I've just received the following email from Trezor:
Latest Firmware Updates Correct Possible Segwit Transaction Vulnerability
Thanks to a report by Saleem Rashid via our responsible disclosure program, we were notified of a potential security vulnerability in Segwit transactions. This issue is a result of design choices in the Bitcoin protocol and is not a vulnerability specific to Trezor.
As this is a corner case, it is highly unlikely that you will encounter this problem. Segwit transactions are not affected if they are already on the blockchain and there is a rare possibility of this issue even if you are signing a new transaction while you have malware on your computer.
Even though this is a very improbable scenario and it will eventually be resolved by the Bitcoin community, SatoshiLabs is dedicated to correcting all problems, even those outside of normal operating parameters, no matter their likelihood. The firmware updates for Trezor One (version 1.9.1) and Trezor Model T (version 2.3.1) change how Segwit transactions are handled and correct this.
Check out our dev corner for a more
detailed explanation.
Yours,
Trezor
It looks like the problem comes from the network rather than Trezor themselves. A patch for Electrum is also coming to solve this; but....
We are providing a patch for Electrum as a pull request #6198. It will be impossible to use Electrum with Trezor 1.9.1 and 2.3.1 until this patch is released.