Contents of /data/embedded-code-copies

Embedded code copies
====================

This file collects cases, where a source package embeds code from
other projects which is considered bad for fixing security flaws
because the fix needs to be applied in multiple source packages.

Format:
<srcpkg> (<optional comment about srcpkg>)
        - <embedding srcpkg> <status> (<sort>; bug #<number>)
        NOTE: optional comments about the linkage of the embedding srcpkg

status: version number fixing the embedded copy, <unfixed>, <removed>, <itp> or <unknown> if the version number can not be determined
sort: static (linking statically against a lib)
      embed (embedding a copy of the library into another source package)
      fork (the package is not just embedding code but it is a fork and thus might share parts of the source code)

The srcpkg might be some string to identify the code if there is no specific source package.

Everything up to the next line is ignored
---BEGIN
xpdf (some srcpkgs use xpdf2 code, some xpdf3 code)
        NOTE: Fixed packages link to poppler library unless otherwise noted
        - gpdf <removed>
        [sarge] - gpdf <unfixed>
        NOTE: has been replaced by evince in etch
        - pdftohtml <unknown>
        [sarge] - pdftohtml <unfixed>
        [etch] - pdftohtml <unfixed>
        NOTE: has been replaced by poppler-utils
        - kdegraphics <unfixed> (embed; bug #436164)
        NOTE: the kpdf replacement in KDE 4 is using poppler
        - tetex-bin 3.0-12 (embed)
        - texlive-bin 2007-1 (embed)
        NOTE: links to poppler
        - koffice <unfixed> (embed; bug #436163)
        - libextractor 0.5.12-1 (embed)
        NOTE: libextractor is using its own pdf decoder now
        - libextractor 0.5.12-1 (embed)
        - pdfkit.framework 0.8-4 (embed)
        - ipe <unfixed> (embed)
        NOTE: embeds small parts with renamed source files: ipestdfonts.cpp, ipefonts.cpp, ipedct.cpp
        - ruby-gnome2 <unknown> (embed)
        NOTE: copy only present in source but links to poppler

ppmd
        - libcomplearn-mod-ppmd <unfixed> (embed; bug #458152)

silc-toolkit
        - silc-client 1.1~beta6-1 (embed)

dietlibc
        - ccontrol 0.9.1+20071204-1 (static)

libiax
        - iaxmodem <unfixed> (embed)

zlib (lots of apps embed a copy, but link dynamically, but there are a few exceptions)
        - dpkg <unfixed> (embed)
        NOTE: see 18196.48620.491996.624772@davenant.relativity.greenend.org.uk on debian-devel for discussion
        - rsync <unfixed> (embed)
        NOTE: somehow derived code base
        - mono <unfixed> (embed)
        TODO: check mozilla
        - Linux kernels <unfixed> (embed)
        - pvpgn 1.7.8-2 (embed)
        - mrtg 2.12.2-1 (embed)
        - rpm <unknown> (embed)
        NOTE: pinged anibal since when rpm was fixed

libbz2
        - dpkg <unfixed> (static)

ekg
        - centericq <unfixed> (embed)
        - gaim <unfixed> (embed)
        - pigdin <unfixed> (embed)(links dynamically against libgadu)
        - kopete 4:3.3.2-5 (embed)
        - kadu <unfixed> (embed)
        - gadu <unfixed> (embed)
        NOTE: g/kadu not packaged in Debian yet

xmlrpc (which package is the "origin" of this code?)
        - drupal <unfixed> (embed)
        - phpgroupware <unfixed> (embed)
        - egroupware <unfixed> (embed)
        - phpwiki (embed)
        - php4 <unfixed> (embed)
        TODO: check, php-pear, IIRC this was reorganized some weeks ago?

