Contents of /data/embedded-code-copies

Embedded code copies
====================

This file collects source packages that embed code from other projects.
This is considered bad for fixing security flaws because the fix needs
to be applied in multiple source packages.

Format:
<srcpkg> (<optional comment about srcpkg>)
        - <embedding srcpkg> <status> (<sort>; bug #<number>)
        NOTE: optional comments about the linkage of the embedding srcpkg

status: version number fixing the embedded copy, <unfixed>, <removed>,
        <itp> or <unknown> if the version number can not be determined
        <unfixable> for unavoidable cases (e.g., forks that add real value)
sort: static (linking statically against a lib)
      embed (embedding a copy of the library into another source package)
      fork (the package is not just embedding code but it is a fork and
            thus might share parts of the source code)
      old-version (the package is an older version of essentially
                   the same code)

The srcpkg might be some string to identify the code if there is no
specific source package.

Everything up to the next line is ignored.
---BEGIN
xpdf (some srcpkgs use xpdf2 code, some xpdf3 code)
        NOTE: Fixed packages link to poppler library unless otherwise noted
        - gpdf <removed>
        [sarge] - gpdf <unfixed>
        NOTE: has been replaced by evince in etch
        - pdftohtml <unknown>
        [sarge] - pdftohtml <unfixed>
        [etch] - pdftohtml <unfixed>
        NOTE: has been replaced by poppler-utils
        - kdegraphics <unfixed> (embed; bug #436164)
        NOTE: the kpdf replacement in KDE 4 is using poppler
        - tetex-bin 3.0-12 (embed)
        - texlive-bin 2007-1 (embed)
        NOTE: links to poppler
        - koffice <unfixed> (embed; bug #436163)
        - libextractor 0.5.12-1 (embed)
        NOTE: libextractor is using its own pdf decoder now
        - libextractor 0.5.12-1 (embed)
        - pdfkit.framework 0.8-4 (embed)
        - ipe <unfixed> (embed)
        NOTE: embeds small parts with renamed source files: ipestdfonts.cpp, ipefonts.cpp, ipedct.cpp
        - ruby-gnome2 <unknown> (embed)
        NOTE: copy only present in source but links to poppler

ppmd
        - libcomplearn-mod-ppmd <unfixed> (embed; bug #458152)

peercast
        - gnome-peercast <unfixed> (embed)
        NOTE: gnome-peercast may better be removed, see #466539

silc-toolkit
        - silc-client 1.1~beta6-1 (embed)

dietlibc
        - ccontrol 0.9.1+20071204-1 (static)

libiax
        - iaxmodem <unfixed> (embed)

zlib (lots of apps embed a copy, but link dynamically, but there are a few exceptions)
        - dpkg <unfixed> (embed)
        NOTE: see 18196.48620.491996.624772@davenant.relativity.greenend.org.uk on debian-devel for discussion
        - rsync <unfixed> (embed)
        NOTE: somehow derived code base
        - mono <unfixed> (embed)
        TODO: check mozilla
        - Linux kernels <unfixed> (embed)
        - pvpgn 1.7.8-2 (embed)
        - mrtg 2.12.2-1 (embed)
        - rpm <unknown> (embed)
        NOTE: pinged anibal since when rpm was fixed

libbz2
        - dpkg <unfixed> (static)

ekg
        - centericq <unfixed> (embed)
        - gaim <unfixed> (embed)
        - pigdin <unfixed> (embed)(links dynamically against libgadu)
        - kopete 4:3.3.2-5 (embed)
        - kadu <unfixed> (embed)
        - gadu <unfixed> (embed)
        NOTE: g/kadu not packaged in Debian yet

xmlrpc (which package is the "origin" of this code?)
        - drupal <unfixed> (embed)
        - phpgroupware <unfixed> (embed)
        - egroupware <unfixed> (embed)
        - phpwiki (embed)
        - php4 <unfixed> (embed)
        TODO: check, php-pear, IIRC this was reorganized some weeks ago?

