/[secure-testing]/data/embedded-code-copies
ViewVC logotype

Contents of /data/embedded-code-copies

Parent Directory Parent Directory | Revision Log Revision Log

Revision 13896 - (show annotations) (download)
Sun Jan 24 19:57:06 2010 UTC (3 years, 4 months ago) by gilbert-guest
File size: 49387 byte(s) 
gnome-screensaver issue; libgnucrypto-java removed; add kfreebsd packages to the embedded code copies list
1 Embedded code copies
2 ====================
3
4 This file collects source packages that embed code from other projects.
5 This is considered bad for fixing security flaws because the fix needs
6 to be applied in multiple source packages.
7
8 Format:
9 <srcpkg> (<optional comment about srcpkg>)
10 - <embedding srcpkg> <status> (<sort>; bug #<number>)
11 NOTE: optional comments about the linkage of the embedding srcpkg
12
13 status: version number fixing the embedded copy, <unfixed>, <removed>,
14 <itp>, <not-affected>, <unknown> if the version number can not
15 be determined, or <unfixable> for unavoidable cases (e.g., forks
16 that add real value)
17 sort: static (linking statically against a lib)
18 embed (embeds a copy of the library into another source package)
19 modified-embed (embeds a code copy that differs from upstream code)
20 fork (a full-blown fork of another source package)
21 old-version (an older version of essentially the same code)
22
23 The srcpkg might be some string to identify the code if there is no
24 specific source package.
25
26 Everything up to the next line is ignored.
27 ---BEGIN
28 xpdf (some srcpkgs use xpdf2 code, some xpdf3 code)
29 NOTE: Fixed packages link to poppler library unless otherwise noted
30 - pdftohtml <unknown>
31 [sarge] - pdftohtml <unfixed>
32 [etch] - pdftohtml <unfixed>
33 NOTE: has been replaced by poppler-utils
34 - kdegraphics 4:4.2.2-1 (embed; bug #436164)
35 - texlive-base 3.0-12 (embed)
36 - texlive-bin 2007-1 (embed)
37 NOTE: links to poppler
38 - koffice <unfixed> (embed; bug #436163)
39 - libextractor 0.5.12-1 (embed)
40 NOTE: libextractor is using its own pdf decoder now
41 - ipe <unfixed> (embed)
42 NOTE: embeds small parts with renamed source files: ipestdfonts.cpp, ipefonts.cpp, ipedct.cpp
43 - ruby-gnome2 <unknown> (embed)
44 NOTE: copy only present in source but links to poppler
45 - pdfedit <unfixed> (embed; bug #510794)
46 - swftools <unfixed> (embed; bug #551293)
47 - poppler <unfixable> (fork)
48
49 ppmd
50 - libcomplearn-mod-ppmd <unfixed> (fork)
51 NOTE: discussion in #458152
52
53 libevent
54 - transmission 1.71-1 (embed; bug #529372)
55
56 lrmi
57 - read-edid 2.0.0-1 (embed; bug #495131)
58 - s3switch <unfixed> (embed)
59 - xresprobe <unfixed> (embed)
60 - zhcon <unfixed> (embed)
61
62 peercast
63 - gnome-peercast <removed> (embed)
64 [etch] - gnome-peercast <unfixed> (embed)
65
66 silc-toolkit
67 - silc-client 1.1~beta6-1 (embed)
68
69 icclib
70 - ghostscript <unfixed> (embed)
71 - argyll <unfixed> (embed)
72
73 libusb
74 - argyll <unfixed> (embed)
75
76 dietlibc
77 - ccontrol 0.9.1+20071204-1 (static)
78
79 libmikmod
80 - sdl-mixer1.2 <unfixed> (embed)
81 TODO: report bug
82
83 libiax
84 - iaxmodem <unfixable> (embed; bug #548885)
85
86 spandsp
87 - iaxmodem <unfixable> (embed; bug #548885)
88
89 python-paramiko
90 - fabric 0.9.0-2 (embed; bug #561398)
91
92 zlib (lots of apps embed a copy, but link dynamically, but there are a few exceptions)
93 - dpkg <unfixed> (static)
94 NOTE: see 18196.48620.491996.624772@davenant.relativity.greenend.org.uk on debian-devel for discussion
95 - rsync <unfixed> (embed)
96 - cherokee <unfixed> (embed)
97 NOTE: somehow derived code base
98 - mono <unfixed> (embed)
99 TODO: check mozilla
100 - Linux kernels <unfixed> (embed)
101 - pvpgn 1.7.8-2 (embed)
102 - mrtg 2.12.2-1 (embed)
103 - rpm <unknown> (embed)
104 NOTE: pinged anibal since when rpm was fixed
105 - tuxcmd-modules <unfixed> (embed)
106 - zsync <unfixed>
107 - tra <unfixed>
108 - sash <unfixed>
109 - nsis <unfixed>
110 - mseide-msegui <unfixed>
111 NOTE: mseide
112 - mirrordir <unfixed>
113 - poco <unfixed>
114 - klibc <unfixed>
115 - ghostscript <unfixed>
116 - freeimage <unfixed>
117 - clamav <unfixed> (fork)
118 NOTE: from the changelog: "libclamav6 does indeed duplicate parts of the zlib code, but there is not way around that"
119 - tuxonice-userui <unfixed>
120 - plt-scheme <unfixed>
121 - perl <unfixed>
122 - paraview <unfixed>
123 - gcvs <unfixed>
124 - dump <unfixed>
125 - aide <unfixed> (static)
126 - dar <unfixed> (static)
127 - avfs <unfixed>
128 - fpc <unfixed>
129 - winff <unfixed>
130 NOTE: inherited from fpc, see #472304
131 - lazarus <unfixed>
132 NOTE: inherited from fpc, see #472304
133 - erlang <unfixed> (embed)
134 - gamera 3.2.3-1 (embed)
135 - python2.4 <unfixed> (embed; bug #553403)
136 - python2.5 <unfixed> (embed; bug #553403)
137
138 dulwich
139 - hg-git 0.1.0-1 (embed; bug #541996)
140
141 libvigraimpex
142 - hugin <unfixed> (embed; bug #542259)
143 - enblend-enfuse <unfixed> (embed; bug #542258)
144 - gamera 3.2.3-1 (embed)
145
146 libbz2
147 - dpkg <unfixed> (static)
148
149 libyahoo2
150 - centerim <unfixed> (embed; bug #559783)
151
152 libmsn
153 - centerim <unfixed> (embed; bug #559783)
154
155 libgadu
156 - centerim <unfixed> (embed; bug #559783)
157 - pidgin <not-affected> (links dynamically since initial release; fixed in gaim)
158 - gaim 1:2.0.0+beta3-3 (embed; bug #360280)
159 - kdenetwork 4:3.3.2-5 (embed)
160 NOTE: from kdenetwork: kopete
161 - ekg 1:1.8~rc0-1 (embed)
162 - kadu 0.6.0.2-3 (embed; bug #504430)
163 - gadu <itp> (embed)
164
165 xmlrpc (which package is the "origin" of this code?)
166 - drupal <unfixed> (embed)
167 - phpgroupware <unfixed> (embed)
168 - egroupware <unfixed> (embed)
169 - phpwiki <unfixed> (embed)
170 - php4 <unfixed> (embed)
171 TODO: check, php-pear, IIRC this was reorganized some weeks ago?
172
173 shtool (affects build-time only)
174 - mysql-ocaml <unfixed> (embed)
175 - php4 <unfixed> (embed)
176
177 xulrunner
178 - iceape <unfixed> (embed; bug #561749)
179 - iceweasel 2.0.0.19 (embed)
180 - icedove <unfixed> (embed; bug #561750)
181 - kompozer <unfixed> (embed; bug #532168)
182 - galeon 2.0.2-4 (embed)
183 - epiphany-browser 2.14.3-8 (embed)
184 - conkeror 0.9~git080629-2 (embed)
185 - kazehakase 0.4.2-1 (embed)
186
187 xli
188 - xloadimage <unfixed> (embed)
189
190 lesstif (beware: two different lesstif APIs supported in one package, MOTIF 1.2 discarded upstream)
191 - openmotif <unfixed> (embed)
192 - libxpm <unfixed> (embed)
193
194 kerberized apps with BSD origin
195 - krb4 <removed> (embed)
196 - krb5 <unfixed> (embed)
197 - heimdal <unfixed> (embed)
198
199 grip (which pkg is the origin?)