shtool (affects build-time only)
        - mysql-ocaml <unfixed> (embed)
        - php4 <unfixed> (embed)

mozilla source code
        - mozilla-firefox <unfixed> (embed)
        - mozilla-thunderbird
        - firefox <removed>
        [etch] - firefox <unfixed> (embed)
        - thunderbird <removed>
        [etch] - thunderbird <unfixed> (embed)
        - iceweasel <unfixed> (embed)
        - iceape <unfixed> (embed)
        - icedove <unfixed> (embed)
        - xulrunner <unfixed> (embed)
        - nvu <removed> (embed)

xli
        - xloadimage <unfixed> (embed)

lesstif (beware: two different lesstif APIs supported in one package, MOTIF 1.2 discarded upstream)
        - openmotif <unfixed> (embed)
        - xfree86/xorg <unfixed> (embed)
        NOTE: in libxpm

kerberized apps with BSD origin
        - krb4 <unfixed> (embed)
        - krb5 <unfixed> (embed)
        - heimdal <unfixed> (embed)

grip (which pkg is the origin?)
        - libcdaudio
        - grip
        - gnome-vfs
        TODO: check vfs2 as well

fudforum
        - phpgroupware-fudforum <unfixed> (embed)
        - egroupware-fudforum <removed>
        [sarge] - egroupware-fudforum <unfixed> (embed)

cvs
        - gcvs <unfixed> (embed)
        NOTE: see cvsunix/src in tarball

pcre
        - python* <unfixed> (embed)
        - php4 <unknown> (embed)
        - analog 2:5.23-0woody1 (embed)
        - libgoffice-1 <unfixed> (embed)
        - vfu 4.06-4.1 (embed; bug #450754)
        - tf5 5.0beta7-1 (embed)
        - monotone <unfixed> (embed)
        NOTE: this only affects versions >= 0.37
        - glib <unfixed> (embed)
        NOTE: 2.14 series for gregex support, only for udeb, regular packag links dynamic
        - apache2 2.0.53-4 (embed)
        - exim4 4.10-0.srh20.12 (embed)
        - yacas <unfixed> (embed)
        NOTE: <= 1.0.x; is using pcre to scan text, can execute shell commands via the syntax anyway
        - gtamsanalyzer.app 0.42-5 (embed)

tiff
        - wxpythongtk <unfixed> (embed)
        TODO: check, which debian pkg this is in

uudeview
        - libconvert-uulib-perl <unfixed> (embed)

sqlite (not affected by security vulnerabilities so far)
        - amarok <unfixed> (embed)
        - monotone <unfixed> (embed)
        - iceweasel <unfixed> (embed)

util-linux/mount
        - loop-aes-utils <unfixed> (embed)
        NOTE: contains code from util-linux' mount in the mount-aes-udeb

webmin
        - usermin <unknown> (embed)
        [sarge] - usermin <unfixed> (embed)

sylpheed
        - sylpheed-claws <unfixed> (fork)

phpsysinfo
        - egroupware <unfixed> (embed)
        - phpgroupware <unfixed> (embed)

phpldapadmin
        [sarge] - egroupware <unfixed> (embed)
        NOTE: removed from egroupware after sarge

chmlib
        - kchmviewer <unknown> (embed)

libavcodec/libavformat (source: ffmpeg)
        - mplayer <unfixed> (embed; bug #395252)
        - xvidcap <unfixed> (embed)
        - kino <unfixed> (static)
        - vlc <unfixed> (static)
        - smilutils <unfixed> (static)
        - motion <unfixed> (static)
        - gst-ffmpeg <unfixed> (embed)
        - gstreamer0.10-ffmpeg <unfixed> (embed)
        - xmovie <unfixed>
        TODO: gimp-gap (potentially using ffmpeg code as well)

mad MPEG decoding lib
        - mad <unfixed> (embed)
        - xine-lib <unfixed> (embed)

libdts
        - xine-lib <unfixed> (embed)

flac
        - xine-lib <unfixed> (embed)

liba52
        - a52dec <unfixed> (embed)
        - xine-lib <unfixed> (embed)

libmpeg2
        - mpeg2dec <unfixed> (embed)
        - xine-lib <unfixed> (embed)

curl
        - wget <unfixed> (embed)
        NOTE: code for NTLM authentication

uw-imap
        - pine <unfixed> (embed)
        - alpine <unfixed> (embed)

imagemagick
        - graphicsmagick <unfixed> (fork)

