CVE-2012-6051 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6051): Google CityHash computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack. The bug isn't explicitly mentioned in the cityhash ChangeLog, but I suspect that 1.0.3 is affected and needs to be cleaned.
https://code.google.com/p/cityhash/issues/detail?id=10 As per upstream this will not be fixed.
If upstream won't fix, there isn't much we can do about this, and I wouldn't call this a significant enough issue to warrant complete removal. Closing noglsa.