Contents of /data/embedded-code-copies

Embedded code copies
====================

This file collects source packages that embed code from other projects.
This is considered bad for fixing security flaws because the fix needs
to be applied in multiple source packages.

Format:
<srcpkg> (<optional comment about srcpkg>)
        - <embedding srcpkg> <status> (<sort>; bug #<number>)
        NOTE: optional comments about the linkage of the embedding srcpkg

status: version number fixing the embedded copy, <unfixed>, <removed>,
        <itp> or <unknown> if the version number can not be determined
        <unfixable> for unavoidable cases (e.g., forks that add real value)
sort: static (linking statically against a lib)
      embed (embedding a copy of the library into another source package)
      fork (the package is not just embedding code but it is a fork and
            thus might share parts of the source code)
      old-version (the package is an older version of essentially
                   the same code)

The srcpkg might be some string to identify the code if there is no
specific source package.

Everything up to the next line is ignored.
---BEGIN
xpdf (some srcpkgs use xpdf2 code, some xpdf3 code)
        NOTE: Fixed packages link to poppler library unless otherwise noted
        - gpdf <removed>
        [sarge] - gpdf <unfixed>
        NOTE: has been replaced by evince in etch
        - pdftohtml <unknown>
        [sarge] - pdftohtml <unfixed>
        [etch] - pdftohtml <unfixed>
        NOTE: has been replaced by poppler-utils
        - kdegraphics <unfixed> (embed; bug #436164)
        NOTE: the kpdf replacement in KDE 4 is using poppler
        - tetex-bin 3.0-12 (embed)
        - texlive-bin 2007-1 (embed)
        NOTE: links to poppler
        - koffice <unfixed> (embed; bug #436163)
        - libextractor 0.5.12-1 (embed)
        NOTE: libextractor is using its own pdf decoder now
        - libextractor 0.5.12-1 (embed)
        - pdfkit.framework 0.8-4 (embed)
        - ipe <unfixed> (embed)
        NOTE: embeds small parts with renamed source files: ipestdfonts.cpp, ipefonts.cpp, ipedct.cpp
        - ruby-gnome2 <unknown> (embed)
        NOTE: copy only present in source but links to poppler

ppmd
        - libcomplearn-mod-ppmd <unfixed> (embed; bug #458152)

silc-toolkit
        - silc-client 1.1~beta6-1 (embed)

dietlibc
        - ccontrol 0.9.1+20071204-1 (static)

libiax
        - iaxmodem <unfixed> (embed)

zlib (lots of apps embed a copy, but link dynamically, but there are a few exceptions)
        - dpkg <unfixed> (embed)
        NOTE: see 18196.48620.491996.624772@davenant.relativity.greenend.org.uk on debian-devel for discussion
        - rsync <unfixed> (embed)
        NOTE: somehow derived code base
        - mono <unfixed> (embed)
        TODO: check mozilla
        - Linux kernels <unfixed> (embed)
        - pvpgn 1.7.8-2 (embed)
        - mrtg 2.12.2-1 (embed)
        - rpm <unknown> (embed)
        NOTE: pinged anibal since when rpm was fixed

libbz2
        - dpkg <unfixed> (static)

ekg
        - centericq <unfixed> (embed)
        - gaim <unfixed> (embed)
        - pigdin <unfixed> (embed)(links dynamically against libgadu)
        - kopete 4:3.3.2-5 (embed)
        - kadu <unfixed> (embed)
        - gadu <unfixed> (embed)
        NOTE: g/kadu not packaged in Debian yet

xmlrpc (which package is the "origin" of this code?)
        - drupal <unfixed> (embed)
        - phpgroupware <unfixed> (embed)
        - egroupware <unfixed> (embed)
        - phpwiki (embed)
        - php4 <unfixed> (embed)
        TODO: check, php-pear, IIRC this was reorganized some weeks ago?