shtool (affects build-time only)
        - mysql-ocaml <unfixed> (embed)
        - php4 <unfixed> (embed)

mozilla source code
        - mozilla-firefox <unfixed> (embed)
        - mozilla-thunderbird
        - firefox <removed>
        [etch] - firefox <unfixed> (embed)
        - thunderbird <removed>
        [etch] - thunderbird <unfixed> (embed)
        - iceweasel <unfixed> (embed)
        - iceape <unfixed> (embed)
        - icedove <unfixed> (embed)
        - xulrunner <unfixed> (embed)
        - nvu <removed> (embed)

xli
        - xloadimage <unfixed> (embed)

lesstif (beware: two different lesstif APIs supported in one package, MOTIF 1.2 discarded upstream)
        - openmotif <unfixed> (embed)
        - xfree86/xorg <unfixed> (embed)
        NOTE: in libxpm

kerberized apps with BSD origin
        - krb4 <unfixed> (embed)
        - krb5 <unfixed> (embed)
        - heimdal <unfixed> (embed)

grip (which pkg is the origin?)
        - libcdaudio
        - grip
        - gnome-vfs
        TODO: check vfs2 as well

fudforum
        - phpgroupware-fudforum <unfixed> (embed)
        - egroupware-fudforum <removed>
        [sarge] - egroupware-fudforum <unfixed> (embed)

cvs
        - gcvs <unfixed> (embed)
        NOTE: see cvsunix/src in tarball

pcre
        - python* <unfixed> (embed)
        - php4 <unknown> (embed)
        - analog 2:5.23-0woody1 (embed)
        - libgoffice-1 <unfixed> (embed)
        - vfu 4.06-4.1 (embed; bug #450754)
        - tf5 5.0beta7-1 (embed)
        - monotone <unfixed> (embed)
        NOTE: this only affects versions >= 0.37
        - glib <unfixed> (embed)
        NOTE: 2.14 series for gregex support, only for udeb, regular packag links dynamic
        - apache2 2.0.53-4 (embed)
        - exim4 4.10-0.srh20.12 (embed)
        - yacas <unfixed> (embed)
        NOTE: <= 1.0.x; is using pcre to scan text, can execute shell commands via the syntax anyway
        - gtamsanalyzer.app 0.42-5 (embed)

tiff
        - wxpythongtk <unfixed> (embed)
        TODO: check, which debian pkg this is in

uudeview
        - libconvert-uulib-perl <unfixed> (embed)

sqlite (not affected by security vulnerabilities so far)
        - amarok <unfixed> (embed)
        - monotone <unfixed> (embed)
        - iceweasel <unfixed> (embed)

util-linux/mount
        - loop-aes-utils <unfixed> (embed)
        NOTE: contains code from util-linux' mount in the mount-aes-udeb

webmin
        - usermin <unknown> (embed)
        [sarge] - usermin <unfixed> (embed)

sylpheed
        - sylpheed-claws <unfixed> (fork)

phpsysinfo
        - egroupware <unfixed> (embed)
        - phpgroupware <unfixed> (embed)

phpldapadmin
        [sarge] - egroupware <unfixed> (embed)
        NOTE: removed from egroupware after sarge

chmlib
        - kchmviewer <unknown> (embed)

libavcodec/libavformat (source: ffmpeg)
        - mplayer <unfixed> (embed; bug #395252)
        - xvidcap <unfixed> (embed)
        - kino <unfixed> (static)
        - vlc <unfixed> (static)
        - smilutils <unfixed> (static)
        - motion <unfixed> (static)
        - gst-ffmpeg <unfixed> (embed)
        - gstreamer0.10-ffmpeg <unfixed> (embed)
        - xmovie <unfixed>
        TODO: gimp-gap (potentially using ffmpeg code as well)

mad MPEG decoding lib
        - mad <unfixed> (embed)
        - xine-lib <unfixed> (embed)

