/[secure-testing]/data/embedded-code-copies
ViewVC logotype

Contents of /data/embedded-code-copies

Parent Directory Parent Directory | Revision Log Revision Log

Revision 14241 - (show annotations) (download)
Wed Mar 10 20:26:46 2010 UTC (3 years, 2 months ago) by jmm-guest
File size: 50014 byte(s) 
- libpurple/qutecom code copy fixed
- new minor mediawiki issues
- cpio/tar maintainers notified about no-dsa for minor rmt issue
1 Embedded code copies
2 ====================
3
4 This file collects source packages that embed code from other projects.
5 This is considered bad for fixing security flaws because the fix needs
6 to be applied in multiple source packages.
7
8 Format:
9 <srcpkg> (<optional comment about srcpkg>)
10 - <embedding srcpkg> <status> (<sort>; bug #<number>)
11 NOTE: optional comments about the linkage of the embedding srcpkg
12
13 status: version number fixing the embedded copy, <unfixed>, <removed>,
14 <itp>, <not-affected>, <unknown> if the version number can not
15 be determined, or <unfixable> for unavoidable cases (e.g., forks
16 that add real value)
17 sort: static (linking statically against a lib)
18 embed (embeds a copy of the library into another source package)
19 modified-embed (embeds a code copy that differs from upstream code)
20 fork (a full-blown fork of another source package)
21 old-version (an older version of essentially the same code)
22
23 The srcpkg might be some string to identify the code if there is no
24 specific source package.
25
26 Everything up to the next line is ignored.
27 ---BEGIN
28 xpdf (some srcpkgs use xpdf2 code, some xpdf3 code)
29 NOTE: Fixed packages link to poppler library unless otherwise noted
30 - pdftohtml <unknown>
31 [sarge] - pdftohtml <unfixed>
32 [etch] - pdftohtml <unfixed>
33 NOTE: has been replaced by poppler-utils
34 - kdegraphics 4:4.2.2-1 (embed; bug #436164)
35 - texlive-base 3.0-12 (embed)
36 - texlive-bin 2007-1 (embed)
37 NOTE: links to poppler
38 - koffice <unfixed> (embed; bug #436163)
39 - libextractor 0.5.12-1 (embed)
40 NOTE: libextractor is using its own pdf decoder now
41 - ipe <unfixed> (embed)
42 NOTE: embeds small parts with renamed source files: ipestdfonts.cpp, ipefonts.cpp, ipedct.cpp
43 - ruby-gnome2 <unknown> (embed)
44 NOTE: copy only present in source but links to poppler
45 - pdfedit <unfixed> (embed; bug #510794)
46 - swftools <removed> (embed; bug #551293)
47 - poppler <unfixable> (fork)
48
49 ppmd
50 - libcomplearn-mod-ppmd <unfixed> (fork)
51 NOTE: discussion in #458152
52
53 libevent
54 - transmission 1.71-1 (embed; bug #529372)
55
56 lrmi
57 - read-edid 2.0.0-1 (embed; bug #495131)
58 - s3switch <unfixed> (embed)
59 - xresprobe <unfixed> (embed)
60 - zhcon <unfixed> (embed)
61
62 peercast
63 - gnome-peercast <removed> (embed)
64 [etch] - gnome-peercast <unfixed> (embed)
65
66 silc-toolkit
67 - silc-client 1.1~beta6-1 (embed)
68
69 icclib
70 - ghostscript <unfixed> (embed)
71 - argyll <unfixed> (embed)
72
73 libusb
74 - argyll <unfixed> (embed)
75
76 dietlibc
77 - ccontrol 0.9.1+20071204-1 (static)
78
79 libmikmod
80 - sdl-mixer1.2 <unfixed> (embed)
81 TODO: report bug
82
83 libiax
84 - iaxmodem <unfixable> (embed; bug #548885)
85
86 spandsp
87 - iaxmodem <unfixable> (embed; bug #548885)
88
89 python-paramiko
90 - fabric 0.9.0-2 (embed; bug #561398)
91
92 zlib (lots of apps embed a copy, but link dynamically, but there are a few exceptions)
93 - dpkg <unfixed> (static)
94 NOTE: see 18196.48620.491996.624772@davenant.relativity.greenend.org.uk on debian-devel for discussion
95 - rsync <unfixed> (embed)
96 - cherokee <unfixed> (embed)
97 NOTE: somehow derived code base
98 - mono <unfixed> (embed)
99 TODO: check mozilla
100 - Linux kernels <unfixed> (embed)
101 - pvpgn 1.7.8-2 (embed)
102 - mrtg 2.12.2-1 (embed)
103 - rpm <unknown> (embed)
104 NOTE: pinged anibal since when rpm was fixed
105 - tuxcmd-modules <unfixed> (embed)
106 - zsync <unfixed>
107 - tra <unfixed>
108 - sash <unfixed>
109 - nsis <unfixed>
110 - mseide-msegui <unfixed>
111 NOTE: mseide
112 - mirrordir <unfixed>
113 - poco <unfixed>
114 - klibc <unfixed>
115 - ghostscript <unfixed>
116 - freeimage <unfixed>
117 - clamav <unfixed> (fork)
118 NOTE: from the changelog: "libclamav6 does indeed duplicate parts of the zlib code, but there is not way around that"
119 - tuxonice-userui <unfixed>
120 - plt-scheme <unfixed>
121 - perl <unfixed>
122 - paraview <unfixed>
123 - velvet 0.7.56~nozlibcopy-1
124 - gcvs <unfixed>
125 - dump <unfixed>
126 - aide <unfixed> (static)
127 - dar <unfixed> (static)
128 - avfs <unfixed>
129 - fpc <unfixed>
130 - winff <unfixed>
131 NOTE: inherited from fpc, see #472304
132 - lazarus <unfixed>
133 NOTE: inherited from fpc, see #472304
134 - erlang <unfixed> (embed)
135 - gamera 3.2.3-1 (embed)
136 - python2.4 <unfixed> (embed; bug #553403)
137 - python2.5 <unfixed> (embed; bug #553403)
138
139 dulwich
140 - hg-git 0.1.0-1 (embed; bug #541996)
141
142 libvigraimpex
143 - hugin <unfixed> (embed; bug #542259)
144 - enblend-enfuse <unfixed> (embed; bug #542258)
145 - gamera 3.2.3-1 (embed)
146
147 libbz2
148 - dpkg <unfixed> (static)
149
150 libyahoo2
151 - centerim <unfixed> (embed; bug #559783)
152
153 libmsn
154 - centerim <unfixed> (embed; bug #559783)
155
156 libgadu
157 - centerim <unfixed> (embed; bug #559783)
158 - pidgin <not-affected> (links dynamically since initial release; fixed in gaim)
159 - gaim 1:2.0.0+beta3-3 (embed; bug #360280)
160 - kdenetwork 4:3.3.2-5 (embed)
161 NOTE: from kdenetwork: kopete
162 - ekg 1:1.8~rc0-1 (embed)
163 - kadu 0.6.0.2-3 (embed; bug #504430)
164 - gadu <itp> (embed)
165
166 xmlrpc (which package is the "origin" of this code?)
167 - drupal <unfixed> (embed)
168 - phpgroupware <unfixed> (embed)
169 - egroupware <unfixed> (embed)
170 - phpwiki <unfixed> (embed)
171 - php4 <unfixed> (embed)
172 TODO: check, php-pear, IIRC this was reorganized some weeks ago?
173
174 shtool (affects build-time only)
175 - mysql-ocaml <unfixed> (embed)
176 - php4 <unfixed> (embed)
177
178 xulrunner
179 - iceape <unfixed> (embed; bug #561749)
180 - iceweasel 2.0.0.19 (embed)
181 - icedove <unfixed> (embed; bug #561750)
182 - kompozer <unfixed> (embed; bug #532168)
183 - galeon 2.0.2-4 (embed)
184 - epiphany-browser 2.14.3-8 (embed)
185 - conkeror 0.9~git080629-2 (embed)
186 - kazehakase 0.4.2-1 (embed)
187
188 xli
189 - xloadimage <unfixed> (embed)
190
191 lesstif (beware: two different lesstif APIs supported in one package, MOTIF 1.2 discarded upstream)
192 - openmotif <unfixed> (embed)
193 - libxpm <unfixed> (embed)
194
195 kerberized apps with BSD origin
196 - krb4 <removed> (embed)
197 - krb5 <unfixed> (embed)
198 - heimdal <unfixed> (embed)
199
200 grip (which pkg is the origin?)
