Just looking at these security issue in Jessie, which was fixed in Stretch. The set upstream changes to fix these problems appear to be somewhat large and invasive. Probably back porting from the patches in Stretch may be the best approach. Predictably I get a large number of conflicts when I attempt to apply the patches. Fixing this likely to time consuming task. -- Brian May <bam@debian.org>