For the Bitcoin-Qt issue:
The issue arises if you are spending "change" from a transaction you just made that is still unconfirmed. If that original transaction gets mutated and confirmed with that mutation, the transaction that you made using change from the unmutated transaction can no longer go through.
I'm still a little unclear on what the problem is in this case. Say you spend change from a transaction that hasn't been confirmed yet. If the transaction is mutated, and that mutated transaction is confirmed, your original transaction won't go through. Is this just a problem because it allows a malicious user to DDOS part of the network (or part of the network) by submitting numerous duplicate transactions that won't cost them anything because the transactions still involve the same inputs and ouputs and only one will go through?
Basically, I'm confused as to how this is a double-spend problem because only one of the transactions will go through, so only that many Bitcoins will be sent/signed over. It's not possible for someone to use this to receive twice the number of Bitcoins that they have as unspent change, right?
As you point out, it does not enable any double spend per say. However, it may cause transactions the user expected to pass to fail randomly, which is an inconvenience.
Furthermore, once a transaction message was broadcast to enough miners, for small transactions, many merchants let the client go. Even if it does not have the same "trust" as a confirmed transaction, as long as you expect most client to be honest, you may be willing to accept to take that risk. Furthermore, once the transaction is broadcast to enough miners, even if a dishonest client tried do broadcast a double-spend of the first transactions, most miners will only include the first transaction they recieved, so the merchant gets his money
This in most of the cases. If the transaction is made with a confirmed output, then even if the mutated version passes, the merchant gets the money and everybody is happy. However, if the transaction is derived from an unconfirmed output, THEN, it's a problem, because if the first transaction mutates, then the second will fail.
The second case can happen with all clients, even if they are honest. Now the merchant cannot take the chance that the client is honest because it can happen anytime. So merchants should NEVER accept unconfirmed transactions derived from unconfirmed output, even under the assumption of trusted client.
However, not that there has been absolutely NO report of this happening in reality. This is a theorical possibility, which can help us take appropriate measures to act safely with Bitcoin.