201 - libcdaudio <unfixed>
202 - grip <unfixed>
203 - gnome-vfs <unfixed>
204 TODO: check vfs2 as well
205
206 fudforum
207 [etch] - phpgroupware <unfixed> (embed)
208 NOTE: phpgroupware-fudforum
209 [sarge] - egroupware-fudforum <removed> (embed)
210
211 libbsd
212 - rdate 1:1.2-3 (embed)
213 - atheme-services <unfixed>
214 - libbsd-arc4random-perl <unfixed>
215 - isakmpd <unfixed>
216 - bsdgames <unfixed> (embed)
217 - bsd-mailx <unfixed> (embed)
218 - netcat-openbsd <unfixed> (embed; bug #550611)
219 - openssh <unfixed> (embed)
220 - unworkable <unfixed> (embed)
221
222 cvs
223 - gcvs <unfixed> (embed)
224 NOTE: see cvsunix/src in tarball
225
226 pcre3
227 - php4 <unknown> (embed)
228 - analog 2:5.23-0woody1 (embed)
229 - goffice <unfixed> (embed)
230 NOTE: libgoffice-*
231 - vfu 4.06-4.1 (embed; bug #450754)
232 - tf5 5.0beta7-1 (embed)
233 - monotone 0.43-1 (embed)
234 NOTE: this only affects versions >= 0.37
235 - glib2.0 2.15.2-1 (embed)
236 - apache2 2.0.53-4 (embed)
237 - exim4 4.10-0.srh20.12 (embed)
238 - yacas <unfixed> (embed)
239 NOTE: <= 1.0.x; is using pcre to scan text, can execute shell commands via the syntax anyway
240 - gtamsanalyzer.app 0.42-5 (embed)
241 - tin 980117-1 (embed)
242 - kazehakase 0.5.2-1
243 - webkit 1.0.1-1 (embed)
244 - qt4-x11 <unfixed> (embed)
245 NOTE: embedded via webkit copy
246 - erlang <unfixed> (embed)
247 - ssed <unfixed> (embed)
248
249 tiff
250 - wxwindows2.4 2.2.1 (embed)
251 - gamera 3.2.3-1 (embed)
252
253 uudeview
254 - libconvert-uulib-perl <unfixed> (embed)
255 - pan <unfixed> (embed)
256
257 sqlite (not affected by security vulnerabilities so far)
258 - amarok <unfixed> (embed)
259 - monotone 0.43-1 (embed)
260 - iceweasel <unfixed> (embed)
261 - heimdal <unfixed> (embed; bug #559616)
262
263 util-linux/mount
264 - loop-aes-utils <unfixed> (embed)
265 NOTE: contains code from util-linux' mount in the mount-aes-udeb
266
267 sylpheed
268 - sylpheed-claws <unfixed> (fork)
269
270 phpsysinfo
271 - egroupware <unfixed> (embed)
272 - phpgroupware <unfixed> (embed)
273
274 phpldapadmin
275 [sarge] - egroupware <unfixed> (embed)
276 NOTE: removed from egroupware after sarge
277
278 chmlib
279 - kchmviewer <unknown> (embed)
280
281 ffmpeg (libavcodec/libavformat)
282 - mplayer 1.0~rc2-14 (embed; bug #395252)
283 - kino 1.0.0-1
284 - vlc <not-affected> (Links dynamically since initial release)
285 - smilutils 0.3.0-10
286 NOTE: smilutils likely fixed earlier, marking Etch's version as fixed
287 - motion 3.1.19-1
288 - gstreamer0.10-ffmpeg 0.10.3-2
289 - xmovie <removed> (static)
290 TODO: gimp-gap (potentially using ffmpeg code as well)
291 - avifile 1:0.7.48~20090503.ds-1 (embed; bug #538750)
292 - audacity 1.3.7-2 (embed; bug #512278)
293
294 faad2
295 - mplayer 1.0~rc2-20 (embed)
296 - avifile <unfixed> (embed; bug #538750)
297 - ffmpeg-debian <removed> (embed)
298
299 libmad (MPEG decoding lib)
300 - xine-lib <unfixed> (embed)
301 - avifile 1:0.7.48~20090503.ds-1 (embed) [./plugins/libmad/*]
302 TODO: check ocaml-mad, madplay, pymad, xmms-mad, xmms2
303
304 libdts
305 - xine-lib <unfixed> (embed)
306
307 flac
308 - xine-lib <unfixed> (embed)
309
310 liba52
311 - a52dec <unfixed> (embed)
312 - xine-lib <unfixed> (embed)
313
314 libmpeg2
315 - mpeg2dec <unfixed> (embed)
316 - xine-lib <unfixed> (embed)
317
318 libntlm
319 - wget <unfixed> (fork; bug #550436)
320 - curl <unfixed> (fork; bug #550437)
321 - cntlm <unfixed> (fork; bug #550438)
322
323 uw-imap
324 - pine <unfixed> (embed)
325 - alpine <unfixed> (embed)
326
327 imagemagick
328 - graphicsmagick <unfixed> (fork)
329
330 python-urlgrabber
331 - mercurial <unfixed> (embed; bug #531062)
332 - w3af <unfixed> (embed; bug #555372)
333 [experimental] - harvestman <unfixed> (embed; bug #555373)
334
335 beautifulsoup
336 - python-mechanize <unfixed> (embed; bug #555349)
337 - zope2.11 <removed> (embed; bug #555350)
338 - twill <unknown> (embed)
339
340 halibut
341 - nsis <unfixed> (fork)
342
343 libghttp
344 - hotway <unfixed> (embed)
345
346 libsndfile
347 - ardour 1:2.7.1-1 (embed)
348
349 glibmm2.4
350 - ardour 1:2.7.1-1 (embed)
351
352 libgnomecanvasmm2.6
353 - ardour 1:2.7.1-1 (embed)
354
355 libsigc++-2.0
356 - ardour 1:2.7.1-1 (embed)
357
358 soundtouch
359 - ardour 1:2.7.1-1 (embed)
360
361 libmms
362 - xine-lib <unfixed> (embed)
363 - mimms <unfixed> (embed)
364
365 fckeditor
366 - knowledgeroot 0.9.8.5-3 (embed; bug #461555)
367 - moin 1.8.2-2 (embed; bug #452599)
368 - karrigell <removed> (embed; bug #452598)
369 - gforge 4.6.99+svn6225-1 (embed)
370 - request-tracker3.8 <unfixed> (embed)
371 - otrs2 <unfixed> (embed)
372
373 ipatlas (not packaged in Debian)
374 - moodle <unfixed> (embed; bug #507185)
375
376 libphp-phpmailer
377 - moodle <unfixed> (embed; bug #507185)
378 - mahara <unfixed> (embed)
379 - symfony <unfixed> (embed; bug #566778)
380 [etch] - phpgroupware <unfixed> (embed)
381 NOTE: phpgroupware-felamimail is only in etch
382 - egroupware <unfixed> (embed; bug #504283)
383 - glpi <unfixed>
384
385 htmlArea (not packaged in Debian)
386 - moodle <unfixed> (embed)
387
388 giflib
389 - wine <unfixed> (embed; bug #466181)
390
391 bennu (not packaged in Debian, http://bennu.sourceforge.net)
392 - moodle <unfixed> (embed)
393
394 smarty
395 - moodle 1.8.2-2 (embed; bug #471158)
396 - gallery2 2.2.5-2 (embed; bug #471160)
397 - mahara 0.9.2-2 (embed; bug #471201)
398 - gosa 2.4beta1-1 (embed; bug #471200)
399
400 TinyMCE
401 - wordpress 2.5.1-3 (embed; bug #478257)
402 - moodle <unfixed> (embed; bug #507185)
403 - knowledgeroot <unfixed> (embed)
404 - joomla <itp> (bug #326398)
405
406 scintilla (upstream provides static lib, rejected shared lib http://sf.net/support/tracker.php?aid=2488121)
407 - scite <unfixed> (embed)
408 - qscintilla <unfixed> (embed)
409 - qscintilla2 <unfixed> (embed)
410 - geany <unfixed> (fork)
411 - anjuta <unfixed> (embed)
412
413 libphp-adodb
414 - moodle <unfixed> (embed; bug #507185)
415 NOTE: also AdoDB-XML Schema
416 - gallery2 <unfixed> (embed)
417 - phppgadmin <unfixed> (embed)
418 - egroupware <unfixed> (embed)
419 - phpwiki <unfixed> (embed)
420 - torrentflux 2.0beta1-2 (embed)
421 - ipplan <unfixed> (embed)
422 - typo3-src <unfixed> (embed)
423 - cacti <unknown> (embed)
424 [sarge] - cacti <unfixed> (embed)
425 NOTE: dependency exists, but internal version is used
426 - gforge 4.7~rc2-6 (embed)
427 - mahara <unfixed> (embed)
428
429 gzip
430 - linux-2.6 <unfixed> (embed) [lib/inflate.c]
431 - klibc <unfixed> (embed)
432 NOTE: based on linux-kernel gzip code
433 - busybox <unfixed> (embed)
434 - pristine-tar <unfixed> (modified-embed)
435 NOTE: compression code only, not uncompression
436
437 neon
438 - cadaver 0.22.3+debian-1 (embed; bug #188381)
439 - gnome-vfs2 <unfixed> (embed; bug #395874)
440 [etch] - litmus <unfixed> (embed; #395875)
441 - litmus <removed> (embed; #395875)
442 [sarge] - screem <unfixed> (embed)
443 - sitecopy 1:0.16.0-1 (embed; bug #395876)
444 [etch] - tla <unfixed> (embed; bug #395877)
445 [sarge] - tla <unfixed> (embed; bug #395877)
446
447 libmodplug
448 - gst-plugins-bad0.10 0.10.10.2-1 (embed)
449
450 libvncserver
451 - vino <unfixed> (embed)
452
453 putty
454 - filezilla <unfixed> (embed)
455
456 tinyxml (not packaged in Debian; itp bug #531968)
457 - filezilla <unfixed>
458 - crystalspace <unfixed> (embed)
459 - libwfut <unfixed> (embed)
460 - rarian <unfixed> (embed)
461 - bulletml <unfixed> (embed)
462 - pokerth <unfixed> (embed)
463 - qutecom <unfixed> (embed)
464 - sofa-framework <unfixed> (embed)
465 - yate <unfixed> (embed)
466 - antigrav <unfixed> (embed)
467 - balder2d <unfixed> (embed)
468 - cal3d <unfixed> (embed)
469 - criticalmass <unfixed> (embed)
470 - ember <unfixed> (embed)
471 - epiphany <unfixed> (embed)
472 - gambit <unfixed> (embed)
473 - noiz2sa <unfixed> (embed)
474 - ogre <unfixed> (embed)
475 - opencity <unfixed> (embed)
476 - openmovieeditor <unfixed> (embed)
477 - pouetchess <unfixed> (embed)
478 - tecnoballz <unfixed> (embed)
479 - trigger-rally <unfixed> (embed)
480 - xmoto <unfixed> (embed)
481 - mapnik <unknown> (embed)
482 NOTE: uses a different XML parser by default
483 - rrootage 0.23a-6 <embed>
484 NOTE: links to libbulltetml
485 - boson <unknown> (embed)
486 NOTE: the embedded code is unused
487
488 gv
489 - evince <unfixed> (embed)
490 NOTE: ps/ tree from gv 3.5.8
491 NOTE: evince-gtk is affected (a component of evince source package)
492
493 libXbae
494 - paw <removed> (embed)
495 [etch] - paw <unfixed> (embed)
496
497 libgtkhtml
498 - claws-mail-extra-plugins <unfixed> (fork)
499
500 libXaw
501 - paw <removed> (embed)
502 [etch] - paw <unfixed> (embed)
503 NOTE: I plan to deal with the above two cases after Etch release. -- KevinMcCarty
504
505 libgd2
506 - graphviz <unfixed> (embed)
507 NOTE: lib/gd seems to be 2.0.33
508 - wml <unfixed> (embed)
509 - libwmf <unfixed> (embed)
510 NOTE: derived from gd 1.6.3
511
512 rar
513 - unrar-nonfree <unfixed> (embed)
514
515 unrar-free (maybe this code is derived from the original rar, too?)
