Contents of /data/embedded-code-copies

Embedded code copies
====================

This file collects cases, where a source package embeds code from
other projects which is considered bad for fixing security flaws
because the fix needs to be applied in multiple source packages.

Format:
<srcpkg> (<optional comment about srcpkg>)
        - <embedding srcpkg> <status> (<sort>; bug #<number>)
        NOTE: optional comments about the linkage of the embedding srcpkg

status: version number fixing the embedded copy, <unfixed>, <removed>, <itp> or <unknown> if the version number can not be determined
sort: static (linking statically against a lib)
      embed (embedding a copy of the library into another source package)
      fork (the package is not just embedding code but it is a fork and thus might share parts of the source code)

The srcpkg might be some string to identify the code if there is no specific source package.

Everything up to the next line is ignored
---BEGIN
xpdf (some srcpkgs use xpdf2 code, some xpdf3 code)
        NOTE: Fixed packages link to poppler library unless otherwise noted
        - gpdf <removed>
        [sarge] - gpdf <unfixed>
        NOTE: has been replaced by evince in etch
        - pdftohtml <unknown>
        [sarge] - pdftohtml <unfixed>
        [etch] - pdftohtml <unfixed>
        NOTE: has been replaced by poppler-utils
        - kdegraphics <unfixed> (embed; bug #436164)
        NOTE: the kpdf replacement in KDE 4 is using poppler
        - tetex-bin 3.0-12 (embed)
        - texlive-bin 2007-1 (embed)
        NOTE: links to poppler
        - koffice <unfixed> (embed; bug #436163)
        - libextractor 0.5.12-1 (embed)
        NOTE: libextractor is using its own pdf decoder now
        - libextractor 0.5.12-1 (embed)
        - pdfkit.framework 0.8-4 (embed)
        - ipe <unfixed> (embed)
        NOTE: embeds small parts with renamed source files: ipestdfonts.cpp, ipefonts.cpp, ipedct.cpp
        - ruby-gnome2 <unknown> (embed)
        NOTE: copy only present in source but links to poppler

ppmd
        - libcomplearn-mod-ppmd <unfixed> (embed; bug #458152)

silc-toolkit
        - silc-client 1.1~beta6-1 (embed)

dietlibc
        - ccontrol 0.9.1+20071204-1 (static)

libiax
        - iaxmodem <unfixed> (embed)

zlib (lots of apps embed a copy, but link dynamically, but there are a few exceptions)
        - dpkg <unfixed> (embed)
        NOTE: see 18196.48620.491996.624772@davenant.relativity.greenend.org.uk on debian-devel for discussion
        - rsync <unfixed> (embed)
        NOTE: somehow derived code base
        - mono <unfixed> (embed)
        TODO: check mozilla
        - Linux kernels <unfixed> (embed)
        - pvpgn 1.7.8-2 (embed)
        - mrtg 2.12.2-1 (embed)
        - rpm <unknown> (embed)
        NOTE: pinged anibal since when rpm was fixed

libbz2
        - dpkg <unfixed> (static)

ekg
        - centericq <unfixed> (embed)
        - gaim <unfixed> (embed)
        - pigdin <unfixed> (embed)(links dynamically against libgadu)
        - kopete 4:3.3.2-5 (embed)
        - kadu <unfixed> (embed)
        - gadu <unfixed> (embed)
        NOTE: g/kadu not packaged in Debian yet

xmlrpc (which package is the "origin" of this code?)
        - drupal <unfixed> (embed)
        - phpgroupware <unfixed> (embed)
        - egroupware <unfixed> (embed)
        - phpwiki (embed)
        - php4 <unfixed> (embed)
        TODO: check, php-pear, IIRC this was reorganized some weeks ago?

