From the changelog at $URL:
* pam_unix: fixed CVE-2020-27780 - authentication bypass when an
user doesn't exist and root password is blank
According to the issue this appears to be actively exploited in the wild:
The only affected version is 1.5.0 accord to SUSE (https://www.openwall.com/lists/oss-security/2020/11/24/3), that version is all unstable for us so this will be a trivial bug.
Created attachment 674839 [details, diff]
Upstream fix as patch file...
Comment on attachment 674839 [details, diff]
I am really waiting for the release here. It is on the way.
This issue was resolved and addressed in
GLSA 202012-06 at https://security.gentoo.org/glsa/202012-06
by GLSA coordinator Thomas Deutschmann (whissi).