Contents of /data/embedded-code-copies

Embedded code copies
====================

This file collects source packages that embed code from other projects.
This is considered bad for fixing security flaws because the fix needs
to be applied in multiple source packages.

Format:
<srcpkg> (<optional comment about srcpkg>)
        - <embedding srcpkg> <status> (<sort>; bug #<number>)
        NOTE: optional comments about the linkage of the embedding srcpkg

status: version number fixing the embedded copy, <unfixed>, <removed>,
        <itp> or <unknown> if the version number can not be determined
sort: static (linking statically against a lib)
      embed (embedding a copy of the library into another source package)
      fork (the package is not just embedding code but it is a fork and
            thus might share parts of the source code)

The srcpkg might be some string to identify the code if there is no
specific source package.

Everything up to the next line is ignored.
---BEGIN
xpdf (some srcpkgs use xpdf2 code, some xpdf3 code)
        NOTE: Fixed packages link to poppler library unless otherwise noted
        - gpdf <removed>
        [sarge] - gpdf <unfixed>
        NOTE: has been replaced by evince in etch
        - pdftohtml <unknown>
        [sarge] - pdftohtml <unfixed>
        [etch] - pdftohtml <unfixed>
        NOTE: has been replaced by poppler-utils
        - kdegraphics <unfixed> (embed; bug #436164)
        NOTE: the kpdf replacement in KDE 4 is using poppler
        - tetex-bin 3.0-12 (embed)
        - texlive-bin 2007-1 (embed)
        NOTE: links to poppler
        - koffice <unfixed> (embed; bug #436163)
        - libextractor 0.5.12-1 (embed)
        NOTE: libextractor is using its own pdf decoder now
        - libextractor 0.5.12-1 (embed)
        - pdfkit.framework 0.8-4 (embed)
        - ipe <unfixed> (embed)
        NOTE: embeds small parts with renamed source files: ipestdfonts.cpp, ipefonts.cpp, ipedct.cpp
        - ruby-gnome2 <unknown> (embed)
        NOTE: copy only present in source but links to poppler

ppmd
        - libcomplearn-mod-ppmd <unfixed> (embed; bug #458152)

silc-toolkit
        - silc-client 1.1~beta6-1 (embed)

dietlibc
        - ccontrol 0.9.1+20071204-1 (static)

libiax
        - iaxmodem <unfixed> (embed)

zlib (lots of apps embed a copy, but link dynamically, but there are a few exceptions)
        - dpkg <unfixed> (embed)
        NOTE: see 18196.48620.491996.624772@davenant.relativity.greenend.org.uk on debian-devel for discussion
        - rsync <unfixed> (embed)
        NOTE: somehow derived code base
        - mono <unfixed> (embed)
        TODO: check mozilla
        - Linux kernels <unfixed> (embed)
        - pvpgn 1.7.8-2 (embed)
        - mrtg 2.12.2-1 (embed)
        - rpm <unknown> (embed)
        NOTE: pinged anibal since when rpm was fixed

libbz2
        - dpkg <unfixed> (static)

ekg
        - centericq <unfixed> (embed)
        - gaim <unfixed> (embed)
        - pigdin <unfixed> (embed)(links dynamically against libgadu)
        - kopete 4:3.3.2-5 (embed)
        - kadu <unfixed> (embed)
        - gadu <unfixed> (embed)
        NOTE: g/kadu not packaged in Debian yet

xmlrpc (which package is the "origin" of this code?)
        - drupal <unfixed> (embed)
        - phpgroupware <unfixed> (embed)
        - egroupware <unfixed> (embed)
        - phpwiki (embed)
        - php4 <unfixed> (embed)
        TODO: check, php-pear, IIRC this was reorganized some weeks ago?

