It is suspected that this package is vulnerable to a security vulnerability in gnulib. As such we ask maintainers with packages suspected to be vulnerable to verify if the package is (or have been) affected. Please see the information contained in the tracker bug 600518. "If an application using parse_datetime(), such as touch or date, accepted untrusted input, it could cause the application to crash or, potentially, execute arbitrary code."
The embedded gnulib was updated via https://gitlab.com/oath-toolkit/oath-toolkit/commit/5913c96f21eca742223a3fd409e0427a2c144772 $ git tag --contains 5913c96f21eca742223a3fd409e0427a2c144772 | sort oath-toolkit-2-6-0 oath-toolkit-2-6-1 oath-toolkit-2-6-2 @ Maintainer(s): Please drop =sys-auth/oath-toolkit-2.4.1
Cleaned: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9de7aebeb61e4653716952e82965fc8c713f7f7d