/[secure-testing]/data/embedded-code-copies
ViewVC logotype

Contents of /data/embedded-code-copies

Parent Directory Parent Directory | Revision Log Revision Log

Revision 13202 - (show annotations) (download)
Thu Nov 5 02:54:48 2009 UTC (3 years, 6 months ago) by gilbert-guest
File size: 33565 byte(s) 
some fixed prototypejs embeds
1 Embedded code copies
2 ====================
3
4 This file collects source packages that embed code from other projects.
5 This is considered bad for fixing security flaws because the fix needs
6 to be applied in multiple source packages.
7
8 Format:
9 <srcpkg> (<optional comment about srcpkg>)
10 - <embedding srcpkg> <status> (<sort>; bug #<number>)
11 NOTE: optional comments about the linkage of the embedding srcpkg
12
13 status: version number fixing the embedded copy, <unfixed>, <removed>,
14 <itp>, <not-affected>, <unknown> if the version number can not
15 be determined, or <unfixable> for unavoidable cases (e.g., forks
16 that add real value)
17 sort: static (linking statically against a lib)
18 embed (embedding a copy of the library into another source package)
19 fork (the package is not just embedding code but it is a fork and
20 thus might share parts of the source code)
21 old-version (the package is an older version of essentially
22 the same code)
23
24 The srcpkg might be some string to identify the code if there is no
25 specific source package.
26
27 Everything up to the next line is ignored.
28 ---BEGIN
29 xpdf (some srcpkgs use xpdf2 code, some xpdf3 code)
30 NOTE: Fixed packages link to poppler library unless otherwise noted
31 - pdftohtml <unknown>
32 [sarge] - pdftohtml <unfixed>
33 [etch] - pdftohtml <unfixed>
34 NOTE: has been replaced by poppler-utils
35 - kdegraphics 4:4.2.2-1 (embed; bug #436164)
36 - texlive-base 3.0-12 (embed)
37 - texlive-bin 2007-1 (embed)
38 NOTE: links to poppler
39 - koffice <unfixed> (embed; bug #436163)
40 - libextractor 0.5.12-1 (embed)
41 NOTE: libextractor is using its own pdf decoder now
42 - ipe <unfixed> (embed)
43 NOTE: embeds small parts with renamed source files: ipestdfonts.cpp, ipefonts.cpp, ipedct.cpp
44 - ruby-gnome2 <unknown> (embed)
45 NOTE: copy only present in source but links to poppler
46 - pdfedit <unfixed> (embed; bug #510794)
47 - swftools <unfixed> (embed; bug #551293)
48 - poppler <unfixable> (fork)
49
50 ppmd
51 - libcomplearn-mod-ppmd <unfixed> (fork)
52 NOTE: discussion in #458152
53
54 libevent
55 - transmission 1.71-1 (embed; bug #529372)
56
57 lrmi
58 - read-edid 2.0.0-1 (embed; bug #495131)
59
60 peercast
61 - gnome-peercast <removed> (embed)
62 [etch] - gnome-peercast <unfixed> (embed)
63
64 silc-toolkit
65 - silc-client 1.1~beta6-1 (embed)
66
67 icclib
68 - ghostscript <unfixed> (embed)
69 - argyll <unfixed> (embed)
70
71 dietlibc
72 - ccontrol 0.9.1+20071204-1 (static)
73
74 libmikmod
75 - sdl-mixer1.2 <unfixed> (embed)
76 TODO: report bug
77
78 libiax
79 - iaxmodem <unfixable> (embed; bug #548885)
80
81 spandsp
82 - iaxmodem <unfixable> (embed; bug #548885)
83
84 zlib (lots of apps embed a copy, but link dynamically, but there are a few exceptions)
85 - dpkg <unfixed> (embed)
86 NOTE: see 18196.48620.491996.624772@davenant.relativity.greenend.org.uk on debian-devel for discussion
87 - rsync <unfixed> (embed)
88 NOTE: somehow derived code base
89 - mono <unfixed> (embed)
90 TODO: check mozilla
91 - Linux kernels <unfixed> (embed)
92 - pvpgn 1.7.8-2 (embed)
93 - mrtg 2.12.2-1 (embed)
94 - rpm <unknown> (embed)
95 NOTE: pinged anibal since when rpm was fixed
96 - tuxcmd-modules <unfixed> (embed)
97 - zsync <unfixed>
98 - tra <unfixed>
99 - sash <unfixed>
100 - nsis <unfixed>
101 - mseide-msegui <unfixed>
102 NOTE: mseide
103 - mirrordir <unfixed>
104 - poco <unfixed>
105 - klibc <unfixed>
106 - ghostscript <unfixed>
107 - freeimage <unfixed>
108 - clamav <unfixed> (fork)
109 NOTE: from the changelog: "libclamav6 does indeed duplicate parts of the zlib code, but there is not way around that"
110 - tuxonice-userui <unfixed>
111 - plt-scheme <unfixed>
112 - perl <unfixed>
113 - paraview <unfixed>
114 - gcvs <unfixed>
115 - dump <unfixed>
116 - aide <unfixed> (static)
117 - dar <unfixed> (static)
118 - avfs <unfixed>
119 - fpc <unfixed>
120 - winff <unfixed>
121 NOTE: inherited from fpc, see #472304
122 - lazarus <unfixed>
123 NOTE: inherited from fpc, see #472304
124 - erlang <unfixed> (embed)
125 - gamera 3.2.3-1 (embed)
126 - python2.4 <unfixed> (embed; bug #553403)
127 - python2.5 <unfixed> (embed; bug #553403)
128
129 dulwich
130 - hg-git 0.1.0-1 (embed; bug #541996)
131
132 libvigraimpex
133 - hugin <unfixed> (embed; bug #542259)
134 - enblend-enfuse <unfixed> (embed; bug #542258)
135 - gamera 3.2.3-1 (embed)
136
137 libbz2
138 - dpkg <unfixed> (static)
139
140 libgadu
141 - centericq <unfixed> (embed)
142 - pidgin <unfixed> (embed)
143 NOTE: pidgin links dynamically against libgadu; that should be fixed, then???
144 - kdenetwork 4:3.3.2-5 (embed)
145 NOTE: from kdenetwork: kopete
146 - ekg 1:1.8~rc0-1 (embed)
147 - kadu 0.6.0.2-3 (embed; bug #504430)
148 - gadu <itp> (embed)
149
150 xmlrpc (which package is the "origin" of this code?)
