Thanks for these reports Daniel.
For future security reports, please include/add the relevent main reference to the URL field, and use title format:
cat/port: Update to <version> (fixes security vulnerability: <cve>)
Created attachment 225233 [details]
Add upstream patch to fix CVE-2021-3487.
Bug #256133 describes vulnerability fixed with this patch. So please commit it together.