shtool (affects build-time only)
        - mysql-ocaml <unfixed> (embed)
        - php4 <unfixed> (embed)

mozilla source code
        - mozilla-firefox <unfixed> (embed)
        - mozilla-thunderbird
        - firefox <removed>
        [etch] - firefox <unfixed> (embed)
        - thunderbird <removed>
        [etch] - thunderbird <unfixed> (embed)
        - iceweasel <unfixed> (embed)
        - iceape <unfixed> (embed)
        - icedove <unfixed> (embed)
        - xulrunner <unfixed> (embed)
        - nvu <removed> (embed)

xli
        - xloadimage <unfixed> (embed)

lesstif (beware: two different lesstif APIs supported in one package, MOTIF 1.2 discarded upstream)
        - openmotif <unfixed> (embed)
        - xfree86/xorg <unfixed> (embed)
        NOTE: in libxpm

kerberized apps with BSD origin
        - krb4 <unfixed> (embed)
        - krb5 <unfixed> (embed)
        - heimdal <unfixed> (embed)

grip (which pkg is the origin?)
        - libcdaudio
        - grip
        - gnome-vfs
        TODO: check vfs2 as well

fudforum
        - phpgroupware-fudforum <unfixed> (embed)
        - egroupware-fudforum <removed>
        [sarge] - egroupware-fudforum <unfixed> (embed)

cvs
        - gcvs <unfixed> (embed)
        NOTE: see cvsunix/src in tarball

pcre
        - python* <unfixed> (embed)
        - php4 <unknown> (embed)
        - analog 2:5.23-0woody1 (embed)
        - libgoffice-1 <unfixed> (embed)
        - vfu 4.06-4.1 (embed; bug #450754)
        - tf5 5.0beta7-1 (embed)
        - monotone <unfixed> (embed)
        NOTE: this only affects versions >= 0.37
        - glib <unfixed> (embed)
        NOTE: 2.14 series for gregex support, only for udeb, regular packag links dynamic
        - apache2 2.0.53-4 (embed)
        - exim4 4.10-0.srh20.12 (embed)
        - yacas <unfixed> (embed)
        NOTE: <= 1.0.x; is using pcre to scan text, can execute shell commands via the syntax anyway
        - gtamsanalyzer.app 0.42-5 (embed)

tiff
        - wxpythongtk <unfixed> (embed)
        TODO: check, which debian pkg this is in

uudeview
        - libconvert-uulib-perl <unfixed> (embed)

sqlite (not affected by security vulnerabilities so far)
        - amarok <unfixed> (embed)
        - monotone <unfixed> (embed)
        - iceweasel <unfixed> (embed)

util-linux/mount
        - loop-aes-utils <unfixed> (embed)
        NOTE: contains code from util-linux' mount in the mount-aes-udeb

webmin
        - usermin <unknown> (embed)
        [sarge] - usermin <unfixed> (embed)

sylpheed
        - sylpheed-claws <unfixed> (fork)

phpsysinfo
        - egroupware <unfixed> (embed)
        - phpgroupware <unfixed> (embed)

phpldapadmin
        [sarge] - egroupware <unfixed> (embed)
        NOTE: removed from egroupware after sarge

chmlib
        - kchmviewer <unknown> (embed)

libavcodec/libavformat (source: ffmpeg)
        - mplayer <unfixed> (embed; bug #395252)
        - xvidcap <unfixed> (embed)
        - kino <unfixed> (static)
        - vlc <unfixed> (static)
        - smilutils <unfixed> (static)
        - motion <unfixed> (static)
        - gst-ffmpeg <unfixed> (embed)
        - gstreamer0.10-ffmpeg <unfixed> (embed)
        - xmovie <unfixed>
        TODO: gimp-gap (potentially using ffmpeg code as well)

mad MPEG decoding lib
        - mad <unfixed> (embed)
        - xine-lib <unfixed> (embed)

libdts
        - xine-lib <unfixed> (embed)

flac
        - xine-lib <unfixed> (embed)

liba52
        - a52dec <unfixed> (embed)
        - xine-lib <unfixed> (embed)

libmpeg2
        - mpeg2dec <unfixed> (embed)
        - xine-lib <unfixed> (embed)

curl
        - wget <unfixed> (embed)
        NOTE: code for NTLM authentication

uw-imap
        - pine <unfixed> (embed)
        - alpine <unfixed> (embed)

imagemagick
        - graphicsmagick <unfixed> (fork)

halibut
        - nsis <unfixed> (embed)

