Contents of /data/embedded-code-copies

Embedded code copies
====================

This file collects source packages that embed code from other projects.
This is considered bad for fixing security flaws because the fix needs
to be applied in multiple source packages.

Format:
<srcpkg> (<optional comment about srcpkg>)
        - <embedding srcpkg> <status> (<sort>; bug #<number>)
        NOTE: optional comments about the linkage of the embedding srcpkg

status: version number fixing the embedded copy, <unfixed>, <removed>,
        <itp> or <unknown> if the version number can not be determined
sort: static (linking statically against a lib)
      embed (embedding a copy of the library into another source package)
      fork (the package is not just embedding code but it is a fork and
            thus might share parts of the source code)

The srcpkg might be some string to identify the code if there is no
specific source package.

Everything up to the next line is ignored.
---BEGIN
xpdf (some srcpkgs use xpdf2 code, some xpdf3 code)
        NOTE: Fixed packages link to poppler library unless otherwise noted
        - gpdf <removed>
        [sarge] - gpdf <unfixed>
        NOTE: has been replaced by evince in etch
        - pdftohtml <unknown>
        [sarge] - pdftohtml <unfixed>
        [etch] - pdftohtml <unfixed>
        NOTE: has been replaced by poppler-utils
        - kdegraphics <unfixed> (embed; bug #436164)
        NOTE: the kpdf replacement in KDE 4 is using poppler
        - tetex-bin 3.0-12 (embed)
        - texlive-bin 2007-1 (embed)
        NOTE: links to poppler
        - koffice <unfixed> (embed; bug #436163)
        - libextractor 0.5.12-1 (embed)
        NOTE: libextractor is using its own pdf decoder now
        - libextractor 0.5.12-1 (embed)
        - pdfkit.framework 0.8-4 (embed)
        - ipe <unfixed> (embed)
        NOTE: embeds small parts with renamed source files: ipestdfonts.cpp, ipefonts.cpp, ipedct.cpp
        - ruby-gnome2 <unknown> (embed)
        NOTE: copy only present in source but links to poppler

ppmd
        - libcomplearn-mod-ppmd <unfixed> (embed; bug #458152)

silc-toolkit
        - silc-client 1.1~beta6-1 (embed)

dietlibc
        - ccontrol 0.9.1+20071204-1 (static)

libiax
        - iaxmodem <unfixed> (embed)

zlib (lots of apps embed a copy, but link dynamically, but there are a few exceptions)
        - dpkg <unfixed> (embed)
        NOTE: see 18196.48620.491996.624772@davenant.relativity.greenend.org.uk on debian-devel for discussion
        - rsync <unfixed> (embed)
        NOTE: somehow derived code base
        - mono <unfixed> (embed)
        TODO: check mozilla
        - Linux kernels <unfixed> (embed)
        - pvpgn 1.7.8-2 (embed)
        - mrtg 2.12.2-1 (embed)
        - rpm <unknown> (embed)
        NOTE: pinged anibal since when rpm was fixed

libbz2
        - dpkg <unfixed> (static)

ekg
        - centericq <unfixed> (embed)
        - gaim <unfixed> (embed)
        - pigdin <unfixed> (embed)(links dynamically against libgadu)
        - kopete 4:3.3.2-5 (embed)
        - kadu <unfixed> (embed)
        - gadu <unfixed> (embed)
        NOTE: g/kadu not packaged in Debian yet

xmlrpc (which package is the "origin" of this code?)
        - drupal <unfixed> (embed)
        - phpgroupware <unfixed> (embed)
        - egroupware <unfixed> (embed)
        - phpwiki (embed)
        - php4 <unfixed> (embed)
        TODO: check, php-pear, IIRC this was reorganized some weeks ago?

