** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash function is
used, computes hash values without restricting the ability to trigger hash
collisions predictably, which allows context-dependent attackers to cause a
denial of service (CPU consumption) via crafted input to an application
that maintains a hash table. NOTE: this issue may be disputed by the
vendor; the existence of the g_str_hash function is not a vulnerability in
the library, because callers of g_hash_table_new and g_hash_table_new_full
can specify an arbitrary hash function that is appropriate for the
mdeslauras of 2012-02-21, upstream has simply added a warning:

This CVE is disputed by upstream, we will not be fixing this
issue in stable releases
Ubuntu 12.04 ESM (Precise Pangolin):ignored
Ubuntu 14.04 ESM (Trusty Tahr):ignored
Ubuntu 16.04 LTS (Xenial Xerus):ignored
Ubuntu 18.04 LTS (Bionic Beaver):ignored
Ubuntu 19.04 (Disco Dingo):ignored
Ubuntu 19.10 (Eoan Ermine):ignored
More Information

Updated: 2019-12-05 20:58:30 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)