/[secure-testing]/data/embedded-code-copies
ViewVC logotype

Contents of /data/embedded-code-copies

Parent Directory Parent Directory | Revision Log Revision Log

Revision 13592 - (show annotations) (download)
Fri Dec 18 17:31:26 2009 UTC (3 years, 5 months ago) by jmm-guest
File size: 45450 byte(s) 
* libaws code copy fixed
* puppet fixed
* more ltdl updates
* mark css/history issue as unimportant
* mark further expat issues w/o security impact as unimportant
* xfs fixed
* fix srcpkg name of kpdf, fixed in 4.0 by switch to Okular
1 Embedded code copies
2 ====================
3
4 This file collects source packages that embed code from other projects.
5 This is considered bad for fixing security flaws because the fix needs
6 to be applied in multiple source packages.
7
8 Format:
9 <srcpkg> (<optional comment about srcpkg>)
10 - <embedding srcpkg> <status> (<sort>; bug #<number>)
11 NOTE: optional comments about the linkage of the embedding srcpkg
12
13 status: version number fixing the embedded copy, <unfixed>, <removed>,
14 <itp>, <not-affected>, <unknown> if the version number can not
15 be determined, or <unfixable> for unavoidable cases (e.g., forks
16 that add real value)
17 sort: static (linking statically against a lib)
18 embed (embedding a copy of the library into another source package)
19 fork (the package is not just embedding code but it is a fork and
20 thus might share parts of the source code)
21 old-version (the package is an older version of essentially
22 the same code)
23
24 The srcpkg might be some string to identify the code if there is no
25 specific source package.
26
27 Everything up to the next line is ignored.
28 ---BEGIN
29 xpdf (some srcpkgs use xpdf2 code, some xpdf3 code)
30 NOTE: Fixed packages link to poppler library unless otherwise noted
31 - pdftohtml <unknown>
32 [sarge] - pdftohtml <unfixed>
33 [etch] - pdftohtml <unfixed>
34 NOTE: has been replaced by poppler-utils
35 - kdegraphics 4:4.2.2-1 (embed; bug #436164)
36 - texlive-base 3.0-12 (embed)
37 - texlive-bin 2007-1 (embed)
38 NOTE: links to poppler
39 - koffice <unfixed> (embed; bug #436163)
40 - libextractor 0.5.12-1 (embed)
41 NOTE: libextractor is using its own pdf decoder now
42 - ipe <unfixed> (embed)
43 NOTE: embeds small parts with renamed source files: ipestdfonts.cpp, ipefonts.cpp, ipedct.cpp
44 - ruby-gnome2 <unknown> (embed)
45 NOTE: copy only present in source but links to poppler
46 - pdfedit <unfixed> (embed; bug #510794)
47 - swftools <unfixed> (embed; bug #551293)
48 - poppler <unfixable> (fork)
49
50 ppmd
51 - libcomplearn-mod-ppmd <unfixed> (fork)
52 NOTE: discussion in #458152
53
54 libevent
55 - transmission 1.71-1 (embed; bug #529372)
56
57 lrmi
58 - read-edid 2.0.0-1 (embed; bug #495131)
59 - s3switch <unfixed> (embed)
60 - xresprobe <unfixed> (embed)
61 - zhcon <unfixed> (embed)
62
63 peercast
64 - gnome-peercast <removed> (embed)
65 [etch] - gnome-peercast <unfixed> (embed)
66
67 silc-toolkit
68 - silc-client 1.1~beta6-1 (embed)
69
70 icclib
71 - ghostscript <unfixed> (embed)
72 - argyll <unfixed> (embed)
73
74 dietlibc
75 - ccontrol 0.9.1+20071204-1 (static)
76
77 libmikmod
78 - sdl-mixer1.2 <unfixed> (embed)
79 TODO: report bug
80
81 libiax
82 - iaxmodem <unfixable> (embed; bug #548885)
83
84 spandsp
85 - iaxmodem <unfixable> (embed; bug #548885)
86
87 zlib (lots of apps embed a copy, but link dynamically, but there are a few exceptions)
88 - dpkg <unfixed> (static)
89 NOTE: see 18196.48620.491996.624772@davenant.relativity.greenend.org.uk on debian-devel for discussion
90 - rsync <unfixed> (embed)
91 NOTE: somehow derived code base
92 - mono <unfixed> (embed)
93 TODO: check mozilla
94 - Linux kernels <unfixed> (embed)
95 - pvpgn 1.7.8-2 (embed)
96 - mrtg 2.12.2-1 (embed)
97 - rpm <unknown> (embed)
98 NOTE: pinged anibal since when rpm was fixed
99 - tuxcmd-modules <unfixed> (embed)
100 - zsync <unfixed>
101 - tra <unfixed>
102 - sash <unfixed>
103 - nsis <unfixed>
104 - mseide-msegui <unfixed>
105 NOTE: mseide
106 - mirrordir <unfixed>
107 - poco <unfixed>
108 - klibc <unfixed>
109 - ghostscript <unfixed>
110 - freeimage <unfixed>
111 - clamav <unfixed> (fork)
112 NOTE: from the changelog: "libclamav6 does indeed duplicate parts of the zlib code, but there is not way around that"
113 - tuxonice-userui <unfixed>
114 - plt-scheme <unfixed>
115 - perl <unfixed>
116 - paraview <unfixed>
117 - gcvs <unfixed>
118 - dump <unfixed>
119 - aide <unfixed> (static)
120 - dar <unfixed> (static)
121 - avfs <unfixed>
122 - fpc <unfixed>
123 - winff <unfixed>
124 NOTE: inherited from fpc, see #472304
125 - lazarus <unfixed>
126 NOTE: inherited from fpc, see #472304
127 - erlang <unfixed> (embed)
128 - gamera 3.2.3-1 (embed)
129 - python2.4 <unfixed> (embed; bug #553403)
130 - python2.5 <unfixed> (embed; bug #553403)
131
132 dulwich
133 - hg-git 0.1.0-1 (embed; bug #541996)
134
135 libvigraimpex
136 - hugin <unfixed> (embed; bug #542259)
137 - enblend-enfuse <unfixed> (embed; bug #542258)
138 - gamera 3.2.3-1 (embed)
139
140 libbz2
141 - dpkg <unfixed> (static)
142
143 libgadu
144 - centerim <unfixed> (embed; bug #559783)
145 - pidgin <not-affected> (links dynamically since initial release; fixed in gaim)
146 - gaim 1:2.0.0+beta3-3 (embed; bug #360280)
147 - kdenetwork 4:3.3.2-5 (embed)
148 NOTE: from kdenetwork: kopete
149 - ekg 1:1.8~rc0-1 (embed)
150 - kadu 0.6.0.2-3 (embed; bug #504430)
151 - gadu <itp> (embed)
152
153 xmlrpc (which package is the "origin" of this code?)
154 - drupal <unfixed> (embed)
155 - phpgroupware <unfixed> (embed)
156 - egroupware <unfixed> (embed)
157 - phpwiki <unfixed> (embed)
158 - php4 <unfixed> (embed)
159 TODO: check, php-pear, IIRC this was reorganized some weeks ago?
160
161 shtool (affects build-time only)
162 - mysql-ocaml <unfixed> (embed)
163 - php4 <unfixed> (embed)
164
165 iceape
166 - iceweasel <unfixed> (fork)
167 - icedove <unfixed> (fork)
168 - xulrunner <unfixed> (fork)
169 - kompozer <unfixed> (embed; bug #532168)
170 - galeon <unfixed> (fork)
171 - epiphany-browser <unfixed> (fork)
172 - conkeror <unfixed> (fork)
173 - kazehakase <unfixed> (fork)
174
175 xli
176 - xloadimage <unfixed> (embed)
177
178 lesstif (beware: two different lesstif APIs supported in one package, MOTIF 1.2 discarded upstream)
179 - openmotif <unfixed> (embed)
180 - libxpm <unfixed> (embed)
181
182 kerberized apps with BSD origin
183 - krb4 <removed> (embed)
184 - krb5 <unfixed> (embed)
185 - heimdal <unfixed> (embed)
186
187 grip (which pkg is the origin?)
