Debian Linux Security Advisory 3192-1 - Hiroya Ito of GMO Pepabo, Inc. reported that checkpw, a password authentication program, has a flaw in processing account names which contain double dashes. A remote attacker can use this flaw to cause a denial of service (infinite loop).
d6e0d76ec692ed0cd90abd68040a0f655e8ccf3e58b097abbdc252517f262dc7