/[secure-testing]/data/embedded-code-copies
ViewVC logotype

Diff of /data/embedded-code-copies

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 7985 by thijs, Sun Jan 20 10:31:59 2008 UTC revision 8587 by nion, Sun Apr 20 18:24:56 2008 UTC
# Line 1  Line 1 
1  Embedded code copies  Embedded code copies
2  ====================  ====================
3    
4  This file collects cases, where a source package embeds code from  This file collects source packages that embed code from other projects.
5  other projects which is considered bad for fixing security flaws  This is considered bad for fixing security flaws because the fix needs
6  because the fix needs to be applied in multiple source packages.  to be applied in multiple source packages.
7    
8  Format:  Format:
9  <srcpkg> (<optional comment about srcpkg>)  <srcpkg> (<optional comment about srcpkg>)
10          - <embedding srcpkg> <status> (<sort>; bug #<number>)          - <embedding srcpkg> <status> (<sort>; bug #<number>)
11          NOTE: optional comments about the linkage of the embedding srcpkg          NOTE: optional comments about the linkage of the embedding srcpkg
12    
13  status: version number fixing the embedded copy, <unfixed>, <removed>, <itp> or <unknown> if the version number can not be determined  status: version number fixing the embedded copy, <unfixed>, <removed>,
14            <itp> or <unknown> if the version number can not be determined
15            <unfixable> for unavoidable cases (e.g., forks that add real value)
16  sort: static (linking statically against a lib)  sort: static (linking statically against a lib)
17        embed (embedding a copy of the library into another source package)        embed (embedding a copy of the library into another source package)
18        fork (the package is not just embedding code but it is a fork and thus might share parts of the source code)        fork (the package is not just embedding code but it is a fork and
19                thus might share parts of the source code)
20          old-version (the package is an older version of essentially
21                       the same code)
22    
23  The srcpkg might be some string to identify the code if there is no specific source package.  The srcpkg might be some string to identify the code if there is no
24    specific source package.
25    
26  Everything up to the next line is ignored  Everything up to the next line is ignored.
27  ---BEGIN  ---BEGIN
28  xpdf (some srcpkgs use xpdf2 code, some xpdf3 code)  xpdf (some srcpkgs use xpdf2 code, some xpdf3 code)
29          NOTE: Fixed packages link to poppler library unless otherwise noted          NOTE: Fixed packages link to poppler library unless otherwise noted
# Line 46  xpdf (some srcpkgs use xpdf2 code, some Line 52  xpdf (some srcpkgs use xpdf2 code, some
52  ppmd  ppmd
53          - libcomplearn-mod-ppmd <unfixed> (embed; bug #458152)          - libcomplearn-mod-ppmd <unfixed> (embed; bug #458152)
54    
55    peercast
56            - gnome-peercast <unfixed> (embed)
57            NOTE: gnome-peercast may better be removed, see #466539
58    
59  silc-toolkit  silc-toolkit
60          - silc-client 1.1~beta6-1 (embed)          - silc-client 1.1~beta6-1 (embed)
61    
# Line 149  pcre Line 159  pcre
159          - yacas <unfixed> (embed)          - yacas <unfixed> (embed)
160          NOTE: <= 1.0.x; is using pcre to scan text, can execute shell commands via the syntax anyway          NOTE: <= 1.0.x; is using pcre to scan text, can execute shell commands via the syntax anyway
161          - gtamsanalyzer.app 0.42-5 (embed)          - gtamsanalyzer.app 0.42-5 (embed)
162            - tin <unknown> (embed)
163    
164  tiff  tiff
165          - wxpythongtk <unfixed> (embed)          - wxwindows2.4 2.2.1 (embed)
         TODO: check, which debian pkg this is in  