188 - libcdaudio <unfixed>
189 - grip <unfixed>
190 - gnome-vfs <unfixed>
191 TODO: check vfs2 as well
192
193 fudforum
194 [etch] - phpgroupware <unfixed> (embed)
195 NOTE: phpgroupware-fudforum
196 [sarge] - egroupware-fudforum <removed> (embed)
197
198 libbsd
199 - rdate 1:1.2-3 (embed)
200 - atheme-services <unfixed>
201 - libbsd-arc4random-perl <unfixed>
202 - isakmpd <unfixed>
203 - bsdgames <unfixed> (embed)
204 - bsd-mailx <unfixed> (embed)
205 - netcat-openbsd <unfixed> (embed; bug #550611)
206 - openssh <unfixed> (embed)
207 - unworkable <unfixed> (embed)
208
209 cvs
210 - gcvs <unfixed> (embed)
211 NOTE: see cvsunix/src in tarball
212
213 pcre3
214 - php4 <unknown> (embed)
215 - analog 2:5.23-0woody1 (embed)
216 - goffice <unfixed> (embed)
217 NOTE: libgoffice-*
218 - vfu 4.06-4.1 (embed; bug #450754)
219 - tf5 5.0beta7-1 (embed)
220 - monotone 0.43-1 (embed)
221 NOTE: this only affects versions >= 0.37
222 - glib2.0 2.15.2-1 (embed)
223 - apache2 2.0.53-4 (embed)
224 - exim4 4.10-0.srh20.12 (embed)
225 - yacas <unfixed> (embed)
226 NOTE: <= 1.0.x; is using pcre to scan text, can execute shell commands via the syntax anyway
227 - gtamsanalyzer.app 0.42-5 (embed)
228 - tin 980117-1 (embed)
229 - kazehakase 0.5.2-1
230 - webkit 1.0.1-1 (embed)
231 - qt4-x11 <unfixed> (embed)
232 NOTE: embedded via webkit copy
233 - erlang <unfixed> (embed)
234
235 tiff
236 - wxwindows2.4 2.2.1 (embed)
237 - gamera 3.2.3-1 (embed)
238
239 uudeview
240 - libconvert-uulib-perl <unfixed> (embed)
241 - pan <unfixed> (embed)
242
243 sqlite (not affected by security vulnerabilities so far)
244 - amarok <unfixed> (embed)
245 - monotone 0.43-1 (embed)
246 - iceweasel <unfixed> (embed)
247 - heimdal <unfixed> (embed; bug #559616)
248
249 util-linux/mount
250 - loop-aes-utils <unfixed> (embed)
251 NOTE: contains code from util-linux' mount in the mount-aes-udeb
252
253 sylpheed
254 - sylpheed-claws <unfixed> (fork)
255
256 phpsysinfo
257 - egroupware <unfixed> (embed)
258 - phpgroupware <unfixed> (embed)
259
260 phpldapadmin
261 [sarge] - egroupware <unfixed> (embed)
262 NOTE: removed from egroupware after sarge
263
264 chmlib
265 - kchmviewer <unknown> (embed)
266
267 ffmpeg (libavcodec/libavformat)
268 - mplayer 1.0~rc2-14 (embed; bug #395252)
269 - kino 1.0.0-1
270 - vlc <not-affected> (Links dynamically since initial release)
271 - smilutils 0.3.0-10
272 NOTE: smilutils likely fixed earlier, marking Etch's version as fixed
273 - motion 3.1.19-1
274 - gstreamer0.10-ffmpeg 0.10.3-2
275 - xmovie <removed> (static)
276 TODO: gimp-gap (potentially using ffmpeg code as well)
277 - avifile 1:0.7.48~20090503.ds-1 (embed; bug #538750)
278 - audacity 1.3.7-2 (embed; bug #512278)
279
280 faad2
281 - mplayer 1.0~rc2-20 (embed)
282 - avifile <unfixed> (embed; bug #538750)
283 - ffmpeg-debian <removed> (old-version)
284
285 libmad (MPEG decoding lib)
286 - xine-lib <unfixed> (embed)
287 - avifile 1:0.7.48~20090503.ds-1 (embed) [./plugins/libmad/*]
288 TODO: check ocaml-mad, madplay, pymad, xmms-mad, xmms2
289
290 libdts
291 - xine-lib <unfixed> (embed)
292
293 flac
294 - xine-lib <unfixed> (embed)
295
296 liba52
297 - a52dec <unfixed> (embed)
298 - xine-lib <unfixed> (embed)
299
300 libmpeg2
301 - mpeg2dec <unfixed> (embed)
302 - xine-lib <unfixed> (embed)
303
304 libntlm
305 - wget <unfixed> (fork; bug #550436)
306 - curl <unfixed> (fork; bug #550437)
307 - cntlm <unfixed> (fork; bug #550438)
308
309 uw-imap
310 - pine <unfixed> (embed)
311 - alpine <unfixed> (embed)
312
313 imagemagick
314 - graphicsmagick <unfixed> (fork)
315
316 python-urlgrabber
317 - mercurial <unfixed> (embed; bug #531062)
318 - w3af <unfixed> (embed; bug #555372)
319 [experimental] - harvestman <unfixed> (embed; bug #555373)
320
321 beautifulsoup
322 - python-mechanize <unfixed> (embed; bug #555349)
323 - zope2.11 <unfixed> (embed; bug #555350)
324 - twill <unknown> (embed)
325
326 halibut
327 - nsis <unfixed> (fork)
328
329 libghttp
330 - hotway <unfixed> (embed)
331
332 libsndfile
333 - ardour 1:2.7.1-1 (embed)
334
335 glibmm2.4
336 - ardour 1:2.7.1-1 (embed)
337
338 libgnomecanvasmm2.6
339 - ardour 1:2.7.1-1 (embed)
340
341 libsigc++-2.0
342 - ardour 1:2.7.1-1 (embed)
343
344 soundtouch
345 - ardour 1:2.7.1-1 (embed)
346
347 libmms
348 - xine-lib <unfixed> (embed)
349 - mimms <unfixed> (embed)
350
351 fckeditor
352 - knowledgeroot 0.9.8.5-3 (embed; bug #461555)
353 - moin 1.8.2-2 (embed; bug #452599)
354 - karrigell <removed> (embed; bug #452598)
355 - gforge 4.6.99+svn6225-1 (embed)
356 - request-tracker3.8 <unfixed> (embed)
357
358 ipatlas (not packaged in Debian)
359 - moodle <unfixed> (embed; bug #507185)
360
361 libphp-phpmailer
362 - moodle <unfixed> (embed; bug #507185)
363 - mahara <unfixed> (embed)
364 - symfony <unfixed> (embed)
365 [etch] - phpgroupware <unfixed> (embed)
366 NOTE: phpgroupware-felamimail is only in etch
367 - egroupware <unfixed> (embed; bug #504283)
368 - glpi <unfixed>
369
370 htmlArea (not packaged in Debian)
371 - moodle <unfixed> (embed)
372
373 giflib
374 - wine <unfixed> (embed; bug #466181)
375
376 bennu (not packaged in Debian, http://bennu.sourceforge.net)
377 - moodle <unfixed> (embed)
378
379 smarty
380 - moodle 1.8.2-2 (embed; bug #471158)
381 - gallery2 2.2.5-2 (embed; bug #471160)
382 - mahara 0.9.2-2 (embed; bug #471201)
383 - gosa 2.4beta1-1 (embed; bug #471200)
384
385 TinyMCE
386 - wordpress 2.5.1-3 (embed; bug #478257)
387 - moodle <unfixed> (embed; bug #507185)
388 - knowledgeroot <unfixed> (embed)
389 - joomla <itp> (bug #326398)
390
391 scintilla (upstream provides static lib, rejected shared lib http://sf.net/support/tracker.php?aid=2488121)
392 - scite <unfixed> (embed)
393 - qscintilla <unfixed> (embed)
394 - qscintilla2 <unfixed> (embed)
395 - geany <unfixed> (fork)
396 - anjuta <unfixed> (embed)
397
398 libphp-adodb
399 - moodle <unfixed> (embed; bug #507185)
400 NOTE: also AdoDB-XML Schema
401 - gallery2 <unfixed> (embed)
402 - phppgadmin <unfixed> (embed)
403 - egroupware <unfixed> (embed)
404 - phpwiki <unfixed> (embed)
405 - torrentflux 2.0beta1-2 (embed)
406 - ipplan <unfixed> (embed)
407 - typo3-src <unfixed> (embed)
408 - cacti <unknown> (embed)
409 [sarge] - cacti <unfixed> (embed)
410 NOTE: dependency exists, but internal version is used
411 - gforge 4.7~rc2-6 (embed)
412 - mahara <unfixed> (embed)
413
414 gzip
415 - linux-kernel <unfixed> (embed)
416 NOTE: lib/inflate.c
417 - klibc <unfixed> (embed)
418 NOTE: based on linux-kernel gzip code
419 - busybox <unfixed> (embed)
420
421 neon
422 - cadaver 0.22.3+debian-1 (embed; bug #188381)