shtool (affects build-time only)
        - mysql-ocaml <unfixed> (embed)
        - php4 <unfixed> (embed)

mozilla source code
        - mozilla-firefox <unfixed> (embed)
        - mozilla-thunderbird
        - firefox <removed>
        [etch] - firefox <unfixed> (embed)
        - thunderbird <removed>
        [etch] - thunderbird <unfixed> (embed)
        - iceweasel <unfixed> (embed)
        - iceape <unfixed> (embed)
        - icedove <unfixed> (embed)
        - xulrunner <unfixed> (embed)
        - nvu <removed> (embed)

xli
        - xloadimage <unfixed> (embed)

lesstif (beware: two different lesstif APIs supported in one package, MOTIF 1.2 discarded upstream)
        - openmotif <unfixed> (embed)
        - xfree86/xorg <unfixed> (embed)
        NOTE: in libxpm

kerberized apps with BSD origin
        - krb4 <unfixed> (embed)
        - krb5 <unfixed> (embed)
        - heimdal <unfixed> (embed)

grip (which pkg is the origin?)
        - libcdaudio
        - grip
        - gnome-vfs
        TODO: check vfs2 as well

fudforum
        - phpgroupware-fudforum <unfixed> (embed)
        - egroupware-fudforum <removed>
        [sarge] - egroupware-fudforum <unfixed> (embed)

cvs
        - gcvs <unfixed> (embed)
        NOTE: see cvsunix/src in tarball

pcre
        - python* <unfixed> (embed)
        - php4 <unknown> (embed)
        - analog 2:5.23-0woody1 (embed)
        - libgoffice-1 <unfixed> (embed)
        - vfu 4.06-4.1 (embed; bug #450754)
        - tf5 5.0beta7-1 (embed)
        - monotone <unfixed> (embed)
        NOTE: this only affects versions >= 0.37
        - glib <unfixed> (embed)
        NOTE: 2.14 series for gregex support, only for udeb, regular packag links dynamic
        - apache2 2.0.53-4 (embed)
        - exim4 4.10-0.srh20.12 (embed)
        - yacas <unfixed> (embed)
        NOTE: <= 1.0.x; is using pcre to scan text, can execute shell commands via the syntax anyway
        - gtamsanalyzer.app 0.42-5 (embed)

tiff
        - wxpythongtk <unfixed> (embed)
        TODO: check, which debian pkg this is in

uudeview
        - libconvert-uulib-perl <unfixed> (embed)

sqlite (not affected by security vulnerabilities so far)
        - amarok <unfixed> (embed)
        - monotone <unfixed> (embed)
        - iceweasel <unfixed> (embed)

util-linux/mount
        - loop-aes-utils <unfixed> (embed)
        NOTE: contains code from util-linux' mount in the mount-aes-udeb

webmin
        - usermin <unknown> (embed)
        [sarge] - usermin <unfixed> (embed)

sylpheed
        - sylpheed-claws <unfixed> (fork)

phpsysinfo
        - egroupware <unfixed> (embed)
        - phpgroupware <unfixed> (embed)

phpldapadmin
        [sarge] - egroupware <unfixed> (embed)
        NOTE: removed from egroupware after sarge

chmlib
        - kchmviewer <unknown> (embed)

libavcodec/libavformat (source: ffmpeg)
        - mplayer <unfixed> (embed; bug #395252)
        - xvidcap <unfixed> (embed)
        - kino <unfixed> (static)
        - vlc <unfixed> (static)
        - smilutils <unfixed> (static)
        - motion <unfixed> (static)
        - gst-ffmpeg <unfixed> (embed)
        - gstreamer0.10-ffmpeg <unfixed> (embed)
        - xmovie <unfixed>
        TODO: gimp-gap (potentially using ffmpeg code as well)

mad MPEG decoding lib
        - mad <unfixed> (embed)
        - xine-lib <unfixed> (embed)

libdts
        - xine-lib <unfixed> (embed)

flac
        - xine-lib <unfixed> (embed)

liba52
        - a52dec <unfixed> (embed)
        - xine-lib <unfixed> (embed)