200 - libcdaudio <unfixed>
201 - grip <unfixed>
202 - gnome-vfs <unfixed>
203 TODO: check vfs2 as well
204
205 fudforum
206 [etch] - phpgroupware <unfixed> (embed)
207 NOTE: phpgroupware-fudforum
208 [sarge] - egroupware-fudforum <removed> (embed)
209
210 libbsd
211 - rdate 1:1.2-3 (embed)
212 - atheme-services <unfixed>
213 - libbsd-arc4random-perl <unfixed>
214 - isakmpd <unfixed>
215 - bsdgames <unfixed> (embed)
216 - bsd-mailx <unfixed> (embed)
217 - netcat-openbsd <unfixed> (embed; bug #550611)
218 - openssh <unfixed> (embed)
219 - unworkable <unfixed> (embed)
220
221 cvs
222 - gcvs <unfixed> (embed)
223 NOTE: see cvsunix/src in tarball
224
225 pcre3
226 - php4 <unknown> (embed)
227 - analog 2:5.23-0woody1 (embed)
228 - goffice <unfixed> (embed)
229 NOTE: libgoffice-*
230 - vfu 4.06-4.1 (embed; bug #450754)
231 - tf5 5.0beta7-1 (embed)
232 - monotone 0.43-1 (embed)
233 NOTE: this only affects versions >= 0.37
234 - glib2.0 2.15.2-1 (embed)
235 - apache2 2.0.53-4 (embed)
236 - exim4 4.10-0.srh20.12 (embed)
237 - yacas <unfixed> (embed)
238 NOTE: <= 1.0.x; is using pcre to scan text, can execute shell commands via the syntax anyway
239 - gtamsanalyzer.app 0.42-5 (embed)
240 - tin 980117-1 (embed)
241 - kazehakase 0.5.2-1
242 - webkit 1.0.1-1 (embed)
243 - qt4-x11 <unfixed> (embed)
244 NOTE: embedded via webkit copy
245 - erlang <unfixed> (embed)
246 - ssed <unfixed> (embed)
247
248 tiff
249 - wxwindows2.4 2.2.1 (embed)
250 - gamera 3.2.3-1 (embed)
251
252 uudeview
253 - libconvert-uulib-perl <unfixed> (embed)
254 - pan <unfixed> (embed)
255
256 sqlite (not affected by security vulnerabilities so far)
257 - amarok <unfixed> (embed)
258 - monotone 0.43-1 (embed)
259 - iceweasel <unfixed> (embed)
260 - heimdal <unfixed> (embed; bug #559616)
261
262 util-linux/mount
263 - loop-aes-utils <unfixed> (embed)
264 NOTE: contains code from util-linux' mount in the mount-aes-udeb
265
266 sylpheed
267 - sylpheed-claws <unfixed> (fork)
268
269 phpsysinfo
270 - egroupware <unfixed> (embed)
271 - phpgroupware <unfixed> (embed)
272
273 phpldapadmin
274 [sarge] - egroupware <unfixed> (embed)
275 NOTE: removed from egroupware after sarge
276
277 chmlib
278 - kchmviewer <unknown> (embed)
279
280 ffmpeg (libavcodec/libavformat)
281 - mplayer 1.0~rc2-14 (embed; bug #395252)
282 - kino 1.0.0-1
283 - vlc <not-affected> (Links dynamically since initial release)
284 - smilutils 0.3.0-10
285 NOTE: smilutils likely fixed earlier, marking Etch's version as fixed
286 - motion 3.1.19-1
287 - gstreamer0.10-ffmpeg 0.10.3-2
288 - xmovie <removed> (static)
289 TODO: gimp-gap (potentially using ffmpeg code as well)
290 - avifile 1:0.7.48~20090503.ds-1 (embed; bug #538750)
291 - audacity 1.3.7-2 (embed; bug #512278)
292
293 faad2
294 - mplayer 1.0~rc2-20 (embed)
295 - avifile <unfixed> (embed; bug #538750)
296 - ffmpeg-debian <removed> (old-version)
297
298 libmad (MPEG decoding lib)
299 - xine-lib <unfixed> (embed)
300 - avifile 1:0.7.48~20090503.ds-1 (embed) [./plugins/libmad/*]
301 TODO: check ocaml-mad, madplay, pymad, xmms-mad, xmms2
302
303 libdts
304 - xine-lib <unfixed> (embed)
305
306 flac
307 - xine-lib <unfixed> (embed)
308
309 liba52
310 - a52dec <unfixed> (embed)
311 - xine-lib <unfixed> (embed)
312
313 libmpeg2
314 - mpeg2dec <unfixed> (embed)
315 - xine-lib <unfixed> (embed)
316
317 libntlm
318 - wget <unfixed> (fork; bug #550436)
319 - curl <unfixed> (fork; bug #550437)
320 - cntlm <unfixed> (fork; bug #550438)
321
322 uw-imap
323 - pine <unfixed> (embed)
324 - alpine <unfixed> (embed)
325
326 imagemagick
327 - graphicsmagick <unfixed> (fork)
328
329 python-urlgrabber
330 - mercurial <unfixed> (embed; bug #531062)
331 - w3af <unfixed> (embed; bug #555372)
332 [experimental] - harvestman <unfixed> (embed; bug #555373)
333
334 beautifulsoup
335 - python-mechanize <unfixed> (embed; bug #555349)
336 - zope2.11 <removed> (embed; bug #555350)
337 - twill <unknown> (embed)
338
339 halibut
340 - nsis <unfixed> (fork)
341
342 libghttp
343 - hotway <unfixed> (embed)
344
345 libsndfile
346 - ardour 1:2.7.1-1 (embed)
347
348 glibmm2.4
349 - ardour 1:2.7.1-1 (embed)
350
351 libgnomecanvasmm2.6
352 - ardour 1:2.7.1-1 (embed)
353
354 libsigc++-2.0
355 - ardour 1:2.7.1-1 (embed)
356
357 soundtouch
358 - ardour 1:2.7.1-1 (embed)
359
360 libmms
361 - xine-lib <unfixed> (embed)
362 - mimms <unfixed> (embed)
363
364 fckeditor
365 - knowledgeroot 0.9.8.5-3 (embed; bug #461555)
366 - moin 1.8.2-2 (embed; bug #452599)
367 - karrigell <removed> (embed; bug #452598)
368 - gforge 4.6.99+svn6225-1 (embed)
369 - request-tracker3.8 <unfixed> (embed)
370 - otrs2 <unfixed> (embed)
371
372 ipatlas (not packaged in Debian)
373 - moodle <unfixed> (embed; bug #507185)
374
375 libphp-phpmailer
376 - moodle <unfixed> (embed; bug #507185)
377 - mahara <unfixed> (embed)
378 - symfony <unfixed> (embed)
379 [etch] - phpgroupware <unfixed> (embed)
380 NOTE: phpgroupware-felamimail is only in etch
381 - egroupware <unfixed> (embed; bug #504283)
382 - glpi <unfixed>
383
384 htmlArea (not packaged in Debian)
385 - moodle <unfixed> (embed)
386
387 giflib
388 - wine <unfixed> (embed; bug #466181)
389
390 bennu (not packaged in Debian, http://bennu.sourceforge.net)
391 - moodle <unfixed> (embed)
392
393 smarty
394 - moodle 1.8.2-2 (embed; bug #471158)
395 - gallery2 2.2.5-2 (embed; bug #471160)
396 - mahara 0.9.2-2 (embed; bug #471201)
397 - gosa 2.4beta1-1 (embed; bug #471200)
398
399 TinyMCE
400 - wordpress 2.5.1-3 (embed; bug #478257)
401 - moodle <unfixed> (embed; bug #507185)
402 - knowledgeroot <unfixed> (embed)
403 - joomla <itp> (bug #326398)
404
405 scintilla (upstream provides static lib, rejected shared lib http://sf.net/support/tracker.php?aid=2488121)
406 - scite <unfixed> (embed)
407 - qscintilla <unfixed> (embed)
408 - qscintilla2 <unfixed> (embed)
409 - geany <unfixed> (fork)
410 - anjuta <unfixed> (embed)
411
412 libphp-adodb
413 - moodle <unfixed> (embed; bug #507185)
414 NOTE: also AdoDB-XML Schema
415 - gallery2 <unfixed> (embed)
416 - phppgadmin <unfixed> (embed)
417 - egroupware <unfixed> (embed)
418 - phpwiki <unfixed> (embed)
419 - torrentflux 2.0beta1-2 (embed)
420 - ipplan <unfixed> (embed)
421 - typo3-src <unfixed> (embed)
422 - cacti <unknown> (embed)
423 [sarge] - cacti <unfixed> (embed)
424 NOTE: dependency exists, but internal version is used
425 - gforge 4.7~rc2-6 (embed)
426 - mahara <unfixed> (embed)
427
428 gzip
429 - linux-kernel <unfixed> (embed)
430 NOTE: lib/inflate.c
431 - klibc <unfixed> (embed)
432 NOTE: based on linux-kernel gzip code
433 - busybox <unfixed> (embed)
434
435 neon
436 - cadaver 0.22.3+debian-1 (embed; bug #188381)
437 - gnome-vfs2 <unfixed> (embed; bug #395874)
438 [etch] - litmus <unfixed> (embed; #395875)
439 - litmus <removed> (embed; #395875)
440 [sarge] - screem <unfixed> (embed)
441 - sitecopy 1:0.16.0-1 (embed; bug #395876)
442 [etch] - tla <unfixed> (embed; bug #395877)
443 [sarge] - tla <unfixed> (embed; bug #395877)
444
445 libmodplug
446 - gst-plugins-bad0.10 <unfixed> (embed)
447
448 libvncserver
449 - vino <unfixed> (embed)
450
451 putty
452 - filezilla <unfixed> (embed)
453
454 tinyxml (not packaged in Debian; itp bug #531968)
455 - filezilla <unfixed>
456 - crystalspace <unfixed> (embed)
457 - libwfut <unfixed> (embed)
458 - rarian <unfixed> (embed)
459 - bulletml <unfixed> (embed)
460 - pokerth <unfixed> (embed)
461 - qutecom <unfixed> (embed)
462 - sofa-framework <unfixed> (embed)
463 - yate <unfixed> (embed)
464 - antigrav <unfixed> (embed)
465 - balder2d <unfixed> (embed)
466 - cal3d <unfixed> (embed)
467 - criticalmass <unfixed> (embed)
468 - ember <unfixed> (embed)
469 - epiphany <unfixed> (embed)
470 - gambit <unfixed> (embed)
471 - noiz2sa <unfixed> (embed)
472 - ogre <unfixed> (embed)
473 - opencity <unfixed> (embed)
474 - openmovieeditor <unfixed> (embed)
475 - pouetchess <unfixed> (embed)
476 - tecnoballz <unfixed> (embed)
477 - trigger-rally <unfixed> (embed)
478 - xmoto <unfixed> (embed)
479 - mapnik <unknown> (embed)
480 NOTE: uses a different XML parser by default
481 - rrootage 0.23a-6 <embed>
482 NOTE: links to libbulltetml
483 - boson <unknown> (embed)
484 NOTE: the embedded code is unused
485
486 gv
487 - evince <unfixed> (embed)
488 NOTE: ps/ tree from gv 3.5.8
489 NOTE: evince-gtk is affected (a component of evince source package)
490
491 libXbae
492 - paw <removed> (embed)
493 [etch] - paw <unfixed> (embed)
494
495 libgtkhtml
496 - claws-mail-extra-plugins <unfixed> (fork)
497
498 libXaw
499 - paw <removed> (embed)
500 [etch] - paw <unfixed> (embed)
501 NOTE: I plan to deal with the above two cases after Etch release. -- KevinMcCarty
502
503 libgd2
504 - graphviz <unfixed> (embed)
505 NOTE: lib/gd seems to be 2.0.33
506 - wml <unfixed> (embed)
507 - libwmf <unfixed> (embed)
508 NOTE: derived from gd 1.6.3
509
510 rar
511 - unrar-nonfree <unfixed> (embed)
512
513 unrar-free (maybe this code is derived from the original rar, too?)