423 - gnome-vfs2 <unfixed> (embed; bug #395874)
424 [etch] - litmus <unfixed> (embed; #395875)
425 - litmus <removed> (embed; #395875)
426 [sarge] - screem <unfixed> (embed)
427 - sitecopy 1:0.16.0-1 (embed; bug #395876)
428 [etch] - tla <unfixed> (embed; bug #395877)
429 [sarge] - tla <unfixed> (embed; bug #395877)
430
431 libmodplug
432 - gst-plugins-bad0.10 <unfixed> (embed)
433
434 libvncserver
435 - vino <unfixed> (embed)
436
437 putty
438 - filezilla <unfixed> (embed)
439
440 tinyxml (not packaged in Debian; itp bug #531968)
441 - filezilla <unfixed>
442 - crystalspace <unfixed> (embed)
443 - libwfut <unfixed> (embed)
444 - rarian <unfixed> (embed)
445 - bulletml <unfixed> (embed)
446 - pokerth <unfixed> (embed)
447 - qutecom <unfixed> (embed)
448 - sofa-framework <unfixed> (embed)
449 - yate <unfixed> (embed)
450 - antigrav <unfixed> (embed)
451 - balder2d <unfixed> (embed)
452 - cal3d <unfixed> (embed)
453 - criticalmass <unfixed> (embed)
454 - ember <unfixed> (embed)
455 - epiphany <unfixed> (embed)
456 - gambit <unfixed> (embed)
457 - noiz2sa <unfixed> (embed)
458 - ogre <unfixed> (embed)
459 - opencity <unfixed> (embed)
460 - openmovieeditor <unfixed> (embed)
461 - pouetchess <unfixed> (embed)
462 - tecnoballz <unfixed> (embed)
463 - trigger-rally <unfixed> (embed)
464 - xmoto <unfixed> (embed)
465 - mapnik <unknown> (embed)
466 NOTE: uses a different XML parser by default
467 - rrootage 0.23a-6 <embed>
468 NOTE: links to libbulltetml
469 - boson <unknown> (embed)
470 NOTE: the embedded code is unused
471
472 gv
473 - evince <unfixed> (embed)
474 NOTE: ps/ tree from gv 3.5.8
475 NOTE: evince-gtk is affected (a component of evince source package)
476
477 libXbae
478 - paw <removed> (embed)
479 [etch] - paw <unfixed> (embed)
480
481 libgtkhtml
482 - claws-mail-extra-plugins <unfixed> (fork)
483
484 libXaw
485 - paw <removed> (embed)
486 [etch] - paw <unfixed> (embed)
487 NOTE: I plan to deal with the above two cases after Etch release. -- KevinMcCarty
488
489 libgd2
490 - graphviz <unfixed> (embed)
491 NOTE: lib/gd seems to be 2.0.33
492 - wml <unfixed> (embed)
493 - libwmf <unfixed> (embed)
494 NOTE: derived from gd 1.6.3
495
496 rar
497 - unrar-nonfree <unfixed> (embed)
498
499 unrar-free (maybe this code is derived from the original rar, too?)
500 - clamav <unfixed> (embed)
501 NOTE: seems to be disabled in default config
502
503 mplayer (DirectMedia Object loader)
504 - xine-lib <unfixed> (embed)
505 NOTE: src/libw32dll/
506 - vlc <unfixed> (embed)
507 NOTE: modules/codec/dmo/
508 - mplayer 1.0~rc2-20 (embed)
509
510 libwpd (WordPerfect converter)
511 - openoffice.org <unfixed> (embed)
512
513 fsplib (http://sourceforge.net/projects/fsp/)
514 - gftp <unfixed> (embed)
515 NOTE: lib/fsplib version 0.3
516
517 sprng
518 - tree-puzzle <unfixed> (embed)
519
520 librpcsecgss
521 - krb5 <unfixed> (embed)
522
523 jasper
524 - ghostscript 8.70~dfsg-2+b1 (embed)
525 - ghostscript <unfixed> (static)
526
527 libiris
528 - psi <unfixed> (embed)
529 - kdenetwork <unfixed> (embed)
530 NOTE: kopete embeds libiris but links dynamically to libidn
531 - kdegames <unfixed> (embed)
532 NOTE: ksirk/kde4
533
534 libidn
535 - monotone 0.43-1 (embed)
536 - psi <unfixed> (embed)
537 NOTE: psi embeds libiris which embeds libidn
538 - kdegames <unfixed> (embed)
539 NOTE: kdegames/kde4 embeds libiris which embeds libidn
540
541 liblua
542 - monotone 0.43-1 (embed)
543 - nmap 5.00-1 (embed; bug #527997)
544 [lenny] - nmap <unfixed> (embed; bug #527997)
545 - ocropus <unfixed> (embed)
546 - enigma <unfixed> (embed)
547 NOTE: requires lua built with C++
548 - freeciv <unfixed> (embed)
549
550 libbotan
551 - monotone 0.43-1 (embed)
552
553 NetXX
554 - monotone 0.43-1 (embed)
555
556 libgc
557 - mono <unfixed> (embed)
558
559 lzma
560 - p7zip <unfixed> (embed)
561 - xz-utils <unfixed> (fork)
562
563 lzo
564 - grub2 <unfixed> (embed)
565
566 yassl
567 - mysql-dfsg-5.0 <unfixed> (embed)
568
569 pax code
570 - tar <unfixed> (embed)
571 - cpio <unfixed> (embed)
572
573 t1lib
574 - tetex-bin 2.0.2-1 (embed)
575 - texlive-bin <unknown> (embed)
576
577 guichan
578 - boswars <unfixed> (embed)
579 NOTE: maintainer notified us, working on it
580
581 tolua
582 - boswars <unfixed> (embed)
583 NOTE: maintainer notified us, working on it
584 NOTE: actually tolua++
585 - ocropus <unfixed> (embed)
586 NOTE: actually tolua++
587 - freeciv <unfixed> (embed)
588 NOTE: actually tolua++
589 - enigma <unfixed> (embed)
590
591 asio-dev
592 - luxrender <removed> (embed)
593
594 xine-lib
595 - vlc <unfixed> (embed)
596 NOTE: only parts included in modules/access/rtsp
597
598 netpbm
599 - tcl8.3 <unfixed> (embed)
600 - tcl8.4 <unfixed> (embed)
601 - tcl8.5 <unfixed> (embed)
602 NOTE: generic/tkImgGIF.c
603
604 tk8.5
605 - tk8.0 <removed> (old-version)
606 - tk8.3 <unfixed> (old-version)
607 - tk8.4 <unfixed> (old-version)
608 - perl-tk <unfixable> (fork)
609
610 samba
611 - mc 2:4.6.2~git20080311-1 (embed)
612 NOTE: maintainer is aware of this, currently searching a solution
613
614 plib1.8.4c2
615 - boson <unfixed> (fork)
616 NOTE: embedding the font pieces of plib, based on the header file it is forked, contains "Added by AB for boson." and similar
617
618 fribidi
619 - quesoglc <unfixed> (embed)
620 NOTE: compiled against system fribidi in Debian - embed only used when fribidi is not available on the system
621
622 glew
623 - quesoglc <unfixed> (embed; bug #489341)
624 NOTE: waiting on GLEW_MX version of glew (see bug #474488)
625 - trigger <unfixed> (embed)
626 NOTE: http://lists.debian.org/debian-devel-games/2009/12/msg00007.html
627 - trigger-rally <unfixed> (embed)
628 NOTE: http://lists.debian.org/debian-devel-games/2009/12/msg00007.html
629
630 minorGems (pabs contacted upstream about shared lib, he considers minorGems an 'ever-evolving collection of reusable code fragments' for his own use)
631 - transcend <unfixed> (embed)
632 - cultivation <unfixed> (embed)
633 - passage <unfixed> (embed)
634 - gravitation <unfixed> (embed)
635
636 tar
637 - libarchive <unfixed> (embed)
638 NOTE: FreeBSD tar (tar/bsdtar.c) in libarchive 1.2 and higher. libarchive ends up statically linked into bsdtar executable
639
640 cpio
641 - libarchive <unfixed> (embed)
642 NOTE: cpio included in libarchive 2.2 and higher, but not compiled until libarchive 2.4.11-1 (as bsdcpio package)
643
644 webkit
645 - qt4-x11 <unfixed> (embed; bug #479851)
646 - kdelibs <unfixed> (old-version)
647 - kde4libs <unfixed> (fork)
648
649 ftgl
650 - blender 2.46+dfsg-1 (embed)
651
652 wv
653 - abiword <unfixed>
654
655 qemu
656 - kvm <unfixed> (embed; bug #543159)