151 - drupal <unfixed> (embed)
152 - phpgroupware <unfixed> (embed)
153 - egroupware <unfixed> (embed)
154 - phpwiki <unfixed> (embed)
155 - php4 <unfixed> (embed)
156 TODO: check, php-pear, IIRC this was reorganized some weeks ago?
157
158 shtool (affects build-time only)
159 - mysql-ocaml <unfixed> (embed)
160 - php4 <unfixed> (embed)
161
162 iceape
163 - iceweasel <unfixed> (fork)
164 - icedove <unfixed> (fork)
165 - xulrunner <unfixed> (fork)
166 - kompozer <unfixed> (embed; bug #532168)
167
168 xli
169 - xloadimage <unfixed> (embed)
170
171 lesstif (beware: two different lesstif APIs supported in one package, MOTIF 1.2 discarded upstream)
172 - openmotif <unfixed> (embed)
173 - libxpm <unfixed> (embed)
174
175 kerberized apps with BSD origin
176 - krb4 <removed> (embed)
177 - krb5 <unfixed> (embed)
178 - heimdal <unfixed> (embed)
179
180 grip (which pkg is the origin?)
181 - libcdaudio <unfixed>
182 - grip <unfixed>
183 - gnome-vfs <unfixed>
184 TODO: check vfs2 as well
185
186 fudforum
187 [etch] - phpgroupware <unfixed> (embed)
188 NOTE: phpgroupware-fudforum
189 [sarge] - egroupware-fudforum <removed> (embed)
190
191 libbsd
192 - rdate 1:1.2-3 (embed)
193 - atheme-services <unfixed>
194 - libbsd-arc4random-perl <unfixed>
195 - isakmpd <unfixed>
196
197 cvs
198 - gcvs <unfixed> (embed)
199 NOTE: see cvsunix/src in tarball
200
201 pcre3
202 - php4 <unknown> (embed)
203 - analog 2:5.23-0woody1 (embed)
204 - goffice <unfixed> (embed)
205 NOTE: libgoffice-*
206 - vfu 4.06-4.1 (embed; bug #450754)
207 - tf5 5.0beta7-1 (embed)
208 - monotone 0.43-1 (embed)
209 NOTE: this only affects versions >= 0.37
210 - glib2.0 2.15.2-1 (embed)
211 - apache2 2.0.53-4 (embed)
212 - exim4 4.10-0.srh20.12 (embed)
213 - yacas <unfixed> (embed)
214 NOTE: <= 1.0.x; is using pcre to scan text, can execute shell commands via the syntax anyway
215 - gtamsanalyzer.app 0.42-5 (embed)
216 - tin <unknown> (embed)
217 - kazehakase 0.5.2-1
218 - webkit 1.0.1-1 (embed)
219 - qt4-x11 <unfixed> (embed)
220 NOTE: embedded via webkit copy
221 - erlang <unfixed> (embed)
222
223 tiff
224 - wxwindows2.4 2.2.1 (embed)
225 - gamera 3.2.3-1 (embed)
226
227 uudeview
228 - libconvert-uulib-perl <unfixed> (embed)
229 - pan <unfixed> (embed)
230
231 sqlite (not affected by security vulnerabilities so far)
232 - amarok <unfixed> (embed)
233 - monotone 0.43-1 (embed)
234 - iceweasel <unfixed> (embed)
235
236 util-linux/mount
237 - loop-aes-utils <unfixed> (embed)
238 NOTE: contains code from util-linux' mount in the mount-aes-udeb
239
240 sylpheed
241 - sylpheed-claws <unfixed> (fork)
242
243 phpsysinfo
244 - egroupware <unfixed> (embed)
245 - phpgroupware <unfixed> (embed)
246
247 phpldapadmin
248 [sarge] - egroupware <unfixed> (embed)
249 NOTE: removed from egroupware after sarge
250
251 chmlib
252 - kchmviewer <unknown> (embed)
253
254 ffmpeg (libavcodec/libavformat)
255 - mplayer 1.0~rc2-14 (embed; bug #395252)
256 - kino 1.0.0-1
257 - vlc <not-affected> (Links dynamically since initial release)
258 - smilutils 0.3.0-10
259 NOTE: smilutils likely fixed earlier, marking Etch's version as fixed
260 - motion 3.1.19-1
261 - gstreamer0.10-ffmpeg 0.10.3-2
262 - xmovie <removed> (static)
263 TODO: gimp-gap (potentially using ffmpeg code as well)
264 - avifile 1:0.7.48~20090503.ds-1 (embed; bug #538750)
265
266 faad2
267 - mplayer 1.0~rc2-20 (embed)
268 - avifile <unfixed> (embed; bug #538750)
269
270 libmad (MPEG decoding lib)
271 - xine-lib <unfixed> (embed)
272 - avifile 1:0.7.48~20090503.ds-1 (embed) [./plugins/libmad/*]
273 TODO: check ocaml-mad, madplay, pymad, xmms-mad, xmms2
274
275 libdts
276 - xine-lib <unfixed> (embed)
277
278 flac
279 - xine-lib <unfixed> (embed)
280
281 liba52
282 - a52dec <unfixed> (embed)
283 - xine-lib <unfixed> (embed)
284
285 libmpeg2
286 - mpeg2dec <unfixed> (embed)
287 - xine-lib <unfixed> (embed)
288
289 libntlm
290 - wget <unfixed> (fork; bug #550436)
291 - curl <unfixed> (fork; bug #550437)
292 - cntlm <unfixed> (fork; bug #550438)
293
294 uw-imap
295 - pine <unfixed> (embed)
296 - alpine <unfixed> (embed)
297
298 imagemagick
299 - graphicsmagick <unfixed> (fork)
300
301 python-urlgrabber
302 - mercurial <unfixed> (embed; bug #531062)
