We have since packaged a new release of PoDoFo (0.9.6) which apparently
fixed many bugs.
The PoDoFo team does not write changelogs or any sort of release
announcement file. Their SVN repo includes several commits like "Fix
CVE-XXX" followed by "Really fix CVE-XXX".
Since PoDoFo is not widely used
There were some bugs with security implications reported in Podofo
recently:
http://seclists.org/oss-sec/2017/q2/0
http://seclists.org/oss-sec/2017/q2/1
http://seclists.org/oss-sec/2017/q2/2
I noticed some fixes committed to the Podofo SVN repo:
https://sourceforge.net/p/podofo/mailman/podofo-sv
