/[secure-testing]/data/embedded-code-copies
ViewVC logotype

Contents of /data/embedded-code-copies

Parent Directory Parent Directory | Revision Log Revision Log

Revision 13764 - (show annotations) (download)
Fri Jan 8 15:06:49 2010 UTC (3 years, 4 months ago) by jwilk-guest
File size: 48630 byte(s) 
Fix package names.
1 Embedded code copies
2 ====================
3
4 This file collects source packages that embed code from other projects.
5 This is considered bad for fixing security flaws because the fix needs
6 to be applied in multiple source packages.
7
8 Format:
9 <srcpkg> (<optional comment about srcpkg>)
10 - <embedding srcpkg> <status> (<sort>; bug #<number>)
11 NOTE: optional comments about the linkage of the embedding srcpkg
12
13 status: version number fixing the embedded copy, <unfixed>, <removed>,
14 <itp>, <not-affected>, <unknown> if the version number can not
15 be determined, or <unfixable> for unavoidable cases (e.g., forks
16 that add real value)
17 sort: static (linking statically against a lib)
18 embed (embeds a copy of the library into another source package)
19 modified-embed (embeds a code copy that differs from upstream code)
20 fork (a full-blown fork of another source package)
21 old-version (an older version of essentially the same code)
22
23 The srcpkg might be some string to identify the code if there is no
24 specific source package.
25
26 Everything up to the next line is ignored.
27 ---BEGIN
28 xpdf (some srcpkgs use xpdf2 code, some xpdf3 code)
29 NOTE: Fixed packages link to poppler library unless otherwise noted
30 - pdftohtml <unknown>
31 [sarge] - pdftohtml <unfixed>
32 [etch] - pdftohtml <unfixed>
33 NOTE: has been replaced by poppler-utils
34 - kdegraphics 4:4.2.2-1 (embed; bug #436164)
35 - texlive-base 3.0-12 (embed)
36 - texlive-bin 2007-1 (embed)
37 NOTE: links to poppler
38 - koffice <unfixed> (embed; bug #436163)
39 - libextractor 0.5.12-1 (embed)
40 NOTE: libextractor is using its own pdf decoder now
41 - ipe <unfixed> (embed)
42 NOTE: embeds small parts with renamed source files: ipestdfonts.cpp, ipefonts.cpp, ipedct.cpp
43 - ruby-gnome2 <unknown> (embed)
44 NOTE: copy only present in source but links to poppler
45 - pdfedit <unfixed> (embed; bug #510794)
46 - swftools <unfixed> (embed; bug #551293)
47 - poppler <unfixable> (fork)
48
49 ppmd
50 - libcomplearn-mod-ppmd <unfixed> (fork)
51 NOTE: discussion in #458152
52
53 libevent
54 - transmission 1.71-1 (embed; bug #529372)
55
56 lrmi
57 - read-edid 2.0.0-1 (embed; bug #495131)
58 - s3switch <unfixed> (embed)
59 - xresprobe <unfixed> (embed)
60 - zhcon <unfixed> (embed)
61
62 peercast
63 - gnome-peercast <removed> (embed)
64 [etch] - gnome-peercast <unfixed> (embed)
65
66 silc-toolkit
67 - silc-client 1.1~beta6-1 (embed)
68
69 icclib
70 - ghostscript <unfixed> (embed)
71 - argyll <unfixed> (embed)
72
73 dietlibc
74 - ccontrol 0.9.1+20071204-1 (static)
75
76 libmikmod
77 - sdl-mixer1.2 <unfixed> (embed)
78 TODO: report bug
79
80 libiax
81 - iaxmodem <unfixable> (embed; bug #548885)
82
83 spandsp
84 - iaxmodem <unfixable> (embed; bug #548885)
85
86 python-paramiko
87 - fabric 0.9.0-2 (embed; bug #561398)
88
89 zlib (lots of apps embed a copy, but link dynamically, but there are a few exceptions)
90 - dpkg <unfixed> (static)
91 NOTE: see 18196.48620.491996.624772@davenant.relativity.greenend.org.uk on debian-devel for discussion
92 - rsync <unfixed> (embed)
93 NOTE: somehow derived code base
94 - mono <unfixed> (embed)
95 TODO: check mozilla
96 - Linux kernels <unfixed> (embed)
97 - pvpgn 1.7.8-2 (embed)
98 - mrtg 2.12.2-1 (embed)
99 - rpm <unknown> (embed)
100 NOTE: pinged anibal since when rpm was fixed
101 - tuxcmd-modules <unfixed> (embed)
102 - zsync <unfixed>
103 - tra <unfixed>
104 - sash <unfixed>
105 - nsis <unfixed>
106 - mseide-msegui <unfixed>
107 NOTE: mseide
108 - mirrordir <unfixed>
109 - poco <unfixed>
110 - klibc <unfixed>
111 - ghostscript <unfixed>
112 - freeimage <unfixed>
113 - clamav <unfixed> (fork)
114 NOTE: from the changelog: "libclamav6 does indeed duplicate parts of the zlib code, but there is not way around that"
115 - tuxonice-userui <unfixed>
116 - plt-scheme <unfixed>
117 - perl <unfixed>
118 - paraview <unfixed>
119 - gcvs <unfixed>
120 - dump <unfixed>
121 - aide <unfixed> (static)
122 - dar <unfixed> (static)
123 - avfs <unfixed>
124 - fpc <unfixed>
125 - winff <unfixed>
126 NOTE: inherited from fpc, see #472304
127 - lazarus <unfixed>
128 NOTE: inherited from fpc, see #472304
129 - erlang <unfixed> (embed)
130 - gamera 3.2.3-1 (embed)
131 - python2.4 <unfixed> (embed; bug #553403)
132 - python2.5 <unfixed> (embed; bug #553403)
133
134 dulwich
135 - hg-git 0.1.0-1 (embed; bug #541996)
136
137 libvigraimpex
138 - hugin <unfixed> (embed; bug #542259)
139 - enblend-enfuse <unfixed> (embed; bug #542258)
140 - gamera 3.2.3-1 (embed)
141
142 libbz2
143 - dpkg <unfixed> (static)
144
145 libgadu
146 - centerim <unfixed> (embed; bug #559783)
147 - pidgin <not-affected> (links dynamically since initial release; fixed in gaim)
148 - gaim 1:2.0.0+beta3-3 (embed; bug #360280)
149 - kdenetwork 4:3.3.2-5 (embed)
150 NOTE: from kdenetwork: kopete
151 - ekg 1:1.8~rc0-1 (embed)
152 - kadu 0.6.0.2-3 (embed; bug #504430)
153 - gadu <itp> (embed)
154
155 xmlrpc (which package is the "origin" of this code?)
156 - drupal <unfixed> (embed)
157 - phpgroupware <unfixed> (embed)
158 - egroupware <unfixed> (embed)
159 - phpwiki <unfixed> (embed)
160 - php4 <unfixed> (embed)
161 TODO: check, php-pear, IIRC this was reorganized some weeks ago?
162
163 shtool (affects build-time only)
164 - mysql-ocaml <unfixed> (embed)
165 - php4 <unfixed> (embed)
166
167 xulrunner
168 - iceape <unfixed> (embed; bug #561749)
169 - iceweasel 2.0.0.19 (embed)
170 - icedove <unfixed> (embed; bug #561750)
171 - kompozer <unfixed> (embed; bug #532168)
172 - galeon 2.0.2-4 (embed)
173 - epiphany-browser 2.14.3-8 (embed)
174 - conkeror 0.9~git080629-2 (embed)
175 - kazehakase 0.4.2-1 (embed)
176
177 xli
178 - xloadimage <unfixed> (embed)
179
180 lesstif (beware: two different lesstif APIs supported in one package, MOTIF 1.2 discarded upstream)
181 - openmotif <unfixed> (embed)
182 - libxpm <unfixed> (embed)
183
184 kerberized apps with BSD origin
185 - krb4 <removed> (embed)
186 - krb5 <unfixed> (embed)
187 - heimdal <unfixed> (embed)
188
189 grip (which pkg is the origin?)