shtool (affects build-time only)
        - mysql-ocaml <unfixed> (embed)
        - php4 <unfixed> (embed)

mozilla source code
        - mozilla-firefox <unfixed> (embed)
        - mozilla-thunderbird
        - firefox <removed>
        [etch] - firefox <unfixed> (embed)
        - thunderbird <removed>
        [etch] - thunderbird <unfixed> (embed)
        - iceweasel <unfixed> (embed)
        - iceape <unfixed> (embed)
        - icedove <unfixed> (embed)
        - xulrunner <unfixed> (embed)
        - nvu <removed> (embed)

xli
        - xloadimage <unfixed> (embed)

lesstif (beware: two different lesstif APIs supported in one package, MOTIF 1.2 discarded upstream)
        - openmotif <unfixed> (embed)
        - xfree86/xorg <unfixed> (embed)
        NOTE: in libxpm

kerberized apps with BSD origin
        - krb4 <unfixed> (embed)
        - krb5 <unfixed> (embed)
        - heimdal <unfixed> (embed)

grip (which pkg is the origin?)
        - libcdaudio
        - grip
        - gnome-vfs
        TODO: check vfs2 as well

fudforum
        - phpgroupware-fudforum <unfixed> (embed)
        - egroupware-fudforum <removed>
        [sarge] - egroupware-fudforum <unfixed> (embed)

cvs
        - gcvs <unfixed> (embed)
        NOTE: see cvsunix/src in tarball

pcre
        - python* <unfixed> (embed)
        - php4 <unknown> (embed)
        - analog 2:5.23-0woody1 (embed)
        - libgoffice-1 <unfixed> (embed)
        - vfu 4.06-4.1 (embed; bug #450754)
        - tf5 5.0beta7-1 (embed)
        - monotone <unfixed> (embed)
        NOTE: this only affects versions >= 0.37
        - glib <unfixed> (embed)
        NOTE: 2.14 series for gregex support, only for udeb, regular packag links dynamic
        - apache2 2.0.53-4 (embed)
        - exim4 4.10-0.srh20.12 (embed)
        - yacas <unfixed> (embed)
        NOTE: <= 1.0.x; is using pcre to scan text, can execute shell commands via the syntax anyway
        - gtamsanalyzer.app 0.42-5 (embed)

tiff
        - wxpythongtk <unfixed> (embed)
        TODO: check, which debian pkg this is in

uudeview
        - libconvert-uulib-perl <unfixed> (embed)

sqlite (not affected by security vulnerabilities so far)
        - amarok <unfixed> (embed)
        - monotone <unfixed> (embed)
        - iceweasel <unfixed> (embed)

util-linux/mount
        - loop-aes-utils <unfixed> (embed)
        NOTE: contains code from util-linux' mount in the mount-aes-udeb

webmin
        - usermin <unknown> (embed)
        [sarge] - usermin <unfixed> (embed)

sylpheed
        - sylpheed-claws <unfixed> (fork)

phpsysinfo
        - egroupware <unfixed> (embed)
        - phpgroupware <unfixed> (embed)

phpldapadmin
        [sarge] - egroupware <unfixed> (embed)
        NOTE: removed from egroupware after sarge

chmlib
        - kchmviewer <unknown> (embed)

libavcodec/libavformat (source: ffmpeg)
        - mplayer <unfixed> (embed; bug #395252)
        - xvidcap <unfixed> (embed)
        - kino <unfixed> (static)
        - vlc <unfixed> (static)
        - smilutils <unfixed> (static)
        - motion <unfixed> (static)
        - gst-ffmpeg <unfixed> (embed)
        - gstreamer0.10-ffmpeg <unfixed> (embed)
        - xmovie <unfixed>
        TODO: gimp-gap (potentially using ffmpeg code as well)

mad MPEG decoding lib
        - mad <unfixed> (embed)
        - xine-lib <unfixed> (embed)

libdts
        - xine-lib <unfixed> (embed)

flac
        - xine-lib <unfixed> (embed)

liba52
        - a52dec <unfixed> (embed)
        - xine-lib <unfixed> (embed)

libmpeg2
        - mpeg2dec <unfixed> (embed)
        - xine-lib <unfixed> (embed)

curl
        - wget <unfixed> (embed)
        NOTE: code for NTLM authentication

uw-imap
        - pine <unfixed> (embed)
        - alpine <unfixed> (embed)

imagemagick
        - graphicsmagick <unfixed> (fork)

halibut
        - nsis <unfixed> (embed)

libghttp
        - hotway <unfixed> (embed)

libsndfile
        - ardour <unfixed> (embed)

glibmm2.4
        - ardour <unfixed> (embed)

libgnomecanvasmm2.6
        - ardour <unfixed> (embed)

libsigc++-2.0
        - ardour <unfixed> (embed)

