* It was found that authenticating to a PostgreSQL database account with
an empty password was possible despite libpq's refusal to send an empty
password. A remote attacker could potentially use this flaw to gain access
to database accounts with empty passwords. (CVE-2017-7546)
--