This sounds it could become very severe if someone publishes an exploit:
Please bump, 22.214.171.124 and 126.96.36.199 contain the fix.
Pigeonhole is also affected (gets installed with dovecot with USE="sieve"), fix is in 0.5.7.2:
FWIW, bumping ebuild to 188.8.131.52 built & running fine here with no other changes.
I do not use sieve so cannot comment on it.
This is CVE-2019-11500 according to the oss-sec report.
Confirming that bumping to dovecot-184.108.40.206 with sieve_version=0.5.7.2 builds and runs on amd64. Sieve-based filtering still works.
*** This bug has been marked as a duplicate of bug 692572 ***