diff --git a/libpwquality-1.4.0-covscan.patch b/libpwquality-1.4.0-covscan.patch
new file mode 100644
index 0000000..2b3fd5f
--- /dev/null
+++ b/libpwquality-1.4.0-covscan.patch
@@ -0,0 +1,32 @@
+From fbf963dde2cbe34dba1df269b9506f4a55c39357 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tmraz@fedoraproject.org>
+Date: Mon, 22 Oct 2018 16:29:31 +0200
+Subject: [PATCH] Use calloc() instead of malloc() in distcalculate to
+ initialize the memory.
+
+---
+ src/check.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/check.c b/src/check.c
+index ac7cbd5..61218a7 100644
+--- a/src/check.c
++++ b/src/check.c
+@@ -96,12 +96,12 @@ distance(const char *old, const char *new)
+ 
+         m = strlen(old);
+         n = strlen(new);
+-        distances = malloc(sizeof(int*) * (m + 1));
++        distances = calloc(m + 1, sizeof(int*));
+         if (distances == NULL)
+                 return -1;
+ 
+         for (i = 0; i <= m; i++) {
+-                distances[i] = malloc(sizeof(int) * (n + 1));
++                distances[i] = calloc(n + 1, sizeof(int));
+                 if (distances[i] == NULL)
+                         goto allocfail;
+ 
+-- 
+2.14.5
+
diff --git a/libpwquality.spec b/libpwquality.spec
index 26cfce8..92eb1d0 100644
--- a/libpwquality.spec
+++ b/libpwquality.spec
@@ -15,12 +15,13 @@
 Summary: A library for password generation and password quality checking
 Name: libpwquality
 Version: 1.4.0
-Release: 10%{?dist}
+Release: 11%{?dist}
 # The package is BSD licensed with option to relicense as GPLv2+
 # - this option is redundant as the BSD license allows that anyway.
 License: BSD or GPLv2+
 Group: System Environment/Base
 Source0: https://github.com/libpwquality/libpwquality/releases/download/libpwquality-%{version}/libpwquality-%{version}.tar.bz2
+Patch1: libpwquality-1.4.0-covscan.patch
 
 %global _pwqlibdir %{_libdir}
 %global _moduledir %{_libdir}/security
@@ -32,8 +33,12 @@ BuildRequires: gcc
 BuildRequires: cracklib-devel
 BuildRequires: gettext
 BuildRequires: pam-devel
+%if %{with python2}
 BuildRequires: python2-devel
+%endif
+%if %{with python3}
 BuildRequires: python3-devel
+%endif
 
 URL: https://github.com/libpwquality/libpwquality/
 
@@ -86,6 +91,7 @@ pronounceable passwords from Python applications.
 
 %prep
 %setup -q
+%patch1 -p1 -b .covscan
 
 %if %{with python3} && %{with python2}
 rm -rf %{py3dir}
@@ -178,6 +184,9 @@ mkdir $RPM_BUILD_ROOT%{_secconfdir}/pwquality.conf.d
 %endif
 
 %changelog
+* Mon Oct 22 2018 Tomáš Mráz <tmraz@redhat.com> 1.4.0-11
+- Fix an issue found in Coverity scan
+
 * Tue Jul 31 2018 Florian Weimer <fweimer@redhat.com> - 1.4.0-10
 - Rebuild with fixed binutils