516 - clamav <unfixed> (embed)
517 NOTE: seems to be disabled in default config
518
519 mplayer (DirectMedia Object loader)
520 - xine-lib <unfixed> (embed)
521 NOTE: src/libw32dll/
522 - vlc <unfixed> (embed)
523 NOTE: modules/codec/dmo/
524 - mplayer 1.0~rc2-20 (embed)
525
526 libwpd (WordPerfect converter)
527 - openoffice.org <unfixed> (embed)
528
529 fsplib (http://sourceforge.net/projects/fsp/)
530 - gftp <unfixed> (embed)
531 NOTE: lib/fsplib version 0.3
532
533 sprng
534 - tree-puzzle <unfixed> (embed)
535
536 librpcsecgss
537 - krb5 <unfixed> (embed)
538
539 jasper
540 - ghostscript 8.64~dfsg-2 (embed)
541
542 libiris
543 - psi <unfixed> (embed)
544 - kdenetwork <unfixed> (embed)
545 NOTE: kopete embeds libiris but links dynamically to libidn
546 - kdegames <unfixed> (embed)
547 NOTE: ksirk/kde4
548
549 libidn
550 - monotone 0.43-1 (embed)
551 - psi <unfixed> (embed)
552 NOTE: psi embeds libiris which embeds libidn
553 - kdegames <unfixed> (embed)
554 NOTE: kdegames/kde4 embeds libiris which embeds libidn
555
556 lua5.1
557 - monotone 0.43-1 (embed)
558 - nmap 5.00-1 (embed; bug #527997)
559 [lenny] - nmap <unfixed> (embed; bug #527997)
560 - ocropus <unfixed> (embed)
561 - enigma <unfixed> (embed)
562 NOTE: requires lua built with C++
563 - freeciv <unfixed> (embed)
564 - spring <unfixed> (embed)
565
566 libbotan
567 - monotone 0.43-1 (embed)
568
569 NetXX
570 - monotone 0.43-1 (embed)
571
572 libgc
573 - mono <unfixed> (embed)
574
575 lzma
576 - p7zip <unfixed> (embed)
577 - xz-utils <unfixed> (fork)
578
579 lzo
580 - grub2 <unfixed> (embed)
581
582 yassl
583 - mysql-dfsg-5.0 <unfixed> (embed)
584 - mysql-dfsg-5.1 <unfixed> (embed)
585
586 pax code
587 - tar <unfixed> (embed)
588 - cpio <unfixed> (embed)
589
590 t1lib
591 - tetex-bin 2.0.2-1 (embed)
592 - texlive-bin <unknown> (embed)
593
594 guichan
595 - boswars <unfixed> (embed)
596 NOTE: maintainer notified us, working on it
597
598 tolua
599 - boswars <unfixed> (embed)
600 NOTE: maintainer notified us, working on it
601 NOTE: actually tolua++
602 - ocropus <unfixed> (embed)
603 NOTE: actually tolua++
604 - freeciv <unfixed> (embed)
605 NOTE: actually tolua++
606 - enigma <unfixed> (embed)
607
608 asio-dev
609 - luxrender <removed> (embed)
610
611 xine-lib
612 - vlc <unfixed> (embed)
613 NOTE: only parts included in modules/access/rtsp
614
615 netpbm
616 - tcl8.3 <unfixed> (embed)
617 - tcl8.4 <unfixed> (embed)
618 - tcl8.5 <unfixed> (embed)
619 NOTE: generic/tkImgGIF.c
620
621 tk8.5
622 - tk8.0 <removed> (old-version)
623 - tk8.3 <unfixed> (old-version)
624 - tk8.4 <unfixed> (old-version)
625 - perl-tk <unfixable> (fork)
626
627 samba
628 - mc 2:4.6.2~git20080311-1 (embed)
629 NOTE: maintainer is aware of this, currently searching a solution
630
631 plib1.8.4c2
632 - boson <unfixed> (fork)
633 NOTE: embedding the font pieces of plib, based on the header file it is forked, contains "Added by AB for boson." and similar
634
635 fribidi
636 - quesoglc <unfixed> (embed)
637 NOTE: compiled against system fribidi in Debian - embed only used when fribidi is not available on the system
638
639 glew
640 - quesoglc <unfixed> (embed; bug #489341)
641 NOTE: waiting on GLEW_MX version of glew (see bug #474488)
642 - trigger <unfixed> (embed)
643 NOTE: http://lists.debian.org/debian-devel-games/2009/12/msg00007.html
644 - trigger-rally <unfixed> (embed)
645 NOTE: http://lists.debian.org/debian-devel-games/2009/12/msg00007.html
646
647 minorGems (pabs contacted upstream about shared lib, he considers minorGems an 'ever-evolving collection of reusable code fragments' for his own use)
648 - transcend <unfixed> (embed)
649 - cultivation <unfixed> (embed)
650 - passage <unfixed> (embed)
651 - gravitation <unfixed> (embed)
652
653 tar
654 - libarchive <unfixed> (embed)
655 NOTE: FreeBSD tar (tar/bsdtar.c) in libarchive 1.2 and higher. libarchive ends up statically linked into bsdtar executable
656
657 cpio
658 - libarchive <unfixed> (embed)
659 NOTE: cpio included in libarchive 2.2 and higher, but not compiled until libarchive 2.4.11-1 (as bsdcpio package)
660
661 kde4libs
662 - kdelibs <unfixable> (old-version)
663
664 webkit
665 - qt4-x11 <unfixed> (embed; bug #479851)
666 [etch] - qt4-x11 <not-affected> (webkit support introduced in version 4.4)
667 - kde4libs <unfixable> (fork)
668 NOTE: kde4lib's khtml and webkit were forked from khtml (this tracking, which seems
669 NOTE: reversed genesis-wise, is used because of so much other stuff in kde4libs)
670
671 ftgl
672 - blender 2.46+dfsg-1 (embed)
673
674 wv
675 - abiword <unfixed>
676
677 qemu
678 - kvm <unfixed> (embed; bug #543159)