shtool (affects build-time only)
        - mysql-ocaml <unfixed> (embed)
        - php4 <unfixed> (embed)

mozilla source code
        - mozilla-firefox <unfixed> (embed)
        - mozilla-thunderbird
        - firefox <removed>
        [etch] - firefox <unfixed> (embed)
        - thunderbird <removed>
        [etch] - thunderbird <unfixed> (embed)
        - iceweasel <unfixed> (embed)
        - iceape <unfixed> (embed)
        - icedove <unfixed> (embed)
        - xulrunner <unfixed> (embed)
        - nvu <removed> (embed)

xli
        - xloadimage <unfixed> (embed)

lesstif (beware: two different lesstif APIs supported in one package, MOTIF 1.2 discarded upstream)
        - openmotif <unfixed> (embed)
        - xfree86/xorg <unfixed> (embed)
        NOTE: in libxpm

kerberized apps with BSD origin
        - krb4 <unfixed> (embed)
        - krb5 <unfixed> (embed)
        - heimdal <unfixed> (embed)

grip (which pkg is the origin?)
        - libcdaudio
        - grip
        - gnome-vfs
        TODO: check vfs2 as well

fudforum
        - phpgroupware-fudforum <unfixed> (embed)
        - egroupware-fudforum <removed>
        [sarge] - egroupware-fudforum <unfixed> (embed)

cvs
        - gcvs <unfixed> (embed)
        NOTE: see cvsunix/src in tarball

pcre
        - python* <unfixed> (embed)
        - php4 <unknown> (embed)
        - analog 2:5.23-0woody1 (embed)
        - libgoffice-1 <unfixed> (embed)
        - vfu 4.06-4.1 (embed; bug #450754)
        - tf5 5.0beta7-1 (embed)
        - monotone <unfixed> (embed)
        NOTE: this only affects versions >= 0.37
        - glib <unfixed> (embed)
        NOTE: 2.14 series for gregex support, only for udeb, regular packag links dynamic
        - apache2 2.0.53-4 (embed)
        - exim4 4.10-0.srh20.12 (embed)
        - yacas <unfixed> (embed)
        NOTE: <= 1.0.x; is using pcre to scan text, can execute shell commands via the syntax anyway
        - gtamsanalyzer.app 0.42-5 (embed)

tiff
        - wxpythongtk <unfixed> (embed)
        TODO: check, which debian pkg this is in

uudeview
        - libconvert-uulib-perl <unfixed> (embed)

sqlite (not affected by security vulnerabilities so far)
        - amarok <unfixed> (embed)
        - monotone <unfixed> (embed)
        - iceweasel <unfixed> (embed)

util-linux/mount
        - loop-aes-utils <unfixed> (embed)
        NOTE: contains code from util-linux' mount in the mount-aes-udeb

webmin
        - usermin <unknown> (embed)
        [sarge] - usermin <unfixed> (embed)

sylpheed
        - sylpheed-claws <unfixed> (fork)

phpsysinfo
        - egroupware <unfixed> (embed)
        - phpgroupware <unfixed> (embed)

phpldapadmin
        [sarge] - egroupware <unfixed> (embed)
        NOTE: removed from egroupware after sarge

chmlib
        - kchmviewer <unknown> (embed)

libavcodec/libavformat (source: ffmpeg)
        - mplayer <unfixed> (embed; bug #395252)
        - xvidcap <unfixed> (embed)
        - kino <unfixed> (static)
        - vlc <unfixed> (static)
        - smilutils <unfixed> (static)
        - motion <unfixed> (static)
        - gst-ffmpeg <unfixed> (embed)
        - gstreamer0.10-ffmpeg <unfixed> (embed)
        - xmovie <unfixed>
        TODO: gimp-gap (potentially using ffmpeg code as well)

mad MPEG decoding lib
        - mad <unfixed> (embed)
        - xine-lib <unfixed> (embed)

libdts
        - xine-lib <unfixed> (embed)

flac
        - xine-lib <unfixed> (embed)

liba52
        - a52dec <unfixed> (embed)
        - xine-lib <unfixed> (embed)

libmpeg2
        - mpeg2dec <unfixed> (embed)
        - xine-lib <unfixed> (embed)

curl
        - wget <unfixed> (embed)
        NOTE: code for NTLM authentication

uw-imap
        - pine <unfixed> (embed)
        - alpine <unfixed> (embed)

imagemagick
        - graphicsmagick <unfixed> (fork)

halibut
        - nsis <unfixed> (embed)

libghttp
        - hotway <unfixed> (embed)

libsndfile
        - ardour <unfixed> (embed)

