We have since packaged a new release of PoDoFo (0.9.6) which apparently
fixed many bugs.

The PoDoFo team does not write changelogs or any sort of release
announcement file. Their SVN repo includes several commits like "Fix
CVE-XXX" followed by "Really fix CVE-XXX".

Since PoDoFo is not widely used in Guix (only by calibre and Scribus),
I'm not going to dig in to whether or not these bugs are really fixed or
not in the current Guix package.

At this point, this bug report is not helping us much, so I am closing
it :)