679 NOTE: the kvm package will be removed from sid and squeeze soon (after
680 NOTE: which it will only be in experimental). superceded by qemu-kvm.
681 - qemu-kvm <unfixed> (embed; bug #560853)
682 - xen-3 3.4.2-2 (embed; bug #560856)
683 - xen-unstable <unfixed> (embed; bug #560856)
684
685 vgabios
686 - kvm <unfixed> (embed; bug #489442)
687
688 bochs
689 - kvm <unfixed> (embed; bug #489442)
690
691 speex
692 - vorbis-tools <unfixed> (embed)
693 NOTE: while comiled against libspeex-dev, ogg123/speex_format.c is compiled with embedded code copied from speexdec.c
694 - gst-plugins-good0.10 <unfixed> (embed)
695 - xine-lib <unfixed> (embed)
696 - libfishsound <unfixed> (embed)
697 - libannodex <removed> (embed)
698 - vlc <unfixed> (embed)
699 - xmms-speex <unfixed> (embed)
700 - libsdl-sound1.2 <unfixed> (embed)
701 - sweep <unfixed> (embed)
702
703 libreadline
704 - magic <itp> (old-version)
705
706 opcode
707 - ode <unfixed> (embed)
708 NOTE: opcode is not a package in debian, it is just embedded
709 NOTE: http://www.codercorner.com/Opcode.htm
710
711 gimpact
712 - ode <unfixed> (embed)
713 NOTE: gimpact is not a package in debian, it is just embedded
714 NOTE: http://gimpact.sf.net
715
716 mochikit
717 - mahara <unfixed> (embed)
718 NOTE: they require extra patches, still unmerged upstream
719 - ntop <unfixed> (embed)
720 - coherence 0.6.2-1 (embed)
721 - paste <unfixed> (embed)
722 - turbogears <unfixed> (embed)
723 - plone3 <removed> (embed)
724 - xulrunner <unfixed> (embed)
725 - libjifty-plugin-chart-perl <unfixed> (embed)
726 - sabnzbdplus <unfixed> (embed)
727 - tgmochikit <unfixed> (embed)
728
729 prototypejs
730 - netbeans-ide 6.0.1+dfsg-2 (embed)
731 - auth2db 0.2.5-2+dfsg-1 (embed; bug #555218)
732 - webcit <unfixed> (embed; bug #555219)
733 - asterisk 1:1.6.2.0~rc3-1 (embed)
734 - libjson-ruby 1.1.4-1 (embed; bug #555224)
735 - lucene2 2.9.1+ds1-2 (embed; bug #555226)
736 - horde3 <unfixed> (embed)
737 - knowledgeroot 0.9.9.5-1 (embed; bug #555230)
738 - mediatomb 0.12.0~svn2018-5 (embed; bug #555233)
739 - mt-daapd 0.9~r1696.dfsg-6lenny2 (embed)
740 - ebug-http <removed> (embed; bug #555236)
741 - libaws 2.7-1 (embed; bug #555222)
742 - phpgedview <removed> (embed)
743 - poker-network 1.7.6-1 (embed; bug #555238)
744 - rails 2.1.0-6 (embed)
745 - wordpress 2.5.0-2 (embed; bug #555243)
746 - zope <not-affected> (the prototypejs embed is not in any of the obvious zope packages, e.g. zope2.9, zope2.10, zope2.11, and zope3)
747 TODO: search through all of the other zope packages
748 - ampache 3.4.1-2 (embed)
749 - exaile 0.2.14+debian-2.1 (embed; bug #555245)
750 - hobix 0.5~svn20070319-4 (embed; bug #555247)
751 - zabbix 1.6.6-4 (embed; bug #555250)
752 - chora2 <unfixed> (embed; bug #555253)
753 - gollem <unfixed> (embed; bug # 555254)
754 - jscropperui 1.2.1-1 (embed; bug #555257)
755 - scriptaculous <not-affected> (uses system prototype.js since initial upload; bug #555260)
756 - ingo1 1.2.3+debian0-1 (embed; bug #555261)
757 - kronolith2 2.3.3+debian0-1 (embed; bug #555262)
758 - activeldap <unfixed> (embed)
759 - libv8 <not-affected> (contains a google-specific implementation of prototype.js)
760 - mantis 1.1.2+dfsg-1 (embed; bug #555265)
761 - otrs2 2.3.4-6 (embed; bug #555267)
762 - webcalendar 1.2~b1-2 (embed; bug #555269)
763 - redmine 0.9.0~svn2907-1 (embed; bug #555270)
764 - jifty 0.90519-1 (embed; bug #555271)
765 - jquery 1.4-1 (embed; bug #555272)
766 - passenger 2.2.5debian1-1 (embed; bug #555273)
767 - plone3 <removed> (embed; bug #555275)
768 - wesnoth <not-affected> (prototype.js not included in any of the binary packages; bug #555277)
769 - libhtml-prototype-perl 1.48-3 (embed; bug #538920)
770 - xulrunner <unfixed> (embed)
771 NOTE: included in iceweasel/xulrunner unit tests directory, so may not be security-relevant
772
773 gdb
774 - insight <unfixed> (embed)
775
776 e2fsprogs
777 - ldiskfsprogs <unfixable> (fork)
778
779 quazip (not packaged in Debian)
780 - qcake <unfixed> (embed)
781 NOTE: starting with upstream version 0.6.4
782
783 exo
784 - pcmanfm <unfixed> (embed; bug #499677)
785 NOTE: slightly modified source code
786
787 java
788 - openjdk-6 <unfixed>
789 - sun-java5 <unfixed>
790 - sun-java6 <unfixed>
791
792 libphp-snoopy
793 - ampache 3.4.1-2 (embed; bug #504169)
794 - gforge 4.6.99+svn6094-2 (embed)
795 - mahara 1.0.5-2 (embed; bug #504170)
796 - pixelpost 1.7.1-5 (embed; bug #504171)
797 - mediamate 0.9.3.6-5 (embed; bug #504172)
798 - opendb <removed> (embed; bug #504173)
799 [etch] - opendb <unfixed> (embed; bug #504173)
800 - wordpress 2.5.1-9 (embed; bug #443948)
801 - moodle <unfixed> (embed; bug #507185)
802 [etch] - phpgroupware <unfixed> (embed)
803 NOTE: phpgroupware-felamimail
804 - magpierss 0.72-3 (embed; bug #431089)
805
806 jquery
807 - zekr <unfixed> (embed)
808 - wordpress <unknown> (embed)
809 - yocto-reader <unfixed> (embed)
810 - textpattern <unfixed> (embed)
811 - genshi 0.5.1-1 (embed)
812 NOTE: compressed file under examples/ dir
813 - prewikka <unfixed> (embed)
814 - libramaze-ruby <unfixed> (embed)
815 - drupal5 <unfixed> (embed)
816 - b2evolution <unfixed> (embed)
817 - wesnoth <unfixed> (embed)
818
819 tablesorter (jquery plugin, not packaged yet)
820 - wesnoth <unfixed> (embed)
821
822 kses
823 - wordpress <unfixed> (embed; bug #504242)
824 NOTE: their copy has all methods renamed to wp_<foo>
825 NOTE: kses isn't in Debian, RFP: #504240
826 - moodle <unfixed> (embed; bug #507185)
827 - egroupware <unfixed> (embed)
828
829 magpierss
830 - wordpress <unfixed> (embed; bug #504242)
831 - moodle <unfixed>
832
833 php-gettext
834 - wordpress 2.8.4-1 (embed; bug #504242)
835 - docbookwiki <unfixed> (embed)
836 - knowledgeroot 0.9.9.5-1
837 NOTE: non-free
838
839 libphp-ixr (name may change, it is the Incutio XML-RPC)
840 - wordpress <unfixed> (embed; bug #504242)
841 NOTE: libphp-ixr isn't in Debian, RFP: #504236
842 - dokuwiki <unfixed> (embed)
843 - textpattern <unfixed> (embed)
844
845 libphp-cas
846 - glpi <unfixed> (embed)
847 - moodle <unfixed> (embed; bug #505984)
848
849 scriptaculous (prototype.js is among the embeds in the following)
850 - glpi <unfixed> (embed)
851 - libaws <unfixed> (embed; bug #555222)
852 - op-panel <unfixed> (embed)
853 - symfony <unfixed> (embed)
854 NOTE: maintainer says there are extra incompatible changes required
855 - pixelpost 1.7.1-6 (embed)
856 - webhelpers <unfixed> (embed)
857 - qwik <removed> (embed; bug #555241)
858 - smokeping <unfixed> (embed)
859 - turba2 <unfixed> (embed)
860 - typo3-src 4.2.3-1 (embed)
861 - request-tracker3.6 <unfixed> (embed)
862 - request-tracker3.8 <unfixed> (embed)
863 - rt-extension-emailcompletion <not-affected> (prototype.js not included in the binary package)
864 - wordpress 2.5.0-2 (embed)
865 - libhtml-prototype-perl 1.48-3 (embed)
866
867 libmarkdown-php
868 - moodle <unfixed> (embed; bug #507185)
869 - pixelpost 1.7.1-6 (embed)
870
871 php-openid
872 - wordpress-openid <itp> (embed)
873
874 geshi
875 - dokuwiki 0.0.20080505-3.1 (embed)
876 - pgfouine 1.0-1.1 (embed)
877 - websvn 2.1.0-1 (embed)
878
879 webcalendar
880 - gforge 4.7~rc2-6 (embed; bug #504758)
881
882 libical
883 - kdepim <unknown> (fork)
884 NOTE: fixed at some point during 4.0
