This upstream bug was fixed in 3.13.1:
The title is "Remotely exploitable bug", but the information is a bit unclear. It looks like this is a stack overflow. Anyway, probably means 3.13.1 should receive fast stabilization and a GLSA.
This version also fixes two oob errors I reported, I don't think they're security risks, but for completeness here they are (some consider every oob issue to be worthy of treating as a potential security issue):
Arches please test and mark stable =mail-client/claws-mail-3.13.1 with target KEYWORDS:
alpha amd64 ~arm hppa ~mips ppc ppc64 sparc x86 ~x86-fbsd
AMD 64: OK
Stable for HPPA.
I'm having a bit of trouble testing on PPC64 since dev-libs/libgdata -> net-libs/gnome-online-accounts -> [PDEPEND]: gnome-base/gnome-control-center pulls in half the GNOME distribution. I could mask USE=gnome easily, though.
we will continue in bug 570692
Added to an existing GLSA Request.
This issue was resolved and addressed in
GLSA 201606-11 at https://security.gentoo.org/glsa/201606-11
by GLSA coordinator Aaron Bauman (b-man).