halibut
        - nsis <unfixed> (embed)

libghttp
        - hotway <unfixed> (embed)

libsndfile
        - ardour <unfixed> (embed)

glibmm2.4
        - ardour <unfixed> (embed)

libgnomecanvasmm2.6
        - ardour <unfixed> (embed)

libsigc++-2.0
        - ardour <unfixed> (embed)

soundtouch
        - ardour <unfixed> (embed)

libmms
        - xine-lib <unfixed> (embed)
        - mimms <unfixed> (embed)

fckeditor
        - knowledgeroot <unfixed> (embed; bug #461555)
        - moin <unfixed> (embed; bug #452599)
        - karrigell <unfixed> (embed; bug #452598)
        - gforge-plugins-extra 4.6.99+svn6225-1 (embed)

ipatlas (not packaged in Debian)
        - moodle <unfixed> (embed)

libphp-phpmailer
        - moodle <unfixed> (embed)

htmlArea (not packaged in Debian)
        - moodle <unfixed> (embed)

bennu (not packaged in Debian)
        - moodle <unfixed> (embed)

smarty:
        - moodle <unfixed> (embed)

TinyMCE
        - wordpress <unfixed> (embed)
        - moodle <unfixed> (embed)
        - knowledgeroot <unfixed> (embed)
        - joomla <itp> (bug #326398)

scintilla
        - scite <unfixed> (embed)
        - qscintilla <unfixed> (embed)
        - qscintilla2 <unfixed> (embed)
        - geany <unfixed> (embed)

libphp-adodb
        - moodle <unfixed> (embed)
        NOTE: also AdoDB-XML Schema
        - gallery2 <unfixed> (embed)
        - phppgadmin <unfixed> (embed)
        - egroupware <unfixed> (embed)
        - phpwiki <unfixed> (embed)
        - ipplan <unfixed> (embed)
        - typo3 <unfixed> (embed)
        - moodle <unfixed> (embed)
        - cacti <unknown> (embed)
        [sarge] - cacti <unfixed> (embed)
        NOTE: dependency exists, but internal version is used

gzip
        - linux-kernel <unfixed> (embed)
        NOTE: lib/inflate.c
        - klibc <unfixed> (embed)
        NOTE: based on linux-kernel gzip code
        - busybox <unfixed> (embed)

neon
        - cadaver <unfixed> (embed; bug #188381)
        - gnome-vfs2 <unfixed> (embed; bug #395874)
        - litmus <unfixed> (embed; #395875)
        [sarge] - screem <unfixed> (embed)
        - sitecopy <unfixed> (embed; bug #395876)
        [etch] - tla <unfixed> (embed; bug #395877)
        [sarge] - tla <unfixed> (embed; bug #395877)

libmodplug
        - gst-plugins-bad0.10 <unfixed> (embed)

libvncserver
        - vino <unfixed> (embed)

putty
        - filezilla <unfixed> (embed)

tinyxml (not packaged in Debian)
        - filezilla <unfixed>

gv
        - evince <unfixed> (embed)
        NOTE: ps/ tree from gv 3.5.8
        - evince-gtk <unfixed> (embed)
        NOTE: not packaged in Debian

libXbae
        [etch] - libpawlib2-lesstif <unfixed> (embed)
        NOTE: from Cernlib

libXaw
        [etch] - libpawlib2-lesstif
        NOTE: from Cernlib
        NOTE: I plan to deal with the above two cases after Etch release. -- KevinMcCarty

libgd2
        - graphviz <unfixed> (embed)
        NOTE: lib/gd seems to be 2.0.33

rar
        - unrar-nonfree <unfixed> (embed)

unrar-free (maybe this code is derived from the original rar, too?)
        - clamav <unfixed> (embed)
        NOTE: seems to be disabled in default config

mplayer (DirectMedia Object loader)
        - xine-lib <unfixed> (embed)
        NOTE: src/libw32dll/
        - vlc <unfixed> (embed)
        NOTE: modules/codec/dmo/

libwpd (WordPerfect converter)
        - openoffice.org <unfixed> (embed)

fsplib (http://sourceforge.net/projects/fsp/)
        - gftp <unfixed> (embed)
        NOTE: lib/fsplib version 0.3

librpcsecgss
        - krb5 <unfixed> (embed)

jasper
        - ghostscript <unfixed> (embed)
        - gs-gpl <unfixed> (embed)

libidn
        - monotone <unfixed> (embed)

liblua
        - monotone <unfixed> (embed)

libbotan
        - montone <unfixed> (embed)