885 - kdepimlibs 4.2.0-1 (fork)
886 - claws-mail-extra-plugins <unfixed> (fork)
887
888 harfbuzz
889 - qt4-x11 <unfixed> (embed)
890 - pango1.0 <unfixed> (embed)
891 - fontmatrix <unfixed> (embed)
892
893 libzip
894 - php5 <unfixable> (modified-embed)
895 - odt2txt <unfixed> (embed; bug #523808)
896
897 json.php (not packaged; should be replaced with php's built-in functions)
898 - moodle <unfixed>
899 - yui <unfixed>
900 - gallery2 <unfixed>
901 - dokuwiki <unfixed>
902 - typo3-src <unfixed>
903
904 php-fpdf
905 - tcpdf <itp> (fork)
906 - moodle <unfixed>
907 - phpwiki <unfixed>
908 - egroupware <unfixed>
909 - ldap-account-manager <unfixed> (fork)
910
911 tcpdf (itp: #495985)
912 - moodle <unfixed>
913 - phpmyadmin <unfixed>
914
915 typo3
916 - moodle <unfixed>
917
918 spreadsheet_writeexcel (PHP port of libspreadsheet-writeexcel-perl; itp: #487557)
919 - moodle <unfixed>
920 - gosa <unfixed>
921
922 php-ole (itp: #487558)
923 - moodle <unfixed>
924
925 pieforms (http://www.catalyst.net.nz)
926 - mahara <unfixed>
927
928 savant2 (http://phpsavant.com)
929 - egroupware <unfixed>
930
931 rssparser (http://nwow.org)
932 - egroupware <unfixed>
933 - phpgroupware <unfixed>
934
935 lcms
936 - openjdk-6 <unfixed> (fork)
937 - gimp 2.4.0~rc2-2
938
939 libphp-phplayersmenu
940 - diogenes <unfixed>
941 - phpldapadmin <unfixed>
942
943 libphp-pclzip
944 - docvert <unfixed>
945 - moodle <unfixed>
946 - egroupware <unfixed>
947
948 libphp-simplepie
949 - dokuwiki <unfixed>
950 - wordpress <unfixed>
951
952 libphp-jpgraph
953 - egroupware <unfixed>
954
955 php-simpletest
956 - moodle <unfixed>
957
958 libpng
959 - iceweasel <not-affected> (uses xulrunner)
960 - icedove 1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1, 2.0.0.19-1 (embed)
961 - iceape 1.0.13~pre080614i-0etch1 (embed)
962 - xulrunner 1.9.0.13-1 (embed)
963 [lenny] - xulrunner 1.9.0.11-0lenny1
964 [etch] - xulrunner 1.8.0.15~pre080614i-0etch1 (embed)
965 - gamera 3.2.3-1 (embed)
966
967 irssi
968 - silc-client <unfixed> (embed)
969 NOTE: Seems to be a pre-0.8.12 version that is used in irssi-plugin-silc
970
971 extc
972 - mtasc <unfixed> (embed)
973 - haxe <unfixed> (embed)
974
975 swflib
976 - mtasc <unfixed> (embed)
977 - haxe <unfixed> (embed)
978
979 libitext-java
980 - bouncycastle 2.1.4-1 (embed)
981
982 python-ply
983 - pyke <unfixed> (embed; bug #555363)
984 - pywbem 0.7.0-4 (embed; bug #555364)
985 - sepolgen <unfixed> (embed; bug #555365)
986 - zope-textindexng3 <unknown> (embed)
987 - iceweasel <not-affected> (uses xulrunner)
988 - xulrunner <unknown> (embed)
989 - wireshark <not-affected> (python-ply modules are not installed into binary packages; see #554613)
990
991 libdumbnet (libdnet upstream)
992 - nmap <unfixed> (fork)
993
994 gcc-4.4
995 - gcc-mingw32 <unfixed> (embed)
996
997 camlimages
998 - advi <unfixed> (static; bug #550441)
999
1000 memcached
1001 - memcachedb <unfixed> (embed)
1002
1003 yajl
1004 - argyll <unfixed> (embed; bug #544223)
1005 NOTE: reference, confirmed by build logs: http://lists.debian.org/debian-mentors/2009/08/msg00062.html
1006
1007 nusoap
1008 - gforge 4.8.2-1 (embed)
1009 - ampache <unfixed> (embed)
1010 - poker-network <unfixed> (embed)
1011 - moodle <unfixed> (embed)
1012 NOTE: code is not used when running under php5 and soap is enabled
1013 - phpwiki <unfixed> (embed)
1014 - gallery2 <unfixed> (embed)
1015 - typo3-src <unfixed> (embed)
1016
1017 libept
1018 - adept <unfixed> (embed; bug #540649)
1019
1020 libvorbis
1021 - iceweasel <not-affected> (uses xulrunner)
1022 - xulrunner <unfixed> (embed; bug #540959)
1023 [etch] - xulrunner <not-affected> (introduced in firefox 3.5)
1024 [lenny] - xulrunner <not-affected> (introduced in firefox 3.5)
1025 - iceape <unfixed> (embed)
1026 [etch] - iceape <not-affected> (introduced in 2.0)
1027 [lenny] - iceape <not-affected> (introduced in 2.0)
1028
1029 cairo
1030 - iceweasel <not-affected> (uses xulrunner)
1031 - xulrunner 1.8.0.15~pre080614i-0etch1 (embed)
1032
1033 liboggz
1034 - iceweasel <not-affected> (uses xulrunner)
1035 - xulrunner <unfixed> (embed; bug #540959)
1036 [etch] - xulrunner <not-affected> (introduced in firefox 3.5)
1037 [lenny] - xulrunner <not-affected> (introduced in firefox 3.5)
1038 - iceape <unfixed> (embed)
1039 [etch] - iceape <not-affected> (introduced in 2.0)
1040 [lenny] - iceape <not-affected> (introduced in 2.0)
1041
1042 liboggplay
1043 - iceweasel <not-affected> (uses xulrunner)
1044 - xulrunner <unfixed> (embed; bug #540959)
1045 [etch] - xulrunner <not-affected> (introduced in firefox 3.5)
1046 [lenny] - xulrunner <not-affected> (introduced in firefox 3.5)
1047 - iceape <unfixed> (embed)
1048 [etch] - iceape <not-affected> (introduced in 2.0)
1049 [lenny] - iceape <not-affected> (introduced in 2.0)
1050
1051 php-net-dnsbl
1052 - serendipity <unfixed> (embed; bug #541740)
1053
1054 php-onyx-rss
1055 - serendipity <unfixed> (embed; bug #541740)
1056
1057 php-text-wiki
1058 - serendipity <unfixed> (embed; bug #541740)
1059
1060 php-xml-rpc
1061 - serendipity <unfixed> (embed; bug #541740)
1062
1063 polarssl (does not have a shared library)
1064 - pdkim <itp> (embed; bug #543150)
1065 - xyssl <unfixed> (old-version)
1066
1067 pidgin (libpurple)
1068 - gaim <removed> (old-version)
1069 - qutecom 2.2~rc3.hg396~dfsg1-6 (embed; bug #559785)
1070
1071 icu
1072 - webkit 1.0.1-1 (embed; bug #547214)
1073 - texlive-bin <unfixed> (fork)
1074 NOTE: texlive upstream working with icu upstream to merge their changes
1075
1076 cyrus-imapd-2.2
1077 - kolab-cyrus-imapd <unfixed> (fork)
1078 - dovecot 1:1.2.1-1 (embed) [/dovecot-sieve/src/libsieve/*]
1079
1080 python-cxx-dev
1081 - freecad 0.9.2646.3-1 (embed; bug #547936)
1082
1083 zipios++
1084 - freecad 0.9.2646.3-1 (embed; bug #547941)
1085 - enigma 0.92.3-3 (embed)
1086 NOTE: likely fixed earlier, marking etch's version as fixed
1087
1088 linux-2.6
1089 - kvm <removed> (embed; bug #549973) [./kernel/*]
1090 - linux-kbuild-2.6 <unfixed> (embed; bug #550379) [./kbuild/*]
1091 - kernel-source-2.6.8 <removed> (old-version)
1092 - kernel-source-2.4.27 <removed> (old-version)
1093 - kernel-source-2.4.24 <removed> (old-version)
1094 - kernel-source-2.2.25 <removed> (old-version)
1095 - kernel-source-2.2.20 <removed> (old-version)
1096
1097 libfdt (not yet packaged separately for debian; http://www.jdl.com/software/)
1098 - kvm <removed> (embed) [./libfdt/*]
1099 - qemu-kvm <unfixed> (embed) [./libfdt/*]
1100
1101 qweb (not packaged)
1102 - ajaxterm <unfixed>
1103
1104 opensaml2
1105 - opensaml <removed> (old-version)
1106
1107 shibboleth-sp2
1108 - shibboleth-sp <removed> (old-version)
1109
1110 tuxonice-userui
1111 - suspend2-userui <removed> (old-version)
1112
1113 expat
1114 - w3c-libwww <removed> (embed; bug #551941)
1115 [etch] - w3c-libwww <unfixed> (embed; bug #551941) [./modules/expat/*]
1116 - python-xml <unfixed> (embed; bug #551940) [./extensions/expat/*]
1117 - python2.5 <unfixable> (embed; bug #553403) [./Modules/expat/*]
1118 - python2.4 <unfixable> (embed; bug #553403)
1119 - python-4suite <unfixed> (embed; bug #516935)
1120 - wxwindows2.4 <removed> (embed)
1121 - wxwidgets2.6 2.6.3.2.2-4 (embed)
1122 - wxwidgets2.8 2.8.10.1-2 (embed)
1123 - celementtree 1.0.5-8 (embed)