190 - libcdaudio <unfixed>
191 - grip <unfixed>
192 - gnome-vfs <unfixed>
193 TODO: check vfs2 as well
194
195 fudforum
196 [etch] - phpgroupware <unfixed> (embed)
197 NOTE: phpgroupware-fudforum
198 [sarge] - egroupware-fudforum <removed> (embed)
199
200 libbsd
201 - rdate 1:1.2-3 (embed)
202 - atheme-services <unfixed>
203 - libbsd-arc4random-perl <unfixed>
204 - isakmpd <unfixed>
205 - bsdgames <unfixed> (embed)
206 - bsd-mailx <unfixed> (embed)
207 - netcat-openbsd <unfixed> (embed; bug #550611)
208 - openssh <unfixed> (embed)
209 - unworkable <unfixed> (embed)
210
211 cvs
212 - gcvs <unfixed> (embed)
213 NOTE: see cvsunix/src in tarball
214
215 pcre3
216 - php4 <unknown> (embed)
217 - analog 2:5.23-0woody1 (embed)
218 - goffice <unfixed> (embed)
219 NOTE: libgoffice-*
220 - vfu 4.06-4.1 (embed; bug #450754)
221 - tf5 5.0beta7-1 (embed)
222 - monotone 0.43-1 (embed)
223 NOTE: this only affects versions >= 0.37
224 - glib2.0 2.15.2-1 (embed)
225 - apache2 2.0.53-4 (embed)
226 - exim4 4.10-0.srh20.12 (embed)
227 - yacas <unfixed> (embed)
228 NOTE: <= 1.0.x; is using pcre to scan text, can execute shell commands via the syntax anyway
229 - gtamsanalyzer.app 0.42-5 (embed)
230 - tin 980117-1 (embed)
231 - kazehakase 0.5.2-1
232 - webkit 1.0.1-1 (embed)
233 - qt4-x11 <unfixed> (embed)
234 NOTE: embedded via webkit copy
235 - erlang <unfixed> (embed)
236 - ssed <unfixed> (embed)
237
238 tiff
239 - wxwindows2.4 2.2.1 (embed)
240 - gamera 3.2.3-1 (embed)
241
242 uudeview
243 - libconvert-uulib-perl <unfixed> (embed)
244 - pan <unfixed> (embed)
245
246 sqlite (not affected by security vulnerabilities so far)
247 - amarok <unfixed> (embed)
248 - monotone 0.43-1 (embed)
249 - iceweasel <unfixed> (embed)
250 - heimdal <unfixed> (embed; bug #559616)
251
252 util-linux/mount
253 - loop-aes-utils <unfixed> (embed)
254 NOTE: contains code from util-linux' mount in the mount-aes-udeb
255
256 sylpheed
257 - sylpheed-claws <unfixed> (fork)
258
259 phpsysinfo
260 - egroupware <unfixed> (embed)
261 - phpgroupware <unfixed> (embed)
262
263 phpldapadmin
264 [sarge] - egroupware <unfixed> (embed)
265 NOTE: removed from egroupware after sarge
266
267 chmlib
268 - kchmviewer <unknown> (embed)
269
270 ffmpeg (libavcodec/libavformat)
271 - mplayer 1.0~rc2-14 (embed; bug #395252)
272 - kino 1.0.0-1
273 - vlc <not-affected> (Links dynamically since initial release)
274 - smilutils 0.3.0-10
275 NOTE: smilutils likely fixed earlier, marking Etch's version as fixed
276 - motion 3.1.19-1
277 - gstreamer0.10-ffmpeg 0.10.3-2
278 - xmovie <removed> (static)
279 TODO: gimp-gap (potentially using ffmpeg code as well)
280 - avifile 1:0.7.48~20090503.ds-1 (embed; bug #538750)
281 - audacity 1.3.7-2 (embed; bug #512278)
282
283 faad2
284 - mplayer 1.0~rc2-20 (embed)
285 - avifile <unfixed> (embed; bug #538750)
286 - ffmpeg-debian <removed> (old-version)
287
288 libmad (MPEG decoding lib)
289 - xine-lib <unfixed> (embed)
290 - avifile 1:0.7.48~20090503.ds-1 (embed) [./plugins/libmad/*]
291 TODO: check ocaml-mad, madplay, pymad, xmms-mad, xmms2
292
293 libdts
294 - xine-lib <unfixed> (embed)
295
296 flac
297 - xine-lib <unfixed> (embed)
298
299 liba52
300 - a52dec <unfixed> (embed)
301 - xine-lib <unfixed> (embed)
302
303 libmpeg2
304 - mpeg2dec <unfixed> (embed)
305 - xine-lib <unfixed> (embed)
306
307 libntlm
308 - wget <unfixed> (fork; bug #550436)
309 - curl <unfixed> (fork; bug #550437)
310 - cntlm <unfixed> (fork; bug #550438)
311
312 uw-imap
313 - pine <unfixed> (embed)
314 - alpine <unfixed> (embed)
315
316 imagemagick
317 - graphicsmagick <unfixed> (fork)
318
319 python-urlgrabber
320 - mercurial <unfixed> (embed; bug #531062)
321 - w3af <unfixed> (embed; bug #555372)
322 [experimental] - harvestman <unfixed> (embed; bug #555373)
323
324 beautifulsoup
325 - python-mechanize <unfixed> (embed; bug #555349)
326 - zope2.11 <unfixed> (embed; bug #555350)
327 - twill <unknown> (embed)
328
329 halibut
330 - nsis <unfixed> (fork)
331
332 libghttp
333 - hotway <unfixed> (embed)
334
335 libsndfile
336 - ardour 1:2.7.1-1 (embed)
337
338 glibmm2.4
339 - ardour 1:2.7.1-1 (embed)
340
341 libgnomecanvasmm2.6
342 - ardour 1:2.7.1-1 (embed)
343
344 libsigc++-2.0
345 - ardour 1:2.7.1-1 (embed)
346
347 soundtouch
348 - ardour 1:2.7.1-1 (embed)
349
350 libmms
351 - xine-lib <unfixed> (embed)
352 - mimms <unfixed> (embed)
353
354 fckeditor
355 - knowledgeroot 0.9.8.5-3 (embed; bug #461555)
356 - moin 1.8.2-2 (embed; bug #452599)
357 - karrigell <removed> (embed; bug #452598)
358 - gforge 4.6.99+svn6225-1 (embed)
359 - request-tracker3.8 <unfixed> (embed)
360 - otrs2 <unfixed> (embed)
361
362 ipatlas (not packaged in Debian)
363 - moodle <unfixed> (embed; bug #507185)
364
365 libphp-phpmailer
366 - moodle <unfixed> (embed; bug #507185)
367 - mahara <unfixed> (embed)
368 - symfony <unfixed> (embed)
369 [etch] - phpgroupware <unfixed> (embed)
370 NOTE: phpgroupware-felamimail is only in etch
371 - egroupware <unfixed> (embed; bug #504283)
372 - glpi <unfixed>
373
374 htmlArea (not packaged in Debian)
375 - moodle <unfixed> (embed)
376
377 giflib
378 - wine <unfixed> (embed; bug #466181)
379
380 bennu (not packaged in Debian, http://bennu.sourceforge.net)
381 - moodle <unfixed> (embed)
382
383 smarty
384 - moodle 1.8.2-2 (embed; bug #471158)
385 - gallery2 2.2.5-2 (embed; bug #471160)
386 - mahara 0.9.2-2 (embed; bug #471201)
387 - gosa 2.4beta1-1 (embed; bug #471200)
388
389 TinyMCE
390 - wordpress 2.5.1-3 (embed; bug #478257)
391 - moodle <unfixed> (embed; bug #507185)
392 - knowledgeroot <unfixed> (embed)
393 - joomla <itp> (bug #326398)
394
395 scintilla (upstream provides static lib, rejected shared lib http://sf.net/support/tracker.php?aid=2488121)
396 - scite <unfixed> (embed)
397 - qscintilla <unfixed> (embed)
398 - qscintilla2 <unfixed> (embed)
399 - geany <unfixed> (fork)
400 - anjuta <unfixed> (embed)
401
402 libphp-adodb
403 - moodle <unfixed> (embed; bug #507185)
404 NOTE: also AdoDB-XML Schema
405 - gallery2 <unfixed> (embed)
406 - phppgadmin <unfixed> (embed)
407 - egroupware <unfixed> (embed)
408 - phpwiki <unfixed> (embed)
409 - torrentflux 2.0beta1-2 (embed)
410 - ipplan <unfixed> (embed)
411 - typo3-src <unfixed> (embed)
412 - cacti <unknown> (embed)
413 [sarge] - cacti <unfixed> (embed)
414 NOTE: dependency exists, but internal version is used
415 - gforge 4.7~rc2-6 (embed)
416 - mahara <unfixed> (embed)
417
418 gzip
419 - linux-kernel <unfixed> (embed)
420 NOTE: lib/inflate.c
421 - klibc <unfixed> (embed)
422 NOTE: based on linux-kernel gzip code
423 - busybox <unfixed> (embed)
424
425 neon
426 - cadaver 0.22.3+debian-1 (embed; bug #188381)
427 - gnome-vfs2 <unfixed> (embed; bug #395874)
428 [etch] - litmus <unfixed> (embed; #395875)
429 - litmus <removed> (embed; #395875)
430 [sarge] - screem <unfixed> (embed)
431 - sitecopy 1:0.16.0-1 (embed; bug #395876)
432 [etch] - tla <unfixed> (embed; bug #395877)
433 [sarge] - tla <unfixed> (embed; bug #395877)
434
435 libmodplug
436 - gst-plugins-bad0.10 <unfixed> (embed)
437
438 libvncserver
439 - vino <unfixed> (embed)
440
441 putty
442 - filezilla <unfixed> (embed)
443
444 tinyxml (not packaged in Debian; itp bug #531968)
445 - filezilla <unfixed>
446 - crystalspace <unfixed> (embed)
447 - libwfut <unfixed> (embed)
448 - rarian <unfixed> (embed)
449 - bulletml <unfixed> (embed)
450 - pokerth <unfixed> (embed)
451 - qutecom <unfixed> (embed)
452 - sofa-framework <unfixed> (embed)
453 - yate <unfixed> (embed)
454 - antigrav <unfixed> (embed)
455 - balder2d <unfixed> (embed)
456 - cal3d <unfixed> (embed)
457 - criticalmass <unfixed> (embed)
458 - ember <unfixed> (embed)
459 - epiphany <unfixed> (embed)
460 - gambit <unfixed> (embed)
461 - noiz2sa <unfixed> (embed)
462 - ogre <unfixed> (embed)
463 - opencity <unfixed> (embed)
464 - openmovieeditor <unfixed> (embed)
465 - pouetchess <unfixed> (embed)
466 - tecnoballz <unfixed> (embed)
467 - trigger-rally <unfixed> (embed)
468 - xmoto <unfixed> (embed)
469 - mapnik <unknown> (embed)
470 NOTE: uses a different XML parser by default
471 - rrootage 0.23a-6 <embed>
472 NOTE: links to libbulltetml
473 - boson <unknown> (embed)
474 NOTE: the embedded code is unused
475
476 gv
477 - evince <unfixed> (embed)
478 NOTE: ps/ tree from gv 3.5.8
479 NOTE: evince-gtk is affected (a component of evince source package)
480
481 libXbae
482 - paw <removed> (embed)
483 [etch] - paw <unfixed> (embed)
484
485 libgtkhtml
486 - claws-mail-extra-plugins <unfixed> (fork)
487
488 libXaw
489 - paw <removed> (embed)
490 [etch] - paw <unfixed> (embed)
491 NOTE: I plan to deal with the above two cases after Etch release. -- KevinMcCarty
492
493 libgd2
494 - graphviz <unfixed> (embed)
495 NOTE: lib/gd seems to be 2.0.33
496 - wml <unfixed> (embed)
497 - libwmf <unfixed> (embed)
498 NOTE: derived from gd 1.6.3
499
500 rar
501 - unrar-nonfree <unfixed> (embed)
502
503 unrar-free (maybe this code is derived from the original rar, too?)
