See: https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/ The latest version is still affected, I haven't found an upstream bug report.
https://github.com/fritzy/SleekXMPP/issues/442#issuecomment-288894743 says fixed in 1.3.2 but this should just be treecleaned because it is superseded by slixmpp anyway.
Package was dropped on 20200917.
Sorry, shouldn't have closed without vote.
GLSA Vote: No Repository is clean, all done!