1124 NOTE: Maybe that was fixed even earlier
1125 - audacity 1.3.2-1 (embed)
1126 - matanza <unfixed> (embed)
1127 - tdom 0.8.3~20080525-1 (embed)
1128 - udunits 2.1.8-4 (embed)
1129 - apr-util 1.2 (embed)
1130 - ayttm <unfxed> (embed; bug #561006)
1131 - cableswig <unfixed> (embed)
1132 - cadaver <unfixed> (embed)
1133 - cmake 2.6.0-6 (embed)
1134 - coin3 <unfixed> (embed)
1135 - gdcm 2.0.14-2 (embed)
1136 - ghostscript 8.71~dfsg-2 (embed)
1137 - grmonitor <removed> (embed)
1138 - iceape <unfixed> (embed)
1139 - insighttoolkit 3.16.0-1 (embed)
1140 NOTE: insighttoolkit might've been fixed earlier
1141 - libparagui1.1 1.0.2-1 (embed)
1142 - paraview 3.6.2-1 (embed)
1143 - poco 1.3.6p1-1 (embed)
1144 - simgear <unfixed> (embed)
1145 - sitecopy 1:0.16.0-1
1146 - smart <unfixed> (embed)
1147 NOTE: smart embeds celementree, and it includes expat
1148 - swish-e <not-affected> (Linked against libxml, which is used instead)
1149 - tla 1.3.5+dfsg-15 (embed)
1150 - vtk 4.1.20030227-1 (embed)
1151 - wbxml2 <not-affected> (expat code is only used on Mac OS X, see #560941)
1152 - xmlrpc-c <unfixed> (embed)
1153 - iceweasel <unfixed> (embed)
1154 - kompozer <unfixed> (embed)
1155 - vxl 1.13.0-2 (embed)
1156 - xulrunner <unfixed> (embed)
1157 - apache2 2.2 (embed)
1158 - texlive-bin <not-affected> (Embedded code not compiled in)
1159 - vnc4 <unfixed> (embed)
1160 - xotcl <unfixed> (embed)
1161
1162 xerces-c
1163 - xerces-c2 <unfixed> (old-version)
1164 - xerces27 <removed> (old-version)
1165
1166 md5 (RSA's version; not the gnu version provided by coreutils)
1167 - w3c-libwww <removed> (embed; bug #551942)
1168 [etch] - w3c-libwww <unfixed> (embed; bug #551942) [./modules/md5/*]
1169
1170 libparagui1.1
1171 - asc <unfixable> (fork)
1172
1173 enet
1174 - sauerbraten <unfixed> (embed; #497194)
1175
1176 eglibc
1177 - glibc <removed> (old-version)
1178
1179 galib
1180 - gamera 3.2.3-1 (embed)
1181
1182 configobj
1183 - bzr 2.1.0~rc2-1 (embed; bug #555336)
1184 - elisa <unfixed> (embed; bug #555337)
1185 - gaupol <unfixed> (embed; bug #555338)
1186 - ipython <unfixed> (embed; bug #555339)
1187 - pida <unfixed> (embed; bug #555340)
1188 - psychopy <unfixed> (embed; bug #555341)
1189 - rest2web <unfixed> (embed; bug #555342)
1190 - auth2db <unknown> (embed)
1191 - dynagen <unknown> (embed)
1192 - iceweasel <unknown> (embed)
1193 - sabnzbdplus <unknown> (embed)
1194 - xulrunner <unknown> (embed)
1195 - nipy <not-affected> (part of an example [/examples/neurospin/neurospy/configobj.py], which is not installed into binary packages)
1196
1197 python-clientform
1198 - bibus <unfixed> (embed; bug #555332)
1199 - zope2.10 <unfixed> (embed; bug #555333)
1200 - zope2.11 <removed> (embed; bug #555334)
1201 - python-mechanize <unknown> (embed)
1202 - twill <unknown> (embed)
1203
1204 python-mechanize
1205 - zope2.10 <unfixed> (embed; bug #555337)
1206 - zope2.11 <removed> (embed; bug #555338)
1207 - twill <unknown> (embed; bug #555339)
1208
1209 pexpect
1210 - duplicity 0.6.06-1 (embed; bug #555361)
1211 - hplip <unfixed> (embed; bug #555362)
1212 - smart <unfixed> (embed; bug #555363)
1213
1214 pyparsing
1215 - bauble <unfixed> (embed; bug #555366)
1216 - boa-constructor 0.6.1-8 (embed; bug #555367)
1217 - calibre <unfixed> (embed; bug #555368)
1218 - matplotlib <unfixed> (embed; bug #531024)
1219 - zhpy 1.7.3.1-1 (embed; bug #555370)
1220 - polybori <unknown> (embed)
1221 - python-whoosh <unknown> (embed)
1222 - twill <unknown> (embed)
1223 - zope-textindexng3 <unknown> (embed)
1224
1225 python-pysqlite2
1226 - python2.4 <unfixed> (embed; bug #553403)
1227 - python2.5 <unfixed> (embed; bug #553403)
1228
1229 celementtree
1230 - python2.5 <unfixed> (embed)
1231 - smart <unfixed> (embed)
1232
1233 elementtree
1234 - python2.5 <unfixed> (embed)
1235 - python2.6 <unfixed> (embed)
1236 - bzr 2.1.0~rc2-1 (embed; bug #555343)
1237 - gedit 2.28.2-1 (embed; bug #555344)
1238 - smart <unfixed> (embed)
1239 - solfege <unfixed> (embed; bug #555345)
1240 - w3af <unfixed> (embed; bug #555346)
1241 - python-qt4 <unknown> (embed)
1242 - sphinx <unknown> (embed)
1243 - python-nltk <itp> (embed)
1244
1245 python2.5
1246 - python2.4 <unfixed> (old-version)
1247 - jython <unfixed> (embed)
1248 NOTE: embeds many stdlib modules
1249 - python-django <unfixed> (embed; bug #555419)
1250 NOTE: embeds stdlib modules: doctest, decimal
1251 - gamera 3.2.3-1 (embed)
1252 NOTE: embeds stdlib modules: ConfigParser, optparse, sets, textwrap
1253 - boa-constructor <unfixed> (embed; bug #555426)
1254 NOTE: embeds stdlib modules: ConfigParser, tarfile, zipfile, xmlrpclib
1255 - nicotine <unfixed> (embed; bug #555427)
1256 NOTE: embeds stdlib modules: ConfigParser
1257 - museek+ <unfixed> (embed; bug #555428)
1258 NOTE: embeds stdlib modules: ConfigParser
1259 - vegastrike-data <unfixed> (embed)
1260 NOTE: embeds many stdlib modules
1261 - codespeak-lib 1.1.1-1 (embed; bug #555420)
1262 NOTE: embeds stdlib modules: doctest, optparse, subprocess, textwrap
1263 - config-manager <unfixed> (embed; bug #555423)
1264 NOTE: embeds stdlib modules: optparse
1265 - jhbuild 2.28.0-1 (embed; bug #555421)
1266 NOTE: embeds stdlib modules: optparse, subprocess
1267 - smart <unfixed> (embed; bug #555432)
1268 NOTE: embeds stdlib modules: optparse
1269 - pyprotocols 1.0a.svn20070625-5 (embed; bug #555433)
1270 NOTE: embeds stdlib modules: doctest
1271 - ruledispatch 0.5a.svn20080510-4 (embed; bug #555434)
1272 NOTE: embeds stdlib modules: doctest
1273 - distribute <unfixed> (embed)
1274 NOTE: embeds stdlib modules: doctest
1275 - python-setuptools <unfixed> (embed; bug #555435)
1276 NOTE: embeds stdlib modules: doctest
1277 - zope.testing <unfixed> (embed; bug #555436)
1278 NOTE: embeds stdlib modules: doctest
1279 - translate-toolkit <unfixed> (embed; bug #555422)
1280 NOTE: embeds stdlib modules: textwrap, contextlib
1281 - libtpclient-py <unfixed> (embed; bug #555424)
1282 NOTE: embeds stdlib modules: subprocess
1283 - grass <unfixed> (embed; bug #555425)
1284 NOTE: embeds stdlib modules: subprocess
1285 - coherence <unfixed> (embed; bug #555429)
1286 NOTE: embeds stdlib modules: uuid
1287 - python-django-extensions 0.4.2pre+git200911182050-1 (embed; bug #555430)
1288 NOTE: embeds stdlib modules: uuid
1289 - setroubleshoot <unfixed> (embed; bug #555431)
1290 NOTE: embeds stdlib modules: uuid
1291 - linkchecker <unfixed> (embed; bug #555414)
1292 NOTE: embeds msgfmt.py script
1293 - imdbpy <unfixed> (embed)
1294 NOTE: embeds msgfmt.py script
1295 - kiwi <unfixed> (embed)
1296 NOTE: embeds msgfmt.py script
1297 - moin <unfixed> (embed)
1298 NOTE: embeds msgfmt.py script, stdlib modules: cgitb, difflib, tarfile
1299 - plone3 <removed> (embed)
1300 NOTE: embeds msgfmt.py script
1301 - roundup <unfixed> (embed)
1302 NOTE: embeds msgfmt.py script, stdlib modules: cgitb
1303 - rednotebook <unfixed> (embed; bug #555415)
1304 NOTE: embeds msgfmt.py script
1305 - turbogears <unfixed> (embed)
1306 NOTE: embeds msgfmt.py script
1307 - elisa <unfixed> (embed)
1308 NOTE: embeds msgfmt.py script, stdlib modules: uuid
1309 - calibre <unfixed> (embed)
1310 NOTE: embeds msgfmt.py script, stdlib modules: zipfile
1311 - mailman 1:2.1.13-1 (embed; #555416)
1312 NOTE: embeds msgfmt.py script