504 - clamav <unfixed> (embed)
505 NOTE: seems to be disabled in default config
506
507 mplayer (DirectMedia Object loader)
508 - xine-lib <unfixed> (embed)
509 NOTE: src/libw32dll/
510 - vlc <unfixed> (embed)
511 NOTE: modules/codec/dmo/
512 - mplayer 1.0~rc2-20 (embed)
513
514 libwpd (WordPerfect converter)
515 - openoffice.org <unfixed> (embed)
516
517 fsplib (http://sourceforge.net/projects/fsp/)
518 - gftp <unfixed> (embed)
519 NOTE: lib/fsplib version 0.3
520
521 sprng
522 - tree-puzzle <unfixed> (embed)
523
524 librpcsecgss
525 - krb5 <unfixed> (embed)
526
527 jasper
528 - ghostscript 8.64~dfsg-2 (embed)
529
530 libiris
531 - psi <unfixed> (embed)
532 - kdenetwork <unfixed> (embed)
533 NOTE: kopete embeds libiris but links dynamically to libidn
534 - kdegames <unfixed> (embed)
535 NOTE: ksirk/kde4
536
537 libidn
538 - monotone 0.43-1 (embed)
539 - psi <unfixed> (embed)
540 NOTE: psi embeds libiris which embeds libidn
541 - kdegames <unfixed> (embed)
542 NOTE: kdegames/kde4 embeds libiris which embeds libidn
543
544 lua5.1
545 - monotone 0.43-1 (embed)
546 - nmap 5.00-1 (embed; bug #527997)
547 [lenny] - nmap <unfixed> (embed; bug #527997)
548 - ocropus <unfixed> (embed)
549 - enigma <unfixed> (embed)
550 NOTE: requires lua built with C++
551 - freeciv <unfixed> (embed)
552 - spring <unfixed> (embed)
553
554 libbotan
555 - monotone 0.43-1 (embed)
556
557 NetXX
558 - monotone 0.43-1 (embed)
559
560 libgc
561 - mono <unfixed> (embed)
562
563 lzma
564 - p7zip <unfixed> (embed)
565 - xz-utils <unfixed> (fork)
566
567 lzo
568 - grub2 <unfixed> (embed)
569
570 yassl
571 - mysql-dfsg-5.0 <unfixed> (embed)
572
573 pax code
574 - tar <unfixed> (embed)
575 - cpio <unfixed> (embed)
576
577 t1lib
578 - tetex-bin 2.0.2-1 (embed)
579 - texlive-bin <unknown> (embed)
580
581 guichan
582 - boswars <unfixed> (embed)
583 NOTE: maintainer notified us, working on it
584
585 tolua
586 - boswars <unfixed> (embed)
587 NOTE: maintainer notified us, working on it
588 NOTE: actually tolua++
589 - ocropus <unfixed> (embed)
590 NOTE: actually tolua++
591 - freeciv <unfixed> (embed)
592 NOTE: actually tolua++
593 - enigma <unfixed> (embed)
594
595 asio-dev
596 - luxrender <removed> (embed)
597
598 xine-lib
599 - vlc <unfixed> (embed)
600 NOTE: only parts included in modules/access/rtsp
601
602 netpbm
603 - tcl8.3 <unfixed> (embed)
604 - tcl8.4 <unfixed> (embed)
605 - tcl8.5 <unfixed> (embed)
606 NOTE: generic/tkImgGIF.c
607
608 tk8.5
609 - tk8.0 <removed> (old-version)
610 - tk8.3 <unfixed> (old-version)
611 - tk8.4 <unfixed> (old-version)
612 - perl-tk <unfixable> (fork)
613
614 samba
615 - mc 2:4.6.2~git20080311-1 (embed)
616 NOTE: maintainer is aware of this, currently searching a solution
617
618 plib1.8.4c2
619 - boson <unfixed> (fork)
620 NOTE: embedding the font pieces of plib, based on the header file it is forked, contains "Added by AB for boson." and similar
621
622 fribidi
623 - quesoglc <unfixed> (embed)
624 NOTE: compiled against system fribidi in Debian - embed only used when fribidi is not available on the system
625
626 glew
627 - quesoglc <unfixed> (embed; bug #489341)
628 NOTE: waiting on GLEW_MX version of glew (see bug #474488)
629 - trigger <unfixed> (embed)
630 NOTE: http://lists.debian.org/debian-devel-games/2009/12/msg00007.html
631 - trigger-rally <unfixed> (embed)
632 NOTE: http://lists.debian.org/debian-devel-games/2009/12/msg00007.html
633
634 minorGems (pabs contacted upstream about shared lib, he considers minorGems an 'ever-evolving collection of reusable code fragments' for his own use)
635 - transcend <unfixed> (embed)
636 - cultivation <unfixed> (embed)
637 - passage <unfixed> (embed)
638 - gravitation <unfixed> (embed)
639
640 tar
641 - libarchive <unfixed> (embed)
642 NOTE: FreeBSD tar (tar/bsdtar.c) in libarchive 1.2 and higher. libarchive ends up statically linked into bsdtar executable
643
644 cpio
645 - libarchive <unfixed> (embed)
646 NOTE: cpio included in libarchive 2.2 and higher, but not compiled until libarchive 2.4.11-1 (as bsdcpio package)
647
648 webkit
649 - qt4-x11 <unfixed> (embed; bug #479851)
650 [etch] - qt4-x11 <not-affected> (webkit support introduced in version 4.4)
651 [lenny] - qt4-x11 <not-affected> (webkit support introduced in version 4.4)
652 - kdelibs <unfixed> (old-version)
653 - kde4libs <unfixed> (fork)
654
655 ftgl
656 - blender 2.46+dfsg-1 (embed)
657
658 wv
659 - abiword <unfixed>
660
661 qemu
662 - kvm <unfixed> (embed; bug #543159)
