>Was upstream's position also to remove those binaries? Yes.
>Upstream was unable to provide a patch? Yes. Upstream decided that it was not worth the time to make a patch. Leptonica is a large image processing library. It also contains source code for many (over 200) example programs that use the library. From these example programs, a small number (about 10) are built and ship as part of the leptonica-progs binary package. Bug #830660 noticed that some of these programs were insecure. The affected programs were not very important, and my best guess is nobody uses them. So after discussion with upstream, I removed them from the Debian package. Because the programs are probably not used, I don't have a strong opinion about what happens with Wheezy. Does this help?