514 - clamav <unfixed> (embed)
515 NOTE: seems to be disabled in default config
516
517 mplayer (DirectMedia Object loader)
518 - xine-lib <unfixed> (embed)
519 NOTE: src/libw32dll/
520 - vlc <unfixed> (embed)
521 NOTE: modules/codec/dmo/
522 - mplayer 1.0~rc2-20 (embed)
523
524 libwpd (WordPerfect converter)
525 - openoffice.org <unfixed> (embed)
526
527 fsplib (http://sourceforge.net/projects/fsp/)
528 - gftp <unfixed> (embed)
529 NOTE: lib/fsplib version 0.3
530
531 sprng
532 - tree-puzzle <unfixed> (embed)
533
534 librpcsecgss
535 - krb5 <unfixed> (embed)
536
537 jasper
538 - ghostscript 8.64~dfsg-2 (embed)
539
540 libiris
541 - psi <unfixed> (embed)
542 - kdenetwork <unfixed> (embed)
543 NOTE: kopete embeds libiris but links dynamically to libidn
544 - kdegames <unfixed> (embed)
545 NOTE: ksirk/kde4
546
547 libidn
548 - monotone 0.43-1 (embed)
549 - psi <unfixed> (embed)
550 NOTE: psi embeds libiris which embeds libidn
551 - kdegames <unfixed> (embed)
552 NOTE: kdegames/kde4 embeds libiris which embeds libidn
553
554 lua5.1
555 - monotone 0.43-1 (embed)
556 - nmap 5.00-1 (embed; bug #527997)
557 [lenny] - nmap <unfixed> (embed; bug #527997)
558 - ocropus <unfixed> (embed)
559 - enigma <unfixed> (embed)
560 NOTE: requires lua built with C++
561 - freeciv <unfixed> (embed)
562 - spring <unfixed> (embed)
563
564 libbotan
565 - monotone 0.43-1 (embed)
566
567 NetXX
568 - monotone 0.43-1 (embed)
569
570 libgc
571 - mono <unfixed> (embed)
572
573 lzma
574 - p7zip <unfixed> (embed)
575 - xz-utils <unfixed> (fork)
576
577 lzo
578 - grub2 <unfixed> (embed)
579
580 yassl
581 - mysql-dfsg-5.0 <unfixed> (embed)
582
583 pax code
584 - tar <unfixed> (embed)
585 - cpio <unfixed> (embed)
586
587 t1lib
588 - tetex-bin 2.0.2-1 (embed)
589 - texlive-bin <unknown> (embed)
590
591 guichan
592 - boswars <unfixed> (embed)
593 NOTE: maintainer notified us, working on it
594
595 tolua
596 - boswars <unfixed> (embed)
597 NOTE: maintainer notified us, working on it
598 NOTE: actually tolua++
599 - ocropus <unfixed> (embed)
600 NOTE: actually tolua++
601 - freeciv <unfixed> (embed)
602 NOTE: actually tolua++
603 - enigma <unfixed> (embed)
604
605 asio-dev
606 - luxrender <removed> (embed)
607
608 xine-lib
609 - vlc <unfixed> (embed)
610 NOTE: only parts included in modules/access/rtsp
611
612 netpbm
613 - tcl8.3 <unfixed> (embed)
614 - tcl8.4 <unfixed> (embed)
615 - tcl8.5 <unfixed> (embed)
616 NOTE: generic/tkImgGIF.c
617
618 tk8.5
619 - tk8.0 <removed> (old-version)
620 - tk8.3 <unfixed> (old-version)
621 - tk8.4 <unfixed> (old-version)
622 - perl-tk <unfixable> (fork)
623
624 samba
625 - mc 2:4.6.2~git20080311-1 (embed)
626 NOTE: maintainer is aware of this, currently searching a solution
627
628 plib1.8.4c2
629 - boson <unfixed> (fork)
630 NOTE: embedding the font pieces of plib, based on the header file it is forked, contains "Added by AB for boson." and similar
631
632 fribidi
633 - quesoglc <unfixed> (embed)
634 NOTE: compiled against system fribidi in Debian - embed only used when fribidi is not available on the system
635
636 glew
637 - quesoglc <unfixed> (embed; bug #489341)
638 NOTE: waiting on GLEW_MX version of glew (see bug #474488)
639 - trigger <unfixed> (embed)
640 NOTE: http://lists.debian.org/debian-devel-games/2009/12/msg00007.html
641 - trigger-rally <unfixed> (embed)
642 NOTE: http://lists.debian.org/debian-devel-games/2009/12/msg00007.html
643
644 minorGems (pabs contacted upstream about shared lib, he considers minorGems an 'ever-evolving collection of reusable code fragments' for his own use)
645 - transcend <unfixed> (embed)
646 - cultivation <unfixed> (embed)
647 - passage <unfixed> (embed)
648 - gravitation <unfixed> (embed)
649
650 tar
651 - libarchive <unfixed> (embed)
652 NOTE: FreeBSD tar (tar/bsdtar.c) in libarchive 1.2 and higher. libarchive ends up statically linked into bsdtar executable
653
654 cpio
655 - libarchive <unfixed> (embed)
656 NOTE: cpio included in libarchive 2.2 and higher, but not compiled until libarchive 2.4.11-1 (as bsdcpio package)
657
658 kde4libs
659 - kdelibs <unfixable> (old-version)
660
661 webkit
662 - qt4-x11 <unfixed> (embed; bug #479851)
663 [etch] - qt4-x11 <not-affected> (webkit support introduced in version 4.4)
664 [lenny] - qt4-x11 <not-affected> (webkit support introduced in version 4.4)
665 - kde4libs <unfixable> (fork)
666 NOTE: kde4lib's khtml and webkit were forked from khtml (this tracking, which seems
667 NOTE: reversed genesis-wise, is used because of so much other stuff in kde4libs)
668
669 ftgl
670 - blender 2.46+dfsg-1 (embed)
671
672 wv
673 - abiword <unfixed>
674
675 qemu
676 - kvm <unfixed> (embed; bug #543159)
