These bugs do not really affect Debian because libutils is not included in any process that runs with elevated privileges nor any process that is connected to the network by default. On Android, libutils is used in 'system' level processes (basically like setuid root).
libutils is only used in the Android SDK tools in Debian. So if someone processed images or audio files with the Android SDK, it might be vulnerable, but that means the attacker already has user access. The exploit would let a build script run arbitrary commands via an image/sound/video file planted in the build. If an attacker can plant an image/sound/video file, they might as well just plant code, so not really a useful exploit. In any case, it will be fixed with the upcoming upload. .hc