soundtouch
        - ardour <unfixed> (embed)

libmms
        - xine-lib <unfixed> (embed)
        - mimms <unfixed> (embed)

fckeditor
        - knowledgeroot 0.9.8.5-3 (embed; bug #461555)
        - moin <unfixed> (embed; bug #452599)
        - karrigell <unfixed> (embed; bug #452598)
        - gforge-plugins-extra 4.6.99+svn6225-1 (embed)

ipatlas (not packaged in Debian)
        - moodle <unfixed> (embed)

libphp-phpmailer
        - moodle <unfixed> (embed)

htmlArea (not packaged in Debian)
        - moodle <unfixed> (embed)

giflib:
        - wine <unfixed> (embed; bug #466181)

bennu (not packaged in Debian)
        - moodle <unfixed> (embed)

smarty:
        - moodle <unfixed> (embed)

TinyMCE
        - wordpress <unfixed> (embed)
        - moodle <unfixed> (embed)
        - knowledgeroot <unfixed> (embed)
        - joomla <itp> (bug #326398)

scintilla
        - scite <unfixed> (embed)
        - qscintilla <unfixed> (embed)
        - qscintilla2 <unfixed> (embed)
        - geany <unfixed> (embed)

libphp-adodb
        - moodle <unfixed> (embed)
        NOTE: also AdoDB-XML Schema
        - gallery2 <unfixed> (embed)
        - phppgadmin <unfixed> (embed)
        - egroupware <unfixed> (embed)
        - phpwiki <unfixed> (embed)
        - ipplan <unfixed> (embed)
        - typo3 <unfixed> (embed)
        - moodle <unfixed> (embed)
        - cacti <unknown> (embed)
        [sarge] - cacti <unfixed> (embed)
        NOTE: dependency exists, but internal version is used

gzip
        - linux-kernel <unfixed> (embed)
        NOTE: lib/inflate.c
        - klibc <unfixed> (embed)
        NOTE: based on linux-kernel gzip code
        - busybox <unfixed> (embed)

neon
        - cadaver <unfixed> (embed; bug #188381)
        - gnome-vfs2 <unfixed> (embed; bug #395874)
        - litmus <unfixed> (embed; #395875)
        [sarge] - screem <unfixed> (embed)
        - sitecopy <unfixed> (embed; bug #395876)
        [etch] - tla <unfixed> (embed; bug #395877)
        [sarge] - tla <unfixed> (embed; bug #395877)

libmodplug
        - gst-plugins-bad0.10 <unfixed> (embed)

libvncserver
        - vino <unfixed> (embed)

putty
        - filezilla <unfixed> (embed)

tinyxml (not packaged in Debian)
        - filezilla <unfixed>

gv
        - evince <unfixed> (embed)
        NOTE: ps/ tree from gv 3.5.8
        - evince-gtk <unfixed> (embed)
        NOTE: not packaged in Debian

libXbae
        [etch] - libpawlib2-lesstif <unfixed> (embed)
        NOTE: from Cernlib

libXaw
        [etch] - libpawlib2-lesstif
        NOTE: from Cernlib
        NOTE: I plan to deal with the above two cases after Etch release. -- KevinMcCarty

libgd2
        - graphviz <unfixed> (embed)
        NOTE: lib/gd seems to be 2.0.33
        - wml <unfixed> (embed)
        NOTE: derived from gd 1.6.3

rar
        - unrar-nonfree <unfixed> (embed)

unrar-free (maybe this code is derived from the original rar, too?)
        - clamav <unfixed> (embed)
        NOTE: seems to be disabled in default config

mplayer (DirectMedia Object loader)
        - xine-lib <unfixed> (embed)
        NOTE: src/libw32dll/
        - vlc <unfixed> (embed)
        NOTE: modules/codec/dmo/

libwpd (WordPerfect converter)
        - openoffice.org <unfixed> (embed)

fsplib (http://sourceforge.net/projects/fsp/)
        - gftp <unfixed> (embed)
        NOTE: lib/fsplib version 0.3

librpcsecgss
        - krb5 <unfixed> (embed)

jasper
        - ghostscript <unfixed> (embed)
        - gs-gpl <unfixed> (embed)

libidn
        - monotone <unfixed> (embed)

liblua
        - monotone <unfixed> (embed)

libbotan
        - montone <unfixed> (embed)