libmpeg2
        - mpeg2dec <unfixed> (embed)
        - xine-lib <unfixed> (embed)

curl
        - wget <unfixed> (embed)
        NOTE: code for NTLM authentication

uw-imap
        - pine <unfixed> (embed)
        - alpine <unfixed> (embed)

imagemagick
        - graphicsmagick <unfixed> (fork)

halibut
        - nsis <unfixed> (embed)

libghttp
        - hotway <unfixed> (embed)

libsndfile
        - ardour <unfixed> (embed)

glibmm2.4
        - ardour <unfixed> (embed)

libgnomecanvasmm2.6
        - ardour <unfixed> (embed)

libsigc++-2.0
        - ardour <unfixed> (embed)

soundtouch
        - ardour <unfixed> (embed)

libmms
        - xine-lib <unfixed> (embed)
        - mimms <unfixed> (embed)

fckeditor
        - knowledgeroot <unfixed> (embed)
        - moin <unfixed> (embed; bug #452599)
        - karrigell <unfixed> (embed; bug #452598)
        - gforge-plugins-extra 4.6.99+svn6225-1 (embed)

ipatlas (not packaged in Debian)
        - moodle <unfixed> (embed)

libphp-phpmailer
        - moodle <unfixed> (embed)

htmlArea (not packaged in Debian)
        - moodle <unfixed> (embed)

bennu (not packaged in Debian)
        - moodle <unfixed> (embed)

smarty:
        - moodle <unfixed> (embed)

TinyMCE
        - wordpress <unfixed> (embed)
        - moodle <unfixed> (embed)
        - knowledgeroot <unfixed> (embed)
        - joomla <itp> (bug #326398)

scintilla
        - scite <unfixed> (embed)
        - qscintilla <unfixed> (embed)
        - qscintilla2 <unfixed> (embed)
        - geany <unfixed> (embed)

libphp-adodb
        - moodle <unfixed> (embed)
        NOTE: also AdoDB-XML Schema
        - gallery2 <unfixed> (embed)
        - phppgadmin <unfixed> (embed)
        - egroupware <unfixed> (embed)
        - phpwiki <unfixed> (embed)
        - ipplan <unfixed> (embed)
        - typo3 <unfixed> (embed)
        - moodle <unfixed> (embed)
        - cacti <unknown> (embed)
        [sarge] - cacti <unfixed> (embed)
        NOTE: dependency exists, but internal version is used

gzip
        - linux-kernel <unfixed> (embed)
        NOTE: lib/inflate.c
        - klibc <unfixed> (embed)
        NOTE: based on linux-kernel gzip code
        - busybox <unfixed> (embed)

neon
        - cadaver <unfixed> (embed; bug #188381)
        - gnome-vfs2 <unfixed> (embed; bug #395874)
        - litmus <unfixed> (embed; #395875)
        [sarge] - screem <unfixed> (embed)
        - sitecopy <unfixed> (embed; bug #395876)
        [etch] - tla <unfixed> (embed; bug #395877)
        [sarge] - tla <unfixed> (embed; bug #395877)

libmodplug
        - gst-plugins-bad0.10 <unfixed> (embed)

libvncserver
        - vino <unfixed> (embed)

putty
        - filezilla <unfixed> (embed)

tinyxml (not packaged in Debian)
        - filezilla <unfixed>

gv
        - evince <unfixed> (embed)
        NOTE: ps/ tree from gv 3.5.8
        - evince-gtk <unfixed> (embed)
        NOTE: not packaged in Debian

libXbae
        [etch] - libpawlib2-lesstif <unfixed> (embed)
        NOTE: from Cernlib

libXaw
        [etch] - libpawlib2-lesstif
        NOTE: from Cernlib
        NOTE: I plan to deal with the above two cases after Etch release. -- KevinMcCarty