677 NOTE: the kvm package will be removed from sid and squeeze soon (after
678 NOTE: which it will only be in experimental). superceded by qemu-kvm.
679 - qemu-kvm <unfixed> (embed; bug #560853)
680 - xen-3 3.4.2-2 (embed; bug #560856)
681 - xen-unstable <unfixed> (embed; bug #560856)
682
683 vgabios
684 - kvm <unfixed> (embed; bug #489442)
685
686 bochs
687 - kvm <unfixed> (embed; bug #489442)
688
689 speex
690 - vorbis-tools <unfixed> (embed)
691 NOTE: while comiled against libspeex-dev, ogg123/speex_format.c is compiled with embedded code copied from speexdec.c
692 - gst-plugins-good0.10 <unfixed> (embed)
693 - xine-lib <unfixed> (embed)
694 - libfishsound <unfixed> (embed)
695 - libannodex <removed> (embed)
696 - vlc <unfixed> (embed)
697 - xmms-speex <unfixed> (embed)
698 - libsdl-sound1.2 <unfixed> (embed)
699 - sweep <unfixed> (embed)
700
701 libreadline
702 - magic <itp> (old-version)
703
704 opcode
705 - ode <unfixed> (embed)
706 NOTE: opcode is not a package in debian, it is just embedded
707 NOTE: http://www.codercorner.com/Opcode.htm
708
709 gimpact
710 - ode <unfixed> (embed)
711 NOTE: gimpact is not a package in debian, it is just embedded
712 NOTE: http://gimpact.sf.net
713
714 mochikit
715 - mahara <unfixed> (embed)
716 NOTE: they require extra patches, still unmerged upstream
717 - ntop <unfixed> (embed)
718 - coherence 0.6.2-1 (embed)
719 - paste <unfixed> (embed)
720 - turbogears <unfixed> (embed)
721 - plone3 <removed> (embed)
722 - xulrunner <unfixed> (embed)
723 - libjifty-plugin-chart-perl <unfixed> (embed)
724 - sabnzbdplus <unfixed> (embed)
725 - tgmochikit <unfixed> (embed)
726
727 prototypejs
728 - netbeans-ide 6.0.1+dfsg-2 (embed)
729 - auth2db 0.2.5-2+dfsg-1 (embed; bug #555218)
730 - webcit <unfixed> (embed; bug #555219)
731 - asterisk 1:1.6.2.0~rc3-1 (embed)
732 - libjson-ruby 1.1.4-1 (embed; bug #555224)
733 - lucene2 2.9.1+ds1-2 (embed; bug #555226)
734 - horde3 <unfixed> (embed)
735 - knowledgeroot 0.9.9.5-1 (embed; bug #555230)
736 - mediatomb <unfixed> (embed; bug #555233)
737 - mt-daapd 0.9~r1696.dfsg-6lenny2 (embed)
738 - ebug-http <removed> (embed; bug #555236)
739 - libaws 2.7-1 (embed; bug #555222)
740 - phpgedview <removed> (embed)
741 - poker-network 1.7.6-1 (embed; bug #555238)
742 - rails 2.1.0-6 (embed)
743 - wordpress 2.5.0-2 (embed; bug #555243)
744 - zope <not-affected> (the prototypejs embed is not in any of the obvious zope packages, e.g. zope2.9, zope2.10, zope2.11, and zope3)
745 TODO: search through all of the other zope packages
746 - ampache 3.4.1-2 (embed)
747 - exaile 0.2.14+debian-2.1 (embed; bug #555245)
748 - hobix 0.5~svn20070319-4 (embed; bug #555247)
749 - zabbix 1.6.6-4 (embed; bug #555250)
750 - chora2 <unfixed> (embed; bug #555253)
751 - gollem <unfixed> (embed; bug # 555254)
752 - jscropperui 1.2.1-1 (embed; bug #555257)
753 - scriptaculous <not-affected> (uses system prototype.js since initial upload; bug #555260)
754 - ingo1 <unfixed> (embed; bug #555261)
755 - kronolith2 <unfixed> (embed; bug #555262)
756 - activeldap <unfixed> (embed)
757 - libv8 <not-affected> (contains a google-specific implementation of prototype.js)
758 - mantis 1.1.2+dfsg-1 (embed; bug #555265)
759 - otrs2 2.3.4-6 (embed; bug #555267)
760 - webcalendar <unfixed> (embed; bug #555269)
761 - redmine 0.9.0~svn2907-1 (embed; bug #555270)
762 - jifty 0.90519-1 (embed; bug #555271)
763 - jquery 1.4-1 (embed; bug #555272)
764 - passenger 2.2.5debian1-1 (embed; bug #555273)
765 - plone3 <removed> (embed; bug #555275)
766 - wesnoth <not-affected> (prototype.js not included in any of the binary packages; bug #555277)
767 - libhtml-prototype-perl 1.48-3 (embed; bug #538920)
768 - xulrunner <unfixed> (embed)
769 NOTE: included in iceweasel/xulrunner unit tests directory, so may not be security-relevant
770
771 gdb
772 - insight <unfixed> (embed)
773
774 e2fsprogs
775 - ldiskfsprogs <unfixable> (fork)
776
777 quazip (not packaged in Debian)
778 - qcake <unfixed> (embed)
779 NOTE: starting with upstream version 0.6.4
780
781 exo
782 - pcmanfm <unfixed> (embed; bug #499677)
783 NOTE: slightly modified source code
784
785 java
786 - openjdk-6 <unfixed>
787 - sun-java5 <unfixed>
788 - sun-java6 <unfixed>
789
790 libphp-snoopy
791 - ampache 3.4.1-2 (embed; bug #504169)
792 - gforge 4.6.99+svn6094-2 (embed)
793 - mahara 1.0.5-2 (embed; bug #504170)
794 - pixelpost 1.7.1-5 (embed; bug #504171)
795 - mediamate 0.9.3.6-5 (embed; bug #504172)
796 - opendb <removed> (embed; bug #504173)
797 [etch] - opendb <unfixed> (embed; bug #504173)
798 - wordpress 2.5.1-9 (embed; bug #443948)
799 - moodle <unfixed> (embed; bug #507185)
800 [etch] - phpgroupware <unfixed> (embed)
801 NOTE: phpgroupware-felamimail
802 - magpierss 0.72-3 (embed; bug #431089)
803
804 jquery
805 - zekr <unfixed> (embed)
806 - wordpress <unknown> (embed)
807 - yocto-reader <unfixed> (embed)
808 - textpattern <unfixed> (embed)
809 - genshi 0.5.1-1 (embed)
810 NOTE: compressed file under examples/ dir
811 - prewikka <unfixed> (embed)
812 - libramaze-ruby <unfixed> (embed)
813 - drupal5 <unfixed> (embed)
814 - b2evolution <unfixed> (embed)
815 - wesnoth <unfixed> (embed)
816
817 tablesorter (jquery plugin, not packaged yet)
818 - wesnoth <unfixed> (embed)
819
820 kses
821 - wordpress <unfixed> (embed; bug #504242)
822 NOTE: their copy has all methods renamed to wp_<foo>
823 NOTE: kses isn't in Debian, RFP: #504240
824 - moodle <unfixed> (embed; bug #507185)
825 - egroupware <unfixed> (embed)
826
827 magpierss
828 - wordpress <unfixed> (embed; bug #504242)
829 - moodle <unfixed>
830
831 php-gettext
832 - wordpress 2.8.4-1 (embed; bug #504242)
833 - docbookwiki <unfixed> (embed)
834 - knowledgeroot 0.9.9.5-1
835 NOTE: non-free
836
837 libphp-ixr (name may change, it is the Incutio XML-RPC)
838 - wordpress <unfixed> (embed; bug #504242)
839 NOTE: libphp-ixr isn't in Debian, RFP: #504236
840 - dokuwiki <unfixed> (embed)
841 - textpattern <unfixed> (embed)
842
843 libphp-cas
844 - glpi <unfixed> (embed)
845 - moodle <unfixed> (embed; bug #505984)
846
847 scriptaculous (prototype.js is among the embeds in the following)
848 - glpi <unfixed> (embed)
849 - libaws <unfixed> (embed; bug #555222)
850 - op-panel <unfixed> (embed)
851 - symfony <unfixed> (embed)
852 NOTE: maintainer says there are extra incompatible changes required
853 - pixelpost 1.7.1-6 (embed)
854 - webhelpers <unfixed> (embed)
855 - qwik <removed> (embed; bug #555241)
856 - smokeping <unfixed> (embed)
857 - turba2 <unfixed> (embed)
858 - typo3-src 4.2.3-1 (embed)
859 - request-tracker3.6 <unfixed> (embed)
860 - request-tracker3.8 <unfixed> (embed)
861 - rt-extension-emailcompletion <not-affected> (prototype.js not included in the binary package)
862 - wordpress 2.5.0-2 (embed)
863 - libhtml-prototype-perl 1.48-3 (embed)
864
865 libmarkdown-php
866 - moodle <unfixed> (embed; bug #507185)
867 - pixelpost 1.7.1-6 (embed)
868
869 php-openid
870 - wordpress-openid <itp> (embed)
871
872 geshi
873 - dokuwiki 0.0.20080505-3.1 (embed)
874 - pgfouine 1.0-1.1 (embed)
875 - websvn 2.1.0-1 (embed)
876
877 webcalendar
878 - gforge 4.7~rc2-6 (embed; bug #504758)
