Details at $URL. @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
CVE ID: CVE-2016-10268 Summary: tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 78490" and libtiff/tif_unix.c:115:23. Published: 2017-03-24T19:59:00.000Z
pulled in 4.0.7-r1 https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f61e94523aef88e99d1140307b83bd518a450a14
This issue was resolved and addressed in GLSA 201709-27 at https://security.gentoo.org/glsa/201709-27 by GLSA coordinator Aaron Bauman (b-man).