NetXX
        - monotone <unfixed> (embed)

libgc
        - mono <unfixed> (embed)

lzma
        - p7zip <unfixed> (embed)

lzo
        - grub2 <unfixed> (embed)

yassl
        - mysql-dfsg-5.0 <unfixed> (embed)

pax code
        - tar <unfixed> (embed)
        - cpio <unfixed> (embed)

t1lib
        - tetex-bin 2.0.2-1 (embed)
        - texlive-bin <unknown> (embed)

guichan
        - boswars <unfixed> (embed)
        NOTE: maintainer notified us, working on it

tolua
        - boswars <unfixed> (embed)
        NOTE: maintainer notified us, working on it

asio-dev
        - luxrender <unfixed> (embed)
        NOTE: maintainer notified us, working on it
        NOTE: may be merged with boost "soon"

xine-lib
        - vlc <unfixed> (embed)
        NOTE: only parts included in modules/access/rtsp

netpbm
        - tcl8.3 <unfixed> (embed)
        - tcl8.4 <unfixed> (embed)
        - tcl8.5 <unfixed> (embed)
        NOTE: generic/tkImgGIF.c

tk8.5
        - tk8.0 <removed> (old-version)
        - tk8.3 <unfixed> (old-version)
        - tk8.4 <unfixed> (old-version)
        - perl-tk <unfixable> (fork)
1	Embedded code copies
2	====================
3
4	This file collects source packages that embed code from other projects.
5	This is considered bad for fixing security flaws because the fix needs
6	to be applied in multiple source packages.
7
8	Format:
9	<srcpkg> (<optional comment about srcpkg>)
10	- <embedding srcpkg> <status> (<sort>; bug #<number>)
11	NOTE: optional comments about the linkage of the embedding srcpkg
12
13	status: version number fixing the embedded copy, <unfixed>, <removed>,
14	<itp> or <unknown> if the version number can not be determined
15	<unfixable> for unavoidable cases (e.g., forks that add real value)
16	sort: static (linking statically against a lib)
17	embed (embedding a copy of the library into another source package)
18	fork (the package is not just embedding code but it is a fork and
19	thus might share parts of the source code)
20	old-version (the package is an older version of essentially
21	the same code)
22
23	The srcpkg might be some string to identify the code if there is no
24	specific source package.
25
26	Everything up to the next line is ignored.
27	---BEGIN
28	xpdf (some srcpkgs use xpdf2 code, some xpdf3 code)
29	NOTE: Fixed packages link to poppler library unless otherwise noted
30	- gpdf <removed>
31	[sarge] - gpdf <unfixed>
32	NOTE: has been replaced by evince in etch
33	- pdftohtml <unknown>
34	[sarge] - pdftohtml <unfixed>
35	[etch] - pdftohtml <unfixed>
36	NOTE: has been replaced by poppler-utils
37	- kdegraphics <unfixed> (embed; bug #436164)
38	NOTE: the kpdf replacement in KDE 4 is using poppler
39	- tetex-bin 3.0-12 (embed)
40	- texlive-bin 2007-1 (embed)
41	NOTE: links to poppler
42	- koffice <unfixed> (embed; bug #436163)
43	- libextractor 0.5.12-1 (embed)
44	NOTE: libextractor is using its own pdf decoder now
45	- libextractor 0.5.12-1 (embed)
46	- pdfkit.framework 0.8-4 (embed)
47	- ipe <unfixed> (embed)
48	NOTE: embeds small parts with renamed source files: ipestdfonts.cpp, ipefonts.cpp, ipedct.cpp
49	- ruby-gnome2 <unknown> (embed)
50	NOTE: copy only present in source but links to poppler
51
52	ppmd
53	- libcomplearn-mod-ppmd <unfixed> (embed; bug #458152)
54
55	silc-toolkit