libgd2
        - graphviz <unfixed> (embed)
        NOTE: lib/gd seems to be 2.0.33

rar
        - unrar-nonfree <unfixed> (embed)

unrar-free (maybe this code is derived from the original rar, too?)
        - clamav <unfixed> (embed)
        NOTE: seems to be disabled in default config

mplayer (DirectMedia Object loader)
        - xine-lib <unfixed> (embed)
        NOTE: src/libw32dll/
        - vlc <unfixed> (embed)
        NOTE: modules/codec/dmo/

libwpd (WordPerfect converter)
        - openoffice.org <unfixed> (embed)

fsplib (http://sourceforge.net/projects/fsp/)
        - gftp <unfixed> (embed)
        NOTE: lib/fsplib version 0.3

librpcsecgss
        - krb5 <unfixed> (embed)

jasper
        - ghostscript <unfixed> (embed)
        - gs-gpl <unfixed> (embed)

libidn
        - monotone <unfixed> (embed)

liblua
        - monotone <unfixed> (embed)

libbotan
        - montone <unfixed> (embed)

NetXX
        - monotone <unfixed> (embed)

libgc
        - mono <unfixed> (embed)

lzma
        - p7zip <unfixed> (embed)

lzo
        - grub2 <unfixed> (embed)

pax code
        - tar <unfixed> (embed)
        - cpio <unfixed> (embed)