663 NOTE: the kvm package will be removed from sid and squeeze soon (after
664 NOTE: which it will only be in experimental). superceded by qemu-kvm.
665 - qemu-kvm <unfixed> (embed; bug #560853)
666 - xen-3 3.4.2-2 (embed; bug #560856)
667 - xen-unstable <unfixed> (embed; bug #560856)
668
669 vgabios
670 - kvm <unfixed> (embed; bug #489442)
671
672 bochs
673 - kvm <unfixed> (embed; bug #489442)
674
675 speex
676 - vorbis-tools <unfixed> (embed)
677 NOTE: while comiled against libspeex-dev, ogg123/speex_format.c is compiled with embedded code copied from speexdec.c
678 - gst-plugins-good0.10 <unfixed> (embed)
679 - xine-lib <unfixed> (embed)
680 - libfishsound <unfixed> (embed)
681 - libannodex <removed> (embed)
682 - vlc <unfixed> (embed)
683 - xmms-speex <unfixed> (embed)
684 - libsdl-sound1.2 <unfixed> (embed)
685 - sweep <unfixed> (embed)
686
687 libreadline
688 - magic <itp> (old-version)
689
690 opcode
691 - ode <unfixed> (embed)
692 NOTE: opcode is not a package in debian, it is just embedded
693 NOTE: http://www.codercorner.com/Opcode.htm
694
695 gimpact
696 - ode <unfixed> (embed)
697 NOTE: gimpact is not a package in debian, it is just embedded
698 NOTE: http://gimpact.sf.net
699
700 mochikit
701 - mahara <unfixed> (embed)
702 NOTE: they require extra patches, still unmerged upstream
703 - ntop <unfixed> (embed)
704 - coherence 0.6.2-1 (embed)
705 - paste <unfixed> (embed)
706 - turbogears <unfixed> (embed)
707 - plone3 <unfixed> (embed)
708 - xulrunner <unfixed> (embed)
709 - libjifty-plugin-chart-perl <unfixed> (embed)
710 - sabnzbdplus <unfixed> (embed)
711 - tgmochikit <unfixed> (embed)
712
713 prototypejs
714 - netbeans-ide 6.0.1+dfsg-2 (embed)
715 - auth2db 0.2.5-2+dfsg-1 (embed; bug #555218)
716 - webcit <unfixed> (embed; bug #555219)
717 - asterisk 1:1.6.2.0~rc3-1 (embed)
718 - libjson-ruby 1.1.4-1 (embed; bug #555224)
719 - lucene2 2.9.1+ds1-2 (embed; bug #555226)
720 - horde3 <unfixed> (embed)
721 - knowledgeroot <unfixed> (embed; bug #555230)
722 - mediatomb <unfixed> (embed; bug #555233)
723 - mt-daapd 0.9~r1696.dfsg-6lenny2 (embed)
724 - ebug-http <removed> (embed; bug #555236)
725 - libaws 2.7-1 (embed; bug #555222)
726 - phpgedview <removed> (embed)
727 - poker-network <removed> (embed; bug #555238)
728 - rails 2.1.0-6 (embed)
729 - wordpress 2.5.0-2 (embed; bug #555243)
730 - zope <not-affected> (the prototypejs embed is not in any of the obvious zope packages, e.g. zope2.9, zope2.10, zope2.11, and zope3)
731 TODO: search through all of the other zope packages
732 - ampache 3.4.1-2 (embed)
733 - exaile 0.2.14+debian-2.1 (embed; bug #555245)
734 - hobix 0.5~svn20070319-4 (embed; bug #555247)
735 - zabbix 1.6.6-4 (embed; bug #555250)
736 - chora2 <unfixed> (embed; bug #555253)
737 - gollem <unfixed> (embed; bug # 555254)
738 - jscropperui 1.2.1-1 (embed; bug #555257)
739 - scriptaculous <not-affected> (uses system prototype.js since initial upload; bug #555260)
740 - ingo1 <unfixed> (embed; bug #555261)
741 - kronolith2 <unfixed> (embed; bug #555262)
742 - activeldap <unfixed> (embed)
743 - libv8 <not-affected> (contains a google-specific implementation of prototype.js)
744 - mantis <unfixed> (embed; bug #555265)
745 - otrs2 2.3.4-6 (embed; bug #555267)
746 - webcalendar <unfixed> (embed; bug #555269)
747 - redmine 0.9.0~svn2907-1 (embed; bug #555270)
748 - jifty 0.90519-1 (embed; bug #555271)
749 - jquery <unfixed> (embed; bug #555272)
750 - passenger 2.2.5debian1-1 (embed; bug #555273)
751 - plone3 <unfixed> (embed; bug #555275)
752 - wesnoth <not-affected> (prototype.js not included in any of the binary packages; bug #555277)
753 - libhtml-prototype-perl 1.48-3 (embed; bug #538920)
754 - xulrunner <unfixed> (embed)
755 NOTE: included in iceweasel/xulrunner unit tests directory, so may not be security-relevant
756
757 gdb
758 - insight <unfixed> (embed)
759
760 e2fsprogs
761 - ldiskfsprogs <unfixable> (fork)
762
763 quazip (not packaged in Debian)
764 - qcake <unfixed> (embed)
765 NOTE: starting with upstream version 0.6.4
766
767 exo
768 - pcmanfm <unfixed> (embed; bug #499677)
769 NOTE: slightly modified source code
770
771 java
772 - openjdk-6 <unfixed>
773 - sun-java5 <unfixed>
774 - sun-java6 <unfixed>
775
776 libphp-snoopy
777 - ampache 3.4.1-2 (embed; bug #504169)
778 - gforge 4.6.99+svn6094-2 (embed)
779 - mahara 1.0.5-2 (embed; bug #504170)
780 - pixelpost 1.7.1-5 (embed; bug #504171)
781 - mediamate 0.9.3.6-5 (embed; bug #504172)
782 - opendb <removed> (embed; bug #504173)
783 [etch] - opendb <unfixed> (embed; bug #504173)
784 - wordpress 2.5.1-9 (embed; bug #443948)
785 - moodle <unfixed> (embed; bug #507185)
786 [etch] - phpgroupware <unfixed> (embed)
787 NOTE: phpgroupware-felamimail
788 - magpierss 0.72-3 (embed; bug #431089)
789
790 jquery
791 - zekr <unfixed> (embed)
792 - wordpress <unknown> (embed)
793 - yocto-reader <unfixed> (embed)
794 - textpattern <unfixed> (embed)
795 - genshi 0.5.1-1 (embed)
796 NOTE: compressed file under examples/ dir
797 - prewikka <unfixed> (embed)
798 - libramaze-ruby <unfixed> (embed)
799 - drupal5 <unfixed> (embed)
800 - b2evolution <unfixed> (embed)
801 - wesnoth <unfixed> (embed)
802
803 tablesorter (jquery plugin, not packaged yet)
804 - wesnoth <unfixed> (embed)
805
806 kses
807 - wordpress <unfixed> (embed; bug #504242)
808 NOTE: their copy has all methods renamed to wp_<foo>
809 NOTE: kses isn't in Debian, RFP: #504240
810 - moodle <unfixed> (embed; bug #507185)
811 - egroupware <unfixed> (embed)
812
813 magpierss
814 - wordpress <unfixed> (embed; bug #504242)
815 - moodle <unfixed>
816
817 php-gettext
818 - wordpress 2.8.4-1 (embed; bug #504242)
819 - docbookwiki <unfixed> (embed)
820 NOTE: non-free
821
822 libphp-ixr (name may change, it is the Incutio XML-RPC)
823 - wordpress <unfixed> (embed; bug #504242)
824 NOTE: libphp-ixr isn't in Debian, RFP: #504236
825 - dokuwiki <unfixed> (embed)
826 - textpattern <unfixed> (embed)
827
828 libphp-cas
829 - glpi <unfixed> (embed)
830 - moodle <unfixed> (embed; bug #505984)
831
832 scriptaculous (prototype.js is among the embeds in the following)
833 - glpi <unfixed> (embed)
834 - libaws <unfixed> (embed; bug #555222)
835 - op-panel <unfixed> (embed)
836 - symfony <unfixed> (embed)
837 NOTE: maintainer says there are extra incompatible changes required
838 - pixelpost 1.7.1-6 (embed)
839 - webhelpers <unfixed> (embed)
840 - qwik <removed> (embed; bug #555241)
841 - smokeping <unfixed> (embed)
842 - turba2 <unfixed> (embed)
843 - typo3-src 4.2.3-1 (embed)
844 - request-tracker3.6 <unfixed> (embed)
845 - request-tracker3.8 <unfixed> (embed)
846 - rt-extension-emailcompletion <not-affected> (prototype.js not included in the binary package)
847 - wordpress 2.5.0-2 (embed)
848 - libhtml-prototype-perl 1.48-3 (embed)
849
850 libmarkdown-php
851 - moodle <unfixed> (embed; bug #507185)
852 - pixelpost 1.7.1-6 (embed)
853
854 php-openid
855 - wordpress-openid <itp> (embed)
856
857 geshi
858 - dokuwiki 0.0.20080505-3.1 (embed)
859 - pgfouine 1.0-1.1 (embed)