glibmm2.4
        - ardour <unfixed> (embed)

libgnomecanvasmm2.6
        - ardour <unfixed> (embed)

libsigc++-2.0
        - ardour <unfixed> (embed)

soundtouch
        - ardour <unfixed> (embed)

libmms
        - xine-lib <unfixed> (embed)
        - mimms <unfixed> (embed)

fckeditor
        - knowledgeroot <unfixed> (embed; bug #461555)
        - moin <unfixed> (embed; bug #452599)
        - karrigell <unfixed> (embed; bug #452598)
        - gforge-plugins-extra 4.6.99+svn6225-1 (embed)

ipatlas (not packaged in Debian)
        - moodle <unfixed> (embed)

libphp-phpmailer
        - moodle <unfixed> (embed)

htmlArea (not packaged in Debian)
        - moodle <unfixed> (embed)

bennu (not packaged in Debian)
        - moodle <unfixed> (embed)

smarty:
        - moodle <unfixed> (embed)

TinyMCE
        - wordpress <unfixed> (embed)
        - moodle <unfixed> (embed)
        - knowledgeroot <unfixed> (embed)
        - joomla <itp> (bug #326398)

scintilla
        - scite <unfixed> (embed)
        - qscintilla <unfixed> (embed)
        - qscintilla2 <unfixed> (embed)
        - geany <unfixed> (embed)

libphp-adodb
        - moodle <unfixed> (embed)
        NOTE: also AdoDB-XML Schema
        - gallery2 <unfixed> (embed)
        - phppgadmin <unfixed> (embed)
        - egroupware <unfixed> (embed)
        - phpwiki <unfixed> (embed)
        - ipplan <unfixed> (embed)
        - typo3 <unfixed> (embed)
        - moodle <unfixed> (embed)
        - cacti <unknown> (embed)
        [sarge] - cacti <unfixed> (embed)
        NOTE: dependency exists, but internal version is used

gzip
        - linux-kernel <unfixed> (embed)
        NOTE: lib/inflate.c
        - klibc <unfixed> (embed)
        NOTE: based on linux-kernel gzip code
        - busybox <unfixed> (embed)

neon
        - cadaver <unfixed> (embed; bug #188381)
        - gnome-vfs2 <unfixed> (embed; bug #395874)
        - litmus <unfixed> (embed; #395875)
        [sarge] - screem <unfixed> (embed)
        - sitecopy <unfixed> (embed; bug #395876)
        [etch] - tla <unfixed> (embed; bug #395877)
        [sarge] - tla <unfixed> (embed; bug #395877)

libmodplug
        - gst-plugins-bad0.10 <unfixed> (embed)

libvncserver
        - vino <unfixed> (embed)

putty
        - filezilla <unfixed> (embed)

tinyxml (not packaged in Debian)
        - filezilla <unfixed>

gv
        - evince <unfixed> (embed)
        NOTE: ps/ tree from gv 3.5.8
        - evince-gtk <unfixed> (embed)
        NOTE: not packaged in Debian

libXbae
        [etch] - libpawlib2-lesstif <unfixed> (embed)
        NOTE: from Cernlib

libXaw
        [etch] - libpawlib2-lesstif
        NOTE: from Cernlib
        NOTE: I plan to deal with the above two cases after Etch release. -- KevinMcCarty

libgd2
        - graphviz <unfixed> (embed)
        NOTE: lib/gd seems to be 2.0.33

rar
        - unrar-nonfree <unfixed> (embed)

unrar-free (maybe this code is derived from the original rar, too?)
        - clamav <unfixed> (embed)
        NOTE: seems to be disabled in default config

mplayer (DirectMedia Object loader)
        - xine-lib <unfixed> (embed)
        NOTE: src/libw32dll/
        - vlc <unfixed> (embed)
        NOTE: modules/codec/dmo/

libwpd (WordPerfect converter)
        - openoffice.org <unfixed> (embed)

fsplib (http://sourceforge.net/projects/fsp/)
        - gftp <unfixed> (embed)
        NOTE: lib/fsplib version 0.3

librpcsecgss
        - krb5 <unfixed> (embed)

jasper
        - ghostscript <unfixed> (embed)
        - gs-gpl <unfixed> (embed)

libidn
        - monotone <unfixed> (embed)

liblua
        - monotone <unfixed> (embed)

libbotan
        - montone <unfixed> (embed)