t1lib
        - tetex-bin 2.0.2-1 (embed)
        - texlive-bin <unknown> (embed)
1	nion	7695	Embedded code copies
2			====================
3
4	jmm-guest	1586	This file collects cases, where a source package embeds code from
5	nion	7695	other projects which is considered bad for fixing security flaws
6			because the fix needs to be applied in multiple source packages.
7	jmm-guest	1586
8	nion	7695	Format:
9			<srcpkg> (<optional comment about srcpkg>)
10			- <embedding srcpkg> <status> (<sort>; bug #<number>)
11			NOTE: optional comments about the linkage of the embedding srcpkg
12
13	nion	7840	status: version number fixing the embedded copy, <unfixed>, <removed>, <itp> or <unknown> if the version number can not be determined
14	nion	7828	sort: static (linking statically against a lib)
15			embed (embedding a copy of the library into another source package)
16			fork (the package is not just embedding code but it is a fork and thus might share parts of the source code)
17
18	nion	7788	The srcpkg might be some string to identify the code if there is no specific source package.
19	jmm-guest	1586
20	stef-guest	7923	Everything up to the next line is ignored
21			---BEGIN
22	nion	7696	xpdf (some srcpkgs use xpdf2 code, some xpdf3 code)
23	jmm-guest	7743	NOTE: Fixed packages link to poppler library unless otherwise noted
24	nion	7697	- gpdf <removed>
25			[sarge] - gpdf <unfixed>
26			NOTE: has been replaced by evince in etch
27			- pdftohtml <unknown>
28			[sarge] - pdftohtml <unfixed>
29			[etch] - pdftohtml <unfixed>
30			NOTE: has been replaced by poppler-utils
31	nion	7739	- kdegraphics <unfixed> (embed; bug #436164)
32	nion	7696	NOTE: the kpdf replacement in KDE 4 is using poppler
33	nion	7739	- tetex-bin 3.0-12 (embed)
34	jmm-guest	7743	- texlive-bin 2007-1 (embed)
35	nion	7696	NOTE: links to poppler
36	nion	7739	- koffice <unfixed> (embed; bug #436163)
37			- libextractor 0.5.12-1 (embed)
38	jmm-guest	7743	NOTE: libextractor is using its own pdf decoder now
39	nion	7739	- libextractor 0.5.12-1 (embed)
40			- pdfkit.framework 0.8-4 (embed)
41			- ipe <unfixed> (embed)
42	nion	7696	NOTE: embeds small parts with renamed source files: ipestdfonts.cpp, ipefonts.cpp, ipedct.cpp
43	nion	7739	- ruby-gnome2 <unknown> (embed)
44	nion	7696	NOTE: copy only present in source but links to poppler
45
46	nion	7791	ppmd
47	nion	7755	- libcomplearn-mod-ppmd <unfixed> (embed; bug #458152)
48
49	nion	7791	silc-toolkit
50	nion	7740	- silc-client 1.1~beta6-1 (embed)
51	nion	6965
52	nion	7791	dietlibc
53	nion	7740	- ccontrol 0.9.1+20071204-1 (static)
54	nion	6967
55	nion	7791	libiax
56	nion	7740	- iaxmodem <unfixed> (embed)
57	nion	6969
58	nion	7787	zlib (lots of apps embed a copy, but link dynamically, but there are a few exceptions)
59			- dpkg <unfixed> (embed)
60			NOTE: see 18196.48620.491996.624772@davenant.relativity.greenend.org.uk on debian-devel for discussion
61			- rsync <unfixed> (embed)
62			NOTE: somehow derived code base
63			- mono <unfixed> (embed)
64			TODO: check mozilla
65			- Linux kernels <unfixed> (embed)
66			- pvpgn 1.7.8-2 (embed)
67			- mrtg 2.12.2-1 (embed)
68			- rpm <unknown> (embed)
69	nion	7841	NOTE: pinged anibal since when rpm was fixed
70	jmm-guest	1586
71	nion	7788	libbz2
72			- dpkg <unfixed> (static)
73	stef-guest	5320
74	nion	7788	ekg
75			- centericq <unfixed> (embed)
76			- gaim <unfixed> (embed)
77			- pigdin <unfixed> (embed)(links dynamically against libgadu)