657 NOTE: the kvm package will be removed from sid and squeeze soon (after
658 NOTE: which it will only be in experimental). superceded by qemu-kvm.
659 - qemu-kvm <unfixed> (embed; bug #560853)
660 - xen-3 3.4.2-2 (embed; bug #560856)
661 - xen-unstable <unfixed> (embed; bug #560856)
662
663 vgabios
664 - kvm <unfixed> (embed; bug #489442)
665
666 bochs
667 - kvm <unfixed> (embed; bug #489442)
668
669 speex
670 - vorbis-tools <unfixed> (embed)
671 NOTE: while comiled against libspeex-dev, ogg123/speex_format.c is compiled with embedded code copied from speexdec.c
672 - gst-plugins-good0.10 <unfixed> (embed)
673 - xine-lib <unfixed> (embed)
674 - libfishsound <unfixed> (embed)
675 - libannodex <removed> (embed)
676 - vlc <unfixed> (embed)
677 - xmms-speex <unfixed> (embed)
678 - libsdl-sound1.2 <unfixed> (embed)
679 - sweep <unfixed> (embed)
680
681 libreadline
682 - magic <itp> (old-version)
683
684 opcode
685 - ode <unfixed> (embed)
686 NOTE: opcode is not a package in debian, it is just embedded
687 NOTE: http://www.codercorner.com/Opcode.htm
688
689 gimpact
690 - ode <unfixed> (embed)
691 NOTE: gimpact is not a package in debian, it is just embedded
692 NOTE: http://gimpact.sf.net
693
694 mochikit
695 - mahara <unfixed> (embed)
696 NOTE: they require extra patches, still unmerged upstream
697 - ntop <unfixed> (embed)
698 - coherence 0.6.2-1 (embed)
699 - paste <unfixed> (embed)
700 - turbogears <unfixed> (embed)
701 - plone3 <unfixed> (embed)
702 - xulrunner <unfixed> (embed)
703 - libjifty-plugin-chart-perl <unfixed> (embed)
704 - sabnzbdplus <unfixed> (embed)
705 - tgmochikit <unfixed> (embed)
706
707 prototypejs
708 - netbeans-ide 6.0.1+dfsg-2 (embed)
709 - auth2db 0.2.5-2+dfsg-1 (embed; bug #555218)
710 - webcit <unfixed> (embed; bug #555219)
711 - asterisk 1:1.6.2.0~rc3-1 (embed)
712 - libjson-ruby 1.1.4-1 (embed; bug #555224)
713 - lucene2 2.9.1+ds1-2 (embed; bug #555226)
714 - horde3 <unfixed> (embed)
715 - knowledgeroot <unfixed> (embed; bug #555230)
716 - mediatomb <unfixed> (embed; bug #555233)
717 - mt-daapd 0.9~r1696.dfsg-6lenny2 (embed)
718 - ebug-http <unfixed> (embed; bug #555236)
719 - libaws 2.7-1 (embed; bug #555222)
720 - phpgedview <removed> (embed)
721 - poker-network <unfixed> (embed; bug #555238)
722 - rails 2.1.0-6 (embed)
723 - wordpress 2.5.0-2 (embed; bug #555243)
724 - zope <not-affected> (the prototypejs embed is not in any of the obvious zope packages, e.g. zope2.9, zope2.10, zope2.11, and zope3)
725 TODO: search through all of the other zope packages
726 - ampache 3.4.1-2 (embed)
727 - exaile 0.2.14+debian-2.1 (embed; bug #555245)
728 - hobix 0.5~svn20070319-4 (embed; bug #555247)
729 - zabbix 1.6.6-4 (embed; bug #555250)
730 - chora2 <unfixed> (embed; bug #555253)
731 - gollem <unfixed> (embed; bug # 555254)
732 - jscropperui 1.2.1-1 (embed; bug #555257)
733 - scriptaculous <not-affected> (uses system prototype.js since initial upload; bug #555260)
734 - ingo1 <unfixed> (embed; bug #555261)
735 - kronolith2 <unfixed> (embed; bug #555262)
736 - activeldap <unfixed> (embed)
737 - libv8 <not-affected> (contains a google-specific implementation of prototype.js)
738 - mantis <unfixed> (embed; bug #555265)
739 - otrs2 2.3.4-6 (embed; bug #555267)
740 - webcalendar <unfixed> (embed; bug #555269)
741 - redmine 0.9.0~svn2907-1 (embed; bug #555270)
742 - jifty 0.90519-1 (embed; bug #555271)
743 - jquery <unfixed> (embed; bug #555272)
744 - passenger 2.2.5debian1-1 (embed; bug #555273)
745 - plone3 <unfixed> (embed; bug #555275)
746 - wesnoth <not-affected> (prototype.js not included in any of the binary packages; bug #555277)
747 - libhtml-prototype-perl 1.48-3 (embed; bug #538920)
748 - xulrunner <unfixed> (embed)
749 NOTE: included in iceweasel/xulrunner unit tests directory, so may not be security-relevant
750
751 gdb
752 - insight <unfixed> (embed)
753
754 e2fsprogs
755 - ldiskfsprogs <unfixable> (fork)
756
757 quazip (not packaged in Debian)
758 - qcake <unfixed> (embed)
759 NOTE: starting with upstream version 0.6.4
760
761 exo
762 - pcmanfm <unfixed> (embed; bug #499677)
763 NOTE: slightly modified source code
764
765 java
766 - openjdk-6 <unfixed>
767 - sun-java5 <unfixed>
768 - sun-java6 <unfixed>
769
770 libphp-snoopy
771 - ampache 3.4.1-2 (embed; bug #504169)
772 - gforge 4.6.99+svn6094-2 (embed)
773 - mahara 1.0.5-2 (embed; bug #504170)
774 - pixelpost 1.7.1-5 (embed; bug #504171)
775 - mediamate 0.9.3.6-5 (embed; bug #504172)
776 - opendb <removed> (embed; bug #504173)
777 [etch] - opendb <unfixed> (embed; bug #504173)
778 - wordpress 2.5.1-9 (embed; bug #443948)
779 - moodle <unfixed> (embed; bug #507185)
780 [etch] - phpgroupware <unfixed> (embed)
781 NOTE: phpgroupware-felamimail
782 - magpierss 0.72-3 (embed; bug #431089)
783
784 jquery
785 - zekr <unfixed> (embed)
786 - wordpress <unknown> (embed)
787 - yocto-reader <unfixed> (embed)
788 - textpattern <unfixed> (embed)
789 - genshi 0.5.1-1 (embed)
790 NOTE: compressed file under examples/ dir
791 - prewikka <unfixed> (embed)
792 - libramaze-ruby <unfixed> (embed)
793 - drupal5 <unfixed> (embed)
794 - b2evolution <unfixed> (embed)
795 - wesnoth <unfixed> (embed)
796
797 tablesorter (jquery plugin, not packaged yet)
798 - wesnoth <unfixed> (embed)
799
800 kses
801 - wordpress <unfixed> (embed; bug #504242)
802 NOTE: their copy has all methods renamed to wp_<foo>
803 NOTE: kses isn't in Debian, RFP: #504240
804 - moodle <unfixed> (embed; bug #507185)
805 - egroupware <unfixed> (embed)
806
807 magpierss
808 - wordpress <unfixed> (embed; bug #504242)
809 - moodle <unfixed>
810
811 php-gettext
812 - wordpress 2.8.4-1 (embed; bug #504242)
813
814 libphp-ixr (name may change, it is the Incutio XML-RPC)
815 - wordpress <unfixed> (embed; bug #504242)
816 NOTE: libphp-ixr isn't in Debian, RFP: #504236
817 - dokuwiki <unfixed> (embed)
818 - textpattern <unfixed> (embed)
819
820 libphp-cas
821 - glpi <unfixed> (embed)
822 - moodle <unfixed> (embed; bug #505984)
823
824 scriptaculous (prototype.js is among the embeds in the following)
825 - glpi <unfixed> (embed)
826 - libaws <unfixed> (embed; bug #555222)
827 - op-panel <unfixed> (embed)
828 - symfony <unfixed> (embed)
829 NOTE: maintainer says there are extra incompatible changes required
830 - pixelpost 1.7.1-6 (embed)
831 - webhelpers <unfixed> (embed)
832 - qwik <removed> (embed; bug #555241)