303 - w3af <unfixed> (embed)
304 [experimental] - harvestman <unfixed> (embed)
305
306 beautifulsoup
307 - python-mechanize <unfixed> (embed)
308 - zope2.11 <unfixed> (embed)
309 - twill <unknown> (embed)
310
311 halibut
312 - nsis <unfixed> (fork)
313
314 libghttp
315 - hotway <unfixed> (embed)
316
317 libsndfile
318 - ardour 1:2.7.1-1 (embed)
319
320 glibmm2.4
321 - ardour 1:2.7.1-1 (embed)
322
323 libgnomecanvasmm2.6
324 - ardour 1:2.7.1-1 (embed)
325
326 libsigc++-2.0
327 - ardour 1:2.7.1-1 (embed)
328
329 soundtouch
330 - ardour 1:2.7.1-1 (embed)
331
332 libmms
333 - xine-lib <unfixed> (embed)
334 - mimms <unfixed> (embed)
335
336 fckeditor
337 - knowledgeroot 0.9.8.5-3 (embed; bug #461555)
338 - moin 1.8.2-2 (embed; bug #452599)
339 - karrigell <removed> (embed; bug #452598)
340 - gforge 4.6.99+svn6225-1 (embed)
341 - request-tracker3.8 <unfixed> (embed)
342
343 ipatlas (not packaged in Debian)
344 - moodle <unfixed> (embed; bug #507185)
345
346 libphp-phpmailer
347 - moodle <unfixed> (embed; bug #507185)
348 - mahara <unfixed> (embed)
349 - symfony <unfixed> (embed)
350 [etch] - phpgroupware <unfixed> (embed)
351 NOTE: phpgroupware-felamimail is only in etch
352 - egroupware <unfixed> (embed; bug #504283)
353 - glpi <unfixed>
354
355 htmlArea (not packaged in Debian)
356 - moodle <unfixed> (embed)
357
358 giflib
359 - wine <unfixed> (embed; bug #466181)
360
361 bennu (not packaged in Debian, http://bennu.sourceforge.net)
362 - moodle <unfixed> (embed)
363
364 smarty
365 - moodle 1.8.2-2 (embed; bug #471158)
366 - gallery2 2.2.5-2 (embed; bug #471160)
367 - mahara 0.9.2-2 (embed; bug #471201)
368 - gosa 2.4beta1-1 (embed; bug #471200)
369
370 TinyMCE
371 - wordpress 2.5.1-3 (embed; bug #478257)
372 - moodle <unfixed> (embed; bug #507185)
373 - knowledgeroot <unfixed> (embed)
374 - joomla <itp> (bug #326398)
375
376 scintilla (upstream provides static lib, rejected shared lib http://sf.net/support/tracker.php?aid=2488121)
377 - scite <unfixed> (embed)
378 - qscintilla <unfixed> (embed)
379 - qscintilla2 <unfixed> (embed)
380 - geany <unfixed> (fork)
381 - anjuta <unfixed> (embed)
382
383 libphp-adodb
384 - moodle <unfixed> (embed; bug #507185)
385 NOTE: also AdoDB-XML Schema
386 - gallery2 <unfixed> (embed)
387 - phppgadmin <unfixed> (embed)
388 - egroupware <unfixed> (embed)
389 - phpwiki <unfixed> (embed)
390 - torrentflux 2.0beta1-2 (embed)
391 - ipplan <unfixed> (embed)
392 - typo3-src <unfixed> (embed)
393 - cacti <unknown> (embed)
394 [sarge] - cacti <unfixed> (embed)
395 NOTE: dependency exists, but internal version is used
396 - gforge 4.7~rc2-6 (embed)
397 - mahara <unfixed> (embed)
398
399 gzip
400 - linux-kernel <unfixed> (embed)
401 NOTE: lib/inflate.c
402 - klibc <unfixed> (embed)
403 NOTE: based on linux-kernel gzip code
404 - busybox <unfixed> (embed)
405
406 neon
407 - cadaver 0.22.3+debian-1 (embed; bug #188381)
408 - gnome-vfs2 <unfixed> (embed; bug #395874)
409 [etch] - litmus <unfixed> (embed; #395875)
410 - litmus <removed> (embed; #395875)
411 [sarge] - screem <unfixed> (embed)
412 - sitecopy 1:0.16.3-5 (embed; bug #395876)
413 [etch] - tla <unfixed> (embed; bug #395877)
414 [sarge] - tla <unfixed> (embed; bug #395877)
415
416 libmodplug
417 - gst-plugins-bad0.10 <unfixed> (embed)
418
419 libvncserver
420 - vino <unfixed> (embed)
421
422 putty
423 - filezilla <unfixed> (embed)
424
425 tinyxml (not packaged in Debian)
426 - filezilla <unfixed>
427
428 gv
429 - evince <unfixed> (embed)
430 NOTE: ps/ tree from gv 3.5.8
431 NOTE: evince-gtk is affected (a component of evince source package)
432
433 libXbae
434 - paw <removed> (embed)
435 [etch] - paw <unfixed> (embed)
436
437 libgtkhtml
438 - claws-mail-extra-plugins <unfixed> (fork)
439
440 libXaw
441 - paw <removed> (embed)
442 [etch] - paw <unfixed> (embed)
443 NOTE: I plan to deal with the above two cases after Etch release. -- KevinMcCarty
444
445 libgd2
446 - graphviz <unfixed> (embed)
447 NOTE: lib/gd seems to be 2.0.33
448 - wml <unfixed> (embed)
449 - libwmf <unfixed> (embed)
450 NOTE: derived from gd 1.6.3
451
452 rar
453 - unrar-nonfree <unfixed> (embed)
454
455 unrar-free (maybe this code is derived from the original rar, too?)