libghttp
        - hotway <unfixed> (embed)

libsndfile
        - ardour <unfixed> (embed)

glibmm2.4
        - ardour <unfixed> (embed)

libgnomecanvasmm2.6
        - ardour <unfixed> (embed)

libsigc++-2.0
        - ardour <unfixed> (embed)

soundtouch
        - ardour <unfixed> (embed)

libmms
        - xine-lib <unfixed> (embed)
        - mimms <unfixed> (embed)

fckeditor
        - knowledgeroot <unfixed> (embed; bug #461555)
        - moin <unfixed> (embed; bug #452599)
        - karrigell <unfixed> (embed; bug #452598)
        - gforge-plugins-extra 4.6.99+svn6225-1 (embed)

ipatlas (not packaged in Debian)
        - moodle <unfixed> (embed)

libphp-phpmailer
        - moodle <unfixed> (embed)

htmlArea (not packaged in Debian)
        - moodle <unfixed> (embed)

bennu (not packaged in Debian)
        - moodle <unfixed> (embed)

smarty:
        - moodle <unfixed> (embed)

TinyMCE
        - wordpress <unfixed> (embed)
        - moodle <unfixed> (embed)
        - knowledgeroot <unfixed> (embed)
        - joomla <itp> (bug #326398)

scintilla
        - scite <unfixed> (embed)
        - qscintilla <unfixed> (embed)
        - qscintilla2 <unfixed> (embed)
        - geany <unfixed> (embed)

libphp-adodb
        - moodle <unfixed> (embed)
        NOTE: also AdoDB-XML Schema
        - gallery2 <unfixed> (embed)
        - phppgadmin <unfixed> (embed)
        - egroupware <unfixed> (embed)
        - phpwiki <unfixed> (embed)
        - ipplan <unfixed> (embed)
        - typo3 <unfixed> (embed)
        - moodle <unfixed> (embed)
        - cacti <unknown> (embed)
        [sarge] - cacti <unfixed> (embed)
        NOTE: dependency exists, but internal version is used

gzip
        - linux-kernel <unfixed> (embed)
        NOTE: lib/inflate.c
        - klibc <unfixed> (embed)
        NOTE: based on linux-kernel gzip code
        - busybox <unfixed> (embed)

neon
        - cadaver <unfixed> (embed; bug #188381)
        - gnome-vfs2 <unfixed> (embed; bug #395874)
        - litmus <unfixed> (embed; #395875)
        [sarge] - screem <unfixed> (embed)
        - sitecopy <unfixed> (embed; bug #395876)
        [etch] - tla <unfixed> (embed; bug #395877)
        [sarge] - tla <unfixed> (embed; bug #395877)

libmodplug
        - gst-plugins-bad0.10 <unfixed> (embed)

libvncserver
        - vino <unfixed> (embed)

putty
        - filezilla <unfixed> (embed)

tinyxml (not packaged in Debian)
        - filezilla <unfixed>

gv
        - evince <unfixed> (embed)
        NOTE: ps/ tree from gv 3.5.8
        - evince-gtk <unfixed> (embed)
        NOTE: not packaged in Debian

libXbae
        [etch] - libpawlib2-lesstif <unfixed> (embed)
        NOTE: from Cernlib

libXaw
        [etch] - libpawlib2-lesstif
        NOTE: from Cernlib
        NOTE: I plan to deal with the above two cases after Etch release. -- KevinMcCarty

libgd2
        - graphviz <unfixed> (embed)
        NOTE: lib/gd seems to be 2.0.33

rar
        - unrar-nonfree <unfixed> (embed)

unrar-free (maybe this code is derived from the original rar, too?)
        - clamav <unfixed> (embed)
        NOTE: seems to be disabled in default config

mplayer (DirectMedia Object loader)
        - xine-lib <unfixed> (embed)
        NOTE: src/libw32dll/
        - vlc <unfixed> (embed)
        NOTE: modules/codec/dmo/

libwpd (WordPerfect converter)
        - openoffice.org <unfixed> (embed)

fsplib (http://sourceforge.net/projects/fsp/)
        - gftp <unfixed> (embed)
        NOTE: lib/fsplib version 0.3

librpcsecgss
        - krb5 <unfixed> (embed)

jasper
        - ghostscript <unfixed> (embed)
        - gs-gpl <unfixed> (embed)

libidn
        - monotone <unfixed> (embed)

liblua
        - monotone <unfixed> (embed)

libbotan
        - montone <unfixed> (embed)