NetXX
        - monotone <unfixed> (embed)

libgc
        - mono <unfixed> (embed)

lzma
        - p7zip <unfixed> (embed)

lzo
        - grub2 <unfixed> (embed)

yassl
        - mysql-dfsg-5.0 <unfixed> (embed)

pax code
        - tar <unfixed> (embed)
        - cpio <unfixed> (embed)

t1lib
        - tetex-bin 2.0.2-1 (embed)
        - texlive-bin <unknown> (embed)

guichan
        - boswars <unfixed> (embed)
        NOTE: maintainer notified us, working on it

tolua
        - boswars <unfixed> (embed)
        NOTE: maintainer notified us, working on it

asio-dev
        - luxrender <unfixed> (embed)
        NOTE: maintainer notified us, working on it
        NOTE: may be merged with boost "soon"

xine-lib
        - vlc <unfixed> (embed)
        NOTE: only parts included in modules/access/rtsp

netpbm
        - tcl8.3 <unfixed> (embed)
        - tcl8.4 <unfixed> (embed)
        - tcl8.5 <unfixed> (embed)
        NOTE: generic/tkImgGIF.c
1	Embedded code copies
2	====================
3
4	This file collects source packages that embed code from other projects.
5	This is considered bad for fixing security flaws because the fix needs
6	to be applied in multiple source packages.
7
8	Format:
9	<srcpkg> (<optional comment about srcpkg>)
10	- <embedding srcpkg> <status> (<sort>; bug #<number>)
11	NOTE: optional comments about the linkage of the embedding srcpkg
12
13	status: version number fixing the embedded copy, <unfixed>, <removed>,
14	<itp> or <unknown> if the version number can not be determined
15	sort: static (linking statically against a lib)
16	embed (embedding a copy of the library into another source package)
17	fork (the package is not just embedding code but it is a fork and
18	thus might share parts of the source code)
19
20	The srcpkg might be some string to identify the code if there is no
21	specific source package.
22
23	Everything up to the next line is ignored.
24	---BEGIN
25	xpdf (some srcpkgs use xpdf2 code, some xpdf3 code)
26	NOTE: Fixed packages link to poppler library unless otherwise noted
27	- gpdf <removed>
28	[sarge] - gpdf <unfixed>
29	NOTE: has been replaced by evince in etch
30	- pdftohtml <unknown>
31	[sarge] - pdftohtml <unfixed>
32	[etch] - pdftohtml <unfixed>
33	NOTE: has been replaced by poppler-utils
34	- kdegraphics <unfixed> (embed; bug #436164)
35	NOTE: the kpdf replacement in KDE 4 is using poppler
36	- tetex-bin 3.0-12 (embed)
37	- texlive-bin 2007-1 (embed)
38	NOTE: links to poppler
39	- koffice <unfixed> (embed; bug #436163)
40	- libextractor 0.5.12-1 (embed)
41	NOTE: libextractor is using its own pdf decoder now
42	- libextractor 0.5.12-1 (embed)
43	- pdfkit.framework 0.8-4 (embed)
44	- ipe <unfixed> (embed)
45	NOTE: embeds small parts with renamed source files: ipestdfonts.cpp, ipefonts.cpp, ipedct.cpp
46	- ruby-gnome2 <unknown> (embed)
47	NOTE: copy only present in source but links to poppler
48
49	ppmd
50	- libcomplearn-mod-ppmd <unfixed> (embed; bug #458152)
51
52	silc-toolkit
53	- silc-client 1.1~beta6-1 (embed)
54
55	dietlibc
56	- ccontrol 0.9.1+20071204-1 (static)
57
58	libiax
59	- iaxmodem <unfixed> (embed)
60