NetXX
        - monotone <unfixed> (embed)

libgc
        - mono <unfixed> (embed)

lzma
        - p7zip <unfixed> (embed)

lzo
        - grub2 <unfixed> (embed)

yassl
        - mysql-dfsg-5.0 <unfixed> (embed)

pax code
        - tar <unfixed> (embed)
        - cpio <unfixed> (embed)

t1lib
        - tetex-bin 2.0.2-1 (embed)
        - texlive-bin <unknown> (embed)

guichan
        - boswars <unfixed> (embed)
        NOTE: maintainer notified us, working on it

tolua
        - boswars <unfixed> (embed)
        NOTE: maintainer notified us, working on it

asio-dev
        - luxrender <unfixed> (embed)
        NOTE: maintainer notified us, working on it
        NOTE: may be merged with boost "soon"


1	Embedded code copies
2	====================
3
4	This file collects cases, where a source package embeds code from
5	other projects which is considered bad for fixing security flaws
6	because the fix needs to be applied in multiple source packages.
7
8	Format:
9	<srcpkg> (<optional comment about srcpkg>)
10	- <embedding srcpkg> <status> (<sort>; bug #<number>)
11	NOTE: optional comments about the linkage of the embedding srcpkg
12
13	status: version number fixing the embedded copy, <unfixed>, <removed>, <itp> or <unknown> if the version number can not be determined
14	sort: static (linking statically against a lib)
15	embed (embedding a copy of the library into another source package)
16	fork (the package is not just embedding code but it is a fork and thus might share parts of the source code)
17
18	The srcpkg might be some string to identify the code if there is no specific source package.
19
20	Everything up to the next line is ignored
21	---BEGIN
22	xpdf (some srcpkgs use xpdf2 code, some xpdf3 code)
23	NOTE: Fixed packages link to poppler library unless otherwise noted
24	- gpdf <removed>
25	[sarge] - gpdf <unfixed>
26	NOTE: has been replaced by evince in etch
27	- pdftohtml <unknown>
28	[sarge] - pdftohtml <unfixed>
29	[etch] - pdftohtml <unfixed>
30	NOTE: has been replaced by poppler-utils
31	- kdegraphics <unfixed> (embed; bug #436164)
32	NOTE: the kpdf replacement in KDE 4 is using poppler
33	- tetex-bin 3.0-12 (embed)
34	- texlive-bin 2007-1 (embed)
35	NOTE: links to poppler
36	- koffice <unfixed> (embed; bug #436163)
37	- libextractor 0.5.12-1 (embed)
38	NOTE: libextractor is using its own pdf decoder now
39	- libextractor 0.5.12-1 (embed)
40	- pdfkit.framework 0.8-4 (embed)
41	- ipe <unfixed> (embed)
42	NOTE: embeds small parts with renamed source files: ipestdfonts.cpp, ipefonts.cpp, ipedct.cpp
43	- ruby-gnome2 <unknown> (embed)
44	NOTE: copy only present in source but links to poppler
45
46	ppmd
47	- libcomplearn-mod-ppmd <unfixed> (embed; bug #458152)
48
49	silc-toolkit
50	- silc-client 1.1~beta6-1 (embed)
51
52	dietlibc
53	- ccontrol 0.9.1+20071204-1 (static)
54
55	libiax
56	- iaxmodem <unfixed> (embed)
57
58	zlib (lots of apps embed a copy, but link dynamically, but there are a few exceptions)
59	- dpkg <unfixed> (embed)