NetXX
        - monotone <unfixed> (embed)

libgc
        - mono <unfixed> (embed)

lzma
        - p7zip <unfixed> (embed)

lzo
        - grub2 <unfixed> (embed)

yassl
        - mysql-dfsg-5.0 <unfixed> (embed)

pax code
        - tar <unfixed> (embed)
        - cpio <unfixed> (embed)

t1lib
        - tetex-bin 2.0.2-1 (embed)
        - texlive-bin <unknown> (embed)

guichan
        - boswars <unfixed> (embed)
        NOTE: maintainer notified us, working on it

tolua
        - boswars <unfixed> (embed)
        NOTE: maintainer notified us, working on it

asio-dev
        - luxrender <unfixed> (embed)
        NOTE: maintainer notified us, working on it
        NOTE: may be merged with boost "soon"

xine-lib
        - vlc <unfixed> (embed)
        NOTE: only parts included in modules/access/rtsp

netpbm
        - tcl8.3 <unfixed> (embed)
        - tcl8.4 <unfixed> (embed)
        - tcl8.5 <unfixed> (embed)
        NOTE: generic/tkImgGIF.c
1	nion	7695	Embedded code copies
2			====================
3
4	thijs	8078	This file collects source packages that embed code from other projects.
5			This is considered bad for fixing security flaws because the fix needs
6			to be applied in multiple source packages.
7	jmm-guest	1586
8	nion	7695	Format:
9			<srcpkg> (<optional comment about srcpkg>)
10			- <embedding srcpkg> <status> (<sort>; bug #<number>)
11			NOTE: optional comments about the linkage of the embedding srcpkg
12
13	thijs	8078	status: version number fixing the embedded copy, <unfixed>, <removed>,
14			<itp> or <unknown> if the version number can not be determined
15	nion	7828	sort: static (linking statically against a lib)
16			embed (embedding a copy of the library into another source package)
17	thijs	8078	fork (the package is not just embedding code but it is a fork and
18			thus might share parts of the source code)
19	nion	7828
20	thijs	8078	The srcpkg might be some string to identify the code if there is no
21			specific source package.
22	jmm-guest	1586
23	thijs	8078	Everything up to the next line is ignored.
24	stef-guest	7923	---BEGIN
25	nion	7696	xpdf (some srcpkgs use xpdf2 code, some xpdf3 code)
26	jmm-guest	7743	NOTE: Fixed packages link to poppler library unless otherwise noted
27	nion	7697	- gpdf <removed>
28			[sarge] - gpdf <unfixed>
29			NOTE: has been replaced by evince in etch
30			- pdftohtml <unknown>
31			[sarge] - pdftohtml <unfixed>
32			[etch] - pdftohtml <unfixed>
33			NOTE: has been replaced by poppler-utils
34	nion	7739	- kdegraphics <unfixed> (embed; bug #436164)
35	nion	7696	NOTE: the kpdf replacement in KDE 4 is using poppler
36	nion	7739	- tetex-bin 3.0-12 (embed)
37	jmm-guest	7743	- texlive-bin 2007-1 (embed)
38	nion	7696	NOTE: links to poppler
39	nion	7739	- koffice <unfixed> (embed; bug #436163)
40			- libextractor 0.5.12-1 (embed)
41	jmm-guest	7743	NOTE: libextractor is using its own pdf decoder now
42	nion	7739	- libextractor 0.5.12-1 (embed)
43			- pdfkit.framework 0.8-4 (embed)
44			- ipe <unfixed> (embed)
45	nion	7696	NOTE: embeds small parts with renamed source files: ipestdfonts.cpp, ipefonts.cpp, ipedct.cpp
