Not sure if this is a dupe or not - but if there is an open bug to this effect it must be hidden (or not mention poppler in the subject). On amd64 the current stable version of poppler is 0.3.0-r1, and a recent GLSA (200512-08) indicates all versions < 0.4.2-r1 are vulnerable. I noticed that the non-vulnerable version is also ~x86. So, either the GLSA is wrong and there are non-vulnerable lower versions, or the GLSA was released before the fixed version was marked stable on any arch - likely to confuse many an admin (at least those of us who read GLSAs).
Yep, you're right: GLSA is wrong and there is a non-vulnerable lower version (0.3.0-r1).
Fixed in CVS. Should appear in Portage and the website in about 30 minutes.
Quick change of platform in bugzilla. Sorry about the email.