879
880 libical
881 - kdepim <unknown> (fork)
882 NOTE: fixed at some point during 4.0
883 - kdepimlibs 4.2.0-1 (fork)
884 - claws-mail-extra-plugins <unfixed> (fork)
885
886 libltdl3
887 - kdelibs <unfixed> (embed)
888 NOTE: it's been said it sets RT_GLOBAL (or something like that) at runtime and version in experimental of libltdl can optionally set it
889 - synfig <unfixed> (embed)
890
891 harfbuzz
892 - qt4-x11 <unfixed> (embed)
893 - pango1.0 <unfixed> (embed)
894 - fontmatrix <unfixed> (embed)
895
896 libzip
897 - php5 <unfixable> (modified-embed)
898 - odt2txt <unfixed> (embed; bug #523808)
899
900 json.php (not packaged; should be replaced with php's built-in functions)
901 - moodle <unfixed>
902 - yui <unfixed>
903 - gallery2 <unfixed>
904 - dokuwiki <unfixed>
905 - typo3-src <unfixed>
906
907 php-fpdf
908 - tcpdf <itp> (fork)
909 - moodle <unfixed>
910 - phpwiki <unfixed>
911 - egroupware <unfixed>
912 - ldap-account-manager <unfixed> (fork)
913
914 tcpdf (itp: #495985)
915 - moodle <unfixed>
916 - phpmyadmin <unfixed>
917
918 typo3
919 - moodle <unfixed>
920
921 spreadsheet_writeexcel (PHP port of libspreadsheet-writeexcel-perl; itp: #487557)
922 - moodle <unfixed>
923 - gosa <unfixed>
924
925 php-ole (itp: #487558)
926 - moodle <unfixed>
927
928 pieforms (http://www.catalyst.net.nz)
929 - mahara <unfixed>
930
931 savant2 (http://phpsavant.com)
932 - egroupware <unfixed>
933
934 rssparser (http://nwow.org)
935 - egroupware <unfixed>
936 - phpgroupware <unfixed>
937
938 lcms
939 - openjdk-6 <unfixed> (fork)
940
941 libphp-phplayersmenu
942 - diogenes <unfixed>
943 - phpldapadmin <unfixed>
944
945 libphp-pclzip
946 - docvert <unfixed>
947 - moodle <unfixed>
948 - egroupware <unfixed>
949
950 libphp-simplepie
951 - dokuwiki <unfixed>
952 - wordpress <unfixed>
953
954 libphp-jpgraph
955 - egroupware <unfixed>
956
957 php-simpletest
958 - moodle <unfixed>
959
960 libpng
961 - iceweasel <not-affected> (uses xulrunner)
962 - icedove 1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1, 2.0.0.19-1 (embed)
963 - iceape 1.0.13~pre080614i-0etch1 (embed)
964 - xulrunner 1.9.0.13-1 (embed)
965 [lenny] - xulrunner 1.9.0.11-0lenny1
966 [etch] - xulrunner 1.8.0.15~pre080614i-0etch1 (embed)
967 - gamera 3.2.3-1 (embed)
968
969 irssi
970 - silc-client <unfixed> (embed)
971 NOTE: Seems to be a pre-0.8.12 version that is used in irssi-plugin-silc
972
973 extc
974 - mtasc <unfixed> (embed)
975 - haxe <unfixed> (embed)
976
977 swflib
978 - mtasc <unfixed> (embed)
979 - haxe <unfixed> (embed)
980
981 libitext-java
982 - bouncycastle 2.1.4-1 (embed)
983
984 python-ply
985 - pyke <unfixed> (embed; bug #555363)
986 - pywbem 0.7.0-4 (embed; bug #555364)
987 - sepolgen <unfixed> (embed; bug #555365)
988 - zope-textindexng3 <unknown> (embed)
989 - iceweasel <not-affected> (uses xulrunner)
990 - xulrunner <unknown> (embed)
991 - wireshark <not-affected> (python-ply modules are not installed into binary packages; see #554613)
992
993 libdumbnet (libdnet upstream)
994 - nmap <unfixed> (fork)
995
996 gcc-4.4
997 - gcc-mingw32 <unfixed> (embed)
998
999 camlimages
1000 - advi <unfixed> (static; bug #550441)
1001
1002 memcached
1003 - memcachedb <unfixed> (embed)
1004
1005 yajl
1006 - argyll <unfixed> (embed; bug #544223)
1007 NOTE: reference, confirmed by build logs: http://lists.debian.org/debian-mentors/2009/08/msg00062.html
1008
1009 nusoap
1010 - gforge 4.8.2-1 (embed)
1011 - ampache <unfixed> (embed)
1012 - poker-network <unfixed> (old-version)
1013 - moodle <unfixed> (old-version)
1014 NOTE: code is not used when running under php5 and soap is enabled
1015 - phpwiki <unfixed> (old-version)
1016 - gallery2 <unfixed> (old-version)
1017 - typo3-src <unfixed> (old-version)
1018
1019 libept
1020 - adept <unfixed> (embed; bug #540649)
1021
1022 libvorbis
1023 - iceweasel <not-affected> (uses xulrunner)
1024 - xulrunner <unfixed> (embed; bug #540959)
1025 [etch] - xulrunner <not-affected> (introduced in firefox 3.5)
1026 [lenny] - xulrunner <not-affected> (introduced in firefox 3.5)
1027 - iceape <unfixed> (embed)
1028 [etch] - iceape <not-affected> (introduced in 2.0)
1029 [lenny] - iceape <not-affected> (introduced in 2.0)
1030
1031 cairo
1032 - iceweasel <not-affected> (uses xulrunner)
1033 - xulrunner 1.8.0.15~pre080614i-0etch1 (embed)
1034
1035 liboggz
1036 - iceweasel <not-affected> (uses xulrunner)
1037 - xulrunner <unfixed> (embed; bug #540959)
1038 [etch] - xulrunner <not-affected> (introduced in firefox 3.5)
1039 [lenny] - xulrunner <not-affected> (introduced in firefox 3.5)
1040 - iceape <unfixed> (embed)
1041 [etch] - iceape <not-affected> (introduced in 2.0)
1042 [lenny] - iceape <not-affected> (introduced in 2.0)
1043
1044 liboggplay
1045 - iceweasel <not-affected> (uses xulrunner)
1046 - xulrunner <unfixed> (embed; bug #540959)
1047 [etch] - xulrunner <not-affected> (introduced in firefox 3.5)
1048 [lenny] - xulrunner <not-affected> (introduced in firefox 3.5)
1049 - iceape <unfixed> (embed)
1050 [etch] - iceape <not-affected> (introduced in 2.0)
1051 [lenny] - iceape <not-affected> (introduced in 2.0)
1052
1053 php-net-dnsbl
1054 - serendipity <unfixed> (embed; bug #541740)
1055
1056 php-onyx-rss
1057 - serendipity <unfixed> (embed; bug #541740)
1058
1059 php-text-wiki
1060 - serendipity <unfixed> (embed; bug #541740)
1061
1062 php-xml-rpc
1063 - serendipity <unfixed> (embed; bug #541740)
1064
1065 polarssl (does not have a shared library)
1066 - pdkim <itp> (embed; bug #543150)
1067 - xyssl <unfixed> (old-version)
1068
1069 pidgin
1070 - gaim <removed> (old-version)
1071 - qutecom <unfixed> (embed; bug #559785)
1072
1073 icu
1074 - webkit 1.0.1-1 (embed; bug #547214)
1075 - texlive-bin <unfixed> (fork)
1076 NOTE: texlive upstream working with icu upstream to merge their changes
1077
1078 cyrus-imapd-2.2
1079 - kolab-cyrus-imapd <unfixed> (fork)
1080 - dovecot 1:1.2.1-1 (embed) [/dovecot-sieve/src/libsieve/*]
1081
1082 python-cxx-dev
1083 - freecad 0.9.2646.3-1 (embed; bug #547936)
1084
1085 zipios++
1086 - freecad 0.9.2646.3-1 (embed; bug #547941)
1087 - enigma 0.92.3-3 (embed)
1088 NOTE: likely fixed earlier, marking etch's version as fixed
1089
1090 linux-2.6
1091 - kvm <removed> (embed; bug #549973) [./kernel/*]
1092 - linux-kbuild-2.6 <unfixed> (embed; bug #550379) [./kbuild/*]
1093 - kernel-source-2.6.8 <removed> (old-version)
1094 - kernel-source-2.4.27 <removed> (old-version)
1095 - kernel-source-2.4.24 <removed> (old-version)
1096 - kernel-source-2.2.25 <removed> (old-version)
1097 - kernel-source-2.2.20 <removed> (old-version)
1098
1099 libfdt (not yet packaged separately for debian; http://www.jdl.com/software/)
1100 - kvm <removed> (embed) [./libfdt/*]
1101 - qemu-kvm <unfixed> (embed) [./libfdt/*]
1102
1103 qweb (not packaged)
1104 - ajaxterm <unfixed>
1105
1106 opensaml2
1107 - opensaml <removed> (old-version)
1108
1109 shibboleth-sp2
1110 - shibboleth-sp <removed> (old-version)
1111
1112 tuxonice-userui
1113 - suspend2-userui <removed> (old-version)
1114
1115 expat
1116 - w3c-libwww <removed> (embed; bug #551941)