1313 - python-docutils <unknown> (embed)
1314 NOTE: embeds stdlib modules: optparse, textwrap
1315 - python-imaging <unknown> (embed)
1316 NOTE: embeds stdlib modules: doctest
1317 - python-mechanize <unknown> (embed)
1318 NOTE: embeds stdlib modules: doctest
1319 - twill <unknown> (embed)
1320 NOTE: embeds stdlib modules: subprocess
1321 - zeroc-ice <unknown> (embed)
1322 NOTE: embeds stdlib modules: subprocess
1323 - wxwidgets2.8 <unknown> (embed)
1324 NOTE: embeds stdlib modules: subprocess
1325 - cycle <unknown> (embed)
1326 NOTE: embeds msgfmt.py script
1327 - deluge <unknown> (embed)
1328 NOTE: embeds msgfmt.py script
1329 - opendict <unknown> (embed)
1330 NOTE: embeds msgfmt.py script
1331 - openerp-client <unknown> (embed)
1332 NOTE: embeds msgfmt.py script
1333 - rapidsvn <unknown> (embed)
1334 NOTE: embeds msgfmt.py script
1335 - wammu <unknown> (embed)
1336 NOTE: embeds msgfmt.py script
1337 - gaphor <unknown> (embed)
1338 NOTE: embeds msgfmt.py script
1339 - pida <unknown> (embed)
1340 NOTE: embeds msgfmt.py script
1341 - python-formencode <unknown> (embed)
1342 NOTE: embeds msgfmt.py script
1343 - duplicity <unfixed> (embed)
1344 NOTE: embeds stdlib module: urlparse, tarfile
1345 - pygopherd <unfixed> (embed)
1346 NOTE: embeds stdlib module: zipfile
1347
1348 argparse
1349 - twill <unfixed> (embed; bug #555347)
1350 - ipython <unfixed> (embed; bug #555348)
1351
1352 coherence
1353 - elisa <unfixed> (embed; bug #555335)
1354
1355 simpletal
1356 - plastex <unfixed> (embed; bug #555371)
1357
1358 flickrpc (not packaged in Debian, http://burtonini.com/bzr/flickrpc/)
1359 - postr <unfixed> (embed)
1360 - elisa <unfixed> (embed)
1361
1362 simplegeneric (not packaged in Debian, http://pypi.python.org/pypi/simplegeneric)
1363 - apertium-tolk <unfixed> (embed)
1364 - ipython <unfixed> (embed)
1365 - virtaal <unfixed> (embed)
1366
1367 distribute
1368 - setuptools <removed> (old-version)
1369
1370 rails
1371 - jruby1.2 <unfixed> (embed) [./bench/rails/*]
1372 - libgettext-ruby <unfixed> (embed) [./samples/rails/*]
1373 - libopenid-ruby <unfixed> (embed) [./examples/rails_openid/*]
1374 - thin <unfixed> (embed) [./spec/rails_app/*]
1375 NOTE: this is a subdirectory of examples, which in general is a non-issue, but may
1376 NOTE: be dangerous if developers are naively basing their code off of the examples
1377 NOTE: prototype.js is among the example files
1378
1379 lucene2 (prototype.js is among the embeds in the following)
1380 - lucene <unfixed> (old-version)
1381 - pylucene <unfixed> (embed)
1382 - libpdfbox-java <unfixed> (embed)
1383 - libfontbox-java <unfixed> (embed)
1384 - libjempbox-java <unfixed> (embed)
1385 - solr <unfixed> (embed)
1386
1387 unicode-data
1388 - syslinux <unfixed> (embed)
1389 - camomile <unfixed> (embed)
1390 - fribidi <unfixed> (embed)
1391 - m17n-db <unfixed> (embed)
1392 - sbcl <unfixed> (embed)
1393 - heimdal <unfixed> (embed)
1394 - icu <unfixed> (embed)
1395 - icu4j <unfixed> (embed)
1396 - krb5 <unfixed> (embed)
1397 - moodle <unfixed> (embed)
1398 - openldap <unfixed> (embed)
1399 - pike7.6 <unfixed> (embed)
1400 - samba <unfixed> (embed)
1401 - samba4 <unfixed> (embed)
1402 - cmucl <unfixed> (embed)
1403 - typo3-src <unfixed> (embed)
1404 - mauve <unfixed> (embed)
1405 - texlive-bin <unfixed> (embed)
1406 - ypsilon <unfixed> (embed)
1407 - jeuclid <unfixed> (embed)
1408 - charmap.app <unfixed> (embed)
1409 - clisp <unfixed> (embed)
1410 - gnulib <unfixed> (embed)
1411 - opensrs-client <unfixed> (embed)
1412 - saxonb <unfixed> (embed)
1413 - rails <unfixed> (embed)
1414
1415 feedparser
1416 - rawdog <unfixed> (embed; bug #383422)
1417 - miro <unfixed> (embed; bug #555351)
1418 - calibre <unfixed> (embed; bug #555352)
1419 - freevo <unfixed> (embed; bug #555353)
1420 - pida <unfixed> (embed; bug #555354)
1421 - planet-venus <unfixed> (embed; bug #555355)
1422 - plone3 <removed> (embed; bug #555356)
1423 - exaile 0.2.14+debian-1 (embed)
1424 - screenlets 0.1.2-3 (embed)
1425 NOTE: included twice
1426
1427 agg:
1428 - matplotlib <unfixed> (embed: bug #377271)
1429 - contextfree <unfixed> (embed)
1430 NOTE: since 2.2-1 it links statically to system libagg, but still uses the embedded copy
1431 - exactimage <unfixed> (embed)
1432 - python-enable <unfixed> (embed)
1433 - mapnik 0.5.1-3 (embed)
1434 NOTE: links statically to agg, but shared library is not available (bug #377271)
1435
1436 vtk
1437 - paraview <unfixable> (embed; bug #495426)
1438
1439 txt2tags
1440 - rednotebook <unfixed> (embed)
1441
1442 htmltextview (not packaged in Debian, http://www.gnome.org/~gjc/htmltextview.py)
1443 - gajim <unfixed> (embed)
1444 - emesene <unfixed> (embed)
1445 - convirt <unfixed> (embed)
1446 - pida <unfixed> (embed)
1447 - rednotebook <unfixed> (embed)
1448
1449 horde3 (prototype.js is among the embeds in the following)
1450 - mnemo2 <unfixed> (embed)
1451 - nag2 <unfixed> (embed)
1452 - wordpress <unfixed> (embed)
1453 NOTE: Text_Diff (wp-includes/Text/Diff*)
1454
1455 cimg
1456 - gmic <itp> (embed)
1457
1458 mootools
1459 - gmic <itp> (embed)
1460
1461 openldap
1462 - openldap2.3 <removed> (old-version)
1463
1464 grub2
1465 - grub <unfixed> (old-version)
1466
1467 gnupginterface
1468 - duplicity <unfixed> (embed)
1469
1470 python-dateutil
1471 - awn-extras-applets <unfixed> (embed)
1472 - matplotlib <unknown> (embed)
1473
1474 cups
1475 - cupsys <removed> (old-version)
1476
1477 yui
1478 - bcfg2 <not-affected> (present in source but not included in any binary files)
1479 - serendipity <unfixed> (embed; bug #557746)
1480 - moodle 1.8.2.dfsg-5 (embed)
1481 - jifty 0.91117-1 (embed; bug #557748)
1482 - webgui 7.7.26-1 (embed)
1483 - loggerhead 1.17-1 (embed)
1484
1485 quake3 (vanilla source not packaged in debian)
1486 - openarena <unfixable> (fork)
1487
1488 quake2 (vanilla source not packaged in debian)
1489 - alien-arena <unfixable> (fork)
1490 - warsow <unfixable> (fork)
1491
1492 libtheora
1493 - iceweasel <not-affected> (uses xulrunner)
1494 - xulrunner <unfixed> (embed; bug #540959)
1495 [etch] - xulrunner <not-affected> (introduced in firefox 3.5)
1496 [lenny] - xulrunner <not-affected> (introduced in firefox 3.5)
1497 - iceape <unfixed> (embed; bug #559276)
1498 [etch] - iceape <not-affected> (introduced in iceape 2.0)
1499 [lenny] - iceape <not-affected> (introduced in iceape 2.0)
1500
1501 dtoa
1502 - bfilter <unfixed> (embed)
1503 - cacao <unfixed> (embed)
1504 - cdrdao <unfixed> (embed)
1505 - classpath <unfixed> (embed)
1506 - freej <unfixed> (embed)
1507 - iceape <unfixed> (embed)
1508 - iceweasel <unfixed> (embed)
1509 - jscoverage <unfixed> (embed)
1510 - kde4libs <unfixed> (embed)
1511 - kdelibs <unfixed> (embed)
1512 - kompozer <unfixed> (embed)
1513 - libv8 <unfixed> (embed)
1514 - mono <unfixed> (embed)
1515 - newlib <unfixed> (embed)
1516 - nspr <unfixed> (embed)
1517 - php5 <unfixed> (embed)
1518 - polyml <unfixed> (embed)
1519 - qt4-x11 <unfixed> (embed)
1520 - rhino <unfixed> (embed)
1521 NOTE: code translated to Java
1522 - ruby1.8 <unfixed> (embed)
1523 - ruby1.9 <unfixed> (embed)
1524 - ruby1.9.1 <unfixed> (embed)
1525 - sdd <unfixed> (embed)
1526 - sfind <unfixed> (embed)
1527 - star <unfixed> (embed)
1528 - tinymux <unfixed> (embed)
