This sounds it could become very severe if someone publishes an exploit: https://www.openwall.com/lists/oss-security/2019/08/28/3 Please bump, 2.3.7.2 and 2.2.36.4 contain the fix.
Pigeonhole is also affected (gets installed with dovecot with USE="sieve"), fix is in 0.5.7.2: https://raw.githubusercontent.com/dovecot/pigeonhole/0.5.7.2/NEWS
FWIW, bumping ebuild to 2.3.7.2 built & running fine here with no other changes. I do not use sieve so cannot comment on it.
This is CVE-2019-11500 according to the oss-sec report. Confirming that bumping to dovecot-2.3.7.2 with sieve_version=0.5.7.2 builds and runs on amd64. Sieve-based filtering still works.
*** This bug has been marked as a duplicate of bug 692572 ***