The upstream openssl crate advisory is RUSTSEC-2024-0357, "MemBio::get_buf has undefined behavior with empty buffers". Fixed downstream in Arti 1.2.6.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d690add7b2ece260b7c587785c07e35ba5df3602 commit d690add7b2ece260b7c587785c07e35ba5df3602 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2024-08-17 19:36:13 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2024-08-17 19:37:03 +0000 net-p2p/arti: drop 1.2.5 Bug: https://bugs.gentoo.org/938117 Signed-off-by: John Helmert III <ajak@gentoo.org> net-p2p/arti/Manifest | 83 ------ net-p2p/arti/arti-1.2.5.ebuild | 586 ----------------------------------------- 2 files changed, 669 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=801785119109108a0de238e466c80e776a15a98d commit 801785119109108a0de238e466c80e776a15a98d Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2024-08-17 14:48:55 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2024-08-17 19:37:03 +0000 net-p2p/arti: add 1.2.6 Bug: https://bugs.gentoo.org/938117 Signed-off-by: John Helmert III <ajak@gentoo.org> net-p2p/arti/Manifest | 108 ++++++++ net-p2p/arti/arti-1.2.6.ebuild | 611 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 719 insertions(+)