libdts
        - xine-lib <unfixed> (embed)

flac
        - xine-lib <unfixed> (embed)

liba52
        - a52dec <unfixed> (embed)
        - xine-lib <unfixed> (embed)

libmpeg2
        - mpeg2dec <unfixed> (embed)
        - xine-lib <unfixed> (embed)

curl
        - wget <unfixed> (embed)
        NOTE: code for NTLM authentication

uw-imap
        - pine <unfixed> (embed)
        - alpine <unfixed> (embed)

imagemagick
        - graphicsmagick <unfixed> (fork)

halibut
        - nsis <unfixed> (embed)

libghttp
        - hotway <unfixed> (embed)

libsndfile
        - ardour <unfixed> (embed)

glibmm2.4
        - ardour <unfixed> (embed)

libgnomecanvasmm2.6
        - ardour <unfixed> (embed)

libsigc++-2.0
        - ardour <unfixed> (embed)

soundtouch
        - ardour <unfixed> (embed)

libmms
        - xine-lib <unfixed> (embed)
        - mimms <unfixed> (embed)

fckeditor
        - knowledgeroot 0.9.8.5-3 (embed; bug #461555)
        - moin <unfixed> (embed; bug #452599)
        - karrigell <unfixed> (embed; bug #452598)
        - gforge-plugins-extra 4.6.99+svn6225-1 (embed)

ipatlas (not packaged in Debian)
        - moodle <unfixed> (embed)

libphp-phpmailer
        - moodle <unfixed> (embed)

htmlArea (not packaged in Debian)
        - moodle <unfixed> (embed)

giflib:
        - wine <unfixed> (embed; bug #466181)

bennu (not packaged in Debian)
        - moodle <unfixed> (embed)

smarty:
        - moodle <unfixed> (embed; bug #471158)
        - gallery2 <unfixed> (embed; bug #471160)
        - mahara 0.9.2-2 (embed; bug #471201)
        - gosa 2.4beta1-1 (embed; bug #471200)

TinyMCE
        - wordpress <unfixed> (embed)
        - moodle <unfixed> (embed)
        - knowledgeroot <unfixed> (embed)
        - joomla <itp> (bug #326398)

scintilla
        - scite <unfixed> (embed)
        - qscintilla <unfixed> (embed)
        - qscintilla2 <unfixed> (embed)
        - geany <unfixed> (embed)

libphp-adodb
        - moodle <unfixed> (embed)
        NOTE: also AdoDB-XML Schema
        - gallery2 <unfixed> (embed)
        - phppgadmin <unfixed> (embed)
        - egroupware <unfixed> (embed)
        - phpwiki <unfixed> (embed)
        - ipplan <unfixed> (embed)
        - typo3 <unfixed> (embed)
        - moodle <unfixed> (embed)
        - cacti <unknown> (embed)
        [sarge] - cacti <unfixed> (embed)
        NOTE: dependency exists, but internal version is used

gzip
        - linux-kernel <unfixed> (embed)
        NOTE: lib/inflate.c
        - klibc <unfixed> (embed)
        NOTE: based on linux-kernel gzip code
        - busybox <unfixed> (embed)

neon
        - cadaver <unfixed> (embed; bug #188381)
        - gnome-vfs2 <unfixed> (embed; bug #395874)
        - litmus <unfixed> (embed; #395875)
        [sarge] - screem <unfixed> (embed)
        - sitecopy <unfixed> (embed; bug #395876)
        [etch] - tla <unfixed> (embed; bug #395877)
        [sarge] - tla <unfixed> (embed; bug #395877)

libmodplug
        - gst-plugins-bad0.10 <unfixed> (embed)

libvncserver
        - vino <unfixed> (embed)

putty
        - filezilla <unfixed> (embed)

tinyxml (not packaged in Debian)
        - filezilla <unfixed>

gv
        - evince <unfixed> (embed)
        NOTE: ps/ tree from gv 3.5.8
        - evince-gtk <unfixed> (embed)
        NOTE: not packaged in Debian