1117 [etch] - w3c-libwww <unfixed> (embed; bug #551941) [./modules/expat/*]
1118 - python-xml <unfixed> (embed; bug #551940) [./extensions/expat/*]
1119 - python2.5 <unfixable> (embed; bug #553403) [./Modules/expat/*]
1120 - python2.4 <unfixable> (embed; bug #553403)
1121 - python-4suite <unfixed> (embed; bug #516935)
1122 - wxwindows2.4 <removed> (embed)
1123 - wxwidgets2.6 2.6.3.2.2-4 (embed)
1124 - wxwidgets2.8 2.8.10.1-2 (embed)
1125 - celementtree 1.0.5-8 (embed)
1126 NOTE: Maybe that was fixed even earlier
1127 - audacity 1.3.2-1 (embed)
1128 - matanza <unfixed> (embed)
1129 - tdom 0.8.3~20080525-1 (embed)
1130 - udunits 2.1.8-4 (embed)
1131 - apr-util 1.2 (embed)
1132 - ayttm <unfxed> (embed; bug #561006)
1133 - cableswig <unfixed> (embed)
1134 - cadaver <unfixed> (embed)
1135 - cmake 2.6.0-6 (embed)
1136 - coin3 <unfixed> (embed)
1137 - gdcm 2.0.14-2 (embed)
1138 - ghostscript <unfixed> (embed)
1139 - grmonitor <removed> (embed)
1140 - iceape <unfixed> (embed)
1141 - insighttoolkit 3.16.0-1 (embed)
1142 NOTE: insighttoolkit might've been fixed earlier
1143 - libparagui1.1 1.0.2-1 (embed)
1144 - paraview <unfixed> (embed)
1145 - poco <unfixed> (embed)
1146 - simgear <unfixed> (embed)
1147 - sitecopy 1:0.16.0-1
1148 - smart 1.0-1 (embed)
1149 - swish-e <not-affected> (Linked against libxml, which is used instead)
1150 - tla 1.3.5+dfsg-15 (embed)
1151 - vtk 4.1.20030227-1 (embed)
1152 - wbxml2 <not-affected> (expat code is only used on Mac OS X, see #560941)
1153 - xmlrpc-c <unfixed> (embed)
1154 - iceweasel <unfixed> (embed)
1155 - kompozer <unfixed> (embed)
1156 - vxl 1.13.0-2 (embed)
1157 - xulrunner <unfixed> (embed)
1158 - apache2 2.2 (embed)
1159 - texlive-bin <not-affected> (Embedded code not compiled in)
1160 - vnc4 <unfixed> (embed)
1161 - xotcl <unfixed> (embed)
1162
1163 xerces-c
1164 - xerces-c2 <unfixed> (old-version)
1165 - xerces27 <removed> (old-version)
1166
1167 md5 (RSA's version; not the gnu version provided by coreutils)
1168 - w3c-libwww <removed> (embed; bug #551942)
1169 [etch] - w3c-libwww <unfixed> (embed; bug #551942) [./modules/md5/*]
1170
1171 libparagui1.1
1172 - asc <unfixable> (fork)
1173
1174 enet
1175 - sauerbraten <unfixed> (embed; #497194)
1176
1177 eglibc
1178 - glibc <removed> (old-version)
1179
1180 galib
1181 - gamera 3.2.3-1 (embed)
1182
1183 configobj
1184 - bzr <unfixed> (embed; bug #555336)
1185 - elisa <unfixed> (embed; bug #555337)
1186 - gaupol <unfixed> (embed; bug #555338)
1187 - ipython <unfixed> (embed; bug #555339)
1188 - pida <unfixed> (embed; bug #555340)
1189 - psychopy <unfixed> (embed; bug #555341)
1190 - rest2web <unfixed> (embed; bug #555342)
1191 - auth2db <unknown> (embed)
1192 - dynagen <unknown> (embed)
1193 - iceweasel <unknown> (embed)
1194 - sabnzbdplus <unknown> (embed)
1195 - xulrunner <unknown> (embed)
1196 - nipy <not-affected> (part of an example [/examples/neurospin/neurospy/configobj.py], which is not installed into binary packages)
1197
1198 python-clientform
1199 - bibus <unfixed> (embed; bug #555332)
1200 - zope2.10 <unfixed> (embed; bug #555333)
1201 - zope2.11 <removed> (embed; bug #555334)
1202 - python-mechanize <unknown> (embed)
1203 - twill <unknown> (embed)
1204
1205 python-mechanize
1206 - zope2.10 <unfixed> (embed; bug #555337)
1207 - zope2.11 <removed> (embed; bug #555338)
1208 - twill <unknown> (embed; bug #555339)
1209
1210 pexpect
1211 - duplicity 0.6.06-1 (embed; bug #555361)
1212 - hplip <unfixed> (embed; bug #555362)
1213 - smart <unfixed> (embed; bug #555363)
1214
1215 pyparsing
1216 - bauble <unfixed> (embed; bug #555366)
1217 - boa-constructor 0.6.1-8 (embed; bug #555367)
1218 - calibre <unfixed> (embed; bug #555368)
1219 - matplotlib <unfixed> (embed; bug #531024)
1220 - zhpy 1.7.3.1-1 (embed; bug #555370)
1221 - polybori <unknown> (embed)
1222 - python-whoosh <unknown> (embed)
1223 - twill <unknown> (embed)
1224 - zope-textindexng3 <unknown> (embed)
1225
1226 python-pysqlite2
1227 - python2.4 <unfixed> (embed; bug #553403)
1228 - python2.5 <unfixed> (embed; bug #553403)
1229
1230 celementtree
1231 - python2.5 <unfixed> (embed)
1232 - smart 1.0-1 (embed)
1233 [etch] - smart <unfixed> (embed)
1234
1235 elementtree
1236 - python2.5 <unfixed> (embed)
1237 - bzr <unfixed> (embed; bug #555343)
1238 - gedit 2.28.2-1 (embed; bug #555344)
1239 - smart 1.0-1 (embed)
1240 [etch] - smart <unfixed> (embed)
1241 - solfege <unfixed> (embed; bug #555345)
1242 - w3af <unfixed> (embed; bug #555346)
1243 - python-qt4 <unknown> (embed)
1244 - sphinx <unknown> (embed)
1245 - python-nltk <itp> (embed)
1246
1247 python2.5
1248 - python2.4 <unfixed> (old-version)
1249 - jython <unfixed> (embed)
1250 NOTE: embeds many stdlib modules
1251 - python-django <unfixed> (embed; bug #555419)
1252 NOTE: embeds stdlib modules: doctest, decimal
1253 - gamera 3.2.3-1 (embed)
1254 NOTE: embeds stdlib modules: ConfigParser, optparse, sets, textwrap
1255 - boa-constructor <unfixed> (embed; bug #555426)
1256 NOTE: embeds stdlib modules: ConfigParser, tarfile, zipfile, xmlrpclib
1257 - nicotine <unfixed> (embed; bug #555427)
1258 NOTE: embeds stdlib modules: ConfigParser
1259 - museek+ <unfixed> (embed; bug #555428)
1260 NOTE: embeds stdlib modules: ConfigParser
1261 - vegastrike-data <unfixed> (embed)
1262 NOTE: embeds many stdlib modules
1263 - codespeak-lib 1.1.1-1 (embed; bug #555420)
1264 NOTE: embeds stdlib modules: doctest, optparse, subprocess, textwrap
1265 - config-manager <unfixed> (embed; bug #555423)
1266 NOTE: embeds stdlib modules: optparse
1267 - jhbuild 2.28.0-1 (embed; bug #555421)
1268 NOTE: embeds stdlib modules: optparse, subprocess
1269 - smart <unfixed> (embed; bug #555432)
1270 NOTE: embeds stdlib modules: optparse
1271 - pyprotocols 1.0a.svn20070625-5 (embed; bug #555433)
1272 NOTE: embeds stdlib modules: doctest
1273 - ruledispatch 0.5a.svn20080510-4 (embed; bug #555434)
1274 NOTE: embeds stdlib modules: doctest
1275 - distribute <unfixed> (embed)
1276 NOTE: embeds stdlib modules: doctest
1277 - python-setuptools <unfixed> (embed; bug #555435)
1278 NOTE: embeds stdlib modules: doctest
1279 - zope.testing <unfixed> (embed; bug #555436)
1280 NOTE: embeds stdlib modules: doctest
1281 - translate-toolkit <unfixed> (embed; bug #555422)
1282 NOTE: embeds stdlib modules: textwrap, contextlib
1283 - libtpclient-py <unfixed> (embed; bug #555424)
1284 NOTE: embeds stdlib modules: subprocess
1285 - grass <unfixed> (embed; bug #555425)
1286 NOTE: embeds stdlib modules: subprocess
1287 - coherence <unfixed> (embed; bug #555429)
1288 NOTE: embeds stdlib modules: uuid
1289 - python-django-extensions 0.4.2pre+git200911182050-1 (embed; bug #555430)
1290 NOTE: embeds stdlib modules: uuid
1291 - setroubleshoot <unfixed> (embed; bug #555431)
1292 NOTE: embeds stdlib modules: uuid
1293 - linkchecker <unfixed> (embed; bug #555414)
1294 NOTE: embeds msgfmt.py script
1295 - imdbpy <unfixed> (embed)
1296 NOTE: embeds msgfmt.py script
1297 - kiwi <unfixed> (embed)
1298 NOTE: embeds msgfmt.py script
1299 - moin <unfixed> (embed)
1300 NOTE: embeds msgfmt.py script, stdlib modules: cgitb, difflib, tarfile
1301 - plone3 <removed> (embed)
