See https://www.openssl.org/news/secadv/20220621.txt. Note that we don't use OpenSSL's rehash script, instead our "own" (app-misc/c_rehash), so we shouldn't be affected. Hanno did make a good point in a previous bug (bug 842489) that we should migrate to 'openssl rehash' (as upstream recommend) though.
... so closing as INVALID given we're not affected (but filed for posterity).
(In reply to Sam James from comment #0) > Hanno did make a good point in a previous bug (bug 842489) that we should > migrate to 'openssl rehash' (as upstream recommend) though. Filed bug 855494 for that.