libXbae
        [etch] - libpawlib2-lesstif <unfixed> (embed)
        NOTE: from Cernlib

libXaw
        [etch] - libpawlib2-lesstif
        NOTE: from Cernlib
        NOTE: I plan to deal with the above two cases after Etch release. -- KevinMcCarty

libgd2
        - graphviz <unfixed> (embed)
        NOTE: lib/gd seems to be 2.0.33
        - wml <unfixed> (embed)
        NOTE: derived from gd 1.6.3

rar
        - unrar-nonfree <unfixed> (embed)

unrar-free (maybe this code is derived from the original rar, too?)
        - clamav <unfixed> (embed)
        NOTE: seems to be disabled in default config

mplayer (DirectMedia Object loader)
        - xine-lib <unfixed> (embed)
        NOTE: src/libw32dll/
        - vlc <unfixed> (embed)
        NOTE: modules/codec/dmo/

libwpd (WordPerfect converter)
        - openoffice.org <unfixed> (embed)

fsplib (http://sourceforge.net/projects/fsp/)
        - gftp <unfixed> (embed)
        NOTE: lib/fsplib version 0.3

librpcsecgss
        - krb5 <unfixed> (embed)

jasper
        - ghostscript <unfixed> (embed)
        - gs-gpl <unfixed> (embed)

libidn
        - monotone <unfixed> (embed)

liblua
        - monotone <unfixed> (embed)

libbotan
        - montone <unfixed> (embed)

NetXX
        - monotone <unfixed> (embed)

libgc
        - mono <unfixed> (embed)

lzma
        - p7zip <unfixed> (embed)

lzo
        - grub2 <unfixed> (embed)

yassl
        - mysql-dfsg-5.0 <unfixed> (embed)

pax code
        - tar <unfixed> (embed)
        - cpio <unfixed> (embed)

t1lib
        - tetex-bin 2.0.2-1 (embed)
        - texlive-bin <unknown> (embed)

guichan
        - boswars <unfixed> (embed)
        NOTE: maintainer notified us, working on it

tolua
        - boswars <unfixed> (embed)
        NOTE: maintainer notified us, working on it

asio-dev
        - luxrender <unfixed> (embed)
        NOTE: maintainer notified us, working on it
        NOTE: may be merged with boost "soon"

xine-lib
        - vlc <unfixed> (embed)
        NOTE: only parts included in modules/access/rtsp

netpbm
        - tcl8.3 <unfixed> (embed)
        - tcl8.4 <unfixed> (embed)
        - tcl8.5 <unfixed> (embed)
        NOTE: generic/tkImgGIF.c

tk8.5
        - tk8.0 <removed> (old-version)
        - tk8.3 <unfixed> (old-version)
        - tk8.4 <unfixed> (old-version)
        - perl-tk <unfixable> (fork)

samba
        - mc <unfixed> (embed)
        NOTE: maintainer is aware of this, currently searching a solution

plib1.8.4c2
        - boson <unfixed> (fork)
        NOTE: embedding the font pieces of plib, based on the header file it is forked, contains "Added by AB for boson." and similar

fribidi
        - quesoglc <unfixed> (embed)

glew
        - quesoglc <unfixed> (embed)