860 - websvn 2.1.0-1 (embed)
861
862 webcalendar
863 - gforge 4.7~rc2-6 (embed; bug #504758)
864
865 libical
866 - kdepim <unknown> (fork)
867 NOTE: fixed at some point during 4.0
868 - kdepimlibs 4.2.0-1 (fork)
869 - claws-mail-extra-plugins <unfixed> (fork)
870
871 libltdl3
872 - kdelibs <unfixed> (embed)
873 NOTE: it's been said it sets RT_GLOBAL (or something like that) at runtime and version in experimental of libltdl can optionally set it
874 - synfig <unfixed> (embed)
875
876 harfbuzz
877 - qt4-x11 <unfixed> (embed)
878 - pango1.0 <unfixed> (embed)
879 - fontmatrix <unfixed> (embed)
880
881 libzip
882 - php5 <unfixable> (modified-embed)
883 - odt2txt <unfixed> (embed; bug #523808)
884
885 json.php (not packaged; should be replaced with php's built-in functions)
886 - moodle <unfixed>
887 - yui <unfixed>
888 - gallery2 <unfixed>
889 - dokuwiki <unfixed>
890 - typo3-src <unfixed>
891
892 php-fpdf
893 - tcpdf <itp> (fork)
894 - moodle <unfixed>
895 - phpwiki <unfixed>
896 - egroupware <unfixed>
897 - ldap-account-manager <unfixed> (fork)
898
899 tcpdf (itp: #495985)
900 - moodle <unfixed>
901 - phpmyadmin <unfixed>
902
903 typo3
904 - moodle <unfixed>
905
906 spreadsheet_writeexcel (PHP port of libspreadsheet-writeexcel-perl; itp: #487557)
907 - moodle <unfixed>
908 - gosa <unfixed>
909
910 php-ole (itp: #487558)
911 - moodle <unfixed>
912
913 pieforms (http://www.catalyst.net.nz)
914 - mahara <unfixed>
915
916 savant2 (http://phpsavant.com)
917 - egroupware <unfixed>
918
919 rssparser (http://nwow.org)
920 - egroupware <unfixed>
921 - phpgroupware <unfixed>
922
923 lcms
924 - openjdk-6 <unfixed> (fork)
925
926 libphp-phplayersmenu
927 - diogenes <unfixed>
928 - phpldapadmin <unfixed>
929
930 libphp-pclzip
931 - docvert <unfixed>
932 - moodle <unfixed>
933 - egroupware <unfixed>
934
935 libphp-simplepie
936 - dokuwiki <unfixed>
937 - wordpress <unfixed>
938
939 libphp-jpgraph
940 - egroupware <unfixed>
941
942 php-simpletest
943 - moodle <unfixed>
944
945 libpng
946 - iceweasel <not-affected> (uses xulrunner)
947 - icedove 1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1, 2.0.0.19-1 (embed)
948 - iceape 1.0.13~pre080614i-0etch1 (embed)
949 - xulrunner 1.9.0.13-1 (embed)
950 [lenny] - xulrunner 1.9.0.11-0lenny1
951 [etch] - xulrunner 1.8.0.15~pre080614i-0etch1 (embed)
952 - gamera 3.2.3-1 (embed)
953
954 irssi
955 - silc-client <unfixed> (embed)
956 NOTE: Seems to be a pre-0.8.12 version that is used in irssi-plugin-silc
957
958 extc
959 - mtasc <unfixed> (embed)
960 - haxe <unfixed> (embed)
961
962 swflib
963 - mtasc <unfixed> (embed)
964 - haxe <unfixed> (embed)
965
966 libitext-java
967 - bouncycastle 2.1.4-1 (embed)
968
969 python-ply
970 - pyke <unfixed> (embed; bug #555363)
971 - pywbem 0.7.0-4 (embed; bug #555364)
972 - sepolgen <unfixed> (embed; bug #555365)
973 - zope-textindexng3 <unknown> (embed)
974 - iceweasel <not-affected> (uses xulrunner)
975 - xulrunner <unknown> (embed)
976 - wireshark <not-affected> (python-ply modules are not installed into binary packages; see #554613)
977
978 libdumbnet (libdnet upstream)
979 - nmap <unfixed> (fork)
980
981 gcc-4.4
982 - gcc-mingw32 <unfixed> (embed)
983
984 camlimages
985 - advi <unfixed> (static; bug #550441)
986
987 memcached
988 - memcachedb <unfixed> (embed)
989
990 yajl
991 - argyll <unfixed> (embed; bug #544223)
992 NOTE: reference, confirmed by build logs: http://lists.debian.org/debian-mentors/2009/08/msg00062.html
993
994 nusoap
995 - gforge 4.8.2-1 (embed)
996 - ampache <unfixed> (embed)
997 - poker-network <unfixed> (old-version)
998 - moodle <unfixed> (old-version)
999 NOTE: code is not used when running under php5 and soap is enabled
1000 - phpwiki <unfixed> (old-version)
1001 - gallery2 <unfixed> (old-version)
1002 - typo3-src <unfixed> (old-version)
1003
1004 libept
1005 - adept <unfixed> (embed; bug #540649)
1006
1007 libvorbis
1008 - iceweasel <not-affected> (uses xulrunner)
1009 - xulrunner <unfixed> (embed; bug #540959)
1010 [etch] - xulrunner <not-affected> (introduced in firefox 3.5)
1011 [lenny] - xulrunner <not-affected> (introduced in firefox 3.5)
1012 - iceape <unfixed> (embed)
1013 [etch] - iceape <not-affected> (introduced in 2.0)
1014 [lenny] - iceape <not-affected> (introduced in 2.0)
1015
1016 cairo
1017 - iceweasel <not-affected> (uses xulrunner)
1018 - xulrunner 1.8.0.15~pre080614i-0etch1 (embed)
1019
1020 liboggz
1021 - iceweasel <not-affected> (uses xulrunner)
1022 - xulrunner <unfixed> (embed; bug #540959)
1023 [etch] - xulrunner <not-affected> (introduced in firefox 3.5)
1024 [lenny] - xulrunner <not-affected> (introduced in firefox 3.5)
1025 - iceape <unfixed> (embed)
1026 [etch] - iceape <not-affected> (introduced in 2.0)
1027 [lenny] - iceape <not-affected> (introduced in 2.0)
1028
1029 liboggplay
1030 - iceweasel <not-affected> (uses xulrunner)
1031 - xulrunner <unfixed> (embed; bug #540959)
1032 [etch] - xulrunner <not-affected> (introduced in firefox 3.5)
1033 [lenny] - xulrunner <not-affected> (introduced in firefox 3.5)
1034 - iceape <unfixed> (embed)
1035 [etch] - iceape <not-affected> (introduced in 2.0)
1036 [lenny] - iceape <not-affected> (introduced in 2.0)
1037
1038 php-net-dnsbl
1039 - serendipity <unfixed> (embed; bug #541740)
1040
1041 php-onyx-rss
1042 - serendipity <unfixed> (embed; bug #541740)
1043
1044 php-text-wiki
1045 - serendipity <unfixed> (embed; bug #541740)
1046
1047 php-xml-rpc
1048 - serendipity <unfixed> (embed; bug #541740)
1049
1050 polarssl (does not have a shared library)
1051 - pdkim <itp> (embed; bug #543150)
1052 - xyssl <unfixed> (old-version)
1053
1054 pidgin
1055 - gaim <removed> (old-version)
1056 - qutecom <unfixed> (embed; bug #559785)
1057
1058 icu
1059 - webkit 1.0.1-1 (embed; bug #547214)
1060 - texlive-bin <unfixed> (fork)
1061 NOTE: texlive upstream working with icu upstream to merge their changes
1062
1063 cyrus-imapd-2.2
1064 - kolab-cyrus-imapd <unfixed> (fork)
1065 - dovecot 1:1.2.1-1 (embed) [/dovecot-sieve/src/libsieve/*]
1066
1067 python-cxx-dev
1068 - freecad 0.9.2646.3-1 (embed; bug #547936)
1069
1070 zipios++
1071 - freecad 0.9.2646.3-1 (embed; bug #547941)
1072 - enigma 0.92.3-3 (embed)
1073 NOTE: likely fixed earlier, marking etch's version as fixed
1074
1075 linux-2.6
1076 - kvm <removed> (embed; bug #549973) [./kernel/*]
1077 - linux-kbuild-2.6 <unfixed> (embed; bug #550379) [./kbuild/*]
1078 - kernel-source-2.6.8 <removed> (old-version)
1079 - kernel-source-2.4.27 <removed> (old-version)
1080 - kernel-source-2.4.24 <removed> (old-version)
1081 - kernel-source-2.2.25 <removed> (old-version)
1082 - kernel-source-2.2.20 <removed> (old-version)
1083
1084 libfdt (not yet packaged separately for debian; http://www.jdl.com/software/)
1085 - kvm <removed> (embed) [./libfdt/*]
1086 - qemu-kvm <unfixed> (embed) [./libfdt/*]
1087
1088 qweb (not packaged)
1089 - ajaxterm <unfixed>
1090
1091 opensaml2
1092 - opensaml <removed> (old-version)
1093
1094 shibboleth-sp2
1095 - shibboleth-sp <removed> (old-version)
1096
1097 tuxonice-userui