46	nion	7739	- ruby-gnome2 <unknown> (embed)
47	nion	7696	NOTE: copy only present in source but links to poppler
48
49	nion	7791	ppmd
50	nion	7755	- libcomplearn-mod-ppmd <unfixed> (embed; bug #458152)
51
52	nion	7791	silc-toolkit
53	nion	7740	- silc-client 1.1~beta6-1 (embed)
54	nion	6965
55	nion	7791	dietlibc
56	nion	7740	- ccontrol 0.9.1+20071204-1 (static)
57	nion	6967
58	nion	7791	libiax
59	nion	7740	- iaxmodem <unfixed> (embed)
60	nion	6969
61	nion	7787	zlib (lots of apps embed a copy, but link dynamically, but there are a few exceptions)
62			- dpkg <unfixed> (embed)
63			NOTE: see 18196.48620.491996.624772@davenant.relativity.greenend.org.uk on debian-devel for discussion
64			- rsync <unfixed> (embed)
65			NOTE: somehow derived code base
66			- mono <unfixed> (embed)
67			TODO: check mozilla
68			- Linux kernels <unfixed> (embed)
69			- pvpgn 1.7.8-2 (embed)
70			- mrtg 2.12.2-1 (embed)
71			- rpm <unknown> (embed)
72	nion	7841	NOTE: pinged anibal since when rpm was fixed
73	jmm-guest	1586
74	nion	7788	libbz2
75			- dpkg <unfixed> (static)
76	stef-guest	5320
77	nion	7788	ekg
78			- centericq <unfixed> (embed)
79			- gaim <unfixed> (embed)
80			- pigdin <unfixed> (embed)(links dynamically against libgadu)
81			- kopete 4:3.3.2-5 (embed)
82			- kadu <unfixed> (embed)
83			- gadu <unfixed> (embed)
84			NOTE: g/kadu not packaged in Debian yet
85	jmm-guest	1586
86	nion	7791	xmlrpc (which package is the "origin" of this code?)
87	nion	7788	- drupal <unfixed> (embed)
88			- phpgroupware <unfixed> (embed)
89			- egroupware <unfixed> (embed)
90			- phpwiki (embed)
91			- php4 <unfixed> (embed)
92			TODO: check, php-pear, IIRC this was reorganized some weeks ago?
93	jmm-guest	1586
94	nion	7791	shtool (affects build-time only)
95			- mysql-ocaml <unfixed> (embed)
96			- php4 <unfixed> (embed)
97	jmm-guest	1588
98	nion	7791	mozilla source code
99			- mozilla-firefox <unfixed> (embed)
100			- mozilla-thunderbird
101			- firefox <removed>
102			[etch] - firefox <unfixed> (embed)
103			- thunderbird <removed>
104			[etch] - thunderbird <unfixed> (embed)
105			- iceweasel <unfixed> (embed)
106			- iceape <unfixed> (embed)
107			- icedove <unfixed> (embed)
108			- xulrunner <unfixed> (embed)
109			- nvu <removed> (embed)
110	jmm-guest	1588
111	nion	7791	xli
112			- xloadimage <unfixed> (embed)
113	jmm-guest	1588
114	nion	7827	lesstif (beware: two different lesstif APIs supported in one package, MOTIF 1.2 discarded upstream)
115			- openmotif <unfixed> (embed)
116			- xfree86/xorg <unfixed> (embed)
117			NOTE: in libxpm
118	jmm-guest	1588
119	nion	7827	kerberized apps with BSD origin
120			- krb4 <unfixed> (embed)
121			- krb5 <unfixed> (embed)
122			- heimdal <unfixed> (embed)
123	jmm-guest	1588
124	nion	7827	grip (which pkg is the origin?)
125			- libcdaudio
126			- grip
127			- gnome-vfs
128			TODO: check vfs2 as well
129	stef-guest	1608
130	nion	7827	fudforum
131			- phpgroupware-fudforum <unfixed> (embed)
132			- egroupware-fudforum <removed>
133			[sarge] - egroupware-fudforum <unfixed> (embed)