61	zlib (lots of apps embed a copy, but link dynamically, but there are a few exceptions)
62	- dpkg <unfixed> (embed)
63	NOTE: see 18196.48620.491996.624772@davenant.relativity.greenend.org.uk on debian-devel for discussion
64	- rsync <unfixed> (embed)
65	NOTE: somehow derived code base
66	- mono <unfixed> (embed)
67	TODO: check mozilla
68	- Linux kernels <unfixed> (embed)
69	- pvpgn 1.7.8-2 (embed)
70	- mrtg 2.12.2-1 (embed)
71	- rpm <unknown> (embed)
72	NOTE: pinged anibal since when rpm was fixed
73
74	libbz2
75	- dpkg <unfixed> (static)
76
77	ekg
78	- centericq <unfixed> (embed)
79	- gaim <unfixed> (embed)
80	- pigdin <unfixed> (embed)(links dynamically against libgadu)
81	- kopete 4:3.3.2-5 (embed)
82	- kadu <unfixed> (embed)
83	- gadu <unfixed> (embed)
84	NOTE: g/kadu not packaged in Debian yet
85
86	xmlrpc (which package is the "origin" of this code?)
87	- drupal <unfixed> (embed)
88	- phpgroupware <unfixed> (embed)
89	- egroupware <unfixed> (embed)
90	- phpwiki (embed)
91	- php4 <unfixed> (embed)
92	TODO: check, php-pear, IIRC this was reorganized some weeks ago?
93
94	shtool (affects build-time only)
95	- mysql-ocaml <unfixed> (embed)
96	- php4 <unfixed> (embed)
97
98	mozilla source code
99	- mozilla-firefox <unfixed> (embed)
100	- mozilla-thunderbird
101	- firefox <removed>
102	[etch] - firefox <unfixed> (embed)
103	- thunderbird <removed>
104	[etch] - thunderbird <unfixed> (embed)
105	- iceweasel <unfixed> (embed)
106	- iceape <unfixed> (embed)
107	- icedove <unfixed> (embed)
108	- xulrunner <unfixed> (embed)
109	- nvu <removed> (embed)
110
111	xli
112	- xloadimage <unfixed> (embed)
113
114	lesstif (beware: two different lesstif APIs supported in one package, MOTIF 1.2 discarded upstream)
115	- openmotif <unfixed> (embed)
116	- xfree86/xorg <unfixed> (embed)
117	NOTE: in libxpm
118
119	kerberized apps with BSD origin
120	- krb4 <unfixed> (embed)
121	- krb5 <unfixed> (embed)
122	- heimdal <unfixed> (embed)
123
124	grip (which pkg is the origin?)
125	- libcdaudio
126	- grip
127	- gnome-vfs
128	TODO: check vfs2 as well
129
130	fudforum
131	- phpgroupware-fudforum <unfixed> (embed)
132	- egroupware-fudforum <removed>
133	[sarge] - egroupware-fudforum <unfixed> (embed)
134
135	cvs
136	- gcvs <unfixed> (embed)
137	NOTE: see cvsunix/src in tarball
138
139	pcre
140	- python* <unfixed> (embed)
141	- php4 <unknown> (embed)
142	- analog 2:5.23-0woody1 (embed)
143	- libgoffice-1 <unfixed> (embed)
144	- vfu 4.06-4.1 (embed; bug #450754)
145	- tf5 5.0beta7-1 (embed)
146	- monotone <unfixed> (embed)
147	NOTE: this only affects versions >= 0.37
148	- glib <unfixed> (embed)
149	NOTE: 2.14 series for gregex support, only for udeb, regular packag links dynamic
150	- apache2 2.0.53-4 (embed)
151	- exim4 4.10-0.srh20.12 (embed)
152	- yacas <unfixed> (embed)
153	NOTE: <= 1.0.x; is using pcre to scan text, can execute shell commands via the syntax anyway
154	- gtamsanalyzer.app 0.42-5 (embed)
155
156	tiff
157	- wxpythongtk <unfixed> (embed)
158	TODO: check, which debian pkg this is in
159
160	uudeview
161	- libconvert-uulib-perl <unfixed> (embed)
162
163	sqlite (not affected by security vulnerabilities so far)