1098 - suspend2-userui <removed> (old-version)
1099
1100 expat
1101 - w3c-libwww <removed> (embed; bug #551941)
1102 [etch] - w3c-libwww <unfixed> (embed; bug #551941) [./modules/expat/*]
1103 - python-xml <unfixed> (embed; bug #551940) [./extensions/expat/*]
1104 - python2.5 <unfixable> (embed; bug #553403) [./Modules/expat/*]
1105 - python2.4 <unfixable> (embed; bug #553403)
1106 - python-4suite <unfixed> (embed; bug #516935)
1107 - wxwindows2.4 <removed> (embed)
1108 - wxwidgets2.6 2.6.3.2.2-4 (embed)
1109 - wxwidgets2.8 2.8.10.1-2 (embed)
1110 - celementtree 1.0.5-8 (embed)
1111 NOTE: Maybe that was fixed even earlier
1112 - audacity 1.3.2-1 (embed)
1113 - matanza <unfixed> (embed)
1114 - tdom 0.8.3~20080525-1 (embed)
1115 - udunits 2.1.8-4 (embed)
1116 - apr-util 1.2 (embed)
1117 - ayttm <unfxed> (embed; bug #561006)
1118 - cableswig <unfixed> (embed)
1119 - cadaver <unfixed> (embed)
1120 - cmake 2.6.0-6 (embed)
1121 - coin3 <unfixed> (embed)
1122 - gdcm 2.0.14-2 (embed)
1123 - ghostscript <unfixed> (embed)
1124 - grmonitor <removed> (embed)
1125 - iceape <unfixed> (embed)
1126 - insighttoolkit 3.16.0-1 (embed)
1127 NOTE: insighttoolkit might've been fixed earlier
1128 - libparagui1.1 1.0.2-1 (embed)
1129 - paraview <unfixed> (embed)
1130 - poco <unfixed> (embed)
1131 - simgear <unfixed> (embed)
1132 - sitecopy 1:0.16.0-1
1133 - smart 1.0-1 (embed)
1134 - swish-e <unfixed> (embed)
1135 - tla <unfixed> (embed)
1136 - vtk 4.1.20030227-1 (embed)
1137 - wbxml2 <unfixed> (embed)
1138 - xmlrpc-c <unfixed> (embed)
1139 - iceweasel <unfixed> (embed)
1140 - kompozer <unfixed> (embed)
1141 - vxl 1.13.0-2 (embed)
1142 - xulrunner <unfixed> (embed)
1143 - apache2 2.2 (embed)
1144 - texlive-bin <not-affected> (Embedded code not compiled in)
1145 - vnc4 <unfixed> (embed)
1146 - xotcl <unfixed> (embed)
1147
1148 xerces-c
1149 - xerces-c2 <unfixed> (old-version)
1150 - xerces27 <removed> (old-version)
1151
1152 md5 (RSA's version; not the gnu version provided by coreutils)
1153 - w3c-libwww <removed> (embed; bug #551942)
1154 [etch] - w3c-libwww <unfixed> (embed; bug #551942) [./modules/md5/*]
1155
1156 enet
1157 - sauerbraten <unfixed> (embed; #497194)
1158
1159 eglibc
1160 - glibc <removed> (old-version)
1161
1162 galib
1163 - gamera 3.2.3-1 (embed)
1164
1165 configobj
1166 - bzr <unfixed> (embed; bug #555336)
1167 - elisa <unfixed> (embed; bug #555337)
1168 - gaupol <unfixed> (embed; bug #555338)
1169 - ipython <unfixed> (embed; bug #555339)
1170 - pida <unfixed> (embed; bug #555340)
1171 - psychopy <unfixed> (embed; bug #555341)
1172 - rest2web <unfixed> (embed; bug #555342)
1173 - auth2db <unknown> (embed)
1174 - dynagen <unknown> (embed)
1175 - iceweasel <unknown> (embed)
1176 - sabnzbdplus <unknown> (embed)
1177 - xulrunner <unknown> (embed)
1178 - nipy <not-affected> (part of an example [/examples/neurospin/neurospy/configobj.py], which is not installed into binary packages)
1179
1180 python-clientform
1181 - bibus <unfixed> (embed; bug #555332)
1182 - zope2.10 <unfixed> (embed; bug #555333)
1183 - zope2.11 <unfixed> (embed; bug #555334)
1184 - python-mechanize <unknown> (embed)
1185 - twill <unknown> (embed)
1186
1187 python-mechanize
1188 - zope2.10 <unfixed> (embed; bug #555337)
1189 - zope2.11 <unfixed> (embed; bug #555338)
1190 - twill <unknown> (embed; bug #555339)
1191
1192 pexpect
1193 - duplicity 0.6.06-1 (embed; bug #555361)
1194 - hplip <unfixed> (embed; bug #555362)
1195 - smart <unfixed> (embed; bug #555363)
1196
1197 pyparsing
1198 - bauble <unfixed> (embed; bug #555366)
1199 - boa-constructor 0.6.1-8 (embed; bug #555367)
1200 - calibre <unfixed> (embed; bug #555368)
1201 - matplotlib <unfixed> (embed; bug #531024)
1202 - zhpy <unfixed> (embed; bug #555370)
1203 - polybori <unknown> (embed)
1204 - python-whoosh <unknown> (embed)
1205 - twill <unknown> (embed)
1206 - zope-textindexng3 <unknown> (embed)
1207
1208 python-pysqlite2
1209 - python2.4 <unfixed> (embed; bug #553403)
1210 - python2.5 <unfixed> (embed; bug #553403)
1211
1212 celementtree
1213 - python2.5 <unfixed> (embed)
1214 - smart 1.0-1 (embed)
1215 [etch] - smart <unfixed> (embed)
1216
1217 elementtree
1218 - python2.5 <unfixed> (embed)
1219 - bzr <unfixed> (embed; bug #555343)
1220 - gedit 2.28.2-1 (embed; bug #555344)
1221 - smart 1.0-1 (embed)
1222 [etch] - smart <unfixed> (embed)
1223 - solfege <unfixed> (embed; bug #555345)
1224 - w3af <unfixed> (embed; bug #555346)
1225 - python-qt4 <unknown> (embed)
1226 - sphinx <unknown> (embed)
1227 - python-nltk <itp> (embed)
1228
1229 python2.5
1230 - python2.4 <unfixed> (old-version)
1231 - jython <unfixed> (embed)
1232 NOTE: embeds many stdlib modules
1233 - python-django <unfixed> (embed; bug #555419)
1234 NOTE: embeds stdlib modules: doctest, decimal
1235 - gamera 3.2.3-1 (embed)
1236 NOTE: embeds stdlib modules: ConfigParser, optparse, sets, textwrap
1237 - boa-constructor <unfixed> (embed; bug #555426)
1238 NOTE: embeds stdlib modules: ConfigParser, tarfile, zipfile, xmlrpclib
1239 - nicotine <unfixed> (embed; bug #555427)
1240 NOTE: embeds stdlib modules: ConfigParser
1241 - museek+ <unfixed> (embed; bug #555428)
1242 NOTE: embeds stdlib modules: ConfigParser
1243 - vegastrike-data <unfixed> (embed)
1244 NOTE: embeds many stdlib modules
1245 - codespeak-lib 1.1.1-1 (embed; bug #555420)
1246 NOTE: embeds stdlib modules: doctest, optparse, subprocess, textwrap
1247 - config-manager <unfixed> (embed; bug #555423)
1248 NOTE: embeds stdlib modules: optparse
1249 - jhbuild 2.28.0-1 (embed; bug #555421)
1250 NOTE: embeds stdlib modules: optparse, subprocess
1251 - smart <unfixed> (embed; bug #555432)
1252 NOTE: embeds stdlib modules: optparse
1253 - pyprotocols 1.0a.svn20070625-5 (embed; bug #555433)
1254 NOTE: embeds stdlib modules: doctest
1255 - ruledispatch 0.5a.svn20080510-4 (embed; bug #555434)
1256 NOTE: embeds stdlib modules: doctest
1257 - distribute <unfixed> (embed)
1258 NOTE: embeds stdlib modules: doctest
1259 - python-setuptools <unfixed> (embed; bug #555435)
1260 NOTE: embeds stdlib modules: doctest
1261 - zope.testing <unfixed> (embed; bug #555436)
1262 NOTE: embeds stdlib modules: doctest
1263 - translate-toolkit <unfixed> (embed; bug #555422)
1264 NOTE: embeds stdlib modules: textwrap, contextlib
1265 - libtpclient-py <unfixed> (embed; bug #555424)
1266 NOTE: embeds stdlib modules: subprocess
1267 - grass <unfixed> (embed; bug #555425)
1268 NOTE: embeds stdlib modules: subprocess
1269 - coherence <unfixed> (embed; bug #555429)
1270 NOTE: embeds stdlib modules: uuid
1271 - python-django-extensions 0.4.2pre+git200911182050-1 (embed; bug #555430)
1272 NOTE: embeds stdlib modules: uuid
1273 - setroubleshoot <unfixed> (embed; bug #555431)
1274 NOTE: embeds stdlib modules: uuid
1275 - linkchecker <unfixed> (embed; bug #555414)
1276 NOTE: embeds msgfmt.py script
1277 - imdbpy <unfixed> (embed)
1278 NOTE: embeds msgfmt.py script
1279 - kiwi <unfixed> (embed)
1280 NOTE: embeds msgfmt.py script
1281 - moin <unfixed> (embed)
1282 NOTE: embeds msgfmt.py script, stdlib modules: cgitb, difflib, tarfile