1529 - virtualbox-ose <unfixed> (embed)
1530 - webkit <unfixed> (embed)
1531 - xulrunner <unfixed> (embed)
1532
1533 ipc (not packaged in Debian; see http://mozdev.org/pipermail/enigmail/2009-November/011678.html)
1534 - firegpg <unfixed> (embed)
1535 - enigmail <unfixed> (embed)
1536
1537 ptmalloc (not packaged in Debian)
1538 - crystalspace <unfixed> (embed)
1539 - qt4-x11 <unfixed> (embed)
1540
1541 svgalib
1542 - usplash <unfixed> (embed)
1543
1544 bogl
1545 - usplash <unfixed> (embed)
1546
1547 taglist
1548 - usplash <unfixed> (embed)
1549
1550 portaudio
1551 - audacity <unfixed> (embed; bug #323711)
1552
1553 nyquist
1554 - audacity <unfixed> (embed)
1555 NOTE: embeds a forked nyquist with support for a shared library
1556
1557 vamp-plugin-sdk
1558 - audacity <unfixed> (embed)
1559
1560 wordpress
1561 - libwordpress-xmlrpc-perl <removed> (embed) [./xmlrpc.php]
1562 - wordpress-mu <unfixed> (fork)
1563
1564 php5
1565 - php4 <removed> (old-version)
1566
1567 classpath
1568 - libgnucrypto-java <removed> (embed; bug #559788)
1569
1570 libtool
1571 - apr <unfixed> (static; bug #489625)
1572 NOTE: ships copy of libtool in libapr1-dev; was 'embed' before 1.3.2-3
1573 - arts <unfixed> (embed)
1574 - bochs 2.4.2-1 (embed; bug #560884)
1575 - camserv <unfixed> (embed)
1576 - collectd 4.8.2-1 (embed)
1577 - courier-authlib 0.58-4 (embed)
1578 NOTE: The etch version of courier-authlib was the earliest version checked, might be fixed earlier
1579 - cvsnt 2.5.04.3236-1.2 (embed)
1580 - dico <not-affected> (Uses the system copy of ltdl)
1581 - freeradius 0.1+20010527-1 (embed)
1582 NOTE: Earliest reference I could find from the changelog is from 27 May 2001
1583 - ggobi 2.1.9~20091212-1 (embed)
1584 - glame 2.0.1-4 (embed)
1585 NOTE: The etch version of glame was the earliest version checked, might be fixed earlier
1586 - gnash 0.8.7-2 (embed)
1587 - gnu-smalltalk <unfixed> (embed; bug #566777)
1588 - google-gadgets 0.10.5-0.3 (embed)
1589 NOTE: 0.10.5-0.3 was the earliest version checked, was fixed earlier
1590 - graphicsmagick 1.3.5-6 (embed)
1591 - graphviz 2.8-3 (embed)
1592 NOTE: The etch version of graphviz was the earliest version checked, might be fixed earlier
1593 - guile-1.6 1.6.8-7 (embed)
1594 - hamlib <unfixed> (embed)
1595 - hercules 3.06-1.2 (embed)
1596 - jags 1.0.4-3 (embed; bug #560864)
1597 - kdelibs <unfixed> (embed)
1598 - libannodex <removed> (embed)
1599 - libextractor 0.5.23+dfsg-4 (embed)
1600 - libmcrypt <not-affected> (libtool source present but not included in any of the binary packages)
1601 - libtunepimp 0.5.3-7.3 (embed)
1602 - mp4h 1.3.1-4.1 (embed)
1603 - naim <removed> (embed)
1604 - parser-mysql <unfixed> (embed)
1605 - pinball 0.3.1-11 (embed)
1606 - redland <unfixed> (embed)
1607 - siproxd <unfixed> (embed)
1608 - ski <unfixed> (embed)
1609 - synfig 0.62.00-1 (embed)
1610 - unixodbc 2.2.4-5 (embed)
1611 - xmlsec1 <not-affected> (Doesn't enable dynamic loading of crypto modules)
1612 - clamav 0.95+dfsg-1 (embed)
1613 - imagemagick 6:6.2.3.1-1 (embed)
1614 - hypre 2.4.0b-5 (embed)
1615 - lam <unfixed> (embed)
1616 - openmpi <unfixable> (embed; bug #559386)
1617 - parser <unfixed> (embed)
1618 - pdsh 2.18-5 (embed; bug #560892)
1619 - sbnc 1.2-8 (embed)
1620 - sdcc <unfixed> (embed)
1621 - wml <not-affected> (The embedded ltdl isn't used, instead mp4h is used, see 559841)
1622 - proftpd-dfsg <unfixed> (embed; bug #561748)
1623 - babel 1.4.0.dfsg-5 (embed)
1624 - libprelude 0.9.14-2 (embed)
1625 - heartbeat 2.1.4-7 (embed)
1626 NOTE: From Squeeze onwards the system copy of ltdl is used, use the current version from Squeeze,
1627 NOTE: might've been fixed earlier
1628 - gcc-* <unknown> (embed)
1629
1630 ocamlgsl
1631 - orpie 1.5.1-7.1 (embed; bug #550058)
1632
1633 xdotool
1634 - keynav <unfixed> (embed; bug #560103)
1635
1636 bulletphysics (not packaged; http://www.bulletphysics.org/)
1637 - supertuxkart <unfixed> (embed)
1638 - blender <unfixed> (embed)
1639
1640 ghostscript
1641 - gs-gpl <removed> (old-version)
1642
1643 icedove
1644 - thunderbird <removed> (old-version)
1645
1646 sizzlejs (not packaged in Debian, http://sizzlejs.com/)
1647 - jquery <unfixed> (embed)
1648
1649 sed
1650 - ssed <unfixed> (fork)
1651
1652 phpatomlib (http://code.google.com/p/phpatomlib)
1653 - wordpress <unfixed> (embed)
1654
1655 Services_JSON (http://pear.php.net/package/Services_JSON)
1656 - wordpress <unfixed> (embed)
1657
1658 phpass (http://www.openwall.com/phpass/)
1659 - gallery2 <unfixed> (embed)
1660 - wordpress <unfixed> (embed)
1661 - typo3-src <unfixed> (modified-embed)
1662 NOTE: file refers to drupal, maybe there's a copy somewhere there
1663 NOTE: a copyright owner search didn't match anything
1664 - libauthen-passphrase-perl <unfixable> (fork)
1665 NOTE: perl implementation of phpass
1666
1667 squirrelmail
1668 - wordpress <unfixed> (embed)
1669 NOTE: class-pop3.php
1670
1671 ezSQL (http://www.woyano.com/jv/ezsql)
1672 - wordpress <unfixable> (fork)
1673 NOTE: wp-db.php
1674
1675 Diff.php (Clay Loveless' version/killersoft.com)
1676 - php-versioncontrol-svn <unfixed>
1677
1678 libm
1679 - spring <unfixed> (embed)
1680 NOTE: embedded by embedded copy of streflop
1681
1682 streflop
1683 - spring <unfixed> (embed)
1684
1685 minizip
1686 - spring <unfixed> (embed)
1687
1688 oscpack
1689 - spring <unfixed> (embed)
1690
1691 hpiutil2
1692 - spring <unfixed> (embed)
1693
1694 p7zip
1695 - spring <unfixed> (embed)
1696
1697 pythonqt (doesn't seem to be python-qtN, unknown source)
1698 - fontmatrix <unfixed> (embed)
1699 - elmerfem <unfixed> (embed)
1700
1701 iepngfix (not packaged in Debian; http://www.twinhelix.com/css/iepngfix/)
1702 - docvert <unfixed> (embed)
1703 - jifty <unfixed> (embed)
1704 - kdenetwork <unfixed> (embed)
1705 - mediatomb <unfixed> (embed)
1706 - plastex <unfixed> (embed)
1707 - plone3 <removed> (embed)
1708 - python-chaco <unfixed> (embed)
1709 - python-docutils <unfixed> (embed)
1710 - s5 <unfixed> (embed)
1711 - zope2.10 <unfixed> (embed)
1712 - zope2.11 <removed> (embed)
1713 - cython <not-affcted> (embed)
1714 NOTE: part of documentation, which is not installed into the binary package
1715
1716 python-docutils
1717 - zope2.10 <unfixed> (embed)
1718 - zope2.11 <removed> (embed)
1719
1720 tesseract
1721 - ocropus <unfixed> (static)
1722
1723 antlr
1724 - kdevelop <unfixed> (embed)
1725
1726 libxerces2
1727 - openjdk-6 <unfixed> (embed)
1728
1729 kfreebsd-8
1730 - kfreebsd-7 <unfixed> (old-version)
1731 - kfreebsd-6 <removed> (old-version)
1732
1733 ruby1.9.1
1734 - ruby1.9 <unfixed> (old-version)
1735 - ruby1.8 <unfixed> (old-version)
1736
1737 maildrop
1738 - courier <unfixed> (embed) [./maildrop]
1739
1740 glee
1741 - warzone2100 <unfixed> (embed)
1742
1743 phing
1744 - symfony <unfixed> (embed)
1745
1746 pake
1747 - symfony <unfixed> (embed)
1748
1749 propel
1750 - symfony <unfixed> (embed)
1751
1752 creole
1753 - symfony <unfixed> (embed)
1754
1755 hfsutils
1756 - cdrkit <unfixed> (embed; bug #570187)
1757 NOTE: embeds hfsutils code in genisoimage
1758
1759 cdrkit
1760 - grub2 <unfixed> (embed; bug #570156)
1761 NOTE: genisoimage imported into grub-mkisofs
1762
1763 kdebase-workspace
1764 - kdebase <unfixed> (old-version)
  ViewVC Help
Powered by ViewVC 1.1.5