/[secure-testing]/data/embedded-code-copies
ViewVC logotype

Contents of /data/embedded-code-copies

Parent Directory Parent Directory | Revision Log Revision Log

Revision 13652 - (show annotations) (download)
Sat Dec 26 11:26:51 2009 UTC (3 years, 5 months ago) by jmm-guest
File size: 45801 byte(s) 
new roundup issue
new openttd issue
1 Embedded code copies
2 ====================
3
4 This file collects source packages that embed code from other projects.
5 This is considered bad for fixing security flaws because the fix needs
6 to be applied in multiple source packages.
7
8 Format:
9 <srcpkg> (<optional comment about srcpkg>)
10 - <embedding srcpkg> <status> (<sort>; bug #<number>)
11 NOTE: optional comments about the linkage of the embedding srcpkg
12
13 status: version number fixing the embedded copy, <unfixed>, <removed>,
14 <itp>, <not-affected>, <unknown> if the version number can not
15 be determined, or <unfixable> for unavoidable cases (e.g., forks
16 that add real value)
17 sort: static (linking statically against a lib)
18 embed (embeds a copy of the library into another source package)
19 modified-embed (embeds a code copy that differs from upstream code)
20 fork (a full-blown fork of another source package)
21 old-version (an older version of essentially the same code)
22
23 The srcpkg might be some string to identify the code if there is no
24 specific source package.
25
26 Everything up to the next line is ignored.
27 ---BEGIN
28 xpdf (some srcpkgs use xpdf2 code, some xpdf3 code)
29 NOTE: Fixed packages link to poppler library unless otherwise noted
30 - pdftohtml <unknown>
31 [sarge] - pdftohtml <unfixed>
32 [etch] - pdftohtml <unfixed>
33 NOTE: has been replaced by poppler-utils
34 - kdegraphics 4:4.2.2-1 (embed; bug #436164)
35 - texlive-base 3.0-12 (embed)
36 - texlive-bin 2007-1 (embed)
37 NOTE: links to poppler
38 - koffice <unfixed> (embed; bug #436163)
39 - libextractor 0.5.12-1 (embed)
40 NOTE: libextractor is using its own pdf decoder now
41 - ipe <unfixed> (embed)
42 NOTE: embeds small parts with renamed source files: ipestdfonts.cpp, ipefonts.cpp, ipedct.cpp
43 - ruby-gnome2 <unknown> (embed)
44 NOTE: copy only present in source but links to poppler
45 - pdfedit <unfixed> (embed; bug #510794)
46 - swftools <unfixed> (embed; bug #551293)
47 - poppler <unfixable> (fork)
48
49 ppmd
50 - libcomplearn-mod-ppmd <unfixed> (fork)
51 NOTE: discussion in #458152
52
53 libevent
54 - transmission 1.71-1 (embed; bug #529372)
55
56 lrmi
57 - read-edid 2.0.0-1 (embed; bug #495131)
58 - s3switch <unfixed> (embed)
59 - xresprobe <unfixed> (embed)
60 - zhcon <unfixed> (embed)
61
62 peercast
63 - gnome-peercast <removed> (embed)
64 [etch] - gnome-peercast <unfixed> (embed)
65
66 silc-toolkit
67 - silc-client 1.1~beta6-1 (embed)
68
69 icclib
70 - ghostscript <unfixed> (embed)
71 - argyll <unfixed> (embed)
72
73 dietlibc
74 - ccontrol 0.9.1+20071204-1 (static)
75
76 libmikmod
77 - sdl-mixer1.2 <unfixed> (embed)
78 TODO: report bug
79
80 libiax
81 - iaxmodem <unfixable> (embed; bug #548885)
82
83 spandsp
84 - iaxmodem <unfixable> (embed; bug #548885)
85
86 zlib (lots of apps embed a copy, but link dynamically, but there are a few exceptions)
87 - dpkg <unfixed> (static)
88 NOTE: see 18196.48620.491996.624772@davenant.relativity.greenend.org.uk on debian-devel for discussion
89 - rsync <unfixed> (embed)
90 NOTE: somehow derived code base
91 - mono <unfixed> (embed)
92 TODO: check mozilla
93 - Linux kernels <unfixed> (embed)
94 - pvpgn 1.7.8-2 (embed)
95 - mrtg 2.12.2-1 (embed)
96 - rpm <unknown> (embed)
97 NOTE: pinged anibal since when rpm was fixed
98 - tuxcmd-modules <unfixed> (embed)
99 - zsync <unfixed>
100 - tra <unfixed>
101 - sash <unfixed>
102 - nsis <unfixed>
103 - mseide-msegui <unfixed>
104 NOTE: mseide
105 - mirrordir <unfixed>
106 - poco <unfixed>
107 - klibc <unfixed>
108 - ghostscript <unfixed>
109 - freeimage <unfixed>
110 - clamav <unfixed> (fork)
111 NOTE: from the changelog: "libclamav6 does indeed duplicate parts of the zlib code, but there is not way around that"
112 - tuxonice-userui <unfixed>
113 - plt-scheme <unfixed>
114 - perl <unfixed>
115 - paraview <unfixed>
116 - gcvs <unfixed>
117 - dump <unfixed>
118 - aide <unfixed> (static)
119 - dar <unfixed> (static)
120 - avfs <unfixed>
121 - fpc <unfixed>
122 - winff <unfixed>
123 NOTE: inherited from fpc, see #472304
124 - lazarus <unfixed>
125 NOTE: inherited from fpc, see #472304
126 - erlang <unfixed> (embed)
127 - gamera 3.2.3-1 (embed)
128 - python2.4 <unfixed> (embed; bug #553403)
129 - python2.5 <unfixed> (embed; bug #553403)
130
131 dulwich
132 - hg-git 0.1.0-1 (embed; bug #541996)
133
134 libvigraimpex
135 - hugin <unfixed> (embed; bug #542259)
136 - enblend-enfuse <unfixed> (embed; bug #542258)
137 - gamera 3.2.3-1 (embed)
138
139 libbz2
140 - dpkg <unfixed> (static)
141
142 libgadu
143 - centerim <unfixed> (embed; bug #559783)
144 - pidgin <not-affected> (links dynamically since initial release; fixed in gaim)
145 - gaim 1:2.0.0+beta3-3 (embed; bug #360280)
146 - kdenetwork 4:3.3.2-5 (embed)
147 NOTE: from kdenetwork: kopete
148 - ekg 1:1.8~rc0-1 (embed)
149 - kadu 0.6.0.2-3 (embed; bug #504430)
150 - gadu <itp> (embed)
151
152 xmlrpc (which package is the "origin" of this code?)
153 - drupal <unfixed> (embed)
154 - phpgroupware <unfixed> (embed)
155 - egroupware <unfixed> (embed)
156 - phpwiki <unfixed> (embed)
157 - php4 <unfixed> (embed)
158 TODO: check, php-pear, IIRC this was reorganized some weeks ago?
159
160 shtool (affects build-time only)
161 - mysql-ocaml <unfixed> (embed)
162 - php4 <unfixed> (embed)
163
164 xulrunner
165 - iceape <unfixed> (embed; bug #561749)
166 - iceweasel 2.0.0.19 (embed)
167 - icedove <unfixed> (embed; bug #561750)
168 - kompozer <unfixed> (embed; bug #532168)
169 - galeon 2.0.2-4 (embed)
170 - epiphany-browser 2.14.3-8 (embed)
171 - conkeror 0.9~git080629-2 (embed)
172 - kazehakase 0.4.2-1 (embed)
173
174 xli
175 - xloadimage <unfixed> (embed)
176
177 lesstif (beware: two different lesstif APIs supported in one package, MOTIF 1.2 discarded upstream)
178 - openmotif <unfixed> (embed)
179 - libxpm <unfixed> (embed)
180
181 kerberized apps with BSD origin
182 - krb4 <removed> (embed)
183 - krb5 <unfixed> (embed)
184 - heimdal <unfixed> (embed)
185
186 grip (which pkg is the origin?)
