@ Maintainer(s): Please do another snapshot release. The vulnerability was fixed in http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=a10acfb1d2118f9a180181d3fed5399dbbe1df3c so you should be safe when you bump at least to >=dev-libs/gnulib-20140226 ...
I just pushed out 2016.12.21.08.39.01.
@ Maintainer(s): Thanks for the bump. Please also remove the vulnerable versions, i.e. drop =dev-libs/gnulib-2013.10.28.22.33.52 =dev-libs/gnulib-2009.03.03.14.07.45-r1 (or apply a mask indicating a security problem).
My bad, should've removed the old versions immediately. Done now.