Package: libpam-pgsql
Version: 0.7.1-1
Severity: important
Tags: upstream squeeze patch

Since version 0.7 libpam-pgsql began using a bundled code for MD5 hash
calculation. However, this code comes from the last century, expects Alpha
is the only 64-bit architecture out there and uses data type "long" for
everything else. Consequently the hash calculations are done with 64-bit
integers instead of 32-bit and the code works essentially as a random
generator.

The fix is trivial, a working patch (not mine) is available here:
http://gitorious.org/~flameeyes/pam-pgsql/flameeyes-pam-pgsql/commit/30361fa5f3266c0f088bbc89eb06dddbd032fc54

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libpam-pgsql depends on:
ii  libc6                         2.10.2-9   Embedded GNU C Library: Shared lib
ii  libpam0g                      1.1.1-3    Pluggable Authentication Modules l
ii  libpq5                        8.4.4-1    PostgreSQL C client library

libpam-pgsql recommends no packages.

libpam-pgsql suggests no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to