1302 NOTE: embeds msgfmt.py script
1303 - roundup <unfixed> (embed)
1304 NOTE: embeds msgfmt.py script, stdlib modules: cgitb
1305 - rednotebook <unfixed> (embed; bug #555415)
1306 NOTE: embeds msgfmt.py script
1307 - turbogears <unfixed> (embed)
1308 NOTE: embeds msgfmt.py script
1309 - elisa <unfixed> (embed)
1310 NOTE: embeds msgfmt.py script, stdlib modules: uuid
1311 - calibre <unfixed> (embed)
1312 NOTE: embeds msgfmt.py script, stdlib modules: zipfile
1313 - mailman 1:2.1.13-1 (embed; #555416)
1314 NOTE: embeds msgfmt.py script
1315 - python-docutils <unknown> (embed)
1316 NOTE: embeds stdlib modules: optparse, textwrap
1317 - python-imaging <unknown> (embed)
1318 NOTE: embeds stdlib modules: doctest
1319 - python-mechanize <unknown> (embed)
1320 NOTE: embeds stdlib modules: doctest
1321 - twill <unknown> (embed)
1322 NOTE: embeds stdlib modules: subprocess
1323 - zeroc-ice <unknown> (embed)
1324 NOTE: embeds stdlib modules: subprocess
1325 - wxwidgets2.8 <unknown> (embed)
1326 NOTE: embeds stdlib modules: subprocess
1327 - cycle <unknown> (embed)
1328 NOTE: embeds msgfmt.py script
1329 - deluge <unknown> (embed)
1330 NOTE: embeds msgfmt.py script
1331 - opendict <unknown> (embed)
1332 NOTE: embeds msgfmt.py script
1333 - openerp-client <unknown> (embed)
1334 NOTE: embeds msgfmt.py script
1335 - rapidsvn <unknown> (embed)
1336 NOTE: embeds msgfmt.py script
1337 - wammu <unknown> (embed)
1338 NOTE: embeds msgfmt.py script
1339 - gaphor <unknown> (embed)
1340 NOTE: embeds msgfmt.py script
1341 - pida <unknown> (embed)
1342 NOTE: embeds msgfmt.py script
1343 - python-formencode <unknown> (embed)
1344 NOTE: embeds msgfmt.py script
1345 - duplicity <unfixed> (embed)
1346 NOTE: embeds stdlib module: urlparse, tarfile
1347 - pygopherd <unfixed> (embed)
1348 NOTE: embeds stdlib module: zipfile
1349
1350 argparse
1351 - twill <unfixed> (embed; bug #555347)
1352 - ipython <unfixed> (embed; bug #555348)
1353
1354 coherence
1355 - elisa <unfixed> (embed; bug #555335)
1356
1357 simpletal
1358 - plastex <unfixed> (embed; bug #555371)
1359
1360 flickrpc (not packaged in Debian, http://burtonini.com/bzr/flickrpc/)
1361 - postr <unfixed> (embed)
1362 - elisa <unfixed> (embed)
1363
1364 simplegeneric (not packaged in Debian, http://pypi.python.org/pypi/simplegeneric)
1365 - apertium-tolk <unfixed> (embed)
1366 - ipython <unfixed> (embed)
1367 - virtaal <unfixed> (embed)
1368
1369 distribute
1370 - setuptools <removed> (old-version)
1371
1372 rails
1373 - jruby1.2 <unfixed> (embed) [./bench/rails/*]
1374 - libgettext-ruby <unfixed> (embed) [./samples/rails/*]
1375 - libopenid-ruby <unfixed> (embed) [./examples/rails_openid/*]
1376 - thin <unfixed> (embed) [./spec/rails_app/*]
1377 NOTE: this is a subdirectory of examples, which in general is a non-issue, but may
1378 NOTE: be dangerous if developers are naively basing their code off of the examples
1379 NOTE: prototype.js is among the example files
1380
1381 lucene2 (prototype.js is among the embeds in the following)
1382 - lucene <unfixed> (old-version)
1383 - pylucene <unfixed> (embed)
1384 - libpdfbox-java <unfixed> (embed)
1385 - libfontbox-java <unfixed> (embed)
1386 - libjempbox-java <unfixed> (embed)
1387 - solr <unfixed> (embed)
1388
1389 unicode-data
1390 - syslinux <unfixed> (embed)
1391 - camomile <unfixed> (embed)
1392 - fribidi <unfixed> (embed)
1393 - m17n-db <unfixed> (embed)
1394 - sbcl <unfixed> (embed)
1395 - heimdal <unfixed> (embed)
1396 - icu <unfixed> (embed)
1397 - icu4j <unfixed> (embed)
1398 - krb5 <unfixed> (embed)
1399 - moodle <unfixed> (embed)
1400 - openldap <unfixed> (embed)
1401 - pike7.6 <unfixed> (embed)
1402 - samba <unfixed> (embed)
1403 - samba4 <unfixed> (embed)
1404 - cmucl <unfixed> (embed)
1405 - typo3-src <unfixed> (embed)
1406 - mauve <unfixed> (embed)
1407 - texlive-bin <unfixed> (embed)
1408 - ypsilon <unfixed> (embed)
1409 - jeuclid <unfixed> (embed)
1410 - charmap.app <unfixed> (embed)
1411 - clisp <unfixed> (embed)
1412 - gnulib <unfixed> (embed)
1413 - opensrs-client <unfixed> (embed)
1414 - saxonb <unfixed> (embed)
1415 - rails <unfixed> (embed)
1416
1417 feedparser
1418 - rawdog <unfixed> (embed; bug #383422)
1419 - miro <unfixed> (embed; bug #555351)
1420 - calibre <unfixed> (embed; bug #555352)
1421 - freevo <unfixed> (embed; bug #555353)
1422 - pida <unfixed> (embed; bug #555354)
1423 - planet-venus <unfixed> (embed; bug #555355)
1424 - plone3 <removed> (embed; bug #555356)
1425 - exaile 0.2.14+debian-1 (embed)
1426 - screenlets 0.1.2-3 (embed)
1427 NOTE: included twice
1428
1429 agg:
1430 - matplotlib <unfixed> (embed: bug #377271)
1431 - contextfree <unfixed> (embed)
1432 NOTE: since 2.2-1 it links statically to system libagg, but still uses the embedded copy
1433 - exactimage <unfixed> (embed)
1434 - python-enable <unfixed> (embed)
1435 - mapnik 0.5.1-3 (embed)
1436 NOTE: links statically to agg, but shared library is not available (bug #377271)
1437
1438 vtk
1439 - paraview <unfixable> (embed; bug #495426)
1440
1441 txt2tags
1442 - rednotebook <unfixed> (embed)
1443
1444 htmltextview (not packaged in Debian, http://www.gnome.org/~gjc/htmltextview.py)
1445 - gajim <unfixed> (embed)
1446 - emesene <unfixed> (embed)
1447 - convirt <unfixed> (embed)
1448 - pida <unfixed> (embed)
1449 - rednotebook <unfixed> (embed)
1450
1451 horde3 (prototype.js is among the embeds in the following)
1452 - mnemo2 <unfixed> (embed)
1453 - nag2 <unfixed> (embed)
1454 - wordpress <unfixed> (embed)
1455 NOTE: Text_Diff (wp-includes/Text/Diff*)
1456
1457 cimg
1458 - gmic <itp> (embed)
1459
1460 mootools
1461 - gmic <itp> (embed)
1462
1463 openldap
1464 - openldap2.3 <removed> (old-version)
1465
1466 grub2
1467 - grub <unfixed> (old-version)
1468
1469 gnupginterface
1470 - duplicity <unfixed> (embed)
1471
1472 python-dateutil
1473 - awn-extras-applets <unfixed> (embed)
1474 - matplotlib <unknown> (embed)
1475
1476 cups
1477 - cupsys <removed> (old-version)
1478
1479 yui
1480 - bcfg2 <not-affected> (present in source but not included in any binary files)
1481 - serendipity <unfixed> (embed; bug #557746)
1482 - moodle 1.8.2.dfsg-5 (embed)
1483 - jifty 0.91117-1 (embed; bug #557748)
1484 - webgui 7.7.26-1 (embed)
1485 - loggerhead 1.17-1 (embed)
1486
1487 quake3 (vanilla source not packaged in debian)
1488 - openarena <unfixable> (fork)
1489
1490 quake2 (vanilla source not packaged in debian)
1491 - alien-arena <unfixable> (fork)
1492 - warsow <unfixable> (fork)
1493
1494 libtheora
1495 - iceweasel <not-affected> (uses xulrunner)
1496 - xulrunner <unfixed> (embed; bug #540959)
1497 [etch] - xulrunner <not-affected> (introduced in firefox 3.5)
1498 [lenny] - xulrunner <not-affected> (introduced in firefox 3.5)
1499 - iceape <unfixed> (embed; bug #559276)
1500 [etch] - iceape <not-affected> (introduced in iceape 2.0)
1501 [lenny] - iceape <not-affected> (introduced in iceape 2.0)
1502
1503 dtoa
1504 - bfilter <unfixed> (embed)
1505 - cacao <unfixed> (embed)
1506 - cdrdao <unfixed> (embed)
1507 - classpath <unfixed> (embed)
1508 - freej <unfixed> (embed)
1509 - iceape <unfixed> (embed)
1510 - iceweasel <unfixed> (embed)