60	NOTE: see 18196.48620.491996.624772@davenant.relativity.greenend.org.uk on debian-devel for discussion
61	- rsync <unfixed> (embed)
62	NOTE: somehow derived code base
63	- mono <unfixed> (embed)
64	TODO: check mozilla
65	- Linux kernels <unfixed> (embed)
66	- pvpgn 1.7.8-2 (embed)
67	- mrtg 2.12.2-1 (embed)
68	- rpm <unknown> (embed)
69	NOTE: pinged anibal since when rpm was fixed
70
71	libbz2
72	- dpkg <unfixed> (static)
73
74	ekg
75	- centericq <unfixed> (embed)
76	- gaim <unfixed> (embed)
77	- pigdin <unfixed> (embed)(links dynamically against libgadu)
78	- kopete 4:3.3.2-5 (embed)
79	- kadu <unfixed> (embed)
80	- gadu <unfixed> (embed)
81	NOTE: g/kadu not packaged in Debian yet
82
83	xmlrpc (which package is the "origin" of this code?)
84	- drupal <unfixed> (embed)
85	- phpgroupware <unfixed> (embed)
86	- egroupware <unfixed> (embed)
87	- phpwiki (embed)
88	- php4 <unfixed> (embed)
89	TODO: check, php-pear, IIRC this was reorganized some weeks ago?
90
91	shtool (affects build-time only)
92	- mysql-ocaml <unfixed> (embed)
93	- php4 <unfixed> (embed)
94
95	mozilla source code
96	- mozilla-firefox <unfixed> (embed)
97	- mozilla-thunderbird
98	- firefox <removed>
99	[etch] - firefox <unfixed> (embed)
100	- thunderbird <removed>
101	[etch] - thunderbird <unfixed> (embed)
102	- iceweasel <unfixed> (embed)
103	- iceape <unfixed> (embed)
104	- icedove <unfixed> (embed)
105	- xulrunner <unfixed> (embed)
106	- nvu <removed> (embed)
107
108	xli
109	- xloadimage <unfixed> (embed)
110
111	lesstif (beware: two different lesstif APIs supported in one package, MOTIF 1.2 discarded upstream)
112	- openmotif <unfixed> (embed)
113	- xfree86/xorg <unfixed> (embed)
114	NOTE: in libxpm
115
116	kerberized apps with BSD origin
117	- krb4 <unfixed> (embed)
118	- krb5 <unfixed> (embed)
119	- heimdal <unfixed> (embed)
120
121	grip (which pkg is the origin?)
122	- libcdaudio
123	- grip
124	- gnome-vfs
125	TODO: check vfs2 as well
126
127	fudforum
128	- phpgroupware-fudforum <unfixed> (embed)
129	- egroupware-fudforum <removed>
130	[sarge] - egroupware-fudforum <unfixed> (embed)
131
132	cvs
133	- gcvs <unfixed> (embed)
134	NOTE: see cvsunix/src in tarball
135
136	pcre
137	- python* <unfixed> (embed)
138	- php4 <unknown> (embed)
139	- analog 2:5.23-0woody1 (embed)
140	- libgoffice-1 <unfixed> (embed)
141	- vfu 4.06-4.1 (embed; bug #450754)
142	- tf5 5.0beta7-1 (embed)
143	- monotone <unfixed> (embed)
144	NOTE: this only affects versions >= 0.37
145	- glib <unfixed> (embed)
146	NOTE: 2.14 series for gregex support, only for udeb, regular packag links dynamic
147	- apache2 2.0.53-4 (embed)
148	- exim4 4.10-0.srh20.12 (embed)
149	- yacas <unfixed> (embed)
150	NOTE: <= 1.0.x; is using pcre to scan text, can execute shell commands via the syntax anyway
151	- gtamsanalyzer.app 0.42-5 (embed)
152
153	tiff
154	- wxpythongtk <unfixed> (embed)
155	TODO: check, which debian pkg this is in
156
157	uudeview
158	- libconvert-uulib-perl <unfixed> (embed)
159
160	sqlite (not affected by security vulnerabilities so far)
161	- amarok <unfixed> (embed)