456 - clamav <unfixed> (embed)
457 NOTE: seems to be disabled in default config
458
459 mplayer (DirectMedia Object loader)
460 - xine-lib <unfixed> (embed)
461 NOTE: src/libw32dll/
462 - vlc <unfixed> (embed)
463 NOTE: modules/codec/dmo/
464 - mplayer 1.0~rc2-20 (embed)
465
466 libwpd (WordPerfect converter)
467 - openoffice.org <unfixed> (embed)
468
469 fsplib (http://sourceforge.net/projects/fsp/)
470 - gftp <unfixed> (embed)
471 NOTE: lib/fsplib version 0.3
472
473 sprng
474 - tree-puzzle <unfixed> (embed)
475
476 librpcsecgss
477 - krb5 <unfixed> (embed)
478
479 jasper
480 - ghostscript <unfixed> (embed)
481 - gs-gpl <unfixed> (embed)
482
483 libiris
484 - psi <unfixed> (embed)
485 - kdenetwork <unfixed> (embed)
486 NOTE: kopete embeds libiris but links dynamically to libidn
487 - kdegames <unfixed> (embed)
488 NOTE: ksirk/kde4
489
490 libidn
491 - monotone 0.43-1 (embed)
492 - psi <unfixed> (embed)
493 NOTE: psi embeds libiris which embeds libidn
494 - kdegames <unfixed> (embed)
495 NOTE: kdegames/kde4 embeds libiris which embeds libidn
496
497 liblua
498 - monotone 0.43-1 (embed)
499 - nmap 5.00-1 (embed; bug #527997)
500 [lenny] - nmap <unfixed> (embed; bug #527997)
501
502 libbotan
503 - monotone 0.43-1 (embed)
504
505 NetXX
506 - monotone 0.43-1 (embed)
507
508 libgc
509 - mono <unfixed> (embed)
510
511 lzma
512 - p7zip <unfixed> (embed)
513 - xz-utils <unfixed> (fork)
514
515 lzo
516 - grub2 <unfixed> (embed)
517
518 yassl
519 - mysql-dfsg-5.0 <unfixed> (embed)
520
521 pax code
522 - tar <unfixed> (embed)
523 - cpio <unfixed> (embed)
524
525 t1lib
526 - tetex-bin 2.0.2-1 (embed)
527 - texlive-bin <unknown> (embed)
528
529 guichan
530 - boswars <unfixed> (embed)
531 NOTE: maintainer notified us, working on it
532
533 tolua
534 - boswars <unfixed> (embed)
535 NOTE: maintainer notified us, working on it
536
537 asio-dev
538 - luxrender <removed> (embed)
539
540 xine-lib
541 - vlc <unfixed> (embed)
542 NOTE: only parts included in modules/access/rtsp
543
544 netpbm
545 - tcl8.3 <unfixed> (embed)
546 - tcl8.4 <unfixed> (embed)
547 - tcl8.5 <unfixed> (embed)
548 NOTE: generic/tkImgGIF.c
549
550 tk8.5
551 - tk8.0 <removed> (old-version)
552 - tk8.3 <unfixed> (old-version)
553 - tk8.4 <unfixed> (old-version)
554 - perl-tk <unfixable> (fork)
555
556 samba
557 - mc 2:4.6.2~git20080311-1 (embed)
558 NOTE: maintainer is aware of this, currently searching a solution
559
560 plib1.8.4c2
561 - boson <unfixed> (fork)
562 NOTE: embedding the font pieces of plib, based on the header file it is forked, contains "Added by AB for boson." and similar
563
564 fribidi
565 - quesoglc <unfixed> (embed)
566 NOTE: compiled against system fribidi in Debian - embed only used when fribidi is not available on the system
567
568 glew
569 - quesoglc <unfixed> (embed; bug #489341)
570 NOTE: waiting on GLEW_MX version of glew (see bug #474488)
571
572 minorGems (pabs contacted upstream about shared lib, he considers minorGems an 'ever-evolving collection of reusable code fragments' for his own use)
573 - transcend <unfixed> (embed)
574 - cultivation <unfixed> (embed)
575 - passage <unfixed> (embed)
576 - gravitation <unfixed> (embed)
577
578 tar
579 - libarchive <unfixed> (embed)
580 NOTE: FreeBSD tar (tar/bsdtar.c) in libarchive 1.2 and higher. libarchive ends up statically linked into bsdtar executable
581
582 cpio
583 - libarchive <unfixed> (embed)
584 NOTE: cpio included in libarchive 2.2 and higher, but not compiled until libarchive 2.4.11-1 (as bsdcpio package)
585
586 webkit
587 - qt4-x11 <unfixed> (embed)
588
589 ftgl
590 - blender 2.46+dfsg-1 (embed)
591
592 wv
593 - abiword <unfixed>
594
595 qemu
596 - kvm <unfixed> (embed; bug #543159)
597 - xen-3 <unfixed> (embed)
598 - xen-unstable <unfixed> (embed)
599
600 vgabios
601 - kvm <unfixed> (embed; bug #489442)
602
603 bochs
604 - kvm <unfixed> (embed; bug #489442)
605
606 speex
607 - vorbis-tools <unfixed> (embed)
608 NOTE: while comiled against libspeex-dev, ogg123/speex_format.c is compiled with embedded code copied from speexdec.c
609 - gst-plugins-good0.10 <unfixed> (embed)
610 - xine-lib <unfixed> (embed)
611 - libfishsound <unfixed> (embed)
612 - libannodex <unfixed> (embed)
613 - vlc <unfixed> (embed)
614 - xmms-speex <unfixed> (embed)
615 - libsdl-sound1.2 <unfixed> (embed)
616 - sweep <unfixed> (embed)
617
618 libreadline
619 - magic <itp> (old-version)
620
621 opcode
622 - ode <unfixed> (embed)
623 NOTE: opcode is not a package in debian, it is just embedded
624 NOTE: http://www.codercorner.com/Opcode.htm
625
626 gimpact
627 - ode <unfixed> (embed)
628 NOTE: gimpact is not a package in debian, it is just embedded
629 NOTE: http://gimpact.sf.net
630
631 mochikit
632 - mahara <unfixed> (embed)
633 NOTE: they require extra patches, still unmerged upstream
634 - ntop <unfixed> (embed)
635 - coherence 0.6.2-1 (embed)
636 NOTE: python-coherence
637 - paste <unfixed> (embed)
