Ebuilds for this package have an explicit dependency on a version of xerces-c
which is less than 3.0.0. All of these ebuilds must be fixed since earlier
versions of xerces-c have a security vulnerability, and those versions of
xerces-c need to be removed from the tree or hard-masked.
Forum entry about it at upstream here:
Until upstream releases a new version with xerces-c-3 support there's nothing we can do.