187 - libcdaudio <unfixed>
188 - grip <unfixed>
189 - gnome-vfs <unfixed>
190 TODO: check vfs2 as well
191
192 fudforum
193 [etch] - phpgroupware <unfixed> (embed)
194 NOTE: phpgroupware-fudforum
195 [sarge] - egroupware-fudforum <removed> (embed)
196
197 libbsd
198 - rdate 1:1.2-3 (embed)
199 - atheme-services <unfixed>
200 - libbsd-arc4random-perl <unfixed>
201 - isakmpd <unfixed>
202 - bsdgames <unfixed> (embed)
203 - bsd-mailx <unfixed> (embed)
204 - netcat-openbsd <unfixed> (embed; bug #550611)
205 - openssh <unfixed> (embed)
206 - unworkable <unfixed> (embed)
207
208 cvs
209 - gcvs <unfixed> (embed)
210 NOTE: see cvsunix/src in tarball
211
212 pcre3
213 - php4 <unknown> (embed)
214 - analog 2:5.23-0woody1 (embed)
215 - goffice <unfixed> (embed)
216 NOTE: libgoffice-*
217 - vfu 4.06-4.1 (embed; bug #450754)
218 - tf5 5.0beta7-1 (embed)
219 - monotone 0.43-1 (embed)
220 NOTE: this only affects versions >= 0.37
221 - glib2.0 2.15.2-1 (embed)
222 - apache2 2.0.53-4 (embed)
223 - exim4 4.10-0.srh20.12 (embed)
224 - yacas <unfixed> (embed)
225 NOTE: <= 1.0.x; is using pcre to scan text, can execute shell commands via the syntax anyway
226 - gtamsanalyzer.app 0.42-5 (embed)
227 - tin 980117-1 (embed)
228 - kazehakase 0.5.2-1
229 - webkit 1.0.1-1 (embed)
230 - qt4-x11 <unfixed> (embed)
231 NOTE: embedded via webkit copy
232 - erlang <unfixed> (embed)
233
234 tiff
235 - wxwindows2.4 2.2.1 (embed)
236 - gamera 3.2.3-1 (embed)
237
238 uudeview
239 - libconvert-uulib-perl <unfixed> (embed)
240 - pan <unfixed> (embed)
241
242 sqlite (not affected by security vulnerabilities so far)
243 - amarok <unfixed> (embed)
244 - monotone 0.43-1 (embed)
245 - iceweasel <unfixed> (embed)
246 - heimdal <unfixed> (embed; bug #559616)
247
248 util-linux/mount
249 - loop-aes-utils <unfixed> (embed)
250 NOTE: contains code from util-linux' mount in the mount-aes-udeb
251
252 sylpheed
253 - sylpheed-claws <unfixed> (fork)
254
255 phpsysinfo
256 - egroupware <unfixed> (embed)
257 - phpgroupware <unfixed> (embed)
258
259 phpldapadmin
260 [sarge] - egroupware <unfixed> (embed)
261 NOTE: removed from egroupware after sarge
262
263 chmlib
264 - kchmviewer <unknown> (embed)
265
266 ffmpeg (libavcodec/libavformat)
267 - mplayer 1.0~rc2-14 (embed; bug #395252)
268 - kino 1.0.0-1
269 - vlc <not-affected> (Links dynamically since initial release)
270 - smilutils 0.3.0-10
271 NOTE: smilutils likely fixed earlier, marking Etch's version as fixed
272 - motion 3.1.19-1
273 - gstreamer0.10-ffmpeg 0.10.3-2
274 - xmovie <removed> (static)
275 TODO: gimp-gap (potentially using ffmpeg code as well)
276 - avifile 1:0.7.48~20090503.ds-1 (embed; bug #538750)
277 - audacity 1.3.7-2 (embed; bug #512278)
278
279 faad2
280 - mplayer 1.0~rc2-20 (embed)
281 - avifile <unfixed> (embed; bug #538750)
282 - ffmpeg-debian <removed> (old-version)
283
284 libmad (MPEG decoding lib)
285 - xine-lib <unfixed> (embed)
286 - avifile 1:0.7.48~20090503.ds-1 (embed) [./plugins/libmad/*]
287 TODO: check ocaml-mad, madplay, pymad, xmms-mad, xmms2
288
289 libdts
290 - xine-lib <unfixed> (embed)
291
292 flac
293 - xine-lib <unfixed> (embed)
294
295 liba52
296 - a52dec <unfixed> (embed)
297 - xine-lib <unfixed> (embed)
298
299 libmpeg2
300 - mpeg2dec <unfixed> (embed)
301 - xine-lib <unfixed> (embed)
302
303 libntlm
304 - wget <unfixed> (fork; bug #550436)
305 - curl <unfixed> (fork; bug #550437)
306 - cntlm <unfixed> (fork; bug #550438)
307
308 uw-imap
309 - pine <unfixed> (embed)
310 - alpine <unfixed> (embed)
311
312 imagemagick
313 - graphicsmagick <unfixed> (fork)
314
315 python-urlgrabber
316 - mercurial <unfixed> (embed; bug #531062)
317 - w3af <unfixed> (embed; bug #555372)
318 [experimental] - harvestman <unfixed> (embed; bug #555373)
319
320 beautifulsoup
321 - python-mechanize <unfixed> (embed; bug #555349)
322 - zope2.11 <unfixed> (embed; bug #555350)
323 - twill <unknown> (embed)
324
325 halibut
326 - nsis <unfixed> (fork)
327
328 libghttp
329 - hotway <unfixed> (embed)
330
331 libsndfile
332 - ardour 1:2.7.1-1 (embed)
333
334 glibmm2.4
335 - ardour 1:2.7.1-1 (embed)
336
337 libgnomecanvasmm2.6
338 - ardour 1:2.7.1-1 (embed)
339
340 libsigc++-2.0
341 - ardour 1:2.7.1-1 (embed)
342
343 soundtouch
344 - ardour 1:2.7.1-1 (embed)
345
346 libmms
347 - xine-lib <unfixed> (embed)
348 - mimms <unfixed> (embed)
349
350 fckeditor
351 - knowledgeroot 0.9.8.5-3 (embed; bug #461555)
352 - moin 1.8.2-2 (embed; bug #452599)
353 - karrigell <removed> (embed; bug #452598)
354 - gforge 4.6.99+svn6225-1 (embed)
355 - request-tracker3.8 <unfixed> (embed)
356 - otrs2 2.4.5-3 (embed)
357
358 ipatlas (not packaged in Debian)
359 - moodle <unfixed> (embed; bug #507185)
360
361 libphp-phpmailer
362 - moodle <unfixed> (embed; bug #507185)
363 - mahara <unfixed> (embed)
364 - symfony <unfixed> (embed)
365 [etch] - phpgroupware <unfixed> (embed)
366 NOTE: phpgroupware-felamimail is only in etch
367 - egroupware <unfixed> (embed; bug #504283)
368 - glpi <unfixed>
369
370 htmlArea (not packaged in Debian)
371 - moodle <unfixed> (embed)
372
373 giflib
374 - wine <unfixed> (embed; bug #466181)
375
376 bennu (not packaged in Debian, http://bennu.sourceforge.net)
377 - moodle <unfixed> (embed)
378
379 smarty
380 - moodle 1.8.2-2 (embed; bug #471158)
381 - gallery2 2.2.5-2 (embed; bug #471160)
382 - mahara 0.9.2-2 (embed; bug #471201)
383 - gosa 2.4beta1-1 (embed; bug #471200)
384
385 TinyMCE
386 - wordpress 2.5.1-3 (embed; bug #478257)
387 - moodle <unfixed> (embed; bug #507185)
388 - knowledgeroot <unfixed> (embed)
389 - joomla <itp> (bug #326398)
390
391 scintilla (upstream provides static lib, rejected shared lib http://sf.net/support/tracker.php?aid=2488121)
392 - scite <unfixed> (embed)
393 - qscintilla <unfixed> (embed)
394 - qscintilla2 <unfixed> (embed)
395 - geany <unfixed> (fork)
396 - anjuta <unfixed> (embed)
397
398 libphp-adodb
399 - moodle <unfixed> (embed; bug #507185)
400 NOTE: also AdoDB-XML Schema
401 - gallery2 <unfixed> (embed)
402 - phppgadmin <unfixed> (embed)
403 - egroupware <unfixed> (embed)
404 - phpwiki <unfixed> (embed)
405 - torrentflux 2.0beta1-2 (embed)
406 - ipplan <unfixed> (embed)
407 - typo3-src <unfixed> (embed)
408 - cacti <unknown> (embed)
409 [sarge] - cacti <unfixed> (embed)
410 NOTE: dependency exists, but internal version is used
411 - gforge 4.7~rc2-6 (embed)
412 - mahara <unfixed> (embed)
413
414 gzip
415 - linux-kernel <unfixed> (embed)
416 NOTE: lib/inflate.c
417 - klibc <unfixed> (embed)
418 NOTE: based on linux-kernel gzip code
419 - busybox <unfixed> (embed)
420
421 neon
422 - cadaver 0.22.3+debian-1 (embed; bug #188381)