166    
167  uudeview  uudeview
168          - libconvert-uulib-perl <unfixed> (embed)          - libconvert-uulib-perl <unfixed> (embed)
# Line 251  libmms Line 261  libmms
261          - mimms <unfixed> (embed)          - mimms <unfixed> (embed)
262    
263  fckeditor  fckeditor
264          - knowledgeroot <unfixed> (embed; bug #461555)          - knowledgeroot 0.9.8.5-3 (embed; bug #461555)
265          - moin <unfixed> (embed; bug #452599)          - moin <unfixed> (embed; bug #452599)
266          - karrigell <unfixed> (embed; bug #452598)          - karrigell <unfixed> (embed; bug #452598)
267          - gforge-plugins-extra 4.6.99+svn6225-1 (embed)          - gforge-plugins-extra 4.6.99+svn6225-1 (embed)
# Line 265  libphp-phpmailer Line 275  libphp-phpmailer
275  htmlArea (not packaged in Debian)  htmlArea (not packaged in Debian)
276          - moodle <unfixed> (embed)          - moodle <unfixed> (embed)
277    
278    giflib:
279            - wine <unfixed> (embed; bug #466181)
280    
281  bennu (not packaged in Debian)  bennu (not packaged in Debian)
282          - moodle <unfixed> (embed)          - moodle <unfixed> (embed)
283    
284  smarty:  smarty:
285          - moodle <unfixed> (embed)          - moodle <unfixed> (embed; bug #471158)
286            - gallery2 <unfixed> (embed; bug #471160)
287            - mahara 0.9.2-2 (embed; bug #471201)
288            - gosa 2.4beta1-1 (embed; bug #471200)
289    
290  TinyMCE  TinyMCE
291          - wordpress <unfixed> (embed)          - wordpress <unfixed> (embed)
# Line 343  libXaw Line 359  libXaw
359  libgd2  libgd2
360          - graphviz <unfixed> (embed)          - graphviz <unfixed> (embed)
361          NOTE: lib/gd seems to be 2.0.33          NOTE: lib/gd seems to be 2.0.33
362            - wml <unfixed> (embed)
363            NOTE: derived from gd 1.6.3
364    
365  rar  rar
366          - unrar-nonfree <unfixed> (embed)          - unrar-nonfree <unfixed> (embed)
# Line 416  asio-dev Line 434  asio-dev
434          NOTE: maintainer notified us, working on it          NOTE: maintainer notified us, working on it
435          NOTE: may be merged with boost "soon"          NOTE: may be merged with boost "soon"
436    
437    xine-lib
438            - vlc <unfixed> (embed)
439            NOTE: only parts included in modules/access/rtsp
440    
441    netpbm
442            - tcl8.3 <unfixed> (embed)
443            - tcl8.4 <unfixed> (embed)
444            - tcl8.5 <unfixed> (embed)
445            NOTE: generic/tkImgGIF.c
446    
447    tk8.5
448            - tk8.0 <removed> (old-version)
449            - tk8.3 <unfixed> (old-version)
450            - tk8.4 <unfixed> (old-version)
451            - perl-tk <unfixable> (fork)
452    
453    samba
454            - mc <unfixed> (embed)
455            NOTE: maintainer is aware of this, currently searching a solution
456    
457    plib1.8.4c2
458            - boson <unfixed> (fork)
459            NOTE: embedding the font pieces of plib, based on the header file it is forked, contains "Added by AB for boson." and similar
460    
461    fribidi
462            - quesoglc <unfixed> (embed)
463    
464    glew
465            - quesoglc <unfixed> (embed)
466    
467    minorGems
468            - transcend <unfixed> (embed)
469            - cultivation <unfixed> (embed)
470    
471    libarchive
472            - tar <unfixed> (embed)
473            NOTE: FreeBSD tar (tar/bsdtar.c) in libarchive 1.2 and higher. libarchive ends up statically linked into bsdtar executable
474            - cpio <unfixed> (embed)
475            NOTE: cpio included in libarchive 2.2 and higher, but not compiled until libarchive 2.4.11-1 (as bsdcpio package)
476    
477    webkit
478            - qt4-x11 <unfixed> (embed)
Legend:
Removed from v.7985  
changed lines
  Added in v.8587
  ViewVC Help
Powered by ViewVC 1.1.5