Add CVE-2017-17973/tiff

Marked as no-dsa (but we might downgrate it even to unimportant) since
provokes afaics only a crash in commandline tools tiff2pdf.

Since tiff3 does not privide the tools, marked unimportant straight for
src:tiff3.

Note for reviewes: double-check.