638 NOTE: python-paste
639 - turbogears <unfixed> (embed)
640 NOTE: python-turbogears
641 - plone3 <unfixed> (embed)
642 NOTE: zope-plone3
643
644 prototypejs
645 - netbeans-ide 6.0.1+dfsg-2 (embed)
646 - auth2db <unfixed> (embed)
647 - webcit <unfixed> (embed)
648 - asterisk 1:1.6.2.0~rc3-1 (embed)
649 - doc-iana <unfixed> (embed)
650 - libaws <unfixed> (embed)
651 - libjson-ruby <unfixed> (embed)
652 - lucene2 <unfixed> (embed)
653 - solr <unfixed> (embed)
654 - glpi <unfixed> (embed)
655 - mnemo2 <unfixed> (embed)
656 - nag2 <unfixed> (embed)
657 - knowledgeroot <unfixed> (embed)
658 - mediatomb <unfixed> (embed)
659 - mt-daapd 0.9~r1696.dfsg-6lenny2 (embed)
660 - op-panel <unfixed> (embed)
661 - ebug-http <unfixed> (embed)
662 - phpgedview <removed> (embed)
663 - poker-network <unfixed> (embed)
664 - webhelpers <unfixed> (embed)
665 - qwik <unfixed> (embed)
666 - rails 2.1.0-6 (embed)
667 - typo3-src <unfixed> (embed)
668 - wordpress 2.5.0-2 (embed)
669 - zope <unfixed> (embed)
670 - smokeping 2.3.6-3 (embed)
671 - ampache 3.4.1-2 (embed)
672 - exaile <unfixed> (embed)
673 - hobix <unfixed> (embed)
674 - pixelpost <unfixed> (embed)
675 - symfony <unfixed> (embed)
676 NOTE: it's been said that there are custom changes
677 - zabbix <unfixed> (embed)
678 - turba2 <unfixed> (embed)
679 - chora2 <unfixed> (embed)
680 - gollem <unfixed> (embed)
681 - jscropperui <unfixed> (embed)
682 - rt-extension-emailcompletion <unfixed> (embed)
683 - scriptaculous <unfixed> (embed)
684 - ingo1 <unfixed> (embed)
685 - kronolith2 <unfixed> (embed)
686 - libpdfbox-java <unfixed> (embed)
687 - activeldap <unfixed> (embed)
688 - libfontbox-java <unfixed> (embed)
689 - libjempbox-java <unfixed> (embed)
690 - libv8 <unfixed> (embed)
691 - mantis <unfixed> (embed)
692 - otrs2 <unfixed> (embed)
693 - webcalendar <unfixed> (embed)
694 - webhelpers <unfixed> (embed)
695 - redmine <unfixed> (embed)
696 - jifty <unfixed> (embed)
697 - jquery <unfixed> (embed)
698 - passenger <unfixed> (embed)
699 - plone3 <unfixed> (embed)
700 - pylucene <unfixed> (embed)
701 - request-tracker3.6 <unfixed> (embed)
702 - request-tracker3.8 <unfixed> (embed)
703 - wesnoth <unfixed> (embed)
704 - xulrunner <unfixed> (embed)
705 NOTE: included in iceweasel/xulrunner unit tests directory, so may not be security-relevant
706
707 gdb
708 - insight <unfixed> (embed)
709
710 e2fsprogs
711 - ldiskfsprogs <unfixable> (fork)
712
713 quazip (not packaged in Debian)
714 - qcake <unfixed> (embed)
715 NOTE: starting with upstream version 0.6.4
716
717 exo
718 - pcmanfm <unfixed> (embed; bug #499677)
719 NOTE: slightly modified source code
720
721 java
722 - openjdk-6 <unfixed>
723 - sun-java5 <unfixed>
724 - sun-java6 <unfixed>
725
726 libphp-snoopy
727 - ampache 3.4.1-2 (embed; bug #504169)
728 - mahara 1.0.5-2 (embed; bug #504170)
729 - pixelpost 1.7.1-5 (embed; bug #504171)
730 - mediamate 0.9.3.6-5 (embed; bug #504172)
731 - opendb <removed> (embed; bug #504173)
732 [etch] - opendb <unfixed> (embed; bug #504173)
733 - wordpress 2.5.1-9 (embed; bug #443948)
734 - moodle <unfixed> (embed; bug #507185)
735 [etch] - phpgroupware <unfixed> (embed)
736 NOTE: phpgroupware-felamimail
737 - magpierss 0.72-3 (embed; bug #431089)
738
739 jquery
740 - zekr <unfixed> (embed)
741 - wordpress <unknown> (embed)
742 - yocto-reader <unfixed> (embed)
743 - textpattern <unfixed> (embed)
744 - genshi 0.5.1-1 (embed)
745 NOTE: compressed file under examples/ dir
746 - prewikka <unfixed> (embed)
747 - libramaze-ruby <unfixed> (embed)
748 - drupal5 <unfixed> (embed)
749 - b2evolution <unfixed> (embed)
750 - wesnoth <unfixed> (embed)
751
752 tablesorter (jquery plugin, not packaged yet)
753 - wesnoth <unfixed> (embed)
754
755 kses
756 - wordpress <unfixed> (embed; bug #504242)
757 NOTE: their copy has all methods renamed to wp_<foo>
758 NOTE: kses isn't in Debian, RFP: #504240
759 - moodle <unfixed> (embed; bug #507185)
760 - egroupware <unfixed> (embed)
761
762 magpierss
763 - wordpress <unfixed> (embed; bug #504242)
764 - moodle <unfixed>
765
766 php-gettext
767 - wordpress 2.8.4-1 (embed; bug #504242)
768
769 libphp-ixr (name may change, it is the Incutio XML-RPC)
770 - wordpress <unfixed> (embed; bug #504242)
771 NOTE: libphp-ixr isn't in Debian, RFP: #504236
772 - dokuwiki <unfixed> (embed)
773 - textpattern <unfixed> (embed)
774
775 libphp-cas
776 - glpi <unfixed> (embed)
777 - moodle <unfixed> (embed; bug #505984)
778
779 scriptaculous
780 - glpi <unfixed> (embed)
781 - libaws <unfixed> (embed)
782 NOTE: libaws-doc
783 - op-panel <unfixed> (embed)
784 - symfony <unfixed> (embed)
785 NOTE: maintainer says there are extra incompatible changes required
786 - pixelpost <unfixed> (embed)
787 - webhelpers <unfixed> (embed)
788 NOTE: python-webhelpers
789 - qwik <unfixed> (embed)
790 - smokeping <unfixed> (embed)
791 - turba2 <unfixed> (embed)
792 - typo3-src 4.2.3-1 (embed)
