This sounds it could become very severe if someone publishes an exploit:
Please bump, 220.127.116.11 and 18.104.22.168 contain the fix.
Pigeonhole is also affected (gets installed with dovecot with USE="sieve"), fix is in 0.5.7.2:
FWIW, bumping ebuild to 22.214.171.124 built & running fine here with no other changes.
I do not use sieve so cannot comment on it.
This is CVE-2019-11500 according to the oss-sec report.
Confirming that bumping to dovecot-126.96.36.199 with sieve_version=0.5.7.2 builds and runs on amd64. Sieve-based filtering still works.
*** This bug has been marked as a duplicate of bug 692572 ***