See $URL for details. Fixed in RAR 5.50 beta 4.
Now in repository via https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9788fad0f0f4710cc1a4598370133e599f8fe545 @ Arches, please test and mark stable: =app-arch/rar-5.5.0_beta4_p20170628
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
Repository is now clean (https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7558417b09b71302aae28fe2b871e73693e43253). Added to an existing GLSA request.
This issue was resolved and addressed in GLSA 201708-05 at https://security.gentoo.org/glsa/201708-05 by GLSA coordinator Thomas Deutschmann (whissi).