment variable. Debian provided a patch 
for their users, but there was no indication if the original package was 
updated with a fix.

A couple days ago, the Freshmeat mail list indicated a new version of 
lbreakout was available. Checking the details, it said that a security 
patch was applied. The changelog credits "U.H." (Ulf Harnhammar I assume) 
but shows a date of 05/02/14, about one year after the overflow issue.

Can you confirm if these are the same vulnerability?

Thanks!

Brian
OSVDB.org

references:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-0158
http://www.debian.org/security/2004/dsa-445