minorGems
        - transcend <unfixed> (embed)
        - cultivation <unfixed> (embed)
1	Embedded code copies
2	====================
3
4	This file collects source packages that embed code from other projects.
5	This is considered bad for fixing security flaws because the fix needs
6	to be applied in multiple source packages.
7
8	Format:
9	<srcpkg> (<optional comment about srcpkg>)
10	- <embedding srcpkg> <status> (<sort>; bug #<number>)
11	NOTE: optional comments about the linkage of the embedding srcpkg
12
13	status: version number fixing the embedded copy, <unfixed>, <removed>,
14	<itp> or <unknown> if the version number can not be determined
15	<unfixable> for unavoidable cases (e.g., forks that add real value)
16	sort: static (linking statically against a lib)
17	embed (embedding a copy of the library into another source package)
18	fork (the package is not just embedding code but it is a fork and
19	thus might share parts of the source code)
20	old-version (the package is an older version of essentially
21	the same code)
22
23	The srcpkg might be some string to identify the code if there is no
24	specific source package.
25
26	Everything up to the next line is ignored.
27	---BEGIN
28	xpdf (some srcpkgs use xpdf2 code, some xpdf3 code)
29	NOTE: Fixed packages link to poppler library unless otherwise noted
30	- gpdf <removed>
31	[sarge] - gpdf <unfixed>
32	NOTE: has been replaced by evince in etch
33	- pdftohtml <unknown>
34	[sarge] - pdftohtml <unfixed>
35	[etch] - pdftohtml <unfixed>
36	NOTE: has been replaced by poppler-utils
37	- kdegraphics <unfixed> (embed; bug #436164)
38	NOTE: the kpdf replacement in KDE 4 is using poppler
39	- tetex-bin 3.0-12 (embed)
40	- texlive-bin 2007-1 (embed)
41	NOTE: links to poppler
42	- koffice <unfixed> (embed; bug #436163)
43	- libextractor 0.5.12-1 (embed)
44	NOTE: libextractor is using its own pdf decoder now
45	- libextractor 0.5.12-1 (embed)
46	- pdfkit.framework 0.8-4 (embed)
47	- ipe <unfixed> (embed)
48	NOTE: embeds small parts with renamed source files: ipestdfonts.cpp, ipefonts.cpp, ipedct.cpp
49	- ruby-gnome2 <unknown> (embed)
50	NOTE: copy only present in source but links to poppler
51
52	ppmd
53	- libcomplearn-mod-ppmd <unfixed> (embed; bug #458152)
54
55	peercast
56	- gnome-peercast <unfixed> (embed)
57	NOTE: gnome-peercast may better be removed, see #466539
58
59	silc-toolkit
60	- silc-client 1.1~beta6-1 (embed)
61
62	dietlibc
63	- ccontrol 0.9.1+20071204-1 (static)
64
65	libiax
66	- iaxmodem <unfixed> (embed)
67
68	zlib (lots of apps embed a copy, but link dynamically, but there are a few exceptions)
69	- dpkg <unfixed> (embed)
70	NOTE: see 18196.48620.491996.624772@davenant.relativity.greenend.org.uk on debian-devel for discussion
71	- rsync <unfixed> (embed)
72	NOTE: somehow derived code base
73	- mono <unfixed> (embed)
74	TODO: check mozilla
75	- Linux kernels <unfixed> (embed)
76	- pvpgn 1.7.8-2 (embed)
77	- mrtg 2.12.2-1 (embed)
78	- rpm <unknown> (embed)
79	NOTE: pinged anibal since when rpm was fixed
80
81	libbz2
82	- dpkg <unfixed> (static)
83
84	ekg
85	- centericq <unfixed> (embed)
86	- gaim <unfixed> (embed)
87	- pigdin <unfixed> (embed)(links dynamically against libgadu)
88	- kopete 4:3.3.2-5 (embed)
89	- kadu <unfixed> (embed)
90	- gadu <unfixed> (embed)
91	NOTE: g/kadu not packaged in Debian yet
92
