| 1 |
Embedded code copies |
Embedded code copies |
| 2 |
==================== |
==================== |
| 3 |
|
|
| 4 |
This file collects cases, where a source package embeds code from |
This file collects source packages that embed code from other projects. |
| 5 |
other projects which is considered bad for fixing security flaws |
This is considered bad for fixing security flaws because the fix needs |
| 6 |
because the fix needs to be applied in multiple source packages. |
to be applied in multiple source packages. |
| 7 |
|
|
| 8 |
Format: |
Format: |
| 9 |
<srcpkg> (<optional comment about srcpkg>) |
<srcpkg> (<optional comment about srcpkg>) |
| 10 |
- <embedding srcpkg> <status> (<sort>; bug #<number>) |
- <embedding srcpkg> <status> (<sort>; bug #<number>) |
| 11 |
NOTE: optional comments about the linkage of the embedding srcpkg |
NOTE: optional comments about the linkage of the embedding srcpkg |
| 12 |
|
|
| 13 |
status: version number fixing the embedded copy, <unfixed>, <removed>, <itp> or <unknown> if the version number can not be determined |
status: version number fixing the embedded copy, <unfixed>, <removed>, |
| 14 |
|
<itp> or <unknown> if the version number can not be determined |
| 15 |
|
<unfixable> for unavoidable cases (e.g., forks that add real value) |
| 16 |
sort: static (linking statically against a lib) |
sort: static (linking statically against a lib) |
| 17 |
embed (embedding a copy of the library into another source package) |
embed (embedding a copy of the library into another source package) |
| 18 |
fork (the package is not just embedding code but it is a fork and thus might share parts of the source code) |
fork (the package is not just embedding code but it is a fork and |
| 19 |
|
thus might share parts of the source code) |
| 20 |
|
old-version (the package is an older version of essentially |
| 21 |
|
the same code) |
| 22 |
|
|
| 23 |
The srcpkg might be some string to identify the code if there is no specific source package. |
The srcpkg might be some string to identify the code if there is no |
| 24 |
|
specific source package. |
| 25 |
|
|
| 26 |
Everything up to the next line is ignored |
Everything up to the next line is ignored. |
| 27 |
---BEGIN |
---BEGIN |
| 28 |
xpdf (some srcpkgs use xpdf2 code, some xpdf3 code) |
xpdf (some srcpkgs use xpdf2 code, some xpdf3 code) |
| 29 |
NOTE: Fixed packages link to poppler library unless otherwise noted |
NOTE: Fixed packages link to poppler library unless otherwise noted |
| 52 |
ppmd |
ppmd |
| 53 |
- libcomplearn-mod-ppmd <unfixed> (embed; bug #458152) |
- libcomplearn-mod-ppmd <unfixed> (embed; bug #458152) |
| 54 |
|
|
| 55 |
|
peercast |
| 56 |
|
- gnome-peercast <unfixed> (embed) |
| 57 |
|
NOTE: gnome-peercast may better be removed, see #466539 |
| 58 |
|
|
| 59 |
silc-toolkit |
silc-toolkit |
| 60 |
- silc-client 1.1~beta6-1 (embed) |
- silc-client 1.1~beta6-1 (embed) |
| 61 |
|
|
| 159 |
- yacas <unfixed> (embed) |
- yacas <unfixed> (embed) |
| 160 |
NOTE: <= 1.0.x; is using pcre to scan text, can execute shell commands via the syntax anyway |
NOTE: <= 1.0.x; is using pcre to scan text, can execute shell commands via the syntax anyway |
| 161 |
- gtamsanalyzer.app 0.42-5 (embed) |
- gtamsanalyzer.app 0.42-5 (embed) |
| 162 |
|
- tin <unknown> (embed) |
| 163 |
|
- kazehakase 0.5.2-1 |
| 164 |
|