56	- silc-client 1.1~beta6-1 (embed)
57
58	dietlibc
59	- ccontrol 0.9.1+20071204-1 (static)
60
61	libiax
62	- iaxmodem <unfixed> (embed)
63
64	zlib (lots of apps embed a copy, but link dynamically, but there are a few exceptions)
65	- dpkg <unfixed> (embed)
66	NOTE: see 18196.48620.491996.624772@davenant.relativity.greenend.org.uk on debian-devel for discussion
67	- rsync <unfixed> (embed)
68	NOTE: somehow derived code base
69	- mono <unfixed> (embed)
70	TODO: check mozilla
71	- Linux kernels <unfixed> (embed)
72	- pvpgn 1.7.8-2 (embed)
73	- mrtg 2.12.2-1 (embed)
74	- rpm <unknown> (embed)
75	NOTE: pinged anibal since when rpm was fixed
76
77	libbz2
78	- dpkg <unfixed> (static)
79
80	ekg
81	- centericq <unfixed> (embed)
82	- gaim <unfixed> (embed)
83	- pigdin <unfixed> (embed)(links dynamically against libgadu)
84	- kopete 4:3.3.2-5 (embed)
85	- kadu <unfixed> (embed)
86	- gadu <unfixed> (embed)
87	NOTE: g/kadu not packaged in Debian yet
88
89	xmlrpc (which package is the "origin" of this code?)
90	- drupal <unfixed> (embed)
91	- phpgroupware <unfixed> (embed)
92	- egroupware <unfixed> (embed)
93	- phpwiki (embed)
94	- php4 <unfixed> (embed)
95	TODO: check, php-pear, IIRC this was reorganized some weeks ago?
96
97	shtool (affects build-time only)
98	- mysql-ocaml <unfixed> (embed)
99	- php4 <unfixed> (embed)
100
101	mozilla source code
102	- mozilla-firefox <unfixed> (embed)
103	- mozilla-thunderbird
104	- firefox <removed>
105	[etch] - firefox <unfixed> (embed)
106	- thunderbird <removed>
107	[etch] - thunderbird <unfixed> (embed)
108	- iceweasel <unfixed> (embed)
109	- iceape <unfixed> (embed)
110	- icedove <unfixed> (embed)
111	- xulrunner <unfixed> (embed)
112	- nvu <removed> (embed)
113
114	xli
115	- xloadimage <unfixed> (embed)
116
117	lesstif (beware: two different lesstif APIs supported in one package, MOTIF 1.2 discarded upstream)
118	- openmotif <unfixed> (embed)
119	- xfree86/xorg <unfixed> (embed)
120	NOTE: in libxpm
121
122	kerberized apps with BSD origin
123	- krb4 <unfixed> (embed)
124	- krb5 <unfixed> (embed)
125	- heimdal <unfixed> (embed)
126
127	grip (which pkg is the origin?)
128	- libcdaudio
129	- grip
130	- gnome-vfs
131	TODO: check vfs2 as well
132
133	fudforum
134	- phpgroupware-fudforum <unfixed> (embed)
135	- egroupware-fudforum <removed>
136	[sarge] - egroupware-fudforum <unfixed> (embed)
137
138	cvs
139	- gcvs <unfixed> (embed)
140	NOTE: see cvsunix/src in tarball
141
142	pcre
143	- python* <unfixed> (embed)
144	- php4 <unknown> (embed)
145	- analog 2:5.23-0woody1 (embed)
146	- libgoffice-1 <unfixed> (embed)
147	- vfu 4.06-4.1 (embed; bug #450754)
148	- tf5 5.0beta7-1 (embed)
149	- monotone <unfixed> (embed)
150	NOTE: this only affects versions >= 0.37
151	- glib <unfixed> (embed)
152	NOTE: 2.14 series for gregex support, only for udeb, regular packag links dynamic
153	- apache2 2.0.53-4 (embed)
154	- exim4 4.10-0.srh20.12 (embed)
155	- yacas <unfixed> (embed)
156	NOTE: <= 1.0.x; is using pcre to scan text, can execute shell commands via the syntax anyway
157	- gtamsanalyzer.app 0.42-5 (embed)
158
159	tiff
160	- wxpythongtk <unfixed> (embed)
161	TODO: check, which debian pkg this is in
162
163	uudeview
164	- libconvert-uulib-perl <unfixed> (embed)
165
166	sqlite (not affected by security vulnerabilities so far)
