It should be enough to p.mask the package and remove it since upstream is dead. Details at ${URL} @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
commit af14a9845810137c82742baf89bf3dd4fcbc9540 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: Wed Aug 16 12:11:52 2017 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: Wed Aug 16 12:21:39 2017 media-gfx/autotrace: Remove last-rited pkg, #620802
Security please add to an existing glsa or file a new one thanks, Gentoo Security Padawan ChrisADR
This issue was resolved and addressed in GLSA 201708-09 at https://security.gentoo.org/glsa/201708-09 by GLSA coordinator Aaron Bauman (b-man).