app-text/ghostscript-gpl is currently bundling media-libs/openjpeg (ghostscript-gpl-9.19 includes openjpeg-2.1.0).
The package should be affected by most vulnerabilities mentioned in https://security.gentoo.org/glsa/201612-26
Unbundling openjpeg seems possible (upstream uses 2.1.0), but `base/lib.mak` needs to be patched to make it build with openjpeg 2.1.1+.
See https://gitweb.gentoo.org/dev/dev-zero.git/commit/?id=9a914722e7c0b19b244088964e8ac876cda50ce4 for a preliminary version bump to 9.20
OpenJPEG was unbundled in https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=521a0bbaf9bea07b4c977156bb5cd3efaded1bb4 as part of bug 596576.
All vulnerable versions have been removed.
Added to an existing GLSA request.
This issue was resolved and addressed in
GLSA 201702-31 at https://security.gentoo.org/glsa/201702-31
by GLSA coordinator Thomas Deutschmann (whissi).