1283 - plone3 <unfixed> (embed)
1284 NOTE: embeds msgfmt.py script
1285 - roundup <unfixed> (embed)
1286 NOTE: embeds msgfmt.py script, stdlib modules: cgitb
1287 - rednotebook <unfixed> (embed; bug #555415)
1288 NOTE: embeds msgfmt.py script
1289 - turbogears <unfixed> (embed)
1290 NOTE: embeds msgfmt.py script
1291 - elisa <unfixed> (embed)
1292 NOTE: embeds msgfmt.py script, stdlib modules: uuid
1293 - calibre <unfixed> (embed)
1294 NOTE: embeds msgfmt.py script, stdlib modules: zipfile
1295 - mailman 1:2.1.13-1 (embed; #555416)
1296 NOTE: embeds msgfmt.py script
1297 - python-docutils <unknown> (embed)
1298 NOTE: embeds stdlib modules: optparse, textwrap
1299 - python-imaging <unknown> (embed)
1300 NOTE: embeds stdlib modules: doctest
1301 - python-mechanize <unknown> (embed)
1302 NOTE: embeds stdlib modules: doctest
1303 - twill <unknown> (embed)
1304 NOTE: embeds stdlib modules: subprocess
1305 - zeroc-ice <unknown> (embed)
1306 NOTE: embeds stdlib modules: subprocess
1307 - wxwidgets2.8 <unknown> (embed)
1308 NOTE: embeds stdlib modules: subprocess
1309 - cycle <unknown> (embed)
1310 NOTE: embeds msgfmt.py script
1311 - deluge <unknown> (embed)
1312 NOTE: embeds msgfmt.py script
1313 - opendict <unknown> (embed)
1314 NOTE: embeds msgfmt.py script
1315 - openerp-client <unknown> (embed)
1316 NOTE: embeds msgfmt.py script
1317 - rapidsvn <unknown> (embed)
1318 NOTE: embeds msgfmt.py script
1319 - wammu <unknown> (embed)
1320 NOTE: embeds msgfmt.py script
1321 - gaphor <unknown> (embed)
1322 NOTE: embeds msgfmt.py script
1323 - pida <unknown> (embed)
1324 NOTE: embeds msgfmt.py script
1325 - python-formencode <unknown> (embed)
1326 NOTE: embeds msgfmt.py script
1327 - duplicity <unfixed> (embed)
1328 NOTE: embeds stdlib module: urlparse, tarfile
1329 - pygopherd <unfixed> (embed)
1330 NOTE: embeds stdlib module: zipfile
1331
1332 argparse
1333 - twill <unfixed> (embed; bug #555347)
1334 - ipython <unfixed> (embed; bug #555348)
1335
1336 coherence
1337 - elisa <unfixed> (embed; bug #555335)
1338
1339 simpletal
1340 - plastex <unfixed> (embed; bug #555371)
1341
1342 flickrpc (not packaged in Debian, http://burtonini.com/bzr/flickrpc/)
1343 - postr <unfixed> (embed)
1344 - elisa <unfixed> (embed)
1345
1346 simplegeneric (not packaged in Debian, http://pypi.python.org/pypi/simplegeneric)
1347 - apertium-tolk <unfixed> (embed)
1348 - ipython <unfixed> (embed)
1349 - virtaal <unfixed> (embed)
1350
1351 distribute
1352 - setuptools <removed> (old-version)
1353
1354 rails
1355 - jruby1.2 <unfixed> (embed) [./bench/rails/*]
1356 - libgettext-ruby <unfixed> (embed) [./samples/rails/*]
1357 - libopenid-ruby <unfixed> (embed) [./examples/rails_openid/*]
1358 - thin <unfixed> (embed) [./spec/rails_app/*]
1359 NOTE: this is a subdirectory of examples, which in general is a non-issue, but may
1360 NOTE: be dangerous if developers are naively basing their code off of the examples
1361 NOTE: prototype.js is among the example files
1362
1363 lucene2 (prototype.js is among the embeds in the following)
1364 - lucene <unfixed> (old-version)
1365 - pylucene <unfixed> (embed)
1366 - libpdfbox-java <unfixed> (embed)
1367 - libfontbox-java <unfixed> (embed)
1368 - libjempbox-java <unfixed> (embed)
1369 - solr <unfixed> (embed)
1370
1371 unicode-data
1372 - syslinux <unfixed> (embed)
1373 - camomile <unfixed> (embed)
1374 - fribidi <unfixed> (embed)
1375 - m17n-db <unfixed> (embed)
1376 - sbcl <unfixed> (embed)
1377 - heimdal <unfixed> (embed)
1378 - icu <unfixed> (embed)
1379 - icu4j <unfixed> (embed)
1380 - krb5 <unfixed> (embed)
1381 - moodle <unfixed> (embed)
1382 - openldap <unfixed> (embed)
1383 - pike7.6 <unfixed> (embed)
1384 - samba <unfixed> (embed)
1385 - samba4 <unfixed> (embed)
1386 - cmucl <unfixed> (embed)
1387 - typo3-src <unfixed> (embed)
1388 - mauve <unfixed> (embed)
1389 - texlive-bin <unfixed> (embed)
1390 - ypsilon <unfixed> (embed)
1391 - jeuclid <unfixed> (embed)
1392 - charmap.app <unfixed> (embed)
1393 - clisp <unfixed> (embed)
1394 - gnulib <unfixed> (embed)
1395 - opensrs-client <unfixed> (embed)
1396 - saxonb <unfixed> (embed)
1397 - rails <unfixed> (embed)
1398
1399 feedparser
1400 - rawdog <unfixed> (embed; bug #383422)
1401 - miro <unfixed> (embed; bug #555351)
1402 - calibre <unfixed> (embed; bug #555352)
1403 - freevo <unfixed> (embed; bug #555353)
1404 - pida <unfixed> (embed; bug #555354)
1405 - planet-venus <unfixed> (embed; bug #555355)
1406 - plone3 <unfixed> (embed; bug #555356)
1407 - exaile 0.2.14+debian-1 (embed)
1408 - screenlets 0.1.2-3 (embed)
1409 NOTE: included twice
1410
1411 agg:
1412 - matplotlib <unfixed> (embed: bug #377271)
1413 - contextfree <unfixed> (embed)
1414 NOTE: since 2.2-1 it links statically to system libagg, but still uses the embedded copy
1415 - exactimage <unfixed> (embed)
1416 - python-enable <unfixed> (embed)
1417 - mapnik 0.5.1-3 (embed)
1418 NOTE: links statically to agg, but shared library is not available (bug #377271)
1419
1420 vtk
1421 - paraview <unfixable> (embed; bug #495426)
1422
1423 txt2tags
1424 - rednotebook <unfixed> (embed)
1425
1426 htmltextview (not packaged in Debian, http://www.gnome.org/~gjc/htmltextview.py)
1427 - gajim <unfixed> (embed)
1428 - emesene <unfixed> (embed)
1429 - convirt <unfixed> (embed)
1430 - pida <unfixed> (embed)
1431 - rednotebook <unfixed> (embed)
1432
1433 horde3 (prototype.js is among the embeds in the following)
1434 - mnemo2 <unfixed> (embed)
1435 - nag2 <unfixed> (embed)
1436 - wordpress <unfixed> (embed)
1437 NOTE: Text_Diff (wp-includes/Text/Diff*)
1438
1439 cimg
1440 - gmic <itp> (embed)
1441
1442 mootools
1443 - gmic <itp> (embed)
1444
1445 openldap
1446 - openldap2.3 <removed> (old-version)
1447
1448 grub2
1449 - grub <unfixed> (old-version)
1450
1451 gnupginterface
1452 - duplicity <unfixed> (embed)
1453
1454 python-dateutil
1455 - awn-extras-applets <unfixed> (embed)
1456 - matplotlib <unknown> (embed)
1457
1458 cups
1459 - cupsys <removed> (old-version)
1460
1461 yui
1462 - bcfg2 <not-affected> (present in source but not included in any binary files)
1463 - serendipity <unfixed> (embed; bug #557746)
1464 - moodle 1.8.2.dfsg-5 (embed)
1465 - jifty 0.91117-1 (embed; bug #557748)
1466 - webgui 7.7.26-1 (embed)
1467 - loggerhead 1.17-1 (embed)
1468
1469 quake3 (vanilla source not packaged in debian)
1470 - openarena <unfixable> (fork)
1471
1472 quake2 (vanilla source not packaged in debian)
1473 - alien-arena <unfixable> (fork)
1474 - warsow <unfixable> (fork)
1475
1476 libtheora
1477 - iceweasel <not-affected> (uses xulrunner)
1478 - xulrunner <unfixed> (embed; bug #540959)
1479 [etch] - xulrunner <not-affected> (introduced in firefox 3.5)
1480 [lenny] - xulrunner <not-affected> (introduced in firefox 3.5)
1481 - iceape <unfixed> (embed; bug #559276)
1482 [etch] - iceape <not-affected> (introduced in iceape 2.0)
1483 [lenny] - iceape <not-affected> (introduced in iceape 2.0)
1484
1485 dtoa
1486 - bfilter <unfixed> (embed)
1487 - cacao <unfixed> (embed)