167	- amarok <unfixed> (embed)
168	- monotone <unfixed> (embed)
169	- iceweasel <unfixed> (embed)
170
171	util-linux/mount
172	- loop-aes-utils <unfixed> (embed)
173	NOTE: contains code from util-linux' mount in the mount-aes-udeb
174
175	webmin
176	- usermin <unknown> (embed)
177	[sarge] - usermin <unfixed> (embed)
178
179	sylpheed
180	- sylpheed-claws <unfixed> (fork)
181
182	phpsysinfo
183	- egroupware <unfixed> (embed)
184	- phpgroupware <unfixed> (embed)
185
186	phpldapadmin
187	[sarge] - egroupware <unfixed> (embed)
188	NOTE: removed from egroupware after sarge
189
190	chmlib
191	- kchmviewer <unknown> (embed)
192
193	libavcodec/libavformat (source: ffmpeg)
194	- mplayer <unfixed> (embed; bug #395252)
195	- xvidcap <unfixed> (embed)
196	- kino <unfixed> (static)
197	- vlc <unfixed> (static)
198	- smilutils <unfixed> (static)
199	- motion <unfixed> (static)
200	- gst-ffmpeg <unfixed> (embed)
201	- gstreamer0.10-ffmpeg <unfixed> (embed)
202	- xmovie <unfixed>
203	TODO: gimp-gap (potentially using ffmpeg code as well)
204
205	mad MPEG decoding lib
206	- mad <unfixed> (embed)
207	- xine-lib <unfixed> (embed)
208
209	libdts
210	- xine-lib <unfixed> (embed)
211
212	flac
213	- xine-lib <unfixed> (embed)
214
215	liba52
216	- a52dec <unfixed> (embed)
217	- xine-lib <unfixed> (embed)
218
219	libmpeg2
220	- mpeg2dec <unfixed> (embed)
221	- xine-lib <unfixed> (embed)
222
223	curl
224	- wget <unfixed> (embed)
225	NOTE: code for NTLM authentication
226
227	uw-imap
228	- pine <unfixed> (embed)
229	- alpine <unfixed> (embed)
230
231	imagemagick
232	- graphicsmagick <unfixed> (fork)
233
234	halibut
235	- nsis <unfixed> (embed)
236
237	libghttp
238	- hotway <unfixed> (embed)
239
240	libsndfile
241	- ardour <unfixed> (embed)
242
243	glibmm2.4
244	- ardour <unfixed> (embed)
245
246	libgnomecanvasmm2.6
247	- ardour <unfixed> (embed)
248
249	libsigc++-2.0
250	- ardour <unfixed> (embed)
251
252	soundtouch
253	- ardour <unfixed> (embed)
254
255	libmms
256	- xine-lib <unfixed> (embed)
257	- mimms <unfixed> (embed)
258
259	fckeditor
260	- knowledgeroot 0.9.8.5-3 (embed; bug #461555)
261	- moin <unfixed> (embed; bug #452599)
262	- karrigell <unfixed> (embed; bug #452598)
263	- gforge-plugins-extra 4.6.99+svn6225-1 (embed)
264
265	ipatlas (not packaged in Debian)
266	- moodle <unfixed> (embed)
267
268	libphp-phpmailer
269	- moodle <unfixed> (embed)
270
271	htmlArea (not packaged in Debian)
272	- moodle <unfixed> (embed)
273
274	giflib:
275	- wine <unfixed> (embed; bug #466181)
276
277	bennu (not packaged in Debian)
278	- moodle <unfixed> (embed)
279
280	smarty:
281	- moodle <unfixed> (embed)
282
283	TinyMCE
284	- wordpress <unfixed> (embed)
285	- moodle <unfixed> (embed)
286	- knowledgeroot <unfixed> (embed)
287	- joomla <itp> (bug #326398)
288
289	scintilla
290	- scite <unfixed> (embed)
291	- qscintilla <unfixed> (embed)
292	- qscintilla2 <unfixed> (embed)
293	- geany <unfixed> (embed)
294
295	libphp-adodb
296	- moodle <unfixed> (embed)
297	NOTE: also AdoDB-XML Schema
298	- gallery2 <unfixed> (embed)
299	- phppgadmin <unfixed> (embed)
300	- egroupware <unfixed> (embed)
301	- phpwiki <unfixed> (embed)
302	- ipplan <unfixed> (embed)
303	- typo3 <unfixed> (embed)
304	- moodle <unfixed> (embed)
305	- cacti <unknown> (embed)