793 - request-tracker3.6 <unfixed> (embed)
794
795 libmarkdown-php
796 - moodle <unfixed> (embed; bug #507185)
797 - pixelpost <unfixed> (embed)
798
799 php-openid
800 - wordpress-openid <itp> (embed)
801
802 geshi
803 - dokuwiki 0.0.20080505-3.1 (embed)
804 - pgfouine 1.0-1.1 (embed)
805 - websvn 2.1.0-1 (embed)
806
807 webcalendar
808 - gforge 4.7~rc2-6 (embed; bug #504758)
809
810 libical
811 - kdepim <unfixed> (fork)
812 - kdepimlibs <unfixed> (fork)
813 NOTE: fixed in KDE4 post 4.1.x series
814 - claws-mail-extra-plugins <unfixed> (fork)
815
816 libltdl3
817 - kdelibs <unfixed> (embed)
818 NOTE: it's been said it sets RT_GLOBAL (or something like that) at runtime and version in experimental of libltdl can optionally set it
819 - synfig <unfixed> (embed)
820
821 harfbuzz
822 - qt4-x11 <unfixed> (embed)
823
824 libzip
825 - php5 <unfixed> (fork)
826 - odt2txt <unfixed> (embed; bug #523808)
827
828 json.php (not packaged; should be replaced with php's built-in functions)
829 - moodle <unfixed>
830 - yui <unfixed>
831 - gallery2 <unfixed>
832 - dokuwiki <unfixed>
833 - typo3-src <unfixed>
834
835 php-fpdf
836 - tcpdf <itp> (fork)
837 - moodle <unfixed>
838 - phpwiki <unfixed>
839 - egroupware <unfixed>
840 - ldap-account-manager <unfixed> (fork)
841
842 tcpdf (itp: #495985)
843 - moodle <unfixed>
844 - phpmyadmin <unfixed>
845
846 typo3
847 - moodle <unfixed>
848
849 spreadsheet_writeexcel (PHP port of libspreadsheet-writeexcel-perl; itp: #487557)
850 - moodle <unfixed>
851 - gosa <unfixed>
852
853 php-ole (itp: #487558)
854 - moodle <unfixed>
855
856 pieforms (http://www.catalyst.net.nz)
857 - mahara <unfixed>
858
859 savant2 (http://phpsavant.com)
860 - egroupware <unfixed>
861
862 rssparser (http://nwow.org)
863 - egroupware <unfixed>
864 - phpgroupware <unfixed>
865
866 lcms
867 - openjdk-6 <unfixed> (fork)
868
869 libphp-phplayersmenu
870 - diogenes <unfixed>
871 - phpldapadmin <unfixed>
872
873 libphp-pclzip
874 - docvert <unfixed>
875 - moodle <unfixed>
876 - egroupware <unfixed>
877
878 libphp-simplepie
879 - dokuwiki <unfixed>
880
881 libphp-jpgraph
882 - egroupware <unfixed>
883
884 php-simpletest
885 - moodle <unfixed>
886
887 libpng
888 - iceweasel <not-affected> (uses xulrunner)
889 - icedove 1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1, 2.0.0.19-1 (embed)
890 - iceape 1.0.13~pre080614i-0etch1 (embed)
891 - xulrunner 1.9.0.13-1 (embed)
892 [lenny] - xulrunner 1.9.0.11-0lenny1
893 [etch] - xulrunner 1.8.0.15~pre080614i-0etch1 (embed)
894 - gamera 3.2.3-1 (embed)
895
896 irssi
897 - silc-client <unfixed> (embed)
898 NOTE: Seems to be a pre-0.8.12 version that is used in irssi-plugin-silc
899
900 extc
901 - mtasc <unfixed> (embed)
902 - haxe <unfixed> (embed)
903
904 swflib
905 - mtasc <unfixed> (embed)
906 - haxe <unfixed> (embed)
907
908 libitext-java
909 - bouncycastle 2.1.4-1 (embed)
910
911 python-ply
912 - pyke <unfixed> (embed)
913
914 libdumbnet (libdnet upstream)
915 - nmap <unfixed> (fork)
916
917 gcc-4.4
918 - gcc-mingw32 <unfixed> (embed)
919
920 camlimages
921 - advi <unfixed> (static; bug #550441)
922
923 memcached
924 - memcachedb <unfixed> (embed)
925
926 yajl
927 - argyll <unfixed> (embed; bug #544223)
928 NOTE: reference, confirmed by build logs: http://lists.debian.org/debian-mentors/2009/08/msg00062.html
929
930 libept
931 - adept <unfixed> (embed; bug #540649)
932
933 libvorbis
934 - iceweasel <not-affected> (uses xulrunner)
935 - xulrunner <unfixed> (embed; bug #540949)
936 [etch] - xulrunner <not-affected> (introduced in firefox 3.5)
937 [lenny] - xulrunner <not-affected> (introduced in firefox 3.5)
938
939 cairo
940 - iceweasel <not-affected> (uses xulrunner)
941 - xulrunner 1.8.0.15~pre080614i-0etch1 (embed)
942
943 liboggz
944 - iceweasel <not-affected> (uses xulrunner)
945 - xulrunner <unfixed> (embed; bug #540949)
946 [etch] - xulrunner <not-affected> (introduced in firefox 3.5)
947 [lenny] - xulrunner <not-affected> (introduced in firefox 3.5)
948
949
950 liboggplay
951 - iceweasel <not-affected> (uses xulrunner)
952 - xulrunner <unfixed> (embed; bug #540949)
953 [etch] - xulrunner <not-affected> (introduced in firefox 3.5)
954 [lenny] - xulrunner <not-affected> (introduced in firefox 3.5)
955
956 php-net-dnsbl
957 - serendipity <unfixed> (embed)
958
959 php-onyx-rss
960 - serendipity <unfixed> (embed)
961
962 php-text-wiki
963 - serendipity <unfixed> (embed)
964
965 php-xml-rpc
966 - serendipity <unfixed> (embed)
967
968 polarssl (does not have a shared library)
969 - pdkim <itp> (embed; bug #543150)
970 - xyssl <unfixed> (old-version)
971
972 pidgin
973 - gaim <removed> (old-version)
974
975 icu
976 - webkit 1.0.1-1 (embed; bug #547214)
977 - texlive-bin <unfixed> (fork)
978 NOTE: texlive upstream working with icu upstream to merge their changes
979
980 cyrus-imapd-2.2
981 - kolab-cyrus-imapd <unfixed> (fork)
982 - dovecot 1:1.2.1-1 (embed) [/dovecot-sieve/src/libsieve/*]