78			- kopete 4:3.3.2-5 (embed)
79			- kadu <unfixed> (embed)
80			- gadu <unfixed> (embed)
81			NOTE: g/kadu not packaged in Debian yet
82	jmm-guest	1586
83	nion	7791	xmlrpc (which package is the "origin" of this code?)
84	nion	7788	- drupal <unfixed> (embed)
85			- phpgroupware <unfixed> (embed)
86			- egroupware <unfixed> (embed)
87			- phpwiki (embed)
88			- php4 <unfixed> (embed)
89			TODO: check, php-pear, IIRC this was reorganized some weeks ago?
90	jmm-guest	1586
91	nion	7791	shtool (affects build-time only)
92			- mysql-ocaml <unfixed> (embed)
93			- php4 <unfixed> (embed)
94	jmm-guest	1588
95	nion	7791	mozilla source code
96			- mozilla-firefox <unfixed> (embed)
97			- mozilla-thunderbird
98			- firefox <removed>
99			[etch] - firefox <unfixed> (embed)
100			- thunderbird <removed>
101			[etch] - thunderbird <unfixed> (embed)
102			- iceweasel <unfixed> (embed)
103			- iceape <unfixed> (embed)
104			- icedove <unfixed> (embed)
105			- xulrunner <unfixed> (embed)
106			- nvu <removed> (embed)
107	jmm-guest	1588
108	nion	7791	xli
109			- xloadimage <unfixed> (embed)
110	jmm-guest	1588
111	nion	7827	lesstif (beware: two different lesstif APIs supported in one package, MOTIF 1.2 discarded upstream)
112			- openmotif <unfixed> (embed)
113			- xfree86/xorg <unfixed> (embed)
114			NOTE: in libxpm
115	jmm-guest	1588
116	nion	7827	kerberized apps with BSD origin
117			- krb4 <unfixed> (embed)
118			- krb5 <unfixed> (embed)
119			- heimdal <unfixed> (embed)
120	jmm-guest	1588
121	nion	7827	grip (which pkg is the origin?)
122			- libcdaudio
123			- grip
124			- gnome-vfs
125			TODO: check vfs2 as well
126	stef-guest	1608
127	nion	7827	fudforum
128			- phpgroupware-fudforum <unfixed> (embed)
129			- egroupware-fudforum <removed>
130			[sarge] - egroupware-fudforum <unfixed> (embed)
131	jmm-guest	1670
132	nion	7827	cvs
133			- gcvs <unfixed> (embed)
134			NOTE: see cvsunix/src in tarball
135	jmm-guest	1684
136	nion	7827	pcre
137			- python* <unfixed> (embed)
138			- php4 <unknown> (embed)
139			- analog 2:5.23-0woody1 (embed)
140			- libgoffice-1 <unfixed> (embed)
141			- vfu 4.06-4.1 (embed; bug #450754)
142			- tf5 5.0beta7-1 (embed)
143			- monotone <unfixed> (embed)
144			NOTE: this only affects versions >= 0.37
145			- glib <unfixed> (embed)
146			NOTE: 2.14 series for gregex support, only for udeb, regular packag links dynamic
147			- apache2 2.0.53-4 (embed)
148			- exim4 4.10-0.srh20.12 (embed)
149			- yacas <unfixed> (embed)
150			NOTE: <= 1.0.x; is using pcre to scan text, can execute shell commands via the syntax anyway
151			- gtamsanalyzer.app 0.42-5 (embed)
152	jmm-guest	1758
153	nion	7827	tiff
154			- wxpythongtk <unfixed> (embed)
155			TODO: check, which debian pkg this is in
156	joeyh	1802
157	nion	7827	uudeview
158			- libconvert-uulib-perl <unfixed> (embed)
159	jmm-guest	1824
160	nion	7827	sqlite (not affected by security vulnerabilities so far)
161			- amarok <unfixed> (embed)
162			- monotone <unfixed> (embed)
163			- iceweasel <unfixed> (embed)
164	jmm-guest	1828
165	nion	7827	util-linux/mount
166			- loop-aes-utils <unfixed> (embed)
167			NOTE: contains code from util-linux' mount in the mount-aes-udeb
168	jmm-guest	2104
169	nion	7827	webmin
170			- usermin <unknown> (embed)
171			[sarge] - usermin <unfixed> (embed)
172	jmm-guest	2714
173	nion	7827	sylpheed
174	nion	7828	- sylpheed-claws <unfixed> (fork)
175	jmm-guest	2751
