I am inclined to think that the code has changed so much since the wheezy version, that the current vulnerablities are unlikely to be applicable.
Even if you take the view that they are unless proven otherwise, and you can positively identify the concerned patches (upstream doesn't appear to be helping yet here), I don't think it is going to be feasible to backport these changes to wheezy, due to the sigificant code base differences. https://github.com/web2py/web2py/issues/1585#issuecomment-284320439 -- Brian May <[email protected]> https://linuxpenguins.xyz/brian/