164	- amarok <unfixed> (embed)
165	- monotone <unfixed> (embed)
166	- iceweasel <unfixed> (embed)
167
168	util-linux/mount
169	- loop-aes-utils <unfixed> (embed)
170	NOTE: contains code from util-linux' mount in the mount-aes-udeb
171
172	webmin
173	- usermin <unknown> (embed)
174	[sarge] - usermin <unfixed> (embed)
175
176	sylpheed
177	- sylpheed-claws <unfixed> (fork)
178
179	phpsysinfo
180	- egroupware <unfixed> (embed)
181	- phpgroupware <unfixed> (embed)
182
183	phpldapadmin
184	[sarge] - egroupware <unfixed> (embed)
185	NOTE: removed from egroupware after sarge
186
187	chmlib
188	- kchmviewer <unknown> (embed)
189
190	libavcodec/libavformat (source: ffmpeg)
191	- mplayer <unfixed> (embed; bug #395252)
192	- xvidcap <unfixed> (embed)
193	- kino <unfixed> (static)
194	- vlc <unfixed> (static)
195	- smilutils <unfixed> (static)
196	- motion <unfixed> (static)
197	- gst-ffmpeg <unfixed> (embed)
198	- gstreamer0.10-ffmpeg <unfixed> (embed)
199	- xmovie <unfixed>
200	TODO: gimp-gap (potentially using ffmpeg code as well)
201
202	mad MPEG decoding lib
203	- mad <unfixed> (embed)
204	- xine-lib <unfixed> (embed)
205
206	libdts
207	- xine-lib <unfixed> (embed)
208
209	flac
210	- xine-lib <unfixed> (embed)
211
212	liba52
213	- a52dec <unfixed> (embed)
214	- xine-lib <unfixed> (embed)
215
216	libmpeg2
217	- mpeg2dec <unfixed> (embed)
218	- xine-lib <unfixed> (embed)
219
220	curl
221	- wget <unfixed> (embed)
222	NOTE: code for NTLM authentication
223
224	uw-imap
225	- pine <unfixed> (embed)
226	- alpine <unfixed> (embed)
227
228	imagemagick
229	- graphicsmagick <unfixed> (fork)
230
231	halibut
232	- nsis <unfixed> (embed)
233
234	libghttp
235	- hotway <unfixed> (embed)
236
237	libsndfile
238	- ardour <unfixed> (embed)
239
240	glibmm2.4
241	- ardour <unfixed> (embed)
242
243	libgnomecanvasmm2.6
244	- ardour <unfixed> (embed)
245
246	libsigc++-2.0
247	- ardour <unfixed> (embed)
248
249	soundtouch
250	- ardour <unfixed> (embed)
251
252	libmms
253	- xine-lib <unfixed> (embed)
254	- mimms <unfixed> (embed)
255
256	fckeditor
257	- knowledgeroot <unfixed> (embed; bug #461555)
258	- moin <unfixed> (embed; bug #452599)
259	- karrigell <unfixed> (embed; bug #452598)
260	- gforge-plugins-extra 4.6.99+svn6225-1 (embed)
261
262	ipatlas (not packaged in Debian)
263	- moodle <unfixed> (embed)
264
265	libphp-phpmailer
266	- moodle <unfixed> (embed)
267
268	htmlArea (not packaged in Debian)
269	- moodle <unfixed> (embed)
270
271	bennu (not packaged in Debian)
272	- moodle <unfixed> (embed)
273
274	smarty:
275	- moodle <unfixed> (embed)
276
277	TinyMCE
278	- wordpress <unfixed> (embed)
279	- moodle <unfixed> (embed)
280	- knowledgeroot <unfixed> (embed)
281	- joomla <itp> (bug #326398)
282
283	scintilla
284	- scite <unfixed> (embed)
285	- qscintilla <unfixed> (embed)
286	- qscintilla2 <unfixed> (embed)
287	- geany <unfixed> (embed)
288
289	libphp-adodb
290	- moodle <unfixed> (embed)
291	NOTE: also AdoDB-XML Schema
292	- gallery2 <unfixed> (embed)
293	- phppgadmin <unfixed> (embed)
294	- egroupware <unfixed> (embed)
295	- phpwiki <unfixed> (embed)
296	- ipplan <unfixed> (embed)
297	- typo3 <unfixed> (embed)