162	- monotone <unfixed> (embed)
163	- iceweasel <unfixed> (embed)
164
165	util-linux/mount
166	- loop-aes-utils <unfixed> (embed)
167	NOTE: contains code from util-linux' mount in the mount-aes-udeb
168
169	webmin
170	- usermin <unknown> (embed)
171	[sarge] - usermin <unfixed> (embed)
172
173	sylpheed
174	- sylpheed-claws <unfixed> (fork)
175
176	phpsysinfo
177	- egroupware <unfixed> (embed)
178	- phpgroupware <unfixed> (embed)
179
180	phpldapadmin
181	[sarge] - egroupware <unfixed> (embed)
182	NOTE: removed from egroupware after sarge
183
184	chmlib
185	- kchmviewer <unknown> (embed)
186
187	libavcodec/libavformat (source: ffmpeg)
188	- mplayer <unfixed> (embed; bug #395252)
189	- xvidcap <unfixed> (embed)
190	- kino <unfixed> (static)
191	- vlc <unfixed> (static)
192	- smilutils <unfixed> (static)
193	- motion <unfixed> (static)
194	- gst-ffmpeg <unfixed> (embed)
195	- gstreamer0.10-ffmpeg <unfixed> (embed)
196	- xmovie <unfixed>
197	TODO: gimp-gap (potentially using ffmpeg code as well)
198
199	mad MPEG decoding lib
200	- mad <unfixed> (embed)
201	- xine-lib <unfixed> (embed)
202
203	libdts
204	- xine-lib <unfixed> (embed)
205
206	flac
207	- xine-lib <unfixed> (embed)
208
209	liba52
210	- a52dec <unfixed> (embed)
211	- xine-lib <unfixed> (embed)
212
213	libmpeg2
214	- mpeg2dec <unfixed> (embed)
215	- xine-lib <unfixed> (embed)
216
217	curl
218	- wget <unfixed> (embed)
219	NOTE: code for NTLM authentication
220
221	uw-imap
222	- pine <unfixed> (embed)
223	- alpine <unfixed> (embed)
224
225	imagemagick
226	- graphicsmagick <unfixed> (fork)
227
228	halibut
229	- nsis <unfixed> (embed)
230
231	libghttp
232	- hotway <unfixed> (embed)
233
234	libsndfile
235	- ardour <unfixed> (embed)
236
237	glibmm2.4
238	- ardour <unfixed> (embed)
239
240	libgnomecanvasmm2.6
241	- ardour <unfixed> (embed)
242
243	libsigc++-2.0
244	- ardour <unfixed> (embed)
245
246	soundtouch
247	- ardour <unfixed> (embed)
248
249	libmms
250	- xine-lib <unfixed> (embed)
251	- mimms <unfixed> (embed)
252
253	fckeditor
254	- knowledgeroot <unfixed> (embed; bug #461555)
255	- moin <unfixed> (embed; bug #452599)
256	- karrigell <unfixed> (embed; bug #452598)
257	- gforge-plugins-extra 4.6.99+svn6225-1 (embed)
258
259	ipatlas (not packaged in Debian)
260	- moodle <unfixed> (embed)
261
262	libphp-phpmailer
263	- moodle <unfixed> (embed)
264
265	htmlArea (not packaged in Debian)
266	- moodle <unfixed> (embed)
267
268	bennu (not packaged in Debian)
269	- moodle <unfixed> (embed)
270
271	smarty:
272	- moodle <unfixed> (embed)
273
274	TinyMCE
275	- wordpress <unfixed> (embed)
276	- moodle <unfixed> (embed)
277	- knowledgeroot <unfixed> (embed)
278	- joomla <itp> (bug #326398)
279
280	scintilla
281	- scite <unfixed> (embed)
282	- qscintilla <unfixed> (embed)
283	- qscintilla2 <unfixed> (embed)
284	- geany <unfixed> (embed)
285
286	libphp-adodb
287	- moodle <unfixed> (embed)
288	NOTE: also AdoDB-XML Schema
289	- gallery2 <unfixed> (embed)
290	- phppgadmin <unfixed> (embed)
291	- egroupware <unfixed> (embed)