423 - gnome-vfs2 <unfixed> (embed; bug #395874)
424 [etch] - litmus <unfixed> (embed; #395875)
425 - litmus <removed> (embed; #395875)
426 [sarge] - screem <unfixed> (embed)
427 - sitecopy 1:0.16.0-1 (embed; bug #395876)
428 [etch] - tla <unfixed> (embed; bug #395877)
429 [sarge] - tla <unfixed> (embed; bug #395877)
430
431 libmodplug
432 - gst-plugins-bad0.10 <unfixed> (embed)
433
434 libvncserver
435 - vino <unfixed> (embed)
436
437 putty
438 - filezilla <unfixed> (embed)
439
440 tinyxml (not packaged in Debian; itp bug #531968)
441 - filezilla <unfixed>
442 - crystalspace <unfixed> (embed)
443 - libwfut <unfixed> (embed)
444 - rarian <unfixed> (embed)
445 - bulletml <unfixed> (embed)
446 - pokerth <unfixed> (embed)
447 - qutecom <unfixed> (embed)
448 - sofa-framework <unfixed> (embed)
449 - yate <unfixed> (embed)
450 - antigrav <unfixed> (embed)
451 - balder2d <unfixed> (embed)
452 - cal3d <unfixed> (embed)
453 - criticalmass <unfixed> (embed)
454 - ember <unfixed> (embed)
455 - epiphany <unfixed> (embed)
456 - gambit <unfixed> (embed)
457 - noiz2sa <unfixed> (embed)
458 - ogre <unfixed> (embed)
459 - opencity <unfixed> (embed)
460 - openmovieeditor <unfixed> (embed)
461 - pouetchess <unfixed> (embed)
462 - tecnoballz <unfixed> (embed)
463 - trigger-rally <unfixed> (embed)
464 - xmoto <unfixed> (embed)
465 - mapnik <unknown> (embed)
466 NOTE: uses a different XML parser by default
467 - rrootage 0.23a-6 <embed>
468 NOTE: links to libbulltetml
469 - boson <unknown> (embed)
470 NOTE: the embedded code is unused
471
472 gv
473 - evince <unfixed> (embed)
474 NOTE: ps/ tree from gv 3.5.8
475 NOTE: evince-gtk is affected (a component of evince source package)
476
477 libXbae
478 - paw <removed> (embed)
479 [etch] - paw <unfixed> (embed)
480
481 libgtkhtml
482 - claws-mail-extra-plugins <unfixed> (fork)
483
484 libXaw
485 - paw <removed> (embed)
486 [etch] - paw <unfixed> (embed)
487 NOTE: I plan to deal with the above two cases after Etch release. -- KevinMcCarty
488
489 libgd2
490 - graphviz <unfixed> (embed)
491 NOTE: lib/gd seems to be 2.0.33
492 - wml <unfixed> (embed)
493 - libwmf <unfixed> (embed)
494 NOTE: derived from gd 1.6.3
495
496 rar
497 - unrar-nonfree <unfixed> (embed)
498
499 unrar-free (maybe this code is derived from the original rar, too?)
500 - clamav <unfixed> (embed)
501 NOTE: seems to be disabled in default config
502
503 mplayer (DirectMedia Object loader)
504 - xine-lib <unfixed> (embed)
505 NOTE: src/libw32dll/
506 - vlc <unfixed> (embed)
507 NOTE: modules/codec/dmo/
508 - mplayer 1.0~rc2-20 (embed)
509
510 libwpd (WordPerfect converter)
511 - openoffice.org <unfixed> (embed)
512
513 fsplib (http://sourceforge.net/projects/fsp/)
514 - gftp <unfixed> (embed)
515 NOTE: lib/fsplib version 0.3
516
517 sprng
518 - tree-puzzle <unfixed> (embed)
519
520 librpcsecgss
521 - krb5 <unfixed> (embed)
522
523 jasper
524 - ghostscript 8.64~dfsg-2 (embed)
525
526 libiris
527 - psi <unfixed> (embed)
528 - kdenetwork <unfixed> (embed)
529 NOTE: kopete embeds libiris but links dynamically to libidn
530 - kdegames <unfixed> (embed)
531 NOTE: ksirk/kde4
532
533 libidn
534 - monotone 0.43-1 (embed)
535 - psi <unfixed> (embed)
536 NOTE: psi embeds libiris which embeds libidn
537 - kdegames <unfixed> (embed)
538 NOTE: kdegames/kde4 embeds libiris which embeds libidn
539
540 liblua
541 - monotone 0.43-1 (embed)
542 - nmap 5.00-1 (embed; bug #527997)
543 [lenny] - nmap <unfixed> (embed; bug #527997)
544 - ocropus <unfixed> (embed)
545 - enigma <unfixed> (embed)
546 NOTE: requires lua built with C++
547 - freeciv <unfixed> (embed)
548
549 libbotan
550 - monotone 0.43-1 (embed)
551
552 NetXX
553 - monotone 0.43-1 (embed)
554
555 libgc
556 - mono <unfixed> (embed)
557
558 lzma
559 - p7zip <unfixed> (embed)
560 - xz-utils <unfixed> (fork)
561
562 lzo
563 - grub2 <unfixed> (embed)
564
565 yassl
566 - mysql-dfsg-5.0 <unfixed> (embed)
567
568 pax code
569 - tar <unfixed> (embed)
570 - cpio <unfixed> (embed)
571
572 t1lib
573 - tetex-bin 2.0.2-1 (embed)
574 - texlive-bin <unknown> (embed)
575
576 guichan
577 - boswars <unfixed> (embed)
578 NOTE: maintainer notified us, working on it
579
580 tolua
581 - boswars <unfixed> (embed)
582 NOTE: maintainer notified us, working on it
583 NOTE: actually tolua++
584 - ocropus <unfixed> (embed)
585 NOTE: actually tolua++
586 - freeciv <unfixed> (embed)
587 NOTE: actually tolua++
588 - enigma <unfixed> (embed)
589
590 asio-dev
591 - luxrender <removed> (embed)
592
593 xine-lib
594 - vlc <unfixed> (embed)
595 NOTE: only parts included in modules/access/rtsp
596
597 netpbm
598 - tcl8.3 <unfixed> (embed)
599 - tcl8.4 <unfixed> (embed)
600 - tcl8.5 <unfixed> (embed)
601 NOTE: generic/tkImgGIF.c
602
603 tk8.5
604 - tk8.0 <removed> (old-version)
605 - tk8.3 <unfixed> (old-version)
606 - tk8.4 <unfixed> (old-version)
607 - perl-tk <unfixable> (fork)
608
609 samba
610 - mc 2:4.6.2~git20080311-1 (embed)
611 NOTE: maintainer is aware of this, currently searching a solution
612
613 plib1.8.4c2
614 - boson <unfixed> (fork)
615 NOTE: embedding the font pieces of plib, based on the header file it is forked, contains "Added by AB for boson." and similar
616
617 fribidi
618 - quesoglc <unfixed> (embed)
619 NOTE: compiled against system fribidi in Debian - embed only used when fribidi is not available on the system
620
621 glew
622 - quesoglc <unfixed> (embed; bug #489341)
623 NOTE: waiting on GLEW_MX version of glew (see bug #474488)
624 - trigger <unfixed> (embed)
625 NOTE: http://lists.debian.org/debian-devel-games/2009/12/msg00007.html
626 - trigger-rally <unfixed> (embed)
627 NOTE: http://lists.debian.org/debian-devel-games/2009/12/msg00007.html
628
629 minorGems (pabs contacted upstream about shared lib, he considers minorGems an 'ever-evolving collection of reusable code fragments' for his own use)
630 - transcend <unfixed> (embed)
631 - cultivation <unfixed> (embed)
632 - passage <unfixed> (embed)
633 - gravitation <unfixed> (embed)
634
635 tar
636 - libarchive <unfixed> (embed)
637 NOTE: FreeBSD tar (tar/bsdtar.c) in libarchive 1.2 and higher. libarchive ends up statically linked into bsdtar executable
638
639 cpio
640 - libarchive <unfixed> (embed)
641 NOTE: cpio included in libarchive 2.2 and higher, but not compiled until libarchive 2.4.11-1 (as bsdcpio package)
642
643 webkit
644 - qt4-x11 <unfixed> (embed; bug #479851)
645 - kdelibs <unfixed> (old-version)
646 - kde4libs <unfixed> (fork)
647
648 ftgl
649 - blender 2.46+dfsg-1 (embed)
650
651 wv
652 - abiword <unfixed>
653
654 qemu
655 - kvm <unfixed> (embed; bug #543159)