176	nion	7827	phpsysinfo
177			- egroupware <unfixed> (embed)
178			- phpgroupware <unfixed> (embed)
179	jmm-guest	2800
180	nion	7830	phpldapadmin
181	stef-guest	7923	[sarge] - egroupware <unfixed> (embed)
182	nion	7830	NOTE: removed from egroupware after sarge
183	jmm-guest	2800
184	nion	7830	chmlib
185			- kchmviewer <unknown> (embed)
186	jmm-guest	2800
187	nion	7830	libavcodec/libavformat (source: ffmpeg)
188			- mplayer <unfixed> (embed; bug #395252)
189			- xvidcap <unfixed> (embed)
190			- kino <unfixed> (static)
191			- vlc <unfixed> (static)
192			- smilutils <unfixed> (static)
193			- motion <unfixed> (static)
194			- gst-ffmpeg <unfixed> (embed)
195			- gstreamer0.10-ffmpeg <unfixed> (embed)
196			- xmovie <unfixed>
197	nion	7841	TODO: gimp-gap (potentially using ffmpeg code as well)
198	jmm-guest	2948
199	nion	7830	mad MPEG decoding lib
200			- mad <unfixed> (embed)
201			- xine-lib <unfixed> (embed)
202	jmm-guest	2948
203			libdts
204	nion	7840	- xine-lib <unfixed> (embed)
205	jmm-guest	2948
206			flac
207	nion	7840	- xine-lib <unfixed> (embed)
208	jmm-guest	2948
209	nion	7840	liba52
210			- a52dec <unfixed> (embed)
211			- xine-lib <unfixed> (embed)
212	jmm-guest	2948
213	nion	7840	libmpeg2
214			- mpeg2dec <unfixed> (embed)
215			- xine-lib <unfixed> (embed)
216	jmm-guest	2948
217	nion	7840	curl
218			- wget <unfixed> (embed)
219			NOTE: code for NTLM authentication
220	jmm-guest	3093
221	nion	7840	uw-imap
222			- pine <unfixed> (embed)
223			- alpine <unfixed> (embed)
224	jmm-guest	3320
225	nion	7840	imagemagick
226			- graphicsmagick <unfixed> (fork)
227	jmm-guest	3402
228	nion	7840	halibut
229			- nsis <unfixed> (embed)
230	micah	3537
231	nion	7840	libghttp
232			- hotway <unfixed> (embed)
233	micah	3537
234	nion	7840	libsndfile
235			- ardour <unfixed> (embed)
236	micah	3537
237	nion	7840	glibmm2.4
238			- ardour <unfixed> (embed)
239	nion	6869
240	nion	7840	libgnomecanvasmm2.6
241			- ardour <unfixed> (embed)
242	nion	6869
243	nion	7840	libsigc++-2.0
244			- ardour <unfixed> (embed)
245	nion	6869
246	nion	7840	soundtouch
247			- ardour <unfixed> (embed)
248	nion	6869
249	nion	7840	libmms
250			- xine-lib <unfixed> (embed)
251			- mimms <unfixed> (embed)
252	nion	6869
253	nion	7840	fckeditor
254			- knowledgeroot <unfixed> (embed)
255			- moin <unfixed> (embed; bug #452599)
256			- karrigell <unfixed> (embed; bug #452598)
257			- gforge-plugins-extra 4.6.99+svn6225-1 (embed)
258	stef-guest	4517
259	nion	7841	ipatlas (not packaged in Debian)
260			- moodle <unfixed> (embed)
261	jmm-guest	7383
262	nion	7841	libphp-phpmailer
263			- moodle <unfixed> (embed)
264	neilm	4838
265	nion	7841	htmlArea (not packaged in Debian)
266			- moodle <unfixed> (embed)
267
268			bennu (not packaged in Debian)
269			- moodle <unfixed> (embed)
270
271			smarty:
272			- moodle <unfixed> (embed)
273
274	nion	7840	TinyMCE
275			- wordpress <unfixed> (embed)
276			- moodle <unfixed> (embed)
277			- knowledgeroot <unfixed> (embed)
278			- joomla <itp> (bug #326398)
279	stef-guest	4517
280	nion	7840	scintilla
281			- scite <unfixed> (embed)
282			- qscintilla <unfixed> (embed)
283			- qscintilla2 <unfixed> (embed)
284			- geany <unfixed> (embed)
285	stef-guest	4706
286	nion	7840	libphp-adodb
287	stef-guest	7923	- moodle <unfixed> (embed)
288			NOTE: also AdoDB-XML Schema
289	nion	7840	- gallery2 <unfixed> (embed)
290			- phppgadmin <unfixed> (embed)
291			- egroupware <unfixed> (embed)