|
| 165 |
tiff |
tiff |
| 166 |
- wxpythongtk <unfixed> (embed) |
- wxwindows2.4 2.2.1 (embed) |
|
TODO: check, which debian pkg this is in |
|
| 167 |
|
|
| 168 |
uudeview |
uudeview |
| 169 |
- libconvert-uulib-perl <unfixed> (embed) |
- libconvert-uulib-perl <unfixed> (embed) |
| 262 |
- mimms <unfixed> (embed) |
- mimms <unfixed> (embed) |
| 263 |
|
|
| 264 |
fckeditor |
fckeditor |
| 265 |
- knowledgeroot <unfixed> (embed; bug #461555) |
- knowledgeroot 0.9.8.5-3 (embed; bug #461555) |
| 266 |
- moin <unfixed> (embed; bug #452599) |
- moin <unfixed> (embed; bug #452599) |
| 267 |
- karrigell <unfixed> (embed; bug #452598) |
- karrigell <unfixed> (embed; bug #452598) |
| 268 |
- gforge-plugins-extra 4.6.99+svn6225-1 (embed) |
- gforge-plugins-extra 4.6.99+svn6225-1 (embed) |
| 276 |
htmlArea (not packaged in Debian) |
htmlArea (not packaged in Debian) |
| 277 |
- moodle <unfixed> (embed) |
- moodle <unfixed> (embed) |
| 278 |
|
|
| 279 |
|
giflib: |
| 280 |
|
- wine <unfixed> (embed; bug #466181) |
| 281 |
|
|
| 282 |
bennu (not packaged in Debian) |
bennu (not packaged in Debian) |
| 283 |
- moodle <unfixed> (embed) |
- moodle <unfixed> (embed) |
| 284 |
|
|
| 285 |
smarty: |
smarty: |
| 286 |
- moodle <unfixed> (embed) |
- moodle <unfixed> (embed; bug #471158) |
| 287 |
|
- gallery2 <unfixed> (embed; bug #471160) |
| 288 |
|
- mahara 0.9.2-2 (embed; bug #471201) |
| 289 |
|
- gosa 2.4beta1-1 (embed; bug #471200) |
| 290 |
|
|
| 291 |
TinyMCE |
TinyMCE |
| 292 |
- wordpress <unfixed> (embed) |
- wordpress <unfixed> (embed; bug #478257) |
| 293 |
- moodle <unfixed> (embed) |
- moodle <unfixed> (embed) |
| 294 |
- knowledgeroot <unfixed> (embed) |
- knowledgeroot <unfixed> (embed) |
| 295 |
- joomla <itp> (bug #326398) |
- joomla <itp> (bug #326398) |
| 360 |
libgd2 |
libgd2 |
| 361 |
- graphviz <unfixed> (embed) |
- graphviz <unfixed> (embed) |
| 362 |
NOTE: lib/gd seems to be 2.0.33 |
NOTE: lib/gd seems to be 2.0.33 |
| 363 |
|
- wml <unfixed> (embed) |
| 364 |
|
NOTE: derived from gd 1.6.3 |
| 365 |
|
|
| 366 |
rar |
rar |
| 367 |
- unrar-nonfree <unfixed> (embed) |
- unrar-nonfree <unfixed> (embed) |
| 444 |
- tcl8.4 <unfixed> (embed) |
- tcl8.4 <unfixed> (embed) |
| 445 |
- tcl8.5 <unfixed> (embed) |
- tcl8.5 <unfixed> (embed) |
| 446 |
NOTE: generic/tkImgGIF.c |
NOTE: generic/tkImgGIF.c |
| 447 |
|
|
| 448 |
|
tk8.5 |
| 449 |
|
- tk8.0 <removed> (old-version) |
| 450 |
|
- tk8.3 <unfixed> (old-version) |
| 451 |
|
- tk8.4 <unfixed> (old-version) |
| 452 |
|
- perl-tk <unfixable> (fork) |
| 453 |
|
|
| 454 |
|
samba |
| 455 |
|
- mc <unfixed> (embed) |
| 456 |
|
NOTE: maintainer is aware of this, currently searching a solution |
| 457 |
|
|
| 458 |
|
plib1.8.4c2 |
| 459 |
|
- boson <unfixed> (fork) |
| 460 |
|
NOTE: embedding the font pieces of plib, based on the header file it is forked, contains "Added by AB for boson." and similar |
| 461 |
|
|
| 462 |
|
fribidi |
| 463 |
|
- quesoglc <unfixed> (embed) |
| 464 |
|
|
| 465 |
|
glew |
| 466 |
|
- quesoglc <unfixed> (embed) |
| 467 |
|
|
| 468 |
|
minorGems |
| 469 |
|
- transcend <unfixed> (embed) |
| 470 |
|
- cultivation <unfixed> (embed) |
| 471 |
|
|
| 472 |
|
tar |
| 473 |
|
- libarchive <unfixed> (embed) |
| 474 |
|
NOTE: FreeBSD tar (tar/bsdtar.c) in libarchive 1.2 and higher. libarchive ends up statically linked into bsdtar executable |
