445200 – dev-lang/ruby : Murmur hash function collisions

Bug 445200 - dev-lang/ruby : Murmur hash function collisions

Summary: dev-lang/ruby : Murmur hash function collisions

Status:	RESOLVED DUPLICATE of bug 442580

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://bugzilla.redhat.com/show_bug....
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2012-11-29 13:11 UTC by Agostino Sarubbo
Modified:	2012-11-29 13:13 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2012-11-29 13:11:20 UTC

From $URL :

Ruby language upstream (which was also vulnerable to similar issue) in version ruby-1.9.3 
patchlevel 327 has replaced the Murmur hash implementation with the SipHash-2-4 one (which is not 
vulnerable to this problem):
  http://www.ruby-lang.org/en/news/2012/11/09/ruby19-hashdos-cve-2012-5371/
  https://www.131002.net/siphash/

Comment 1 Agostino Sarubbo gentoo-dev

2012-11-29 13:13:13 UTC

err. duplicate.

*** This bug has been marked as a duplicate of bug 442580 ***