656 NOTE: the kvm package will be removed from sid and squeeze soon (after
657 NOTE: which it will only be in experimental). superceded by qemu-kvm.
658 - qemu-kvm <unfixed> (embed; bug #560853)
659 - xen-3 3.4.2-2 (embed; bug #560856)
660 - xen-unstable <unfixed> (embed; bug #560856)
661
662 vgabios
663 - kvm <unfixed> (embed; bug #489442)
664
665 bochs
666 - kvm <unfixed> (embed; bug #489442)
667
668 speex
669 - vorbis-tools <unfixed> (embed)
670 NOTE: while comiled against libspeex-dev, ogg123/speex_format.c is compiled with embedded code copied from speexdec.c
671 - gst-plugins-good0.10 <unfixed> (embed)
672 - xine-lib <unfixed> (embed)
673 - libfishsound <unfixed> (embed)
674 - libannodex <removed> (embed)
675 - vlc <unfixed> (embed)
676 - xmms-speex <unfixed> (embed)
677 - libsdl-sound1.2 <unfixed> (embed)
678 - sweep <unfixed> (embed)
679
680 libreadline
681 - magic <itp> (old-version)
682
683 opcode
684 - ode <unfixed> (embed)
685 NOTE: opcode is not a package in debian, it is just embedded
686 NOTE: http://www.codercorner.com/Opcode.htm
687
688 gimpact
689 - ode <unfixed> (embed)
690 NOTE: gimpact is not a package in debian, it is just embedded
691 NOTE: http://gimpact.sf.net
692
693 mochikit
694 - mahara <unfixed> (embed)
695 NOTE: they require extra patches, still unmerged upstream
696 - ntop <unfixed> (embed)
697 - coherence 0.6.2-1 (embed)
698 - paste <unfixed> (embed)
699 - turbogears <unfixed> (embed)
700 - plone3 <unfixed> (embed)
701 - xulrunner <unfixed> (embed)
702 - libjifty-plugin-chart-perl <unfixed> (embed)
703 - sabnzbdplus <unfixed> (embed)
704 - tgmochikit <unfixed> (embed)
705
706 prototypejs
707 - netbeans-ide 6.0.1+dfsg-2 (embed)
708 - auth2db 0.2.5-2+dfsg-1 (embed; bug #555218)
709 - webcit <unfixed> (embed; bug #555219)
710 - asterisk 1:1.6.2.0~rc3-1 (embed)
711 - libjson-ruby 1.1.4-1 (embed; bug #555224)
712 - lucene2 2.9.1+ds1-2 (embed; bug #555226)
713 - horde3 <unfixed> (embed)
714 - knowledgeroot <unfixed> (embed; bug #555230)
715 - mediatomb <unfixed> (embed; bug #555233)
716 - mt-daapd 0.9~r1696.dfsg-6lenny2 (embed)
717 - ebug-http <unfixed> (embed; bug #555236)
718 - libaws 2.7-1 (embed; bug #555222)
719 - phpgedview <removed> (embed)
720 - poker-network <unfixed> (embed; bug #555238)
721 - rails 2.1.0-6 (embed)
722 - wordpress 2.5.0-2 (embed; bug #555243)
723 - zope <not-affected> (the prototypejs embed is not in any of the obvious zope packages, e.g. zope2.9, zope2.10, zope2.11, and zope3)
724 TODO: search through all of the other zope packages
725 - ampache 3.4.1-2 (embed)
726 - exaile 0.2.14+debian-2.1 (embed; bug #555245)
727 - hobix 0.5~svn20070319-4 (embed; bug #555247)
728 - zabbix 1.6.6-4 (embed; bug #555250)
729 - chora2 <unfixed> (embed; bug #555253)
730 - gollem <unfixed> (embed; bug # 555254)
731 - jscropperui 1.2.1-1 (embed; bug #555257)
732 - scriptaculous <not-affected> (uses system prototype.js since initial upload; bug #555260)
733 - ingo1 <unfixed> (embed; bug #555261)
734 - kronolith2 <unfixed> (embed; bug #555262)
735 - activeldap <unfixed> (embed)
736 - libv8 <not-affected> (contains a google-specific implementation of prototype.js)
737 - mantis <unfixed> (embed; bug #555265)
738 - otrs2 2.3.4-6 (embed; bug #555267)
739 - webcalendar <unfixed> (embed; bug #555269)
740 - redmine 0.9.0~svn2907-1 (embed; bug #555270)
741 - jifty 0.90519-1 (embed; bug #555271)
742 - jquery <unfixed> (embed; bug #555272)
743 - passenger 2.2.5debian1-1 (embed; bug #555273)
744 - plone3 <unfixed> (embed; bug #555275)
745 - wesnoth <not-affected> (prototype.js not included in any of the binary packages; bug #555277)
746 - libhtml-prototype-perl 1.48-3 (embed; bug #538920)
747 - xulrunner <unfixed> (embed)
748 NOTE: included in iceweasel/xulrunner unit tests directory, so may not be security-relevant
749
750 gdb
751 - insight <unfixed> (embed)
752
753 e2fsprogs
754 - ldiskfsprogs <unfixable> (fork)
755
756 quazip (not packaged in Debian)
757 - qcake <unfixed> (embed)
758 NOTE: starting with upstream version 0.6.4
759
760 exo
761 - pcmanfm <unfixed> (embed; bug #499677)
762 NOTE: slightly modified source code
763
764 java
765 - openjdk-6 <unfixed>
766 - sun-java5 <unfixed>
767 - sun-java6 <unfixed>
768
769 libphp-snoopy
770 - ampache 3.4.1-2 (embed; bug #504169)
771 - gforge 4.6.99+svn6094-2 (embed)
772 - mahara 1.0.5-2 (embed; bug #504170)
773 - pixelpost 1.7.1-5 (embed; bug #504171)
774 - mediamate 0.9.3.6-5 (embed; bug #504172)
775 - opendb <removed> (embed; bug #504173)
776 [etch] - opendb <unfixed> (embed; bug #504173)
777 - wordpress 2.5.1-9 (embed; bug #443948)
778 - moodle <unfixed> (embed; bug #507185)
779 [etch] - phpgroupware <unfixed> (embed)
780 NOTE: phpgroupware-felamimail
781 - magpierss 0.72-3 (embed; bug #431089)
782
783 jquery
784 - zekr <unfixed> (embed)
785 - wordpress <unknown> (embed)
786 - yocto-reader <unfixed> (embed)
787 - textpattern <unfixed> (embed)
788 - genshi 0.5.1-1 (embed)
789 NOTE: compressed file under examples/ dir
790 - prewikka <unfixed> (embed)
791 - libramaze-ruby <unfixed> (embed)
792 - drupal5 <unfixed> (embed)
793 - b2evolution <unfixed> (embed)
794 - wesnoth <unfixed> (embed)
795
796 tablesorter (jquery plugin, not packaged yet)
797 - wesnoth <unfixed> (embed)
798
799 kses
800 - wordpress <unfixed> (embed; bug #504242)
801 NOTE: their copy has all methods renamed to wp_<foo>
802 NOTE: kses isn't in Debian, RFP: #504240
803 - moodle <unfixed> (embed; bug #507185)
804 - egroupware <unfixed> (embed)
805
806 magpierss
807 - wordpress <unfixed> (embed; bug #504242)
808 - moodle <unfixed>
809
810 php-gettext
811 - wordpress 2.8.4-1 (embed; bug #504242)
812
813 libphp-ixr (name may change, it is the Incutio XML-RPC)
814 - wordpress <unfixed> (embed; bug #504242)
815 NOTE: libphp-ixr isn't in Debian, RFP: #504236
816 - dokuwiki <unfixed> (embed)
817 - textpattern <unfixed> (embed)
818
819 libphp-cas
820 - glpi <unfixed> (embed)
821 - moodle <unfixed> (embed; bug #505984)
822
823 scriptaculous (prototype.js is among the embeds in the following)
824 - glpi <unfixed> (embed)
825 - libaws <unfixed> (embed; bug #555222)
826 - op-panel <unfixed> (embed)
827 - symfony <unfixed> (embed)
828 NOTE: maintainer says there are extra incompatible changes required
829 - pixelpost 1.7.1-6 (embed)
830 - webhelpers <unfixed> (embed)
831 - qwik <removed> (embed; bug #555241)
832 - smokeping <unfixed> (embed)
833 - turba2 <unfixed> (embed)
834 - typo3-src 4.2.3-1 (embed)