134	jmm-guest	1670
135	nion	7827	cvs
136			- gcvs <unfixed> (embed)
137			NOTE: see cvsunix/src in tarball
138	jmm-guest	1684
139	nion	7827	pcre
140			- python* <unfixed> (embed)
141			- php4 <unknown> (embed)
142			- analog 2:5.23-0woody1 (embed)
143			- libgoffice-1 <unfixed> (embed)
144			- vfu 4.06-4.1 (embed; bug #450754)
145			- tf5 5.0beta7-1 (embed)
146			- monotone <unfixed> (embed)
147			NOTE: this only affects versions >= 0.37
148			- glib <unfixed> (embed)
149			NOTE: 2.14 series for gregex support, only for udeb, regular packag links dynamic
150			- apache2 2.0.53-4 (embed)
151			- exim4 4.10-0.srh20.12 (embed)
152			- yacas <unfixed> (embed)
153			NOTE: <= 1.0.x; is using pcre to scan text, can execute shell commands via the syntax anyway
154			- gtamsanalyzer.app 0.42-5 (embed)
155	jmm-guest	1758
156	nion	7827	tiff
157			- wxpythongtk <unfixed> (embed)
158			TODO: check, which debian pkg this is in
159	joeyh	1802
160	nion	7827	uudeview
161			- libconvert-uulib-perl <unfixed> (embed)
162	jmm-guest	1824
163	nion	7827	sqlite (not affected by security vulnerabilities so far)
164			- amarok <unfixed> (embed)
165			- monotone <unfixed> (embed)
166			- iceweasel <unfixed> (embed)
167	jmm-guest	1828
168	nion	7827	util-linux/mount
169			- loop-aes-utils <unfixed> (embed)
170			NOTE: contains code from util-linux' mount in the mount-aes-udeb
171	jmm-guest	2104
172	nion	7827	webmin
173			- usermin <unknown> (embed)
174			[sarge] - usermin <unfixed> (embed)
175	jmm-guest	2714
176	nion	7827	sylpheed
177	nion	7828	- sylpheed-claws <unfixed> (fork)
178	jmm-guest	2751
179	nion	7827	phpsysinfo
180			- egroupware <unfixed> (embed)
181			- phpgroupware <unfixed> (embed)
182	jmm-guest	2800
183	nion	7830	phpldapadmin
184	stef-guest	7923	[sarge] - egroupware <unfixed> (embed)
185	nion	7830	NOTE: removed from egroupware after sarge
186	jmm-guest	2800
187	nion	7830	chmlib
188			- kchmviewer <unknown> (embed)
189	jmm-guest	2800
190	nion	7830	libavcodec/libavformat (source: ffmpeg)
191			- mplayer <unfixed> (embed; bug #395252)
192			- xvidcap <unfixed> (embed)
193			- kino <unfixed> (static)
194			- vlc <unfixed> (static)
195			- smilutils <unfixed> (static)
196			- motion <unfixed> (static)
197			- gst-ffmpeg <unfixed> (embed)
198			- gstreamer0.10-ffmpeg <unfixed> (embed)
199			- xmovie <unfixed>
200	nion	7841	TODO: gimp-gap (potentially using ffmpeg code as well)
201	jmm-guest	2948
202	nion	7830	mad MPEG decoding lib
203			- mad <unfixed> (embed)
204			- xine-lib <unfixed> (embed)
205	jmm-guest	2948
206			libdts
207	nion	7840	- xine-lib <unfixed> (embed)
208	jmm-guest	2948
209			flac
210	nion	7840	- xine-lib <unfixed> (embed)
211	jmm-guest	2948
212	nion	7840	liba52
213			- a52dec <unfixed> (embed)
214			- xine-lib <unfixed> (embed)
215	jmm-guest	2948
216	nion	7840	libmpeg2
217			- mpeg2dec <unfixed> (embed)
218			- xine-lib <unfixed> (embed)
219	jmm-guest	2948
220	nion	7840	curl
221			- wget <unfixed> (embed)
222			NOTE: code for NTLM authentication
223	jmm-guest	3093
224	nion	7840	uw-imap
225			- pine <unfixed> (embed)