833 - smokeping <unfixed> (embed)
834 - turba2 <unfixed> (embed)
835 - typo3-src 4.2.3-1 (embed)
836 - request-tracker3.6 <unfixed> (embed)
837 - request-tracker3.8 <unfixed> (embed)
838 - rt-extension-emailcompletion <not-affected> (prototype.js not included in the binary package)
839 - wordpress 2.5.0-2 (embed)
840 - libhtml-prototype-perl 1.48-3 (embed)
841
842 libmarkdown-php
843 - moodle <unfixed> (embed; bug #507185)
844 - pixelpost 1.7.1-6 (embed)
845
846 php-openid
847 - wordpress-openid <itp> (embed)
848
849 geshi
850 - dokuwiki 0.0.20080505-3.1 (embed)
851 - pgfouine 1.0-1.1 (embed)
852 - websvn 2.1.0-1 (embed)
853
854 webcalendar
855 - gforge 4.7~rc2-6 (embed; bug #504758)
856
857 libical
858 - kdepim <unfixed> (fork)
859 - kdepimlibs <unfixed> (fork)
860 NOTE: fixed in KDE4 post 4.1.x series
861 - claws-mail-extra-plugins <unfixed> (fork)
862
863 libltdl3
864 - kdelibs <unfixed> (embed)
865 NOTE: it's been said it sets RT_GLOBAL (or something like that) at runtime and version in experimental of libltdl can optionally set it
866 - synfig <unfixed> (embed)
867
868 harfbuzz
869 - qt4-x11 <unfixed> (embed)
870
871 libzip
872 - php5 <unfixed> (fork)
873 - odt2txt <unfixed> (embed; bug #523808)
874
875 json.php (not packaged; should be replaced with php's built-in functions)
876 - moodle <unfixed>
877 - yui <unfixed>
878 - gallery2 <unfixed>
879 - dokuwiki <unfixed>
880 - typo3-src <unfixed>
881
882 php-fpdf
883 - tcpdf <itp> (fork)
884 - moodle <unfixed>
885 - phpwiki <unfixed>
886 - egroupware <unfixed>
887 - ldap-account-manager <unfixed> (fork)
888
889 tcpdf (itp: #495985)
890 - moodle <unfixed>
891 - phpmyadmin <unfixed>
892
893 typo3
894 - moodle <unfixed>
895
896 spreadsheet_writeexcel (PHP port of libspreadsheet-writeexcel-perl; itp: #487557)
897 - moodle <unfixed>
898 - gosa <unfixed>
899
900 php-ole (itp: #487558)
901 - moodle <unfixed>
902
903 pieforms (http://www.catalyst.net.nz)
904 - mahara <unfixed>
905
906 savant2 (http://phpsavant.com)
907 - egroupware <unfixed>
908
909 rssparser (http://nwow.org)
910 - egroupware <unfixed>
911 - phpgroupware <unfixed>
912
913 lcms
914 - openjdk-6 <unfixed> (fork)
915
916 libphp-phplayersmenu
917 - diogenes <unfixed>
918 - phpldapadmin <unfixed>
919
920 libphp-pclzip
921 - docvert <unfixed>
922 - moodle <unfixed>
923 - egroupware <unfixed>
924
925 libphp-simplepie
926 - dokuwiki <unfixed>
927
928 libphp-jpgraph
929 - egroupware <unfixed>
930
931 php-simpletest
932 - moodle <unfixed>
933
934 libpng
935 - iceweasel <not-affected> (uses xulrunner)
936 - icedove 1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1, 2.0.0.19-1 (embed)
937 - iceape 1.0.13~pre080614i-0etch1 (embed)
938 - xulrunner 1.9.0.13-1 (embed)
939 [lenny] - xulrunner 1.9.0.11-0lenny1
940 [etch] - xulrunner 1.8.0.15~pre080614i-0etch1 (embed)
941 - gamera 3.2.3-1 (embed)
942
943 irssi
944 - silc-client <unfixed> (embed)
945 NOTE: Seems to be a pre-0.8.12 version that is used in irssi-plugin-silc
946
947 extc
948 - mtasc <unfixed> (embed)
949 - haxe <unfixed> (embed)
950
951 swflib
952 - mtasc <unfixed> (embed)
953 - haxe <unfixed> (embed)
954
955 libitext-java
956 - bouncycastle 2.1.4-1 (embed)
957
958 python-ply
959 - pyke <unfixed> (embed; bug #555363)
960 - pywbem <unfixed> (embed; bug #555364)
961 - sepolgen <unfixed> (embed; bug #555365)
962 - zope-textindexng3 <unknown> (embed)
963 - iceweasel <not-affected> (uses xulrunner)
964 - xulrunner <unknown> (embed)
965 - wireshark <not-affected> (python-ply modules are not installed into binary packages; see #554613)
966
967 libdumbnet (libdnet upstream)
968 - nmap <unfixed> (fork)
969
970 gcc-4.4
971 - gcc-mingw32 <unfixed> (embed)
972
973 camlimages
974 - advi <unfixed> (static; bug #550441)
975
976 memcached
977 - memcachedb <unfixed> (embed)
978
979 yajl
980 - argyll <unfixed> (embed; bug #544223)
981 NOTE: reference, confirmed by build logs: http://lists.debian.org/debian-mentors/2009/08/msg00062.html
982
983 nusoap
984 - gforge 4.8.2-1 (embed)
985
986 libept
987 - adept <unfixed> (embed; bug #540649)
988
989 libvorbis
990 - iceweasel <not-affected> (uses xulrunner)
991 - xulrunner <unfixed> (embed; bug #540959)
992 [etch] - xulrunner <not-affected> (introduced in firefox 3.5)
993 [lenny] - xulrunner <not-affected> (introduced in firefox 3.5)
994 - iceape <unfixed> (embed)
995 [etch] - iceape <not-affected> (introduced in 2.0)
996 [lenny] - iceape <not-affected> (introduced in 2.0)
997
998 cairo
999 - iceweasel <not-affected> (uses xulrunner)
1000 - xulrunner 1.8.0.15~pre080614i-0etch1 (embed)
1001
1002 liboggz
1003 - iceweasel <not-affected> (uses xulrunner)
1004 - xulrunner <unfixed> (embed; bug #540959)
1005 [etch] - xulrunner <not-affected> (introduced in firefox 3.5)
1006 [lenny] - xulrunner <not-affected> (introduced in firefox 3.5)
1007 - iceape <unfixed> (embed)
1008 [etch] - iceape <not-affected> (introduced in 2.0)
1009 [lenny] - iceape <not-affected> (introduced in 2.0)
1010
1011 liboggplay
1012 - iceweasel <not-affected> (uses xulrunner)
1013 - xulrunner <unfixed> (embed; bug #540959)
1014 [etch] - xulrunner <not-affected> (introduced in firefox 3.5)
1015 [lenny] - xulrunner <not-affected> (introduced in firefox 3.5)
1016 - iceape <unfixed> (embed)
1017 [etch] - iceape <not-affected> (introduced in 2.0)
1018 [lenny] - iceape <not-affected> (introduced in 2.0)
1019
1020 php-net-dnsbl
1021 - serendipity <unfixed> (embed)
1022
1023 php-onyx-rss
1024 - serendipity <unfixed> (embed)
1025
1026 php-text-wiki
1027 - serendipity <unfixed> (embed)
1028
1029 php-xml-rpc
1030 - serendipity <unfixed> (embed)
1031
1032 polarssl (does not have a shared library)
1033 - pdkim <itp> (embed; bug #543150)
1034 - xyssl <unfixed> (old-version)
1035
1036 pidgin
1037 - gaim <removed> (old-version)
1038 - qutecom <unfixed> (embed; bug #559785)
1039
1040 icu
1041 - webkit 1.0.1-1 (embed; bug #547214)
1042 - texlive-bin <unfixed> (fork)
1043 NOTE: texlive upstream working with icu upstream to merge their changes
1044
1045 cyrus-imapd-2.2
1046 - kolab-cyrus-imapd <unfixed> (fork)
1047 - dovecot 1:1.2.1-1 (embed) [/dovecot-sieve/src/libsieve/*]
1048
1049 python-cxx-dev
1050 - freecad 0.9.2646.3-1 (embed; bug #547936)
1051
1052 zipios++
1053 - freecad 0.9.2646.3-1 (embed; bug #547941)
1054 - enigma 0.92.3-3 (embed)
1055 NOTE: likely fixed earlier, marking etch's version as fixed