306	[sarge] - cacti <unfixed> (embed)
307	NOTE: dependency exists, but internal version is used
308
309	gzip
310	- linux-kernel <unfixed> (embed)
311	NOTE: lib/inflate.c
312	- klibc <unfixed> (embed)
313	NOTE: based on linux-kernel gzip code
314	- busybox <unfixed> (embed)
315
316	neon
317	- cadaver <unfixed> (embed; bug #188381)
318	- gnome-vfs2 <unfixed> (embed; bug #395874)
319	- litmus <unfixed> (embed; #395875)
320	[sarge] - screem <unfixed> (embed)
321	- sitecopy <unfixed> (embed; bug #395876)
322	[etch] - tla <unfixed> (embed; bug #395877)
323	[sarge] - tla <unfixed> (embed; bug #395877)
324
325	libmodplug
326	- gst-plugins-bad0.10 <unfixed> (embed)
327
328	libvncserver
329	- vino <unfixed> (embed)
330
331	putty
332	- filezilla <unfixed> (embed)
333
334	tinyxml (not packaged in Debian)
335	- filezilla <unfixed>
336
337	gv
338	- evince <unfixed> (embed)
339	NOTE: ps/ tree from gv 3.5.8
340	- evince-gtk <unfixed> (embed)
341	NOTE: not packaged in Debian
342
343	libXbae
344	[etch] - libpawlib2-lesstif <unfixed> (embed)
345	NOTE: from Cernlib
346
347	libXaw
348	[etch] - libpawlib2-lesstif
349	NOTE: from Cernlib
350	NOTE: I plan to deal with the above two cases after Etch release. -- KevinMcCarty
351
352	libgd2
353	- graphviz <unfixed> (embed)
354	NOTE: lib/gd seems to be 2.0.33
355	- wml <unfixed> (embed)
356	NOTE: derived from gd 1.6.3
357
358	rar
359	- unrar-nonfree <unfixed> (embed)
360
361	unrar-free (maybe this code is derived from the original rar, too?)
362	- clamav <unfixed> (embed)
363	NOTE: seems to be disabled in default config
364
365	mplayer (DirectMedia Object loader)
366	- xine-lib <unfixed> (embed)
367	NOTE: src/libw32dll/
368	- vlc <unfixed> (embed)
369	NOTE: modules/codec/dmo/
370
371	libwpd (WordPerfect converter)
372	- openoffice.org <unfixed> (embed)
373
374	fsplib (http://sourceforge.net/projects/fsp/)
375	- gftp <unfixed> (embed)
376	NOTE: lib/fsplib version 0.3
377
378	librpcsecgss
379	- krb5 <unfixed> (embed)
380
381	jasper
382	- ghostscript <unfixed> (embed)
383	- gs-gpl <unfixed> (embed)
384
385	libidn
386	- monotone <unfixed> (embed)
387
388	liblua
389	- monotone <unfixed> (embed)
390
391	libbotan
392	- montone <unfixed> (embed)
393
394	NetXX
395	- monotone <unfixed> (embed)
396
397	libgc
398	- mono <unfixed> (embed)
399
400	lzma
401	- p7zip <unfixed> (embed)
402
403	lzo
404	- grub2 <unfixed> (embed)
405
406	yassl
407	- mysql-dfsg-5.0 <unfixed> (embed)
408
409	pax code
410	- tar <unfixed> (embed)
411	- cpio <unfixed> (embed)
412
413	t1lib
414	- tetex-bin 2.0.2-1 (embed)
415	- texlive-bin <unknown> (embed)
416
417	guichan
418	- boswars <unfixed> (embed)
419	NOTE: maintainer notified us, working on it
420
421	tolua
422	- boswars <unfixed> (embed)
423	NOTE: maintainer notified us, working on it
424
425	asio-dev
426	- luxrender <unfixed> (embed)
427	NOTE: maintainer notified us, working on it
428	NOTE: may be merged with boost "soon"
429
430	xine-lib
431	- vlc <unfixed> (embed)
432	NOTE: only parts included in modules/access/rtsp
433
434	netpbm
435	- tcl8.3 <unfixed> (embed)
436	- tcl8.4 <unfixed> (embed)
437	- tcl8.5 <unfixed> (embed)
438	NOTE: generic/tkImgGIF.c
439
440	tk8.5
441	- tk8.0 <removed> (old-version)
442	- tk8.3 <unfixed> (old-version)
443	- tk8.4 <unfixed> (old-version)
444	- perl-tk <unfixable> (fork)