835 - request-tracker3.6 <unfixed> (embed)
836 - request-tracker3.8 <unfixed> (embed)
837 - rt-extension-emailcompletion <not-affected> (prototype.js not included in the binary package)
838 - wordpress 2.5.0-2 (embed)
839 - libhtml-prototype-perl 1.48-3 (embed)
840
841 libmarkdown-php
842 - moodle <unfixed> (embed; bug #507185)
843 - pixelpost 1.7.1-6 (embed)
844
845 php-openid
846 - wordpress-openid <itp> (embed)
847
848 geshi
849 - dokuwiki 0.0.20080505-3.1 (embed)
850 - pgfouine 1.0-1.1 (embed)
851 - websvn 2.1.0-1 (embed)
852
853 webcalendar
854 - gforge 4.7~rc2-6 (embed; bug #504758)
855
856 libical
857 - kdepim <unfixed> (fork)
858 - kdepimlibs <unfixed> (fork)
859 NOTE: fixed in KDE4 post 4.1.x series
860 - claws-mail-extra-plugins <unfixed> (fork)
861
862 libltdl3
863 - kdelibs <unfixed> (embed)
864 NOTE: it's been said it sets RT_GLOBAL (or something like that) at runtime and version in experimental of libltdl can optionally set it
865 - synfig <unfixed> (embed)
866
867 harfbuzz
868 - qt4-x11 <unfixed> (embed)
869
870 libzip
871 - php5 <unfixable> (modified-embed)
872 - odt2txt <unfixed> (embed; bug #523808)
873
874 json.php (not packaged; should be replaced with php's built-in functions)
875 - moodle <unfixed>
876 - yui <unfixed>
877 - gallery2 <unfixed>
878 - dokuwiki <unfixed>
879 - typo3-src <unfixed>
880
881 php-fpdf
882 - tcpdf <itp> (fork)
883 - moodle <unfixed>
884 - phpwiki <unfixed>
885 - egroupware <unfixed>
886 - ldap-account-manager <unfixed> (fork)
887
888 tcpdf (itp: #495985)
889 - moodle <unfixed>
890 - phpmyadmin <unfixed>
891
892 typo3
893 - moodle <unfixed>
894
895 spreadsheet_writeexcel (PHP port of libspreadsheet-writeexcel-perl; itp: #487557)
896 - moodle <unfixed>
897 - gosa <unfixed>
898
899 php-ole (itp: #487558)
900 - moodle <unfixed>
901
902 pieforms (http://www.catalyst.net.nz)
903 - mahara <unfixed>
904
905 savant2 (http://phpsavant.com)
906 - egroupware <unfixed>
907
908 rssparser (http://nwow.org)
909 - egroupware <unfixed>
910 - phpgroupware <unfixed>
911
912 lcms
913 - openjdk-6 <unfixed> (fork)
914
915 libphp-phplayersmenu
916 - diogenes <unfixed>
917 - phpldapadmin <unfixed>
918
919 libphp-pclzip
920 - docvert <unfixed>
921 - moodle <unfixed>
922 - egroupware <unfixed>
923
924 libphp-simplepie
925 - dokuwiki <unfixed>
926
927 libphp-jpgraph
928 - egroupware <unfixed>
929
930 php-simpletest
931 - moodle <unfixed>
932
933 libpng
934 - iceweasel <not-affected> (uses xulrunner)
935 - icedove 1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1, 2.0.0.19-1 (embed)
936 - iceape 1.0.13~pre080614i-0etch1 (embed)
937 - xulrunner 1.9.0.13-1 (embed)
938 [lenny] - xulrunner 1.9.0.11-0lenny1
939 [etch] - xulrunner 1.8.0.15~pre080614i-0etch1 (embed)
940 - gamera 3.2.3-1 (embed)
941
942 irssi
943 - silc-client <unfixed> (embed)
944 NOTE: Seems to be a pre-0.8.12 version that is used in irssi-plugin-silc
945
946 extc
947 - mtasc <unfixed> (embed)
948 - haxe <unfixed> (embed)
949
950 swflib
951 - mtasc <unfixed> (embed)
952 - haxe <unfixed> (embed)
953
954 libitext-java
955 - bouncycastle 2.1.4-1 (embed)
956
957 python-ply
958 - pyke <unfixed> (embed; bug #555363)
959 - pywbem <unfixed> (embed; bug #555364)
960 - sepolgen <unfixed> (embed; bug #555365)
961 - zope-textindexng3 <unknown> (embed)
962 - iceweasel <not-affected> (uses xulrunner)
963 - xulrunner <unknown> (embed)
964 - wireshark <not-affected> (python-ply modules are not installed into binary packages; see #554613)
965
966 libdumbnet (libdnet upstream)
967 - nmap <unfixed> (fork)
968
969 gcc-4.4
970 - gcc-mingw32 <unfixed> (embed)
971
972 camlimages
973 - advi <unfixed> (static; bug #550441)
974
975 memcached
976 - memcachedb <unfixed> (embed)
977
978 yajl
979 - argyll <unfixed> (embed; bug #544223)
980 NOTE: reference, confirmed by build logs: http://lists.debian.org/debian-mentors/2009/08/msg00062.html
981
982 nusoap
983 - gforge 4.8.2-1 (embed)
984
985 libept
986 - adept <unfixed> (embed; bug #540649)
987
988 libvorbis
989 - iceweasel <not-affected> (uses xulrunner)
990 - xulrunner <unfixed> (embed; bug #540959)
991 [etch] - xulrunner <not-affected> (introduced in firefox 3.5)
992 [lenny] - xulrunner <not-affected> (introduced in firefox 3.5)
993 - iceape <unfixed> (embed)
994 [etch] - iceape <not-affected> (introduced in 2.0)
995 [lenny] - iceape <not-affected> (introduced in 2.0)
996
997 cairo
998 - iceweasel <not-affected> (uses xulrunner)
999 - xulrunner 1.8.0.15~pre080614i-0etch1 (embed)
1000
1001 liboggz
1002 - iceweasel <not-affected> (uses xulrunner)
1003 - xulrunner <unfixed> (embed; bug #540959)
1004 [etch] - xulrunner <not-affected> (introduced in firefox 3.5)
1005 [lenny] - xulrunner <not-affected> (introduced in firefox 3.5)
1006 - iceape <unfixed> (embed)
1007 [etch] - iceape <not-affected> (introduced in 2.0)
1008 [lenny] - iceape <not-affected> (introduced in 2.0)
1009
1010 liboggplay
1011 - iceweasel <not-affected> (uses xulrunner)
1012 - xulrunner <unfixed> (embed; bug #540959)
1013 [etch] - xulrunner <not-affected> (introduced in firefox 3.5)
1014 [lenny] - xulrunner <not-affected> (introduced in firefox 3.5)
1015 - iceape <unfixed> (embed)
1016 [etch] - iceape <not-affected> (introduced in 2.0)
1017 [lenny] - iceape <not-affected> (introduced in 2.0)
1018
1019 php-net-dnsbl
1020 - serendipity <unfixed> (embed)
1021
1022 php-onyx-rss
1023 - serendipity <unfixed> (embed)
1024
1025 php-text-wiki
1026 - serendipity <unfixed> (embed)
1027
1028 php-xml-rpc
1029 - serendipity <unfixed> (embed)
1030
1031 polarssl (does not have a shared library)
1032 - pdkim <itp> (embed; bug #543150)
1033 - xyssl <unfixed> (old-version)
1034
1035 pidgin
1036 - gaim <removed> (old-version)
1037 - qutecom <unfixed> (embed; bug #559785)
1038
1039 icu
1040 - webkit 1.0.1-1 (embed; bug #547214)
1041 - texlive-bin <unfixed> (fork)
1042 NOTE: texlive upstream working with icu upstream to merge their changes
1043
1044 cyrus-imapd-2.2
1045 - kolab-cyrus-imapd <unfixed> (fork)
1046 - dovecot 1:1.2.1-1 (embed) [/dovecot-sieve/src/libsieve/*]
1047
1048 python-cxx-dev
1049 - freecad 0.9.2646.3-1 (embed; bug #547936)
1050
1051 zipios++
1052 - freecad 0.9.2646.3-1 (embed; bug #547941)
1053 - enigma 0.92.3-3 (embed)
1054 NOTE: likely fixed earlier, marking etch's version as fixed
1055
1056 linux-2.6
1057 - kvm <unfixed> (embed; bug #549973) [./kernel/*]
1058 - linux-kbuild-2.6 <unfixed> (embed; bug #550379) [./kbuild/*]
