diff -Nru libapache2-mod-auth-pgsql-2.0.3/debian/changelog libapache2-mod-auth-pgsql-2.0.3/debian/changelog
--- libapache2-mod-auth-pgsql-2.0.3/debian/changelog	2017-06-22 11:53:22.000000000 -0300
+++ libapache2-mod-auth-pgsql-2.0.3/debian/changelog	2017-07-13 09:47:59.000000000 -0300
@@ -1,3 +1,10 @@
+libapache2-mod-auth-pgsql (2.0.3-6.1ubuntu1) artful; urgency=medium
+
+  * d/p/crypt-check-null-1698758.patch: check for a NULL return from crypt(3)
+    (LP: #1698758)
+
+ -- Andreas Hasenack <andreas@canonical.com>  Thu, 22 Jun 2017 14:34:03 -0300
+
 libapache2-mod-auth-pgsql (2.0.3-6.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru libapache2-mod-auth-pgsql-2.0.3/debian/control libapache2-mod-auth-pgsql-2.0.3/debian/control
--- libapache2-mod-auth-pgsql-2.0.3/debian/control	2017-06-22 11:53:22.000000000 -0300
+++ libapache2-mod-auth-pgsql-2.0.3/debian/control	2017-07-13 09:58:01.000000000 -0300
@@ -1,5 +1,6 @@
 Source: libapache2-mod-auth-pgsql
-Maintainer: Marco Nenciarini <mnencia@debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Marco Nenciarini <mnencia@debian.org>
 Section: httpd
 Priority: extra
 Standards-Version: 3.9.4
diff -Nru libapache2-mod-auth-pgsql-2.0.3/debian/patches/crypt-check-null-1698758.patch libapache2-mod-auth-pgsql-2.0.3/debian/patches/crypt-check-null-1698758.patch
--- libapache2-mod-auth-pgsql-2.0.3/debian/patches/crypt-check-null-1698758.patch	1969-12-31 21:00:00.000000000 -0300
+++ libapache2-mod-auth-pgsql-2.0.3/debian/patches/crypt-check-null-1698758.patch	2017-07-13 09:51:37.000000000 -0300
@@ -0,0 +1,25 @@
+Description: check for a NULL return from crypt(3)
+ crypt(3) will return NULL in the case of errors, like if an
+ unsupported hash algorithm is used, or incorrect salt options
+ are passed.
+Author: Andreas Hasenack <andreas@canonical.com>
+Bug-Debian: https://bugs.debian.org/865553
+Bug-Ubuntu: https://launchpad.net/bugs/1698758
+Forwarded: yes (emailed Giuseppe Tanzilli <info@giuseppetanzilli.it>)
+Last-Update: 2017-07-13
+
+--- libapache2-mod-auth-pgsql-2.0.3.orig/mod_auth_pgsql.c
++++ libapache2-mod-auth-pgsql-2.0.3/mod_auth_pgsql.c
+@@ -868,6 +868,12 @@ static authn_status check_password(reque
+ 			break;
+ 		case AUTH_PG_HASH_TYPE_CRYPT:
+ 			sent_pw = (char *) crypt(sent_pw, real_pw);
++			if (!sent_pw) {
++				apr_snprintf(pg_errstr, MAX_STRING_LEN,
++						 "PG user %s: unsupported CRYPT format", user);
++				ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "[mod_auth_pgsql.c] - ERROR - %s", pg_errstr);
++				return AUTH_DENIED;
++			}
+ 			break;
+ 		case AUTH_PG_HASH_TYPE_BASE64:
+ 			sent_pw = auth_pg_base64(sent_pw);
diff -Nru libapache2-mod-auth-pgsql-2.0.3/debian/patches/series libapache2-mod-auth-pgsql-2.0.3/debian/patches/series
--- libapache2-mod-auth-pgsql-2.0.3/debian/patches/series	2017-06-22 11:53:22.000000000 -0300
+++ libapache2-mod-auth-pgsql-2.0.3/debian/patches/series	2017-06-22 16:53:33.000000000 -0300
@@ -3,3 +3,4 @@
 encoding.patch
 apache-2.4.patch
 fixdoublefree.patch
+crypt-check-null-1698758.patch