1511 - jscoverage <unfixed> (embed)
1512 - kde4libs <unfixed> (embed)
1513 - kdelibs <unfixed> (embed)
1514 - kompozer <unfixed> (embed)
1515 - libv8 <unfixed> (embed)
1516 - mono <unfixed> (embed)
1517 - newlib <unfixed> (embed)
1518 - nspr <unfixed> (embed)
1519 - php5 <unfixed> (embed)
1520 - polyml <unfixed> (embed)
1521 - qt4-x11 <unfixed> (embed)
1522 - rhino <unfixed> (embed)
1523 NOTE: code translated to Java
1524 - ruby1.8 <unfixed> (embed)
1525 - ruby1.9 <unfixed> (embed)
1526 - ruby1.9.1 <unfixed> (embed)
1527 - sdd <unfixed> (embed)
1528 - sfind <unfixed> (embed)
1529 - star <unfixed> (embed)
1530 - tinymux <unfixed> (embed)
1531 - virtualbox-ose <unfixed> (embed)
1532 - webkit <unfixed> (embed)
1533 - xulrunner <unfixed> (embed)
1534
1535 ipc (not packaged in Debian; see http://mozdev.org/pipermail/enigmail/2009-November/011678.html)
1536 - firegpg <unfixed> (embed)
1537 - enigmail <unfixed> (embed)
1538
1539 ptmalloc (not packaged in Debian)
1540 - crystalspace <unfixed> (embed)
1541 - qt4-x11 <unfixed> (embed)
1542
1543 svgalib
1544 - usplash <unfixed> (embed)
1545
1546 bogl
1547 - usplash <unfixed> (embed)
1548
1549 taglist
1550 - usplash <unfixed> (embed)
1551
1552 portaudio
1553 - audacity <unfixed> (embed; bug #323711)
1554
1555 nyquist
1556 - audacity <unfixed> (embed)
1557 NOTE: embeds a forked nyquist with support for a shared library
1558
1559 vamp-plugin-sdk
1560 - audacity <unfixed> (embed)
1561
1562 wordpress
1563 - libwordpress-xmlrpc-perl <removed> (embed) [./xmlrpc.php]
1564 - wordpress-mu <unfixed> (fork)
1565
1566 php5
1567 - php4 <removed> (old-version)
1568
1569 classpath
1570 - libgnucrypto-java <removed> (embed; bug #559788)
1571
1572 libtool
1573 - apr <unfixed> (static; bug #489625)
1574 NOTE: ships copy of libtool in libapr1-dev; was 'embed' before 1.3.2-3
1575 - arts <unfixed> (embed)
1576 - bochs 2.4.2-1 (embed; bug #560884)
1577 - camserv <unfixed> (embed)
1578 - collectd <unfixed> (embed)
1579 - courier-authlib 0.58-4 (embed)
1580 NOTE: The etch version of courier-authlib was the earliest version checked, might be fixed earlier
1581 - cvsnt <unfixed> (embed)
1582 - dico <not-affected> (Uses the system copy of ltdl)
1583 - freeradius 0.1+20010527-1 (embed)
1584 NOTE: Earliest reference I could find from the changelog is from 27 May 2001
1585 - ggobi 2.1.9~20091212-1 (embed)
1586 - glame 2.0.1-4 (embed)
1587 NOTE: The etch version of glame was the earliest version checked, might be fixed earlier
1588 - gnash <unfixed> (embed)
1589 - gnu-smalltalk <unfixed> (embed)
1590 - google-gadgets 0.10.5-0.3 (embed)
1591 NOTE: 0.10.5-0.3 was the earliest version checked, was fixed earlier
1592 - graphicsmagick 1.3.5-6 (embed)
1593 - graphviz 2.8-3 (embed)
1594 NOTE: The etch version of graphviz was the earliest version checked, might be fixed earlier
1595 - guile-1.6 1.6.8-7 (embed)
1596 - hamlib <unfixed> (embed)
1597 - hercules <unfixed> (embed)
1598 - jags 1.0.4-3 (embed; bug #560864)
1599 - kdelibs <unfixed> (embed)
1600 - libannodex <removed> (embed)
1601 - libextractor <unfixed> (embed)
1602 - libmcrypt <not-affected> (libtool source present but not included in any of the binary packages)
1603 - libtunepimp <unfixed> (embed)
1604 - mp4h <unfixed> (embed)
1605 - naim <unfixed> (embed)
1606 - parser-mysql <unfixed> (embed)
1607 - pinball 0.3.1-11 (embed)
1608 - redland <unfixed> (embed)
1609 - siproxd <unfixed> (embed)
1610 - ski <unfixed> (embed)
1611 - synfig <unfixed> (embed)
1612 - unixodbc 2.2.4-5 (embed)
1613 - xmlsec1 <not-affected> (Doesn't enable dynamic loading of crypto modules)
1614 - clamav 0.95+dfsg-1 (embed)
1615 - imagemagick 6:6.2.3.1-1 (embed)
1616 - hypre 2.4.0b-5 (embed)
1617 - lam <unfixed> (embed)
1618 - openmpi <unfixable> (embed; bug #559386)
1619 - parser <unfixed> (embed)
1620 - pdsh 2.18-5 (embed; bug #560892)
1621 - sbnc 1.2-8 (embed)
1622 - sdcc <unfixed> (embed)
1623 - wml <unfixed> (embed)
1624 - proftpd-dfsg <unfixed> (embed; bug #561748)
1625 - babel 1.4.0.dfsg-5 (embed)
1626 - libprelude 0.9.14-2 (embed)
1627 - heartbeat 2.1.4-7 (embed)
1628 NOTE: From Squeeze onwards the system copy of ltdl is used, use the current version from Squeeze,
1629 NOTE: might've been fixed earlier
1630 - gcc-* <unknown> (embed)
1631
1632 ocamlgsl
1633 - orpie 1.5.1-7.1 (embed; bug #550058)
1634
1635 xdotool
1636 - keynav <unfixed> (embed; bug #560103)
1637
1638 bulletphysics (not packaged; http://www.bulletphysics.org/)
1639 - supertuxkart <unfixed> (embed)
1640 - blender <unfixed> (embed)
1641
1642 ghostscript
1643 - gs-gpl <removed> (old-version)
1644
1645 icedove
1646 - thunderbird <removed> (old-version)
1647
1648 sizzlejs (not packaged in Debian, http://sizzlejs.com/)
1649 - jquery <unfixed> (embed)
1650
1651 sed
1652 - ssed <unfixed> (fork)
1653
1654 phpatomlib (http://code.google.com/p/phpatomlib)
1655 - wordpress <unfixed> (embed)
1656
1657 Services_JSON (http://pear.php.net/package/Services_JSON)
1658 - wordpress <unfixed> (embed)
1659
1660 phpass (http://www.openwall.com/phpass/)
1661 - gallery2 <unfixed> (embed)
1662 - wordpress <unfixed> (embed)
1663 - typo3-src <unfixed> (fork)
1664 NOTE: file refers to drupal, maybe there's a copy somewhere there
1665 NOTE: a copyright owner search didn't match anything
1666 - libauthen-passphrase-perl <unfixable> (fork)
1667 NOTE: perl implementation of phpass
1668
1669 squirrelmail
1670 - wordpress <unfixed> (embed)
1671 NOTE: class-pop3.php
1672
1673 ezSQL (http://www.woyano.com/jv/ezsql)
1674 - wordpress <unfixable> (fork)
1675 NOTE: wp-db.php
1676
1677 Diff.php (Clay Loveless' version/killersoft.com)
1678 - php-versioncontrol-svn <unfixed>
1679
1680 libm
1681 - spring <unfixed> (embed)
1682 NOTE: embedded by embedded copy of streflop
1683
1684 streflop
1685 - spring <unfixed> (embed)
1686
1687 minizip
1688 - spring <unfixed> (embed)
1689
1690 oscpack
1691 - spring <unfixed> (embed)
1692
1693 hpiutil2
1694 - spring <unfixed> (embed)
1695
1696 p7zip
1697 - spring <unfixed> (embed)
1698
1699 pythonqt (doesn't seem to be python-qtN, unknown source)
1700 - fontmatrix <unfixed> (embed)
1701 - elmerfem <unfixed> (embed)
1702
1703 iepngfix (not packaged in Debian; http://www.twinhelix.com/css/iepngfix/)
1704 - docvert <unfixed> (embed)
1705 - jifty <unfixed> (embed)
1706 - kdenetwork <unfixed> (embed)
1707 - mediatomb <unfixed> (embed)
1708 - plastex <unfixed> (embed)
1709 - plone3 <removed> (embed)
1710 - python-chaco <unfixed> (embed)
1711 - python-docutils <unfixed> (embed)
1712 - s5 <unfixed> (embed)
1713 - zope2.10 <unfixed> (embed)
1714 - zope2.11 <removed> (embed)
1715 - cython <not-affcted> (embed)
1716 NOTE: part of documentation, which is not installed into the binary package
1717
1718 python-docutils
1719 - zope2.10 <unfixed> (embed)
1720 - zope2.11 <removed> (embed)
1721
1722 tesseract
1723 - ocropus <unfixed> (static)
1724
1725 antlr
1726 - kdevelop <unfixed> (embed)
1727
1728 libxerces2
1729 - openjdk-6 <unfixed> (embed)
1730
1731 kfreebsd-8
1732 - kfreebsd-7 <unfixed> (old-version)
1733 - kfreebsd-6 <removed> (old-version)
  ViewVC Help
Powered by ViewVC 1.1.5