292			- phpwiki <unfixed> (embed)
293			- ipplan <unfixed> (embed)
294			- typo3 <unfixed> (embed)
295			- moodle <unfixed> (embed)
296			- cacti <unknown> (embed)
297			[sarge] - cacti <unfixed> (embed)
298			NOTE: dependency exists, but internal version is used
299	stef-guest	4706
300	nion	7840	gzip
301	nion	7841	- linux-kernel <unfixed> (embed)
302			NOTE: lib/inflate.c
303			- klibc <unfixed> (embed)
304			NOTE: based on linux-kernel gzip code
305			- busybox <unfixed> (embed)
306	micah	4767
307	nion	7841	neon
308			- cadaver <unfixed> (embed; bug #188381)
309			- gnome-vfs2 <unfixed> (embed; bug #395874)
310			- litmus <unfixed> (embed; #395875)
311			[sarge] - screem <unfixed> (embed)
312			- sitecopy <unfixed> (embed; bug #395876)
313	stef-guest	7923	[etch] - tla <unfixed> (embed; bug #395877)
314			[sarge] - tla <unfixed> (embed; bug #395877)
315	stef-guest	5319
316	nion	7841	libmodplug
317			- gst-plugins-bad0.10 <unfixed> (embed)
318	stef-guest	5320
319	nion	7841	libvncserver
320			- vino <unfixed> (embed)
321	stef-guest	5320
322	nion	7841	putty
323			- filezilla <unfixed> (embed)
324	stef-guest	5320
325	nion	7841	tinyxml (not packaged in Debian)
326			- filezilla <unfixed>
327	stef-guest	5320
328	nion	7841	gv
329			- evince <unfixed> (embed)
330			NOTE: ps/ tree from gv 3.5.8
331			- evince-gtk <unfixed> (embed)
332			NOTE: not packaged in Debian
333	stef-guest	5321
334	nion	7841	libXbae
335			[etch] - libpawlib2-lesstif <unfixed> (embed)
336			NOTE: from Cernlib
337	stef-guest	5321
338	nion	7841	libXaw
339	stef-guest	7924	[etch] - libpawlib2-lesstif
340	nion	7841	NOTE: from Cernlib
341			NOTE: I plan to deal with the above two cases after Etch release. -- KevinMcCarty
342	stef-guest	5321
343	nion	7841	libgd2
344			- graphviz <unfixed> (embed)
345			NOTE: lib/gd seems to be 2.0.33
346	stef-guest	5321
347	nion	7841	rar
348			- unrar-nonfree <unfixed> (embed)
349	stef-guest	5440
350	nion	7841	unrar-free (maybe this code is derived from the original rar, too?)
351			- clamav <unfixed> (embed)
352			NOTE: seems to be disabled in default config
353	stef-guest	5440
354	nion	7841	mplayer (DirectMedia Object loader)
355			- xine-lib <unfixed> (embed)
356			NOTE: src/libw32dll/
357			- vlc <unfixed> (embed)
358			NOTE: modules/codec/dmo/
359	stef-guest	5440
360	nion	7841	libwpd (WordPerfect converter)
361			- openoffice.org <unfixed> (embed)
362	alec-guest	5564
363	nion	7841	fsplib (http://sourceforge.net/projects/fsp/)
364			- gftp <unfixed> (embed)
365			NOTE: lib/fsplib version 0.3
366	keescook-guest	6298
367	nion	7841	librpcsecgss
368			- krb5 <unfixed> (embed)
369	keescook-guest	6498
370	nion	7841	jasper
371			- ghostscript <unfixed> (embed)
372			- gs-gpl <unfixed> (embed)
373	stef-guest	6985
374	nion	7841	libidn
375			- monotone <unfixed> (embed)
376	keescook-guest	7007
377	nion	7841	liblua
378			- monotone <unfixed> (embed)
379	micah	7134
380	nion	7841	libbotan
381			- montone <unfixed> (embed)
382	nion	7136
383	nion	7841	NetXX
384			- monotone <unfixed> (embed)
385	nion	7136
386	nion	7841	libgc
387			- mono <unfixed> (embed)
388	nion	7136
389	nion	7841	lzma
390			- p7zip <unfixed> (embed)
391	white	7203
392	nion	7841	lzo
393			- grub2 <unfixed> (embed)
394	jmm-guest	7212
395	nion	7841	pax code
396			- tar <unfixed> (embed)
397			- cpio <unfixed> (embed)
398	jmm-guest	7212
399	nion	7841	t1lib
400			- tetex-bin 2.0.2-1 (embed)
401			- texlive-bin <unknown> (embed)