1059 - kernel-source-2.6.8 <removed> (old-version)
1060 - kernel-source-2.4.27 <removed> (old-version)
1061 - kernel-source-2.4.24 <removed> (old-version)
1062 - kernel-source-2.2.25 <removed> (old-version)
1063 - kernel-source-2.2.20 <removed> (old-version)
1064
1065 libfdt (not yet packaged separately for debian; http://www.jdl.com/software/)
1066 - kvm <unfixed> (embed) [./libfdt/*]
1067
1068 qweb (not packaged)
1069 - ajaxterm <unfixed>
1070
1071 opensaml2
1072 - opensaml <removed> (old-version)
1073
1074 shibboleth-sp2
1075 - shibboleth-sp <removed> (old-version)
1076
1077 tuxonice-userui
1078 - suspend2-userui <removed> (old-version)
1079
1080 expat
1081 - w3c-libwww <removed> (embed; bug #551941)
1082 [etch] - w3c-libwww <unfixed> (embed; bug #551941) [./modules/expat/*]
1083 - python-xml <unfixed> (embed; bug #551940) [./extensions/expat/*]
1084 - python2.5 <unfixable> (embed; bug #553403) [./Modules/expat/*]
1085 - python2.4 <unfixable> (embed; bug #553403)
1086 - python-4suite <unfixed> (embed; bug #516935)
1087 - wxwindows2.4 <removed> (embed)
1088 - wxwidgets2.6 2.6.3.2.2-4 (embed)
1089 - wxwidgets2.8 2.8.10.1-2 (embed)
1090 - celementtree 1.0.5-8 (embed)
1091 NOTE: Maybe that was fixed even earlier
1092 - audacity 1.3.2-1 (embed)
1093 - matanza <unfixed> (embed)
1094 - tdom <unfixed> (embed)
1095 - udunits 2.1.8-4 (embed)
1096 - apr-util 1.2 (embed)
1097 - ayttm <unfxed> (embed; bug #561006)
1098 - cableswig <unfixed> (embed)
1099 - cadaver <unfixed> (embed)
1100 - cmake 2.6.0-6 (embed)
1101 - coin3 <unfixed> (embed)
1102 - gdcm 2.0.14-2 (embed)
1103 - ghostscript <unfixed> (embed)
1104 - grmonitor <unfixed> (embed)
1105 - iceape <unfixed> (embed)
1106 - insighttoolkit 3.16.0-1 (embed)
1107 NOTE: insighttoolkit might've been fixed earlier
1108 - libparagui1.1 <unfixed> (embed)
1109 - paraview <unfixed> (embed)
1110 - poco <unfixed> (embed)
1111 - simgear <unfixed> (embed)
1112 - sitecopy 1:0.16.0-1
1113 - smart 1.0-1 (embed)
1114 - swish-e <unfixed> (embed)
1115 - tla <unfixed> (embed)
1116 - vtk 4.1.20030227-1 (embed)
1117 - wbxml2 <unfixed> (embed)
1118 - xmlrpc-c <unfixed> (embed)
1119 - iceweasel <unfixed> (embed)
1120 - kompozer <unfixed> (embed)
1121 - vxl 1.13.0-2 (embed)
1122 - xulrunner <unfixed> (embed)
1123 - apache2 2.2 (embed)
1124 - texlive-bin <not-affected> (Embedded code not compiled in)
1125 - vnc4 <unfixed> (embed)
1126 - xotcl <unfixed> (embed)
1127
1128 xerces-c
1129 - xerces-c2 <unfixed> (old-version)
1130 - xerces27 <removed> (old-version)
1131
1132 md5 (RSA's version; not the gnu version provided by coreutils)
1133 - w3c-libwww <removed> (embed; bug #551942)
1134 [etch] - w3c-libwww <unfixed> (embed; bug #551942) [./modules/md5/*]
1135
1136 enet
1137 - sauerbraten <unfixed> (embed; #497194)
1138
1139 eglibc
1140 - glibc <removed> (old-version)
1141
1142 galib
1143 - gamera 3.2.3-1 (embed)
1144
1145 configobj
1146 - bzr <unfixed> (embed; bug #555336)
1147 - elisa <unfixed> (embed; bug #555337)
1148 - gaupol <unfixed> (embed; bug #555338)
1149 - ipython <unfixed> (embed; bug #555339)
1150 - pida <unfixed> (embed; bug #555340)
1151 - psychopy <unfixed> (embed; bug #555341)
1152 - rest2web <unfixed> (embed; bug #555342)
1153 - auth2db <unknown> (embed)
1154 - dynagen <unknown> (embed)
1155 - iceweasel <unknown> (embed)
1156 - sabnzbdplus <unknown> (embed)
1157 - xulrunner <unknown> (embed)
1158 - nipy <not-affected> (part of an example [/examples/neurospin/neurospy/configobj.py], which is not installed into binary packages)
1159
1160 python-clientform
1161 - bibus <unfixed> (embed; bug #555332)
1162 - zope2.10 <unfixed> (embed; bug #555333)
1163 - zope2.11 <unfixed> (embed; bug #555334)
1164 - python-mechanize <unknown> (embed)
1165 - twill <unknown> (embed)
1166
1167 python-mechanize
1168 - zope2.10 <unfixed> (embed; bug #555337)
1169 - zope2.11 <unfixed> (embed; bug #555338)
1170 - twill <unknown> (embed; bug #555339)
1171
1172 pexpect
1173 - duplicity 0.6.06-1 (embed; bug #555361)
1174 - hplip <unfixed> (embed; bug #555362)
1175 - smart <unfixed> (embed; bug #555363)
1176
1177 pyparsing
1178 - bauble <unfixed> (embed; bug #555366)
1179 - boa-constructor 0.6.1-8 (embed; bug #555367)
1180 - calibre <unfixed> (embed; bug #555368)
1181 - matplotlib <unfixed> (embed; bug #531024)
1182 - zhpy <unfixed> (embed; bug #555370)
1183 - polybori <unknown> (embed)
1184 - python-whoosh <unknown> (embed)
1185 - twill <unknown> (embed)
1186 - zope-textindexng3 <unknown> (embed)
1187
1188 python-pysqlite2
1189 - python2.4 <unfixed> (embed; bug #553403)
1190 - python2.5 <unfixed> (embed; bug #553403)
1191
1192 celementtree
1193 - python2.5 <unfixed> (embed)
1194 - smart 1.0-1 (embed)
1195 [etch] - smart <unfixed> (embed)
1196
1197 elementtree
1198 - python2.5 <unfixed> (embed)
1199 - bzr <unfixed> (embed; bug #555343)
1200 - gedit 2.28.2-1 (embed; bug #555344)
1201 - smart 1.0-1 (embed)
1202 [etch] - smart <unfixed> (embed)
1203 - solfege <unfixed> (embed; bug #555345)
1204 - w3af <unfixed> (embed; bug #555346)
1205 - python-qt4 <unknown> (embed)
1206 - sphinx <unknown> (embed)
1207 - python-nltk <itp> (embed)
1208
1209 python2.5
1210 - python2.4 <unfixed> (old-version)
1211 - jython <unfixed> (embed)
1212 NOTE: embeds many stdlib modules
1213 - python-django <unfixed> (embed; bug #555419)
1214 NOTE: embeds stdlib modules: doctest, decimal
1215 - gamera 3.2.3-1 (embed)
1216 NOTE: embeds stdlib modules: ConfigParser, optparse, sets, textwrap
1217 - boa-constructor <unfixed> (embed; bug #555426)
1218 NOTE: embeds stdlib modules: ConfigParser, tarfile, zipfile, xmlrpclib
1219 - nicotine <unfixed> (embed; bug #555427)
1220 NOTE: embeds stdlib modules: ConfigParser
1221 - museek+ <unfixed> (embed; bug #555428)
1222 NOTE: embeds stdlib modules: ConfigParser
1223 - vegastrike-data <unfixed> (embed)
1224 NOTE: embeds many stdlib modules
1225 - codespeak-lib 1.1.1-1 (embed; bug #555420)
1226 NOTE: embeds stdlib modules: doctest, optparse, subprocess, textwrap
1227 - config-manager <unfixed> (embed; bug #555423)
1228 NOTE: embeds stdlib modules: optparse
1229 - jhbuild 2.28.0-1 (embed; bug #555421)
1230 NOTE: embeds stdlib modules: optparse, subprocess
1231 - smart <unfixed> (embed; bug #555432)
1232 NOTE: embeds stdlib modules: optparse
1233 - pyprotocols 1.0a.svn20070625-5 (embed; bug #555433)
1234 NOTE: embeds stdlib modules: doctest
1235 - ruledispatch 0.5a.svn20080510-4 (embed; bug #555434)