1056
1057 linux-2.6
1058 - kvm <unfixed> (embed; bug #549973) [./kernel/*]
1059 - linux-kbuild-2.6 <unfixed> (embed; bug #550379) [./kbuild/*]
1060 - kernel-source-2.6.8 <removed> (old-version)
1061 - kernel-source-2.4.27 <removed> (old-version)
1062 - kernel-source-2.4.24 <removed> (old-version)
1063 - kernel-source-2.2.25 <removed> (old-version)
1064 - kernel-source-2.2.20 <removed> (old-version)
1065
1066 libfdt (not yet packaged separately for debian; http://www.jdl.com/software/)
1067 - kvm <unfixed> (embed) [./libfdt/*]
1068
1069 qweb (not packaged)
1070 - ajaxterm <unfixed>
1071
1072 opensaml2
1073 - opensaml <removed> (old-version)
1074
1075 shibboleth-sp2
1076 - shibboleth-sp <removed> (old-version)
1077
1078 tuxonice-userui
1079 - suspend2-userui <removed> (old-version)
1080
1081 expat
1082 - w3c-libwww <removed> (embed; bug #551941)
1083 [etch] - w3c-libwww <unfixed> (embed; bug #551941) [./modules/expat/*]
1084 - python-xml <unfixed> (embed; bug #551940) [./extensions/expat/*]
1085 - python2.5 <unfixable> (embed; bug #553403) [./Modules/expat/*]
1086 - python2.4 <unfixable> (embed; bug #553403)
1087 - python-4suite <unfixed> (embed; bug #516935)
1088 - wxwindows2.4 <removed> (embed)
1089 - wxwidgets2.6 2.6.3.2.2-4 (embed)
1090 - wxwidgets2.8 2.8.10.1-2 (embed)
1091 - celementtree 1.0.5-8 (embed)
1092 NOTE: Maybe that was fixed even earlier
1093 - audacity 1.3.2-1 (embed)
1094 - matanza <unfixed> (embed)
1095 - tdom <unfixed> (embed)
1096 - udunits <unfixed> (embed)
1097 - apr-util 1.2 (embed)
1098 - ayttm <unfxed> (embed; bug #561006)
1099 - cableswig <unfixed> (embed)
1100 - cadaver <unfixed> (embed)
1101 - cmake 2.6.0-6 (embed)
1102 - coin3 <unfixed> (embed)
1103 - gdcm 2.0.14-2 (embed)
1104 - ghostscript <unfixed> (embed)
1105 - grmonitor <unfixed> (embed)
1106 - iceape <unfixed> (embed)
1107 - insighttoolkit 3.16.0-1 (embed)
1108 NOTE: insighttoolkit might've been fixed earlier
1109 - libparagui1.1 <unfixed> (embed)
1110 - paraview <unfixed> (embed)
1111 - poco <unfixed> (embed)
1112 - simgear <unfixed> (embed)
1113 - sitecopy 1:0.16.0-1
1114 - smart 1.0-1 (embed)
1115 - swish-e <unfixed> (embed)
1116 - tla <unfixed> (embed)
1117 - vtk <unfixed> (embed)
1118 - wbxml2 <unfixed> (embed)
1119 - xmlrpc-c <unfixed> (embed)
1120 - iceweasel <unfixed> (embed)
1121 - kompozer <unfixed> (embed)
1122 - vxl 1.13.0-2 (embed)
1123 - xulrunner <unfixed> (embed)
1124 - apache2 2.2 (embed)
1125 - texlive-bin <unfixed> (embed) [included twice]
1126 - vnc4 <unfixed> (embed)
1127 - xotcl <unfixed> (embed)
1128
1129 xerces-c
1130 - xerces-c2 <unfixed> (old-version)
1131 - xerces27 <removed> (old-version)
1132
1133 md5 (RSA's version; not the gnu version provided by coreutils)
1134 - w3c-libwww <removed> (embed; bug #551942)
1135 [etch] - w3c-libwww <unfixed> (embed; bug #551942) [./modules/md5/*]
1136
1137 enet
1138 - sauerbraten <unfixed> (embed; #497194)
1139
1140 eglibc
1141 - glibc <removed> (old-version)
1142
1143 galib
1144 - gamera 3.2.3-1 (embed)
1145
1146 configobj
1147 - bzr <unfixed> (embed; bug #555336)
1148 - elisa <unfixed> (embed; bug #555337)
1149 - gaupol <unfixed> (embed; bug #555338)
1150 - ipython <unfixed> (embed; bug #555339)
1151 - pida <unfixed> (embed; bug #555340)
1152 - psychopy <unfixed> (embed; bug #555341)
1153 - rest2web <unfixed> (embed; bug #555342)
1154 - auth2db <unknown> (embed)
1155 - dynagen <unknown> (embed)
1156 - iceweasel <unknown> (embed)
1157 - sabnzbdplus <unknown> (embed)
1158 - xulrunner <unknown> (embed)
1159 - nipy <not-affected> (part of an example [/examples/neurospin/neurospy/configobj.py], which is not installed into binary packages)
1160
1161 python-clientform
1162 - bibus <unfixed> (embed; bug #555332)
1163 - zope2.10 <unfixed> (embed; bug #555333)
1164 - zope2.11 <unfixed> (embed; bug #555334)
1165 - python-mechanize <unknown> (embed)
1166 - twill <unknown> (embed)
1167
1168 python-mechanize
1169 - zope2.10 <unfixed> (embed; bug #555337)
1170 - zope2.11 <unfixed> (embed; bug #555338)
1171 - twill <unknown> (embed; bug #555339)
1172
1173 pexpect
1174 - duplicity 0.6.06-1 (embed; bug #555361)
1175 - hplip <unfixed> (embed; bug #555362)
1176 - smart <unfixed> (embed; bug #555363)
1177
1178 pyparsing
1179 - bauble <unfixed> (embed; bug #555366)
1180 - boa-constructor 0.6.1-8 (embed; bug #555367)
1181 - calibre <unfixed> (embed; bug #555368)
1182 - matplotlib <unfixed> (embed; bug #531024)
1183 - zhpy <unfixed> (embed; bug #555370)
1184 - polybori <unknown> (embed)
1185 - python-whoosh <unknown> (embed)
1186 - twill <unknown> (embed)
1187 - zope-textindexng3 <unknown> (embed)
1188
1189 python-pysqlite2
1190 - python2.4 <unfixed> (embed; bug #553403)
1191 - python2.5 <unfixed> (embed; bug #553403)
1192
1193 celementtree
1194 - python2.5 <unfixed> (embed)
1195 - smart 1.0-1 (embed)
1196 [etch] - smart <unfixed> (embed)
1197
1198 elementtree
1199 - python2.5 <unfixed> (embed)
1200 - bzr <unfixed> (embed; bug #555343)
1201 - gedit 2.28.2-1 (embed; bug #555344)
1202 - smart 1.0-1 (embed)
1203 [etch] - smart <unfixed> (embed)
1204 - solfege <unfixed> (embed; bug #555345)
1205 - w3af <unfixed> (embed; bug #555346)
1206 - python-qt4 <unknown> (embed)
1207 - sphinx <unknown> (embed)
1208 - python-nltk <itp> (embed)
1209
1210 python2.5
1211 - python2.4 <unfixed> (old-version)
1212 - jython <unfixed> (embed)
1213 NOTE: embeds many stdlib modules
1214 - python-django <unfixed> (embed; bug #555419)
1215 NOTE: embeds stdlib modules: doctest, decimal
1216 - gamera 3.2.3-1 (embed)
1217 NOTE: embeds stdlib modules: ConfigParser, optparse, sets, textwrap
1218 - boa-constructor <unfixed> (embed; bug #555426)
1219 NOTE: embeds stdlib modules: ConfigParser, tarfile, zipfile, xmlrpclib
1220 - nicotine <unfixed> (embed; bug #555427)
1221 NOTE: embeds stdlib modules: ConfigParser
1222 - museek+ <unfixed> (embed; bug #555428)
1223 NOTE: embeds stdlib modules: ConfigParser
1224 - vegastrike-data <unfixed> (embed)
1225 NOTE: embeds many stdlib modules
1226 - codespeak-lib 1.1.1-1 (embed; bug #555420)
1227 NOTE: embeds stdlib modules: doctest, optparse, subprocess, textwrap
1228 - config-manager <unfixed> (embed; bug #555423)
1229 NOTE: embeds stdlib modules: optparse
1230 - jhbuild 2.28.0-1 (embed; bug #555421)
1231 NOTE: embeds stdlib modules: optparse, subprocess
1232 - smart <unfixed> (embed; bug #555432)
