Package: libpam-pgsql Version: 0.7.1-1 Severity: important Tags: upstream squeeze patch
Since version 0.7 libpam-pgsql began using a bundled code for MD5 hash calculation. However, this code comes from the last century, expects Alpha is the only 64-bit architecture out there and uses data type "long" for everything else. Consequently the hash calculations are done with 64-bit integers instead of 32-bit and the code works essentially as a random generator. The fix is trivial, a working patch (not mine) is available here: http://gitorious.org/~flameeyes/pam-pgsql/flameeyes-pam-pgsql/commit/30361fa5f3266c0f088bbc89eb06dddbd032fc54 -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libpam-pgsql depends on: ii libc6 2.10.2-9 Embedded GNU C Library: Shared lib ii libpam0g 1.1.1-3 Pluggable Authentication Modules l ii libpq5 8.4.4-1 PostgreSQL C client library libpam-pgsql recommends no packages. libpam-pgsql suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

