Hi, After much digging, I believe I have found the relevant issue and commits to fix the CVE-2017-5661 issue in fop. I have backported the patch to our 1.0 release in LTS and it seems to compile fine. However, I haven't performed any tests because I lack experience with that peculiar infrastructure.
Therefore, here is the fop package ready for testing, as usual: https://people.debian.org/~anarcat/debian/wheezy-lts/ Thanks for any feedback! A. -- Je viens d'un pays où engagé veut dire que tu t'es trouvé une job. - Patrice Desbiens