226			- alpine <unfixed> (embed)
227	jmm-guest	3320
228	nion	7840	imagemagick
229			- graphicsmagick <unfixed> (fork)
230	jmm-guest	3402
231	nion	7840	halibut
232			- nsis <unfixed> (embed)
233	micah	3537
234	nion	7840	libghttp
235			- hotway <unfixed> (embed)
236	micah	3537
237	nion	7840	libsndfile
238			- ardour <unfixed> (embed)
239	micah	3537
240	nion	7840	glibmm2.4
241			- ardour <unfixed> (embed)
242	nion	6869
243	nion	7840	libgnomecanvasmm2.6
244			- ardour <unfixed> (embed)
245	nion	6869
246	nion	7840	libsigc++-2.0
247			- ardour <unfixed> (embed)
248	nion	6869
249	nion	7840	soundtouch
250			- ardour <unfixed> (embed)
251	nion	6869
252	nion	7840	libmms
253			- xine-lib <unfixed> (embed)
254			- mimms <unfixed> (embed)
255	nion	6869
256	nion	7840	fckeditor
257	nion	7977	- knowledgeroot <unfixed> (embed; bug #461555)
258	nion	7840	- moin <unfixed> (embed; bug #452599)
259			- karrigell <unfixed> (embed; bug #452598)
260			- gforge-plugins-extra 4.6.99+svn6225-1 (embed)
261	stef-guest	4517
262	nion	7841	ipatlas (not packaged in Debian)
263			- moodle <unfixed> (embed)
264	jmm-guest	7383
265	nion	7841	libphp-phpmailer
266			- moodle <unfixed> (embed)
267	neilm	4838
268	nion	7841	htmlArea (not packaged in Debian)
269			- moodle <unfixed> (embed)
270
271			bennu (not packaged in Debian)
272			- moodle <unfixed> (embed)
273
274			smarty:
275			- moodle <unfixed> (embed)
276
277	nion	7840	TinyMCE
278			- wordpress <unfixed> (embed)
279			- moodle <unfixed> (embed)
280			- knowledgeroot <unfixed> (embed)
281			- joomla <itp> (bug #326398)
282	stef-guest	4517
283	nion	7840	scintilla
284			- scite <unfixed> (embed)
285			- qscintilla <unfixed> (embed)
286			- qscintilla2 <unfixed> (embed)
287			- geany <unfixed> (embed)
288	stef-guest	4706
289	nion	7840	libphp-adodb
290	stef-guest	7923	- moodle <unfixed> (embed)
291			NOTE: also AdoDB-XML Schema
292	nion	7840	- gallery2 <unfixed> (embed)
293			- phppgadmin <unfixed> (embed)
294			- egroupware <unfixed> (embed)
295			- phpwiki <unfixed> (embed)
296			- ipplan <unfixed> (embed)
297			- typo3 <unfixed> (embed)
298			- moodle <unfixed> (embed)
299			- cacti <unknown> (embed)
300			[sarge] - cacti <unfixed> (embed)
301			NOTE: dependency exists, but internal version is used
302	stef-guest	4706
303	nion	7840	gzip
304	nion	7841	- linux-kernel <unfixed> (embed)
305			NOTE: lib/inflate.c
306			- klibc <unfixed> (embed)
307			NOTE: based on linux-kernel gzip code
308			- busybox <unfixed> (embed)
309	micah	4767
310	nion	7841	neon
311			- cadaver <unfixed> (embed; bug #188381)
312			- gnome-vfs2 <unfixed> (embed; bug #395874)
313			- litmus <unfixed> (embed; #395875)
314			[sarge] - screem <unfixed> (embed)
315			- sitecopy <unfixed> (embed; bug #395876)
316	stef-guest	7923	[etch] - tla <unfixed> (embed; bug #395877)
317			[sarge] - tla <unfixed> (embed; bug #395877)
318	stef-guest	5319
319	nion	7841	libmodplug
320			- gst-plugins-bad0.10 <unfixed> (embed)
321	stef-guest	5320
322	nion	7841	libvncserver
323			- vino <unfixed> (embed)
324	stef-guest	5320
325	nion	7841	putty
