Latest version in junkdrawer overlay for testing.
Correction, this does not affect the current version in the tree (3.15) but 3.16 should be skipped in favor of 3.17. See #578162.
*** Bug 578162 has been marked as a duplicate of this bug. ***
So... there's really nothing for me to do here?
Vulnerable version never landed in the tree. Package was not stabilized back then either.