1233 NOTE: embeds stdlib modules: optparse
1234 - pyprotocols 1.0a.svn20070625-5 (embed; bug #555433)
1235 NOTE: embeds stdlib modules: doctest
1236 - ruledispatch 0.5a.svn20080510-4 (embed; bug #555434)
1237 NOTE: embeds stdlib modules: doctest
1238 - distribute <unfixed> (embed)
1239 NOTE: embeds stdlib modules: doctest
1240 - python-setuptools <unfixed> (embed; bug #555435)
1241 NOTE: embeds stdlib modules: doctest
1242 - zope.testing <unfixed> (embed; bug #555436)
1243 NOTE: embeds stdlib modules: doctest
1244 - translate-toolkit <unfixed> (embed; bug #555422)
1245 NOTE: embeds stdlib modules: textwrap, contextlib
1246 - libtpclient-py <unfixed> (embed; bug #555424)
1247 NOTE: embeds stdlib modules: subprocess
1248 - grass <unfixed> (embed; bug #555425)
1249 NOTE: embeds stdlib modules: subprocess
1250 - coherence <unfixed> (embed; bug #555429)
1251 NOTE: embeds stdlib modules: uuid
1252 - python-django-extensions 0.4.2pre+git200911182050-1 (embed; bug #555430)
1253 NOTE: embeds stdlib modules: uuid
1254 - setroubleshoot <unfixed> (embed; bug #555431)
1255 NOTE: embeds stdlib modules: uuid
1256 - linkchecker <unfixed> (embed; bug #555414)
1257 NOTE: embeds msgfmt.py script
1258 - imdbpy <unfixed> (embed)
1259 NOTE: embeds msgfmt.py script
1260 - kiwi <unfixed> (embed)
1261 NOTE: embeds msgfmt.py script
1262 - moin <unfixed> (embed)
1263 NOTE: embeds msgfmt.py script, stdlib modules: cgitb, difflib, tarfile
1264 - plone3 <unfixed> (embed)
1265 NOTE: embeds msgfmt.py script
1266 - roundup <unfixed> (embed)
1267 NOTE: embeds msgfmt.py script, stdlib modules: cgitb
1268 - rednotebook <unfixed> (embed; bug #555415)
1269 NOTE: embeds msgfmt.py script
1270 - turbogears <unfixed> (embed)
1271 NOTE: embeds msgfmt.py script
1272 - elisa <unfixed> (embed)
1273 NOTE: embeds msgfmt.py script, stdlib modules: uuid
1274 - calibre <unfixed> (embed)
1275 NOTE: embeds msgfmt.py script, stdlib modules: zipfile
1276 - mailman <unfixed> (embed; #555416)
1277 NOTE: embeds msgfmt.py script
1278 - python-docutils <unknown> (embed)
1279 NOTE: embeds stdlib modules: optparse, textwrap
1280 - python-imaging <unknown> (embed)
1281 NOTE: embeds stdlib modules: doctest
1282 - python-mechanize <unknown> (embed)
1283 NOTE: embeds stdlib modules: doctest
1284 - twill <unknown> (embed)
1285 NOTE: embeds stdlib modules: subprocess
1286 - zeroc-ice <unknown> (embed)
1287 NOTE: embeds stdlib modules: subprocess
1288 - wxwidgets2.8 <unknown> (embed)
1289 NOTE: embeds stdlib modules: subprocess
1290 - cycle <unknown> (embed)
1291 NOTE: embeds msgfmt.py script
1292 - deluge <unknown> (embed)
1293 NOTE: embeds msgfmt.py script
1294 - opendict <unknown> (embed)
1295 NOTE: embeds msgfmt.py script
1296 - openerp-client <unknown> (embed)
1297 NOTE: embeds msgfmt.py script
1298 - rapidsvn <unknown> (embed)
1299 NOTE: embeds msgfmt.py script
1300 - wammu <unknown> (embed)
1301 NOTE: embeds msgfmt.py script
1302 - gaphor <unknown> (embed)
1303 NOTE: embeds msgfmt.py script
1304 - pida <unknown> (embed)
1305 NOTE: embeds msgfmt.py script
1306 - python-formencode <unknown> (embed)
1307 NOTE: embeds msgfmt.py script
1308 - duplicity <unfixed> (embed)
1309 NOTE: embeds stdlib module: urlparse, tarfile
1310 - pygopherd <unfixed> (embed)
1311 NOTE: embeds stdlib module: zipfile
1312
1313 argparse
1314 - twill <unfixed> (embed; bug #555347)
1315 - ipython <unfixed> (embed; bug #555348)
1316
1317 coherence
1318 - elisa <unfixed> (embed; bug #555335)
1319
1320 simpletal
1321 - plastex <unfixed> (embed; bug #555371)
1322
1323 flickrpc (not packaged in Debian, http://burtonini.com/bzr/flickrpc/)
1324 - postr <unfixed> (embed)
1325 - elisa <unfixed> (embed)
1326
1327 simplegeneric (not packaged in Debian, http://pypi.python.org/pypi/simplegeneric)
1328 - apertium-tolk <unfixed> (embed)
1329 - ipython <unfixed> (embed)
1330 - virtaal <unfixed> (embed)
1331
1332 distribute
1333 - setuptools <removed> (old-version)
1334
1335 rails
1336 - jruby1.2 <unfixed> (embed) [./bench/rails/*]
1337 - libgettext-ruby <unfixed> (embed) [./samples/rails/*]
1338 - libopenid-ruby <unfixed> (embed) [./examples/rails_openid/*]
1339 - thin <unfixed> (embed) [./spec/rails_app/*]
1340 NOTE: this is a subdirectory of examples, which in general is a non-issue, but may
1341 NOTE: be dangerous if developers are naively basing their code off of the examples
1342 NOTE: prototype.js is among the example files
1343
1344 lucene2 (prototype.js is among the embeds in the following)
1345 - lucene <unfixed> (old-version)
1346 - pylucene <unfixed> (embed)
1347 - libpdfbox-java <unfixed> (embed)
1348 - libfontbox-java <unfixed> (embed)
1349 - libjempbox-java <unfixed> (embed)
1350 - solr <unfixed> (embed)
1351
1352 unicode-data
1353 - syslinux <unfixed> (embed)
1354 - camomile <unfixed> (embed)
1355 - fribidi <unfixed> (embed)
1356 - m17n-db <unfixed> (embed)
1357 - sbcl <unfixed> (embed)
1358 - heimdal <unfixed> (embed)
1359 - icu <unfixed> (embed)
1360 - icu4j <unfixed> (embed)
1361 - krb5 <unfixed> (embed)
1362 - moodle <unfixed> (embed)
1363 - openldap <unfixed> (embed)
1364 - pike7.6 <unfixed> (embed)
1365 - samba <unfixed> (embed)
1366 - samba4 <unfixed> (embed)
1367 - cmucl <unfixed> (embed)
1368 - typo3-src <unfixed> (embed)
1369 - mauve <unfixed> (embed)
1370 - texlive-bin <unfixed> (embed)
1371 - ypsilon <unfixed> (embed)
1372 - jeuclid <unfixed> (embed)
1373 - charmap.app <unfixed> (embed)
1374 - clisp <unfixed> (embed)
1375 - gnulib <unfixed> (embed)
1376 - opensrs-client <unfixed> (embed)
1377 - saxonb <unfixed> (embed)
1378 - rails <unfixed> (embed)
1379
1380 feedparser
1381 - rawdog <unfixed> (embed; bug #383422)
1382 - miro <unfixed> (embed; bug #555351)
1383 - calibre <unfixed> (embed; bug #555352)
1384 - freevo <unfixed> (embed; bug #555353)
1385 - pida <unfixed> (embed; bug #555354)
1386 - planet-venus <unfixed> (embed; bug #555355)
1387 - plone3 <unfixed> (embed; bug #555356)
1388 - exaile 0.2.14+debian-1 (embed)
1389 - screenlets 0.1.2-3 (embed)
1390 NOTE: included twice
1391
1392 agg:
1393 - matplotlib <unfixed> (embed: bug #377271)
1394 - contextfree <unfixed> (embed)
1395 NOTE: since 2.2-1 it links statically to system libagg, but still uses the embedded copy
1396 - exactimage <unfixed> (embed)
1397 - python-enable <unfixed> (embed)
1398 - mapnik 0.5.1-3 (embed)
1399 NOTE: links statically to agg, but shared library is not available (bug #377271)
