Package: libpam-pgsql Version: 0.7.3.2-1 Severity: critical Tags: patch Justification: breaks unrelated software
When in the DB the password is "*" (password marked as disabled in the shadow file convention) the crypt(3) function called at backend_pgsql.c:284 returns NULL, producing a segmentation fault because of the call to strdup. -- System Information: Debian Release: 8.7 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages libpam-pgsql depends on: ii libc6 2.19-18+deb8u7 ii libgcrypt20 1.6.3-2+deb8u2 ii libpam0g 1.1.8-3.1+deb8u2 ii libpq5 9.4.10-0+deb8u1 libpam-pgsql recommends no packages. libpam-pgsql suggests no packages.