Extensive details at $URL. Fixed in upstream version 1.9.5p2. Please bump.
This issue was resolved and addressed in GLSA 202101-33 at https://security.gentoo.org/glsa/202101-33 by GLSA coordinator Sam James (sam_c).
*** Bug 767427 has been marked as a duplicate of this bug. ***