glsa's 200603-06 and 200612-10 affect <app-arch/tar-0.16-r2; at this point, keywording is the same, 1.15-r1 keywords are available in 1.16.1, 1.16-r1 keywords shadowed by 1.16-r2.. Nothing specifically revdeps the vuln versions either, thus time to punt.
>=app-arch/tar-1.15.91 is masked on uclibc profiles because it's screwed there.