326			- filezilla <unfixed> (embed)
327	stef-guest	5320
328	nion	7841	tinyxml (not packaged in Debian)
329			- filezilla <unfixed>
330	stef-guest	5320
331	nion	7841	gv
332			- evince <unfixed> (embed)
333			NOTE: ps/ tree from gv 3.5.8
334			- evince-gtk <unfixed> (embed)
335			NOTE: not packaged in Debian
336	stef-guest	5321
337	nion	7841	libXbae
338			[etch] - libpawlib2-lesstif <unfixed> (embed)
339			NOTE: from Cernlib
340	stef-guest	5321
341	nion	7841	libXaw
342	stef-guest	7924	[etch] - libpawlib2-lesstif
343	nion	7841	NOTE: from Cernlib
344			NOTE: I plan to deal with the above two cases after Etch release. -- KevinMcCarty
345	stef-guest	5321
346	nion	7841	libgd2
347			- graphviz <unfixed> (embed)
348			NOTE: lib/gd seems to be 2.0.33
349	stef-guest	5321
350	nion	7841	rar
351			- unrar-nonfree <unfixed> (embed)
352	stef-guest	5440
353	nion	7841	unrar-free (maybe this code is derived from the original rar, too?)
354			- clamav <unfixed> (embed)
355			NOTE: seems to be disabled in default config
356	stef-guest	5440
357	nion	7841	mplayer (DirectMedia Object loader)
358			- xine-lib <unfixed> (embed)
359			NOTE: src/libw32dll/
360			- vlc <unfixed> (embed)
361			NOTE: modules/codec/dmo/
362	stef-guest	5440
363	nion	7841	libwpd (WordPerfect converter)
364			- openoffice.org <unfixed> (embed)
365	alec-guest	5564
366	nion	7841	fsplib (http://sourceforge.net/projects/fsp/)
367			- gftp <unfixed> (embed)
368			NOTE: lib/fsplib version 0.3
369	keescook-guest	6298
370	nion	7841	librpcsecgss
371			- krb5 <unfixed> (embed)
372	keescook-guest	6498
373	nion	7841	jasper
374			- ghostscript <unfixed> (embed)
375			- gs-gpl <unfixed> (embed)
376	stef-guest	6985
377	nion	7841	libidn
378			- monotone <unfixed> (embed)
379	keescook-guest	7007
380	nion	7841	liblua
381			- monotone <unfixed> (embed)
382	micah	7134
383	nion	7841	libbotan
384			- montone <unfixed> (embed)
385	nion	7136
386	nion	7841	NetXX
387			- monotone <unfixed> (embed)
388	nion	7136
389	nion	7841	libgc
390			- mono <unfixed> (embed)
391	nion	7136
392	nion	7841	lzma
393			- p7zip <unfixed> (embed)
394	white	7203
395	nion	7841	lzo
396			- grub2 <unfixed> (embed)
397	jmm-guest	7212
398	nion	7927	yassl
399			- mysql-dfsg-5.0 <unfixed> (embed)
400
401	nion	7841	pax code
402			- tar <unfixed> (embed)
403			- cpio <unfixed> (embed)
404	jmm-guest	7212
405	nion	7841	t1lib
406			- tetex-bin 2.0.2-1 (embed)
407			- texlive-bin <unknown> (embed)
408	thijs	7985
409			guichan
410			- boswars <unfixed> (embed)
411			NOTE: maintainer notified us, working on it
412
413			tolua
414			- boswars <unfixed> (embed)
415			NOTE: maintainer notified us, working on it
416
417			asio-dev
418			- luxrender <unfixed> (embed)
419			NOTE: maintainer notified us, working on it
420			NOTE: may be merged with boost "soon"
421
422	nion	7995	xine-lib
423			- vlc <unfixed> (embed)
424			NOTE: only parts included in modules/access/rtsp
425	stef-guest	8075
426			netpbm
427			- tcl8.3 <unfixed> (embed)
428			- tcl8.4 <unfixed> (embed)
429			- tcl8.5 <unfixed> (embed)
430			NOTE: generic/tkImgGIF.c