| 1 |
Embedded code copies |
Embedded code copies |
| 2 |
==================== |
==================== |
| 3 |
|
|
| 4 |
This file collects cases, where a source package embeds code from |
This file collects source packages that embed code from other projects. |
| 5 |
other projects which is considered bad for fixing security flaws |
This is considered bad for fixing security flaws because the fix needs |
| 6 |
because the fix needs to be applied in multiple source packages. |
to be applied in multiple source packages. |
| 7 |
|
|
| 8 |
Format: |
Format: |
| 9 |
<srcpkg> (<optional comment about srcpkg>) |
<srcpkg> (<optional comment about srcpkg>) |
| 10 |
- <embedding srcpkg> <status> (<sort>; bug #<number>) |
- <embedding srcpkg> <status> (<sort>; bug #<number>) |
| 11 |
NOTE: optional comments about the linkage of the embedding srcpkg |
NOTE: optional comments about the linkage of the embedding srcpkg |
| 12 |
|
|
| 13 |
status: version number fixing the embedded copy, <unfixed>, <removed>, <itp> or <unknown> if the version number can not be determined |
status: version number fixing the embedded copy, <unfixed>, <removed>, |
| 14 |
|
<itp> or <unknown> if the version number can not be determined |
| 15 |
|
<unfixable> for unavoidable cases (e.g., forks that add real value) |
| 16 |
sort: static (linking statically against a lib) |
sort: static (linking statically against a lib) |
| 17 |
embed (embedding a copy of the library into another source package) |
embed (embedding a copy of the library into another source package) |
| 18 |
fork (the package is not just embedding code but it is a fork and thus might share parts of the source code) |
fork (the package is not just embedding code but it is a fork and |
| 19 |
|
thus might share parts of the source code) |
| 20 |
|
old-version (the package is an older version of essentially |
| 21 |
|
the same code) |
| 22 |
|
|
| 23 |
The srcpkg might be some string to identify the code if there is no specific source package. |
The srcpkg might be some string to identify the code if there is no |
| 24 |
|
specific source package. |
| 25 |
|
|
| 26 |
Everything up to the next line is ignored |
Everything up to the next line is ignored. |
| 27 |
---BEGIN |
---BEGIN |
| 28 |
xpdf (some srcpkgs use xpdf2 code, some xpdf3 code) |
xpdf (some srcpkgs use xpdf2 code, some xpdf3 code) |
| 29 |
NOTE: Fixed packages link to poppler library unless otherwise noted |
NOTE: Fixed packages link to poppler library unless otherwise noted |
| 52 |
ppmd |
ppmd |
| 53 |
- libcomplearn-mod-ppmd <unfixed> (embed; bug #458152) |
- libcomplearn-mod-ppmd <unfixed> (embed; bug #458152) |
| 54 |
|
|
| 55 |
|
peercast |
| 56 |
|
- gnome-peercast <unfixed> (embed) |
| 57 |
|
NOTE: gnome-peercast may better be removed, see #466539 |
| 58 |
|
|
| 59 |
silc-toolkit |
silc-toolkit |
| 60 |
- silc-client 1.1~beta6-1 (embed) |
- silc-client 1.1~beta6-1 (embed) |
| 61 |
|
|
| 261 |
- mimms <unfixed> (embed) |
- mimms <unfixed> (embed) |
| 262 |
|
|
