tqdm is a smart progress meter.
A vulnerablility was discovered in tqdm._version that could allow a malicious git log within the current working directory.
A remote attacker could execute arbitrary commands by enticing a user to clone a crafted repo.
There is no known workaround at this time.
All tqdm users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-python/tqdm-4.23.3"