1488 - cdrdao <unfixed> (embed)
1489 - classpath <unfixed> (embed)
1490 - freej <unfixed> (embed)
1491 - iceape <unfixed> (embed)
1492 - iceweasel <unfixed> (embed)
1493 - jscoverage <unfixed> (embed)
1494 - kde4libs <unfixed> (embed)
1495 - kdelibs <unfixed> (embed)
1496 - kompozer <unfixed> (embed)
1497 - libv8 <unfixed> (embed)
1498 - mono <unfixed> (embed)
1499 - newlib <unfixed> (embed)
1500 - nspr <unfixed> (embed)
1501 - php5 <unfixed> (embed)
1502 - polyml <unfixed> (embed)
1503 - qt4-x11 <unfixed> (embed)
1504 - rhino <unfixed> (embed)
1505 NOTE: code translated to Java
1506 - ruby1.8 <unfixed> (embed)
1507 - ruby1.9 <unfixed> (embed)
1508 - ruby1.9.1 <unfixed> (embed)
1509 - sdd <unfixed> (embed)
1510 - sfind <unfixed> (embed)
1511 - star <unfixed> (embed)
1512 - tinymux <unfixed> (embed)
1513 - virtualbox-ose <unfixed> (embed)
1514 - webkit <unfixed> (embed)
1515 - xulrunner <unfixed> (embed)
1516
1517 ipc (not packaged in Debian; see http://mozdev.org/pipermail/enigmail/2009-November/011678.html)
1518 - firegpg <unfixed> (embed)
1519 - enigmail <unfixed> (embed)
1520
1521 ptmalloc (not packaged in Debian)
1522 - crystalspace <unfixed> (embed)
1523 - qt4-x11 <unfixed> (embed)
1524
1525 svgalib
1526 - usplash <unfixed> (embed)
1527
1528 bogl
1529 - usplash <unfixed> (embed)
1530
1531 taglist
1532 - usplash <unfixed> (embed)
1533
1534 portaudio
1535 - audacity <unfixed> (embed; bug #323711)
1536
1537 nyquist
1538 - audacity <unfixed> (embed)
1539 NOTE: embeds a forked nyquist with support for a shared library
1540
1541 vamp-plugin-sdk
1542 - audacity <unfixed> (embed)
1543
1544 wordpress
1545 - libwordpress-xmlrpc-perl <removed> (embed) [./xmlrpc.php]
1546
1547 php5
1548 - php4 <removed> (old-version)
1549
1550 classpath
1551 - libgnucrypto-java <unfixed> (embed; bug #559788)
1552
1553 libtool
1554 - apr <unfixed> (static; bug #489625)
1555 NOTE: ships copy of libtool in libapr1-dev; was 'embed' before 1.3.2-3
1556 - arts <unfixed> (embed)
1557 - bochs 2.4.2-1 (embed; bug #560884)
1558 - camserv <unfixed> (embed)
1559 - collectd <unfixed> (embed)
1560 - courier-authlib 0.58-4 (embed)
1561 NOTE: The etch version of courier-authlib was the earliest version checked, might be fixed earlier
1562 - cvsnt <unfixed> (embed)
1563 - dico <not-affected> (Uses the system copy of ltdl)
1564 - freeradius 0.1+20010527-1 (embed)
1565 NOTE: Earliest reference I could find from the changelog is from 27 May 2001
1566 - ggobi 2.1.9~20091212-1 (embed)
1567 - glame 2.0.1-4 (embed)
1568 NOTE: The etch version of glame was the earliest version checked, might be fixed earlier
1569 - gnash <unfixed> (embed)
1570 - gnu-smalltalk <unfixed> (embed)
1571 - google-gadgets 0.10.5-0.3 (embed)
1572 NOTE: 0.10.5-0.3 was the earliest version checked, was fixed earlier
1573 - graphicsmagick 1.3.5-6 (embed)
1574 - graphviz 2.8-3 (embed)
1575 NOTE: The etch version of graphviz was the earliest version checked, might be fixed earlier
1576 - guile-1.6 1.6.8-7 (embed)
1577 - hamlib <unfixed> (embed)
1578 - hercules <unfixed> (embed)
1579 - jags 1.0.4-3 (embed; bug #560864)
1580 - kdelibs <unfixed> (embed)
1581 - libannodex <removed> (embed)
1582 - libextractor <unfixed> (embed)
1583 - libmcrypt <not-affected> (libtool source present but not included in any of the binary packages)
1584 - libtunepimp <unfixed> (embed)
1585 - mp4h <unfixed> (embed)
1586 - naim <unfixed> (embed)
1587 - parser-mysql <unfixed> (embed)
1588 - pinball 0.3.1-11 (embed)
1589 - redland <unfixed> (embed)
1590 - siproxd <unfixed> (embed)
1591 - ski <unfixed> (embed)
1592 - synfig <unfixed> (embed)
1593 - unixodbc 2.2.4-5 (embed)
1594 - xmlsec1 <not-affected> (Doesn't enable dynamic loading of crypto modules)
1595 - clamav 0.95+dfsg-1 (embed)
1596 - imagemagick 6:6.2.3.1-1 (embed)
1597 - hypre 2.4.0b-5 (embed)
1598 - lam <unfixed> (embed)
1599 - openmpi <unfixable> (embed; bug #559386)
1600 - parser <unfixed> (embed)
1601 - pdsh 2.18-5 (embed; bug #560892)
1602 - sbnc 1.2-8 (embed)
1603 - sdcc <unfixed> (embed)
1604 - wml <unfixed> (embed)
1605 - proftpd-dfsg <unfixed> (embed; bug #561748)
1606 - babel 1.4.0.dfsg-5 (embed)
1607 - libprelude 0.9.14-2 (embed)
1608 - heartbeat 2.1.4-7 (embed)
1609 NOTE: From Squeeze onwards the system copy of ltdl is used, use the current version from Squeeze,
1610 NOTE: might've been fixed earlier
1611 - gcc-* <unknown> (embed)
1612
1613 ocamlgsl
1614 - orpie 1.5.1-7.1 (embed; bug #550058)
1615
1616 xdotool
1617 - keynav <unfixed> (embed; bug #560103)
1618
1619 bulletphysics (not packaged; http://www.bulletphysics.org/)
1620 - supertuxkart <unfixed> (embed)
1621 - blender <unfixed> (embed)
1622
1623 ghostscript
1624 - gs-gpl <removed> (old-version)
1625
1626 icedove
1627 - thunderbird <removed> (old-version)
1628
1629 sizzlejs (not packaged in Debian, http://sizzlejs.com/)
1630 - jquery <unfixed> (embed)
1631
1632 sed
1633 - ssed <unfixed> (fork)
1634
1635 phpatomlib (http://code.google.com/p/phpatomlib)
1636 - wordpress <unfixed> (embed)
1637
1638 Services_JSON (http://pear.php.net/package/Services_JSON)
1639 - wordpress <unfixed> (embed)
1640
1641 phpass (http://www.openwall.com/phpass/)
1642 - gallery2 <unfixed> (embed)
1643 - wordpress <unfixed> (embed)
1644 - typo3-src <unfixed> (fork)
1645 NOTE: file refers to drupal, maybe there's a copy somewhere there
1646 NOTE: a copyright owner search didn't match anything
1647 - libauthen-passphrase-perl <unfixable> (fork)
1648 NOTE: perl implementation of phpass
1649
1650 squirrelmail
1651 - wordpress <unfixed> (embed)
1652 NOTE: class-pop3.php
1653
1654 ezSQL (http://www.woyano.com/jv/ezsql)
1655 - wordpress <unfixable> (fork)
1656 NOTE: wp-db.php
1657
1658 Diff.php (Clay Loveless' version/killersoft.com)
1659 - php-versioncontrol-svn <unfixed>
1660
1661 libm
1662 - spring <unfixed> (embed)
1663 NOTE: embedded by embedded copy of streflop
1664
1665 streflop
1666 - spring <unfixed> (embed)
1667
1668 minizip
1669 - spring <unfixed> (embed)
1670
1671 oscpack
1672 - spring <unfixed> (embed)
1673
1674 hpiutil2
1675 - spring <unfixed> (embed)
1676
1677 p7zip
1678 - spring <unfixed> (embed)
1679
1680 pythonqt (doesn't seem to be python-qtN, unknown source)
1681 - fontmatrix <unfixed> (embed)
1682 - elmerfem <unfixed> (embed)
1683
1684 iepngfix (not packaged in Debian; http://www.twinhelix.com/css/iepngfix/)
1685 - docvert <unfixed> (embed)
1686 - jifty <unfixed> (embed)
1687 - kdenetwork <unfixed> (embed)
1688 - mediatomb <unfixed> (embed)
1689 - plastex <unfixed> (embed)
1690 - plone3 <unfixed> (embed)
1691 - python-chaco <unfixed> (embed)
1692 - python-docutils <unfixed> (embed)
1693 - s5 <unfixed> (embed)
1694 - zope2.10 <unfixed> (embed)
1695 - zope2.11 <unfixed> (embed)
1696 - cython <not-affcted> (embed)
1697 NOTE: part of documentation, which is not installed into the binary package
1698
1699 python-docutils
1700 - zope2.10 <unfixed> (embed)
1701 - zope2.11 <unfixed> (embed)
1702
1703 tesseract
1704 - ocropus <unfixed> (static)
  ViewVC Help
Powered by ViewVC 1.1.5