This sounds it could become very severe if someone publishes an exploit:
Please bump, 126.96.36.199 and 188.8.131.52 contain the fix.
Pigeonhole is also affected (gets installed with dovecot with USE="sieve"), fix is in 0.5.7.2:
FWIW, bumping ebuild to 184.108.40.206 built & running fine here with no other changes.
I do not use sieve so cannot comment on it.
This is CVE-2019-11500 according to the oss-sec report.
Confirming that bumping to dovecot-220.127.116.11 with sieve_version=0.5.7.2 builds and runs on amd64. Sieve-based filtering still works.
*** This bug has been marked as a duplicate of bug 692572 ***