983
984 python-cxx-dev
985 - freecad <unfixed> (embed; bug #547936)
986
987 libzipios++-dev
988 - freecad <unfixed> (embed; bug #547941)
989
990 linux-2.6
991 - kvm <unfixed> (embed; bug #549973) [./kernel/*]
992 - linux-kbuild-2.6 <unfixed> (embed; bug #550379) [./kbuild/*]
993 - kernel-source-2.6.8 <removed> (old-version)
994 - kernel-source-2.4.27 <removed> (old-version)
995 - kernel-source-2.4.24 <removed> (old-version)
996 - kernel-source-2.2.25 <removed> (old-version)
997 - kernel-source-2.2.20 <removed> (old-version)
998
999 libfdt (not yet packaged separately for debian; http://www.jdl.com/software/)
1000 - kvm <unfixed> (embed) [./libfdt/*]
1001
1002 qweb (not packaged)
1003 - ajaxterm <unfixed>
1004
1005 opensaml2
1006 - opensaml <removed> (old-version)
1007
1008 shibboleth-sp2
1009 - shibboleth-sp <removed> (old-version)
1010
1011 tuxonice-userui
1012 - suspend2-userui <removed> (old-version)
1013
1014 expat
1015 - w3c-libwww <removed> (embed; bug #551941)
1016 [etch] - w3c-libwww <unfixed> (embed; bug #551941) [./modules/expat/*]
1017 - python-xml <unfixed> (embed; bug #551940) [./extensions/expat/*]
1018 - python2.5 <unfixed> (embed; bug #553403) [./Modules/expat/*]
1019 - python2.4 <unfixed> (embed; bug #553403)
1020 - wxwindows2.4 <removed> (embed)
1021 - wxwidgets2.6 <unfixed> (embed)
1022 - wxwidgets2.8 <unfixed> (embed)
1023 - celementtree <unfixed> (embed)
1024 - audacity <unfixed> (embed)
1025 - matanza <unfixed> (embed)
1026 - tdom <unfixed> (embed)
1027 - udunits <unfixed> (embed)
1028 - apr-util 1.2 (embed)
1029 - ayttm <unfixed> (embed)
1030 - cableswig <unfixed> (embed)
1031 - cadaver <unfixed> (embed)
1032 - cmake <unfixed> (embed)
1033 - coin3 <unfixed> (embed)
1034 - gdcm <unfixed> (embed)
1035 - ghostscript <unfixed> (embed)
1036 - grmonitor <unfixed> (embed)
1037 - iceape <unfixed> (embed)
1038 - insighttoolkit <unfixed> (embed)
1039 - libparagui1.1 <unfixed> (embed)
1040 - paraview <unfixed> (embed)
1041 - poco <unfixed> (embed)
1042 - simgear <unfixed> (embed)
1043 - sitecopy <unfixed> (embed)
1044 - smart 1.0-1 (embed)
1045 [etch] - smart <unfixed> (embed)
1046 - swish-e <unfixed> (embed)
1047 - tla <unfixed> (embed)
1048 - vtk <unfixed> (embed)
1049 - wbxml2 <unfixed> (embed)
1050 - xmlrpc-c <unfixed> (embed)
1051 - iceweasel <unfixed> (embed)
1052 - kompozer <unfixed> (embed)
1053 - vxl <unfixed> (embed)
1054 - xulrunner <unfixed> (embed)
1055 - apache2 2.2 (embed)
1056 - texlive-bin <unfixed> (embed) [included twice]
1057 - vnc4 <unfixed> (embed)
1058 - xotcl <unfixed> (embed)
1059
1060 xerces-c
1061 - xerces-c2 <unfixed> (old-version)
1062 - xerces27 <removed> (old-version)
1063
1064 md5 (RSA's version; not the gnu version provided by coreutils)
1065 - w3c-libwww <removed> (embed; bug #551942)
1066 [etch] - w3c-libwww <unfixed> (embed; bug #551942) [./modules/md5/*]
1067
1068 enet
1069 - sauerbraten <unfixed> (embed; #497194)
1070
1071 eglibc
1072 - glibc <removed> (old-version)
1073
1074 galib
1075 - gamera 3.2.3-1 (embed)
1076
1077 configobj
1078 - bzr <unfixed> (embed)
1079 - elisa <unfixed> (embed)
1080 - gaupol <unfixed> (embed)
1081 - ipython <unfixed> (embed)
1082 - pida <unfixed> (embed)
1083 - psychopy <unfixed> (embed)
1084 - rest2web <unfixed> (embed)
1085 - auth2db <unknown> (embed)
1086 - dynagen <unknown> (embed)
1087 - iceweasel <unknown> (embed)
1088 - sabnzbdplus <unknown> (embed)
1089 - xulrunner <unknown> (embed)
1090 - nipy <not-affected> (embed) [./examples/neurospin/neurospy/configobj.py]
1091
1092 python-clientform
1093 - bibus <unfixed> (embed)
1094 - zope2.10 <unfixed> (embed)
1095 - zope2.11 <unfixed> (embed)
1096 - python-mechanize <unknown> (embed)
1097 - twill <unknown> (embed)
1098
1099 python-mechanize
1100 - zope2.10 <unfixed> (embed)
1101 - zope2.11 <unfixed> (embed)
1102 - twill <unknown> (embed)
1103
1104 pexpect
1105 - duplicity <unfixed> (embed)
1106 - hplip <unfixed> (embed)
1107 - smart <unfixed> (embed)
1108
1109 pyparsing
1110 - bauble <unfixed> (embed)
1111 - boa-constructor <unfixed> (embed)
1112 - calibre <unfixed> (embed)
1113 - matplotlib <unfixed> (embed)
1114 - zhpy <unfixed> (embed)
1115 - polybori <unknown> (embed)
1116 - python-whoosh <unknown> (embed)
1117 - twill <unknown> (embed)
1118 - zope-textindexng3 <unknown> (embed)
1119
1120 python-pysqlite2
1121 - python2.4 <unfixed> (embed; bug #553403)
1122 - python2.5 <unfixed> (embed; bug #553403)
1123
1124 celementtree
1125 - python2.5 <unfixed> (embed)
1126 - smart 1.0-1 (embed)
1127 [etch] - smart <unfixed> (embed)
1128
1129 elementtree
1130 - python2.5 <unfixed> (embed)
1131 - bzr <unfixed> (embed)
1132 - gedit <unfixed> (embed)
1133 - smart 1.0-1 (embed)
1134 [etch] - smart <unfixed> (embed)
1135 - solfege <unfixed> (embed)
1136 - w3af <unfixed> (embed)
1137 - python-qt4 <unknown> (embed)
1138 - sphinx <unknown> (embed)
1139 - python-nltk <itp> (embed)
1140