1236 NOTE: embeds stdlib modules: doctest
1237 - distribute <unfixed> (embed)
1238 NOTE: embeds stdlib modules: doctest
1239 - python-setuptools <unfixed> (embed; bug #555435)
1240 NOTE: embeds stdlib modules: doctest
1241 - zope.testing <unfixed> (embed; bug #555436)
1242 NOTE: embeds stdlib modules: doctest
1243 - translate-toolkit <unfixed> (embed; bug #555422)
1244 NOTE: embeds stdlib modules: textwrap, contextlib
1245 - libtpclient-py <unfixed> (embed; bug #555424)
1246 NOTE: embeds stdlib modules: subprocess
1247 - grass <unfixed> (embed; bug #555425)
1248 NOTE: embeds stdlib modules: subprocess
1249 - coherence <unfixed> (embed; bug #555429)
1250 NOTE: embeds stdlib modules: uuid
1251 - python-django-extensions 0.4.2pre+git200911182050-1 (embed; bug #555430)
1252 NOTE: embeds stdlib modules: uuid
1253 - setroubleshoot <unfixed> (embed; bug #555431)
1254 NOTE: embeds stdlib modules: uuid
1255 - linkchecker <unfixed> (embed; bug #555414)
1256 NOTE: embeds msgfmt.py script
1257 - imdbpy <unfixed> (embed)
1258 NOTE: embeds msgfmt.py script
1259 - kiwi <unfixed> (embed)
1260 NOTE: embeds msgfmt.py script
1261 - moin <unfixed> (embed)
1262 NOTE: embeds msgfmt.py script, stdlib modules: cgitb, difflib, tarfile
1263 - plone3 <unfixed> (embed)
1264 NOTE: embeds msgfmt.py script
1265 - roundup <unfixed> (embed)
1266 NOTE: embeds msgfmt.py script, stdlib modules: cgitb
1267 - rednotebook <unfixed> (embed; bug #555415)
1268 NOTE: embeds msgfmt.py script
1269 - turbogears <unfixed> (embed)
1270 NOTE: embeds msgfmt.py script
1271 - elisa <unfixed> (embed)
1272 NOTE: embeds msgfmt.py script, stdlib modules: uuid
1273 - calibre <unfixed> (embed)
1274 NOTE: embeds msgfmt.py script, stdlib modules: zipfile
1275 - mailman <unfixed> (embed; #555416)
1276 NOTE: embeds msgfmt.py script
1277 - python-docutils <unknown> (embed)
1278 NOTE: embeds stdlib modules: optparse, textwrap
1279 - python-imaging <unknown> (embed)
1280 NOTE: embeds stdlib modules: doctest
1281 - python-mechanize <unknown> (embed)
1282 NOTE: embeds stdlib modules: doctest
1283 - twill <unknown> (embed)
1284 NOTE: embeds stdlib modules: subprocess
1285 - zeroc-ice <unknown> (embed)
1286 NOTE: embeds stdlib modules: subprocess
1287 - wxwidgets2.8 <unknown> (embed)
1288 NOTE: embeds stdlib modules: subprocess
1289 - cycle <unknown> (embed)
1290 NOTE: embeds msgfmt.py script
1291 - deluge <unknown> (embed)
1292 NOTE: embeds msgfmt.py script
1293 - opendict <unknown> (embed)
1294 NOTE: embeds msgfmt.py script
1295 - openerp-client <unknown> (embed)
1296 NOTE: embeds msgfmt.py script
1297 - rapidsvn <unknown> (embed)
1298 NOTE: embeds msgfmt.py script
1299 - wammu <unknown> (embed)
1300 NOTE: embeds msgfmt.py script
1301 - gaphor <unknown> (embed)
1302 NOTE: embeds msgfmt.py script
1303 - pida <unknown> (embed)
1304 NOTE: embeds msgfmt.py script
1305 - python-formencode <unknown> (embed)
1306 NOTE: embeds msgfmt.py script
1307 - duplicity <unfixed> (embed)
1308 NOTE: embeds stdlib module: urlparse, tarfile
1309 - pygopherd <unfixed> (embed)
1310 NOTE: embeds stdlib module: zipfile
1311
1312 argparse
1313 - twill <unfixed> (embed; bug #555347)
1314 - ipython <unfixed> (embed; bug #555348)
1315
1316 coherence
1317 - elisa <unfixed> (embed; bug #555335)
1318
1319 simpletal
1320 - plastex <unfixed> (embed; bug #555371)
1321
1322 flickrpc (not packaged in Debian, http://burtonini.com/bzr/flickrpc/)
1323 - postr <unfixed> (embed)
1324 - elisa <unfixed> (embed)
1325
1326 simplegeneric (not packaged in Debian, http://pypi.python.org/pypi/simplegeneric)
1327 - apertium-tolk <unfixed> (embed)
1328 - ipython <unfixed> (embed)
1329 - virtaal <unfixed> (embed)
1330
1331 distribute
1332 - setuptools <removed> (old-version)
1333
1334 rails
1335 - jruby1.2 <unfixed> (embed) [./bench/rails/*]
1336 - libgettext-ruby <unfixed> (embed) [./samples/rails/*]
1337 - libopenid-ruby <unfixed> (embed) [./examples/rails_openid/*]
1338 - thin <unfixed> (embed) [./spec/rails_app/*]
1339 NOTE: this is a subdirectory of examples, which in general is a non-issue, but may
1340 NOTE: be dangerous if developers are naively basing their code off of the examples
1341 NOTE: prototype.js is among the example files
1342
1343 lucene2 (prototype.js is among the embeds in the following)
1344 - lucene <unfixed> (old-version)
1345 - pylucene <unfixed> (embed)
1346 - libpdfbox-java <unfixed> (embed)
1347 - libfontbox-java <unfixed> (embed)
1348 - libjempbox-java <unfixed> (embed)
1349 - solr <unfixed> (embed)
1350
1351 unicode-data
1352 - syslinux <unfixed> (embed)
1353 - camomile <unfixed> (embed)
1354 - fribidi <unfixed> (embed)
1355 - m17n-db <unfixed> (embed)
1356 - sbcl <unfixed> (embed)
1357 - heimdal <unfixed> (embed)
1358 - icu <unfixed> (embed)
1359 - icu4j <unfixed> (embed)
1360 - krb5 <unfixed> (embed)
1361 - moodle <unfixed> (embed)
1362 - openldap <unfixed> (embed)
1363 - pike7.6 <unfixed> (embed)
1364 - samba <unfixed> (embed)
1365 - samba4 <unfixed> (embed)
1366 - cmucl <unfixed> (embed)
1367 - typo3-src <unfixed> (embed)
1368 - mauve <unfixed> (embed)
1369 - texlive-bin <unfixed> (embed)
1370 - ypsilon <unfixed> (embed)
1371 - jeuclid <unfixed> (embed)
1372 - charmap.app <unfixed> (embed)
1373 - clisp <unfixed> (embed)
1374 - gnulib <unfixed> (embed)
1375 - opensrs-client <unfixed> (embed)
1376 - saxonb <unfixed> (embed)
1377 - rails <unfixed> (embed)
1378
1379 feedparser
1380 - rawdog <unfixed> (embed; bug #383422)
1381 - miro <unfixed> (embed; bug #555351)
1382 - calibre <unfixed> (embed; bug #555352)
1383 - freevo <unfixed> (embed; bug #555353)
1384 - pida <unfixed> (embed; bug #555354)
1385 - planet-venus <unfixed> (embed; bug #555355)
1386 - plone3 <unfixed> (embed; bug #555356)
1387 - exaile 0.2.14+debian-1 (embed)
1388 - screenlets 0.1.2-3 (embed)
1389 NOTE: included twice
1390
1391 agg:
1392 - matplotlib <unfixed> (embed: bug #377271)
1393 - contextfree <unfixed> (embed)
1394 NOTE: since 2.2-1 it links statically to system libagg, but still uses the embedded copy
1395 - exactimage <unfixed> (embed)
1396 - python-enable <unfixed> (embed)
1397 - mapnik 0.5.1-3 (embed)
1398 NOTE: links statically to agg, but shared library is not available (bug #377271)
1399
1400 vtk
1401 - paraview <unfixable> (embed; bug #495426)
1402
1403 txt2tags
1404 - rednotebook <unfixed> (embed)
1405
1406 htmltextview (not packaged in Debian, http://www.gnome.org/~gjc/htmltextview.py)
1407 - gajim <unfixed> (embed)
