The reason for picking the Android fix was that the Android version was similar to the one in wheezy. The upstream fix was against a much more recent with quite significantly changed code base (essentially a complete rewrite). Also the Android fix was much smaller and corrected both problems, making the work easier. The upstream fix also include some code restructuring that made it hard to tell how to backport considering the significance of the changed code base.
Jose (maintainer) and maybe debian security team should probably pick the patches you refer to as that versaion is similar to the one the upstream correcrion was done on.
I'll have a look at the Android test program.
Was this an answer to your questions?
Sent from a phone