1141 python2.5
1142 - python2.4 <unfixed> (old-version)
1143 - jython <unfixed> (embed)
1144 NOTE: embeds many stdlib modules
1145 - python-django <unfixed> (embed)
1146 NOTE: emebeds stdlib modules: doctest, decimal
1147 - gamera 3.2.3-1 (embed)
1148 NOTE: embeds stdlib modules: ConfigParser, optparse, sets, textwrap
1149 - boa-constructor <unfixed> (embed)
1150 NOTE: embeds stdlib modules: ConfigParser
1151 - nicotine <unfixed> (embed)
1152 NOTE: embeds stdlib modules: ConfigParser
1153 - museek+ <unfixed> (embed)
1154 NOTE: embeds stdlib modules: ConfigParser
1155 - vegastrike-data <unfixed> (embed)
1156 NOTE: embeds many stdlib modules
1157 - codespeak-lib <unfixed> (embed)
1158 NOTE: embeds stdlib modules: doctest, optparse, subprocess, textwrap
1159 - config-manager <unfixed> (embed)
1160 NOTE: embeds stdlib modules: optparse
1161 - jhbuild <unfixed> (embed)
1162 NOTE: embeds stdlib modules: optparse, subprocess
1163 - smart <unfixed> (embed)
1164 NOTE: embeds stdlib modules: optparse
1165 - pyprotocols <unfixed> (embed)
1166 NOTE: embeds stdlib modules: doctest
1167 - ruledispatch <unfixed> (embed)
1168 NOTE: embeds stdlib modules: doctest
1169 - distribute <unfixed> (embed)
1170 NOTE: embeds stdlib modules: doctest
1171 - python-setuptools <unfixed> (embed)
1172 NOTE: embeds stdlib modules: doctest
1173 - zope.testing <unfixed> (embed)
1174 NOTE: embeds stdlib modules: doctest
1175 - translate-toolkit <unfixed> (embed)
1176 NOTE: embeds stdlib modules: textwrap, contextlib
1177 - libtpclient-py <unfixed> (embed)
1178 NOTE: embeds stdlib modules: subprocess
1179 - grass <unfixed> (embed)
1180 NOTE: embeds stdlib modules: subprocess
1181 - coherence <unfixed> (embed)
1182 NOTE: embeds stdlib modules: uuid
1183 - python-django-extensions <unfixed> (embed)
1184 NOTE: embeds stdlib modules: uuid
1185 - setroubleshoot <unfixed> (embed)
1186 NOTE: embeds stdlib modules: uuid
1187 - linkchecker <unfixed> (embed)
1188 NOTE: embeds msgfmt.py script
1189 - imdbpy <unfixed> (embed)
1190 NOTE: embeds msgfmt.py script
1191 - kiwi <unfixed> (embed)
1192 NOTE: embeds msgfmt.py script
1193 - moin <unfixed> (embed)
1194 NOTE: embeds msgfmt.py script
1195 - plone3 <unfixed> (embed)
1196 NOTE: embeds msgfmt.py script
1197 - roundup <unfixed> (embed)
1198 NOTE: embeds msgfmt.py script
1199 - rednotebook <unfixed> (embed)
1200 NOTE: embeds msgfmt.py script
1201 - turbogears <unfixed> (embed)
1202 NOTE: embeds msgfmt.py script
1203 - elisa <unfixed> (embed)
1204 NOTE: embeds msgfmt.py script, stdlib modules: uuid
1205 - calibre <unfixed> (embed)
1206 NOTE: embeds msgfmt.py script
1207 - mailman <unfixed> (embed)
1208 NOTE: embeds msgfmt.py script
1209 - python-docutils <unknown> (embed)
1210 NOTE: embeds stdlib modules: optparse, textwrap
1211 - python-imaging <unknown> (embed)
1212 NOTE: embeds stdlib modules: doctest
1213 - python-mechanize <unknown> (embed)
1214 NOTE: embeds stdlib modules: doctest
1215 - twill <unknown> (embed)
1216 NOTE: embeds stdlib modules: subprocess
1217 - zeroc-ice <unknown> (embed)
1218 NOTE: embeds stdlib modules: subprocess
1219 - wxwidgets2.8 <unknown> (embed)
1220 NOTE: embeds stdlib modules: subprocess
1221 - cycle <unknown> (embed)
1222 NOTE: embeds msgfmt.py script
1223 - deluge <unknown> (embed)
1224 NOTE: embeds msgfmt.py script
1225 - opendict <unknown> (embed)
1226 NOTE: embeds msgfmt.py script
1227 - openerp-client <unknown> (embed)
1228 NOTE: embeds msgfmt.py script
1229 - rapidsvn <unknown> (embed)
1230 NOTE: embeds msgfmt.py script
1231 - wammu <unknown> (embed)
1232 NOTE: embeds msgfmt.py script
1233 - gaphor <unknown> (embed)
1234 NOTE: embeds msgfmt.py script
1235 - pida <unknown> (embed)
1236 NOTE: embeds msgfmt.py script
1237 - python-formencode <unknown> (embed)
1238 NOTE: embeds msgfmt.py script
1239
1240 argparse
1241 - twill <unfixed> (embed)
1242 - ipython <unfixed> (embed)
1243
1244 coherence
1245 - elisa <unfixed> (embed)
1246
1247 simpletal
1248 - plastex <unfixed> (embed)
1249
1250 flickrpc (not packaged in Debian, http://burtonini.com/bzr/flickrpc/)
1251 - postr <unfixed> (embed)
1252 - elisa <unfixed> (embed)
1253
1254 simplegeneric (not packaged in Debian, http://pypi.python.org/pypi/simplegeneric)
1255 - apertium-tolk <unfixed> (embed)
1256 - ipython <unfixed> (embed)
1257 - virtaal <unfixed> (embed)
1258
1259 distribute
1260 - setuptools <removed> (old-version)
1261
1262 rails
1263 - jruby1.2 <unfixed> (embed) [./bench/rails/*]
1264 - libgettext-ruby <unfixed> (embed) [./samples/rails/*]
1265 - libopenid-ruby <unfixed> (embed) [./examples/rails_openid/*]
1266 - thin <unfixed> (embed) [./spec/rails_app/*]
1267 NOTE: this is a subdirectory of examples, which in general is a non-issue, but may
1268 NOTE: be dangerous if developers are naively basing their code off of the examples
1269 NOTE: prototype.js is among the example files
  ViewVC Help
Powered by ViewVC 1.1.5