1408 - emesene <unfixed> (embed)
1409 - convirt <unfixed> (embed)
1410 - pida <unfixed> (embed)
1411 - rednotebook <unfixed> (embed)
1412
1413 horde3 (prototype.js is among the embeds in the following)
1414 - mnemo2 <unfixed> (embed)
1415 - nag2 <unfixed> (embed)
1416
1417 cimg
1418 - gmic <itp> (embed)
1419
1420 mootools
1421 - gmic <itp> (embed)
1422
1423 openldap
1424 - openldap2.3 <removed> (old-version)
1425
1426 grub2
1427 - grub <unfixed> (old-version)
1428
1429 gnupginterface
1430 - duplicity <unfixed> (embed)
1431
1432 python-dateutil
1433 - awn-extras-applets <unfixed> (embed)
1434 - matplotlib <unknown> (embed)
1435
1436 cups
1437 - cupsys <removed> (old-version)
1438
1439 yui
1440 - bcfg2 <not-affected> (present in source but not included in any binary files)
1441 - serendipity <unfixed> (embed; bug #557746)
1442 - moodle 1.8.2.dfsg-5 (embed)
1443 - jifty 0.91117-1 (embed; bug #557748)
1444 - webgui 7.7.26-1 (embed)
1445 - loggerhead 1.17-1 (embed)
1446
1447 quake3 (vanilla source not packaged in debian)
1448 - openarena <unfixable> (fork)
1449
1450 quake2 (vanilla source not packaged in debian)
1451 - alien-arena <unfixable> (fork)
1452 - warsow <unfixable> (fork)
1453
1454 libtheora
1455 - iceweasel <not-affected> (uses xulrunner)
1456 - xulrunner <unfixed> (embed; bug #540959)
1457 [etch] - xulrunner <not-affected> (introduced in firefox 3.5)
1458 [lenny] - xulrunner <not-affected> (introduced in firefox 3.5)
1459 - iceape <unfixed> (embed; bug #559276)
1460 [etch] - iceape <not-affected> (introduced in iceape 2.0)
1461 [lenny] - iceape <not-affected> (introduced in iceape 2.0)
1462
1463 dtoa
1464 - bfilter <unfixed> (embed)
1465 - cacao <unfixed> (embed)
1466 - cdrdao <unfixed> (embed)
1467 - classpath <unfixed> (embed)
1468 - freej <unfixed> (embed)
1469 - iceape <unfixed> (embed)
1470 - iceweasel <unfixed> (embed)
1471 - jscoverage <unfixed> (embed)
1472 - kde4libs <unfixed> (embed)
1473 - kdelibs <unfixed> (embed)
1474 - kompozer <unfixed> (embed)
1475 - libv8 <unfixed> (embed)
1476 - mono <unfixed> (embed)
1477 - newlib <unfixed> (embed)
1478 - nspr <unfixed> (embed)
1479 - php5 <unfixed> (embed)
1480 - polyml <unfixed> (embed)
1481 - qt4-x11 <unfixed> (embed)
1482 - rhino <unfixed> (embed)
1483 NOTE: code translated to Java
1484 - ruby1.8 <unfixed> (embed)
1485 - ruby1.9 <unfixed> (embed)
1486 - ruby1.9.1 <unfixed> (embed)
1487 - sdd <unfixed> (embed)
1488 - sfind <unfixed> (embed)
1489 - star <unfixed> (embed)
1490 - tinymux <unfixed> (embed)
1491 - virtualbox-ose <unfixed> (embed)
1492 - webkit <unfixed> (embed)
1493 - xulrunner <unfixed> (embed)
1494
1495 ipc (not packaged in Debian; see http://mozdev.org/pipermail/enigmail/2009-November/011678.html)
1496 - firegpg <unfixed> (embed)
1497 - enigmail <unfixed> (embed)
1498
1499 ptmalloc (not packaged in Debian)
1500 - crystalspace <unfixed> (embed)
1501 - qt4-x11 <unfixed> (embed)
1502
1503 svgalib
1504 - usplash <unfixed> (embed)
1505
1506 bogl
1507 - usplash <unfixed> (embed)
1508
1509 taglist
1510 - usplash <unfixed> (embed)
1511
1512 portaudio
1513 - audacity <unfixed> (embed; bug #323711)
1514
1515 nyquist
1516 - audacity <unfixed> (embed)
1517 NOTE: embeds a forked nyquist with support for a shared library
1518
1519 vamp-plugin-sdk
1520 - audacity <unfixed> (embed)
1521
1522 wordpress
1523 - libwordpress-xmlrpc-perl <removed> (embed) [./xmlrpc.php]
1524
1525 php5
1526 - php4 <removed> (old-version)
1527
1528 classpath
1529 - libgnucrypto-java <unfixed> (embed; bug #559788)
1530
1531 libtool
1532 - apr <unfixed> (static; bug #489625)
1533 NOTE: ships copy of libtool in libapr1-dev; was 'embed' before 1.3.2-3
1534 - arts <unfixed> (embed)
1535 - bochs <unfixed> (embed; bug #560884)
1536 - camserv <unfixed> (embed)
1537 - collectd <unfixed> (embed)
1538 - courier-authlib 0.58-4 (embed)
1539 NOTE: The etch version of courier-authlib was the earliest version checked, might be fixed earlier
1540 - cvsnt <unfixed> (embed)
1541 - dico <not-affected> (Uses the system copy of ltdl)
1542 - freeradius 0.1+20010527-1 (embed)
1543 NOTE: Earliest reference I could find from the changelog is from 27 May 2001
1544 - ggobi 2.1.9~20091212-1 (embed)
1545 - glame <unfixed> (embed)
1546 - gnash <unfixed> (embed)
1547 - gnu-smalltalk <unfixed> (embed)
1548 - google-gadgets <unfixed> (embed)
1549 - graphicsmagick 1.3.5-6 (embed)
1550 - graphviz 2.8-3 (embed)
1551 NOTE: The etch version of graphviz was the earliest version checked, might be fixed earlier
1552 - guile-1.6 1.6.8-7 (embed)
1553 - hamlib <unfixed> (embed)
1554 - hercules <unfixed> (embed)
1555 - jags 1.0.4-3 (embed; bug #560864)
1556 - kdelibs <unfixed> (embed)
1557 - libannodex <removed> (embed)
1558 - libextractor <unfixed> (embed)
1559 - libmcrypt <not-affected> (libtool source present but not included in any of the binary packages)
1560 - libtunepimp <unfixed> (embed)
1561 - mp4h <unfixed> (embed)
1562 - naim <unfixed> (embed)
1563 - parser-mysql <unfixed> (embed)
1564 - pinball <unfixed> (embed)
1565 - redland <unfixed> (embed)
1566 - siproxd <unfixed> (embed)
1567 - ski <unfixed> (embed)
1568 - synfig <unfixed> (embed)
1569 - unixodbc 2.2.4-5 (embed)
1570 - xmlsec1 <not-affected> (Doesn't enable dynamic loading of crypto modules)
1571 - clamav 0.95+dfsg-1 (embed)
1572 - imagemagick 6:6.2.3.1-1 (embed)
1573 - hypre 2.4.0b-5 (embed)
1574 - lam <unfixed> (embed)
1575 - openmpi <unfixable> (embed; bug #559386)
1576 - parser <unfixed> (embed)
1577 - pdsh 2.18-5 (embed; bug #560892)
1578 - sbnc 1.2-8 (embed)
1579 - sdcc <unfixed> (embed)
1580 - wml <unfixed> (embed)
1581 - proftpd-dfsg <unfixed> (embed; bug #561748)
1582 - babel 1.4.0.dfsg-5 (embed)
1583 - libprelude 0.9.14-2 (embed)
1584 - heartbeat 2.1.4-7 (embed)
1585 NOTE: From Squeeze onwards the system copy of ltdl is used, use the current version from Squeeze,
1586 NOTE: might've been fixed earlier
1587 - gcc-* <unknown> (embed)
1588
1589 ocamlgsl
1590 - orpie 1.5.1-7.1 (embed; bug #550058)
1591
1592 xdotool
1593 - keynav <unfixed> (embed; bug #560103)
1594
1595 bulletphysics (not packaged; http://www.bulletphysics.org/)
1596 - supertuxkart <unfixed> (embed)
1597 - blender <unfixed> (embed)
1598
1599 ghostscript
1600 - gs-gpl <removed> (old-version)
1601
1602 icedove
1603 - thunderbird <removed> (old-version)
1604
1605 sizzlejs (not packaged in Debian, http://sizzlejs.com/)
1606 - libjs-jquery <unfixed> (embed)
  ViewVC Help
Powered by ViewVC 1.1.5