| 263 |
fckeditor |
fckeditor |
| 264 |
- knowledgeroot <unfixed> (embed) |
- knowledgeroot 0.9.8.5-3 (embed; bug #461555) |
| 265 |
- moin <unfixed> (embed; bug #452599) |
- moin <unfixed> (embed; bug #452599) |
| 266 |
- karrigell <unfixed> (embed; bug #452598) |
- karrigell <unfixed> (embed; bug #452598) |
| 267 |
- gforge-plugins-extra 4.6.99+svn6225-1 (embed) |
- gforge-plugins-extra 4.6.99+svn6225-1 (embed) |
| 275 |
htmlArea (not packaged in Debian) |
htmlArea (not packaged in Debian) |
| 276 |
- moodle <unfixed> (embed) |
- moodle <unfixed> (embed) |
| 277 |
|
|
| 278 |
|
giflib: |
| 279 |
|
- wine <unfixed> (embed; bug #466181) |
| 280 |
|
|
| 281 |
bennu (not packaged in Debian) |
bennu (not packaged in Debian) |
| 282 |
- moodle <unfixed> (embed) |
- moodle <unfixed> (embed) |
| 283 |
|
|
| 356 |
libgd2 |
libgd2 |
| 357 |
- graphviz <unfixed> (embed) |
- graphviz <unfixed> (embed) |
| 358 |
NOTE: lib/gd seems to be 2.0.33 |
NOTE: lib/gd seems to be 2.0.33 |
| 359 |
|
- wml <unfixed> (embed) |
| 360 |
|
NOTE: derived from gd 1.6.3 |
| 361 |
|
|
| 362 |
rar |
rar |
| 363 |
- unrar-nonfree <unfixed> (embed) |
- unrar-nonfree <unfixed> (embed) |
| 407 |
lzo |
lzo |
| 408 |
- grub2 <unfixed> (embed) |
- grub2 <unfixed> (embed) |
| 409 |
|
|
| 410 |
|
yassl |
| 411 |
|
- mysql-dfsg-5.0 <unfixed> (embed) |
| 412 |
|
|
| 413 |
pax code |
pax code |
| 414 |
- tar <unfixed> (embed) |
- tar <unfixed> (embed) |
| 415 |
- cpio <unfixed> (embed) |
- cpio <unfixed> (embed) |
| 417 |
t1lib |
t1lib |
| 418 |
- tetex-bin 2.0.2-1 (embed) |
- tetex-bin 2.0.2-1 (embed) |
| 419 |
- texlive-bin <unknown> (embed) |
- texlive-bin <unknown> (embed) |
| 420 |
|
|
| 421 |
|
guichan |
| 422 |
|
- boswars <unfixed> (embed) |
| 423 |
|
NOTE: maintainer notified us, working on it |
| 424 |
|
|
| 425 |
|
tolua |
| 426 |
|
- boswars <unfixed> (embed) |
| 427 |
|
NOTE: maintainer notified us, working on it |
| 428 |
|
|
| 429 |
|
asio-dev |
| 430 |
|
- luxrender <unfixed> (embed) |
| 431 |
|
NOTE: maintainer notified us, working on it |
| 432 |
|
NOTE: may be merged with boost "soon" |
| 433 |
|
|
| 434 |
|
xine-lib |
| 435 |
|
- vlc <unfixed> (embed) |
| 436 |
|
NOTE: only parts included in modules/access/rtsp |
| 437 |
|
|
| 438 |
|
netpbm |
| 439 |
|
- tcl8.3 <unfixed> (embed) |
| 440 |
|
- tcl8.4 <unfixed> (embed) |
| 441 |
|
- tcl8.5 <unfixed> (embed) |
| 442 |
|
NOTE: generic/tkImgGIF.c |
| 443 |
|
|
| 444 |
|
tk8.5 |
| 445 |
|
- tk8.0 <removed> (old-version) |
| 446 |
|
- tk8.3 <unfixed> (old-version) |
| 447 |
|
- tk8.4 <unfixed> (old-version) |
| 448 |
|
- perl-tk <unfixable> (fork) |
| 449 |
|
|
| 450 |
|
samba |
| 451 |
|
- mc <unfixed> (embed) |
| 452 |
|
NOTE: maintainer is aware of this, currently searching a solution |
| 453 |
|
|
| 454 |
|
plib1.8.4c2 |
| 455 |
|
- boson <unfixed> (fork) |
| 456 |
|
NOTE: embedding the font pieces of plib, based on the header file it is forked, contains "Added by AB for boson." and similar |
Parent Directory
| 
Revision Log
| 
Patch