292	- phpwiki <unfixed> (embed)
293	- ipplan <unfixed> (embed)
294	- typo3 <unfixed> (embed)
295	- moodle <unfixed> (embed)
296	- cacti <unknown> (embed)
297	[sarge] - cacti <unfixed> (embed)
298	NOTE: dependency exists, but internal version is used
299
300	gzip
301	- linux-kernel <unfixed> (embed)
302	NOTE: lib/inflate.c
303	- klibc <unfixed> (embed)
304	NOTE: based on linux-kernel gzip code
305	- busybox <unfixed> (embed)
306
307	neon
308	- cadaver <unfixed> (embed; bug #188381)
309	- gnome-vfs2 <unfixed> (embed; bug #395874)
310	- litmus <unfixed> (embed; #395875)
311	[sarge] - screem <unfixed> (embed)
312	- sitecopy <unfixed> (embed; bug #395876)
313	[etch] - tla <unfixed> (embed; bug #395877)
314	[sarge] - tla <unfixed> (embed; bug #395877)
315
316	libmodplug
317	- gst-plugins-bad0.10 <unfixed> (embed)
318
319	libvncserver
320	- vino <unfixed> (embed)
321
322	putty
323	- filezilla <unfixed> (embed)
324
325	tinyxml (not packaged in Debian)
326	- filezilla <unfixed>
327
328	gv
329	- evince <unfixed> (embed)
330	NOTE: ps/ tree from gv 3.5.8
331	- evince-gtk <unfixed> (embed)
332	NOTE: not packaged in Debian
333
334	libXbae
335	[etch] - libpawlib2-lesstif <unfixed> (embed)
336	NOTE: from Cernlib
337
338	libXaw
339	[etch] - libpawlib2-lesstif
340	NOTE: from Cernlib
341	NOTE: I plan to deal with the above two cases after Etch release. -- KevinMcCarty
342
343	libgd2
344	- graphviz <unfixed> (embed)
345	NOTE: lib/gd seems to be 2.0.33
346
347	rar
348	- unrar-nonfree <unfixed> (embed)
349
350	unrar-free (maybe this code is derived from the original rar, too?)
351	- clamav <unfixed> (embed)
352	NOTE: seems to be disabled in default config
353
354	mplayer (DirectMedia Object loader)
355	- xine-lib <unfixed> (embed)
356	NOTE: src/libw32dll/
357	- vlc <unfixed> (embed)
358	NOTE: modules/codec/dmo/
359
360	libwpd (WordPerfect converter)
361	- openoffice.org <unfixed> (embed)
362
363	fsplib (http://sourceforge.net/projects/fsp/)
364	- gftp <unfixed> (embed)
365	NOTE: lib/fsplib version 0.3
366
367	librpcsecgss
368	- krb5 <unfixed> (embed)
369
370	jasper
371	- ghostscript <unfixed> (embed)
372	- gs-gpl <unfixed> (embed)
373
374	libidn
375	- monotone <unfixed> (embed)
376
377	liblua
378	- monotone <unfixed> (embed)
379
380	libbotan
381	- montone <unfixed> (embed)
382
383	NetXX
384	- monotone <unfixed> (embed)
385
386	libgc
387	- mono <unfixed> (embed)
388
389	lzma
390	- p7zip <unfixed> (embed)
391
392	lzo
393	- grub2 <unfixed> (embed)
394
395	yassl
396	- mysql-dfsg-5.0 <unfixed> (embed)
397
398	pax code
399	- tar <unfixed> (embed)
400	- cpio <unfixed> (embed)
401
402	t1lib
403	- tetex-bin 2.0.2-1 (embed)
404	- texlive-bin <unknown> (embed)
405
406	guichan
407	- boswars <unfixed> (embed)
408	NOTE: maintainer notified us, working on it
409
410	tolua
411	- boswars <unfixed> (embed)
412	NOTE: maintainer notified us, working on it
413
414	asio-dev
415	- luxrender <unfixed> (embed)
416	NOTE: maintainer notified us, working on it
417	NOTE: may be merged with boost "soon"
418
419