1400
1401 vtk
1402 - paraview <unfixable> (embed; bug #495426)
1403
1404 txt2tags
1405 - rednotebook <unfixed> (embed)
1406
1407 htmltextview (not packaged in Debian, http://www.gnome.org/~gjc/htmltextview.py)
1408 - gajim <unfixed> (embed)
1409 - emesene <unfixed> (embed)
1410 - convirt <unfixed> (embed)
1411 - pida <unfixed> (embed)
1412 - rednotebook <unfixed> (embed)
1413
1414 horde3 (prototype.js is among the embeds in the following)
1415 - mnemo2 <unfixed> (embed)
1416 - nag2 <unfixed> (embed)
1417
1418 cimg
1419 - gmic <itp> (embed)
1420
1421 mootools
1422 - gmic <itp> (embed)
1423
1424 openldap
1425 - openldap2.3 <removed> (old-version)
1426
1427 grub2
1428 - grub <unfixed> (old-version)
1429
1430 gnupginterface
1431 - duplicity <unfixed> (embed)
1432
1433 python-dateutil
1434 - awn-extras-applets <unfixed> (embed)
1435 - matplotlib <unknown> (embed)
1436
1437 cups
1438 - cupsys <removed> (old-version)
1439
1440 yui
1441 - bcfg2 <not-affected> (present in source but not included in any binary files)
1442 - serendipity <unfixed> (embed; bug #557746)
1443 - moodle 1.8.2.dfsg-5 (embed)
1444 - jifty 0.91117-1 (embed; bug #557748)
1445 - webgui 7.7.26-1 (embed)
1446 - loggerhead 1.17-1 (embed)
1447
1448 quake3 (vanilla source not packaged in debian)
1449 - openarena <unfixable> (fork)
1450
1451 quake2 (vanilla source not packaged in debian)
1452 - alien-arena <unfixable> (fork)
1453 - warsow <unfixable> (fork)
1454
1455 libtheora
1456 - iceweasel <not-affected> (uses xulrunner)
1457 - xulrunner <unfixed> (embed; bug #540959)
1458 [etch] - xulrunner <not-affected> (introduced in firefox 3.5)
1459 [lenny] - xulrunner <not-affected> (introduced in firefox 3.5)
1460 - iceape <unfixed> (embed; bug #559276)
1461 [etch] - iceape <not-affected> (introduced in iceape 2.0)
1462 [lenny] - iceape <not-affected> (introduced in iceape 2.0)
1463
1464 dtoa
1465 - bfilter <unfixed> (embed)
1466 - cacao <unfixed> (embed)
1467 - cdrdao <unfixed> (embed)
1468 - classpath <unfixed> (embed)
1469 - freej <unfixed> (embed)
1470 - iceape <unfixed> (embed)
1471 - iceweasel <unfixed> (embed)
1472 - jscoverage <unfixed> (embed)
1473 - kde4libs <unfixed> (embed)
1474 - kdelibs <unfixed> (embed)
1475 - kompozer <unfixed> (embed)
1476 - libv8 <unfixed> (embed)
1477 - mono <unfixed> (embed)
1478 - newlib <unfixed> (embed)
1479 - nspr <unfixed> (embed)
1480 - php5 <unfixed> (embed)
1481 - polyml <unfixed> (embed)
1482 - qt4-x11 <unfixed> (embed)
1483 - rhino <unfixed> (embed)
1484 NOTE: code translated to Java
1485 - ruby1.8 <unfixed> (embed)
1486 - ruby1.9 <unfixed> (embed)
1487 - ruby1.9.1 <unfixed> (embed)
1488 - sdd <unfixed> (embed)
1489 - sfind <unfixed> (embed)
1490 - star <unfixed> (embed)
1491 - tinymux <unfixed> (embed)
1492 - virtualbox-ose <unfixed> (embed)
1493 - webkit <unfixed> (embed)
1494 - xulrunner <unfixed> (embed)
1495
1496 ipc (not packaged in Debian; see http://mozdev.org/pipermail/enigmail/2009-November/011678.html)
1497 - firegpg <unfixed> (embed)
1498 - enigmail <unfixed> (embed)
1499
1500 ptmalloc (not packaged in Debian)
1501 - crystalspace <unfixed> (embed)
1502 - qt4-x11 <unfixed> (embed)
1503
1504 svgalib
1505 - usplash <unfixed> (embed)
1506
1507 bogl
1508 - usplash <unfixed> (embed)
1509
1510 taglist
1511 - usplash <unfixed> (embed)
1512
1513 portaudio
1514 - audacity <unfixed> (embed; bug #323711)
1515
1516 nyquist
1517 - audacity <unfixed> (embed)
1518 NOTE: embeds a forked nyquist with support for a shared library
1519
1520 vamp-plugin-sdk
1521 - audacity <unfixed> (embed)
1522
1523 wordpress
1524 - libwordpress-xmlrpc-perl <removed> (embed) [./xmlrpc.php]
1525
1526 php5
1527 - php4 <removed> (old-version)
1528
1529 classpath
1530 - libgnucrypto-java <unfixed> (embed; bug #559788)
1531
1532 libtool
1533 - apr <unfixed> (static; bug #489625)
1534 NOTE: ships copy of libtool in libapr1-dev; was 'embed' before 1.3.2-3
1535 - arts <unfixed> (embed)
1536 - bochs <unfixed> (embed; bug #560884)
1537 - camserv <unfixed> (embed)
1538 - collectd <unfixed> (embed)
1539 - courier-authlib <unfixed> (embed)
1540 - cvsnt <unfixed> (embed)
1541 - dico <not-affected> (Uses the system copy of ltdl)
1542 - freeradius 0.1+20010527-1 (embed)
1543 NOTE: Earliest reference I could find from the changelog is from 27 May 2001
1544 - ggobi 2.1.9~20091212-1 (embed)
1545 - glame <unfixed> (embed)
1546 - gnash <unfixed> (embed)
1547 - gnu-smalltalk <unfixed> (embed)
1548 - google-gadgets <unfixed> (embed)
1549 - graphicsmagick 1.3.5-6 (embed)
1550 - graphviz 2.8-3 (embed)
1551 NOTE: The etch version of graphviz was the earliest version checked, might be fixed earlier
1552 - guile-1.6 <unfixed> (embed)
1553 - hamlib <unfixed> (embed)
1554 - hercules <unfixed> (embed)
1555 - jags 1.0.4-3 (embed; bug #560864)
1556 - kdelibs <unfixed> (embed)
1557 - libannodex <removed> (embed)
1558 - libextractor <unfixed> (embed)
1559 - libmcrypt <not-affected> (libtool source present but not included in any of the binary packages)
1560 - libtunepimp <unfixed> (embed)
1561 - mp4h <unfixed> (embed)
1562 - naim <unfixed> (embed)
1563 - parser-mysql <unfixed> (embed)
1564 - pinball <unfixed> (embed)
1565 - redland <unfixed> (embed)
1566 - siproxd <unfixed> (embed)
1567 - ski <unfixed> (embed)
1568 - synfig <unfixed> (embed)
1569 - unixodbc 2.2.4-5 (embed)
1570 - xmlsec1 <not-affected> (Doesn't enable dynamic loading of crypto modules)
1571 - clamav 0.95+dfsg-1 (embed)
1572 - imagemagick <unfixed> (embed)
1573 - hypre 2.4.0b-5 (embed)
1574 - lam <unfixed> (embed)
1575 - openmpi <unfixable> (embed; bug #559386)
1576 - parser <unfixed> (embed)
1577 - pdsh <unfixed> (embed; bug #560892)
1578 - sbnc 1.2-8 (embed)
1579 - sdcc <unfixed> (embed)
1580 - wml <unfixed> (embed)
1581 - proftpd-dfsg <unfixed> (embed)
1582 - babel 1.4.0.dfsg-5 (embed)
1583 - libprelude 0.9.14-2 (embed)
1584 - heartbeat 2.1.4-7 (embed)
1585 NOTE: From Squeeze onwards the system copy of ltdl is used, use the current version from Squeeze,
1586 NOTE: might've been fixed earlier
1587 - gcc-* <unknown> (embed)
1588
1589 ocamlgsl
1590 - orpie 1.5.1-7.1 (embed; bug #550058)
1591
1592 xdotool
1593 - keynav <unfixed> (embed; bug #560103)
1594
1595 bulletphysics (not packaged; http://www.bulletphysics.org/)
1596 - supertuxkart <unfixed> (embed)
  ViewVC Help
Powered by ViewVC 1.1.5