298	- moodle <unfixed> (embed)
299	- cacti <unknown> (embed)
300	[sarge] - cacti <unfixed> (embed)
301	NOTE: dependency exists, but internal version is used
302
303	gzip
304	- linux-kernel <unfixed> (embed)
305	NOTE: lib/inflate.c
306	- klibc <unfixed> (embed)
307	NOTE: based on linux-kernel gzip code
308	- busybox <unfixed> (embed)
309
310	neon
311	- cadaver <unfixed> (embed; bug #188381)
312	- gnome-vfs2 <unfixed> (embed; bug #395874)
313	- litmus <unfixed> (embed; #395875)
314	[sarge] - screem <unfixed> (embed)
315	- sitecopy <unfixed> (embed; bug #395876)
316	[etch] - tla <unfixed> (embed; bug #395877)
317	[sarge] - tla <unfixed> (embed; bug #395877)
318
319	libmodplug
320	- gst-plugins-bad0.10 <unfixed> (embed)
321
322	libvncserver
323	- vino <unfixed> (embed)
324
325	putty
326	- filezilla <unfixed> (embed)
327
328	tinyxml (not packaged in Debian)
329	- filezilla <unfixed>
330
331	gv
332	- evince <unfixed> (embed)
333	NOTE: ps/ tree from gv 3.5.8
334	- evince-gtk <unfixed> (embed)
335	NOTE: not packaged in Debian
336
337	libXbae
338	[etch] - libpawlib2-lesstif <unfixed> (embed)
339	NOTE: from Cernlib
340
341	libXaw
342	[etch] - libpawlib2-lesstif
343	NOTE: from Cernlib
344	NOTE: I plan to deal with the above two cases after Etch release. -- KevinMcCarty
345
346	libgd2
347	- graphviz <unfixed> (embed)
348	NOTE: lib/gd seems to be 2.0.33
349
350	rar
351	- unrar-nonfree <unfixed> (embed)
352
353	unrar-free (maybe this code is derived from the original rar, too?)
354	- clamav <unfixed> (embed)
355	NOTE: seems to be disabled in default config
356
357	mplayer (DirectMedia Object loader)
358	- xine-lib <unfixed> (embed)
359	NOTE: src/libw32dll/
360	- vlc <unfixed> (embed)
361	NOTE: modules/codec/dmo/
362
363	libwpd (WordPerfect converter)
364	- openoffice.org <unfixed> (embed)
365
366	fsplib (http://sourceforge.net/projects/fsp/)
367	- gftp <unfixed> (embed)
368	NOTE: lib/fsplib version 0.3
369
370	librpcsecgss
371	- krb5 <unfixed> (embed)
372
373	jasper
374	- ghostscript <unfixed> (embed)
375	- gs-gpl <unfixed> (embed)
376
377	libidn
378	- monotone <unfixed> (embed)
379
380	liblua
381	- monotone <unfixed> (embed)
382
383	libbotan
384	- montone <unfixed> (embed)
385
386	NetXX
387	- monotone <unfixed> (embed)
388
389	libgc
390	- mono <unfixed> (embed)
391
392	lzma
393	- p7zip <unfixed> (embed)
394
395	lzo
396	- grub2 <unfixed> (embed)
397
398	yassl
399	- mysql-dfsg-5.0 <unfixed> (embed)
400
401	pax code
402	- tar <unfixed> (embed)
403	- cpio <unfixed> (embed)
404
405	t1lib
406	- tetex-bin 2.0.2-1 (embed)
407	- texlive-bin <unknown> (embed)
408
409	guichan
410	- boswars <unfixed> (embed)
411	NOTE: maintainer notified us, working on it
412
413	tolua
414	- boswars <unfixed> (embed)
415	NOTE: maintainer notified us, working on it
416
417	asio-dev
418	- luxrender <unfixed> (embed)
419	NOTE: maintainer notified us, working on it
420	NOTE: may be merged with boost "soon"
421
422	xine-lib
423	- vlc <unfixed> (embed)
424	NOTE: only parts included in modules/access/rtsp
425
426	netpbm
427	- tcl8.3 <unfixed> (embed)
428	- tcl8.4 <unfixed> (embed)
429	- tcl8.5 <unfixed> (embed)
430	NOTE: generic/tkImgGIF.c