| 475 |
|
|
| 476 |
|
cpio |
| 477 |
|
- libarchive <unfixed> (embed) |
| 478 |
|
NOTE: cpio included in libarchive 2.2 and higher, but not compiled until libarchive 2.4.11-1 (as bsdcpio package) |
| 479 |
|
|
| 480 |
|
webkit |
| 481 |
|
- qt4-x11 <unfixed> (embed) |
| 482 |
|
|
| 483 |
|
ftgl |
| 484 |
|
- blender 2.45+r14660-1 (embed) |
| 485 |
|
NOTE: Once the above version is released, it will be fixed |
| 486 |
|
|
| 487 |
|
wv |
| 488 |
|
- abiword <unfixed> |
| 489 |
|
|
| 490 |
|
qemu |
| 491 |
|
- kvm <unfixed> (embed) |
| 492 |
|
|
| 493 |
|
speex |
| 494 |
|
- vorbis-tools <unfixed> (embed) |
| 495 |
|
NOTE: while comiled against libspeex-dev, ogg123/speex_format.c is compiled with embedded code copied from speexdec.c |
| 496 |
|
- gst-plugins-good0.10 <unfixed> (embed) |
| 497 |
|
- xine-lib <unfixed> (embed) |
| 498 |
|
- libfishsound <unfixed> (embed) |
| 499 |
|
- libannodex <unfixed> (embed) |
| 500 |
|
- vlc <unfixed> (embed) |
| 501 |
|
- xmms-speex <unfixed> (embed) |
| 502 |
|
- libsdl-sound1.2 <unfixed> (embed) |
| 503 |
|
- sweep <unfixed> (embed) |
| 504 |
|
|
| 505 |
|
libreadline |
| 506 |
|
- magic <unfixed> (old-version) |
| 507 |
|
NOTE: magic is currently an RFS |
| 508 |
|
|
| 509 |
|
opcode |
| 510 |
|
- ode <unfixed> (embed) |
| 511 |
|
NOTE: opcode is not a package in debian, it is just embedded |
| 512 |
|
NOTE: http://www.codercorner.com/Opcode.htm |
| 513 |
|
|
| 514 |
|
gimpact |
| 515 |
|
- ode <unfixed> (embed) |
| 516 |
|
NOTE: gimpact is not a package in debian, it is just embedded |
| 517 |
|
NOTE: http://gimpact.sf.net |
| 518 |
|
|
| 519 |
|
MochiKit.js |
| 520 |
|
- mahara <unfixed> (embed) |
| 521 |
|
- ntop <unfixed> (embed) |
| 522 |
|
- python-oherence <unfixed> (embed) |
| 523 |
|
- python-paste <unfixed> (embed) |
| 524 |
|
- python-turbogears <unfixed> (embed) |
| 525 |
|
- zope-plone3 <unfixed> (embed) |
| 526 |
|
|
| 527 |
|
prototype.js |
| 528 |
|
- netbeans-ide <unfixed> (embed) |
| 529 |
|
- auth2db-frontend <unfixed> (embed) |
| 530 |
|
- citadel-webcit <unfixed> (embed) |
| 531 |
|
- asterisk <unfixed> (embed) |
| 532 |
|
- doc-iana <unfixed> (embed) |
| 533 |
|
- libaws-doc <unfixed> (embed) |
| 534 |
|
- libgettext-ruby-data <unfixed> (embed) |
| 535 |
|
- libjson-ruby-doc <unfixed> (embed) |
| 536 |
|
- liblucene2-java-doc <unfixed> (embed) |
| 537 |
|
- libopenid-ruby <unfixed> (embed) |
| 538 |
|
- solr-common <unfixed> (embed) |
| 539 |
|
- glpi <unfixed> (embed) |
| 540 |
|
- hobbix <unfixed> (embed) |
| 541 |
|
- mnemo2 <unfixed> (embed) |
| 542 |
|
- nag2 <unfixed> (embed) |
| 543 |
|
- libjs-prototype <unfixed> (embed) |
| 544 |
|
- libjs-scriptaculous <unfixed> (embed) |
| 545 |
|
- knowledgeroot <unfixed> (embed) |
| 546 |
|
- mediatomb-common <unfixed> (embed) |
| 547 |
|
- mt-daapd <unfixed> (embed) |
| 548 |
|
- op-panel <unfixed> (embed) |
| 549 |
|
- ebug-http <unfixed> (embed) |
| 550 |
|
- phpgedview <unfixed> (embed) |
| 551 |
|
- poker-web <unfixed> (embed) |
| 552 |
|
- python-webhelpers <unfixed> (embed) |
| 553 |
|
- qwik <unfixed> (embed) |
| 554 |
|
- rails <unfixed> (embed) |
| 555 |
|
- typo3-src-4.1 <unfixed> (embed) |
| 556 |
|
- wordpress <unfixed> (embed) |
| 557 |
|
- zope-plone3 <unfixed> (embed) |
| 558 |
|
- smokeping <unfixed> (embed) |
| 559 |
|
|
Parent Directory
| 
Revision Log
| 
Patch