93	xmlrpc (which package is the "origin" of this code?)
94	- drupal <unfixed> (embed)
95	- phpgroupware <unfixed> (embed)
96	- egroupware <unfixed> (embed)
97	- phpwiki (embed)
98	- php4 <unfixed> (embed)
99	TODO: check, php-pear, IIRC this was reorganized some weeks ago?
100
101	shtool (affects build-time only)
102	- mysql-ocaml <unfixed> (embed)
103	- php4 <unfixed> (embed)
104
105	mozilla source code
106	- mozilla-firefox <unfixed> (embed)
107	- mozilla-thunderbird
108	- firefox <removed>
109	[etch] - firefox <unfixed> (embed)
110	- thunderbird <removed>
111	[etch] - thunderbird <unfixed> (embed)
112	- iceweasel <unfixed> (embed)
113	- iceape <unfixed> (embed)
114	- icedove <unfixed> (embed)
115	- xulrunner <unfixed> (embed)
116	- nvu <removed> (embed)
117
118	xli
119	- xloadimage <unfixed> (embed)
120
121	lesstif (beware: two different lesstif APIs supported in one package, MOTIF 1.2 discarded upstream)
122	- openmotif <unfixed> (embed)
123	- xfree86/xorg <unfixed> (embed)
124	NOTE: in libxpm
125
126	kerberized apps with BSD origin
127	- krb4 <unfixed> (embed)
128	- krb5 <unfixed> (embed)
129	- heimdal <unfixed> (embed)
130
131	grip (which pkg is the origin?)
132	- libcdaudio
133	- grip
134	- gnome-vfs
135	TODO: check vfs2 as well
136
137	fudforum
138	- phpgroupware-fudforum <unfixed> (embed)
139	- egroupware-fudforum <removed>
140	[sarge] - egroupware-fudforum <unfixed> (embed)
141
142	cvs
143	- gcvs <unfixed> (embed)
144	NOTE: see cvsunix/src in tarball
145
146	pcre
147	- python* <unfixed> (embed)
148	- php4 <unknown> (embed)
149	- analog 2:5.23-0woody1 (embed)
150	- libgoffice-1 <unfixed> (embed)
151	- vfu 4.06-4.1 (embed; bug #450754)
152	- tf5 5.0beta7-1 (embed)
153	- monotone <unfixed> (embed)
154	NOTE: this only affects versions >= 0.37
155	- glib <unfixed> (embed)
156	NOTE: 2.14 series for gregex support, only for udeb, regular packag links dynamic
157	- apache2 2.0.53-4 (embed)
158	- exim4 4.10-0.srh20.12 (embed)
159	- yacas <unfixed> (embed)
160	NOTE: <= 1.0.x; is using pcre to scan text, can execute shell commands via the syntax anyway
161	- gtamsanalyzer.app 0.42-5 (embed)
162
163	tiff
164	- wxpythongtk <unfixed> (embed)
165	TODO: check, which debian pkg this is in
166
167	uudeview
168	- libconvert-uulib-perl <unfixed> (embed)
169
170	sqlite (not affected by security vulnerabilities so far)
171	- amarok <unfixed> (embed)
172	- monotone <unfixed> (embed)
173	- iceweasel <unfixed> (embed)
174
175	util-linux/mount
176	- loop-aes-utils <unfixed> (embed)
177	NOTE: contains code from util-linux' mount in the mount-aes-udeb
178
179	webmin
180	- usermin <unknown> (embed)
181	[sarge] - usermin <unfixed> (embed)
182
183	sylpheed
184	- sylpheed-claws <unfixed> (fork)
185
186	phpsysinfo
187	- egroupware <unfixed> (embed)
188	- phpgroupware <unfixed> (embed)
189
190	phpldapadmin
191	[sarge] - egroupware <unfixed> (embed)
192	NOTE: removed from egroupware after sarge
193
194	chmlib
195	- kchmviewer <unknown> (embed)
196
197	libavcodec/libavformat (source: ffmpeg)
198	- mplayer <unfixed> (embed; bug #395252)
199	- xvidcap <unfixed> (embed)
200	- kino <unfixed> (static)
201	- vlc <unfixed> (static)
202	- smilutils <unfixed> (static)
203	- motion <unfixed> (static)
204	- gst-ffmpeg <unfixed> (embed)
205	- gstreamer0.10-ffmpeg <unfixed> (embed)
206	- xmovie <unfixed>
207	TODO: gimp-gap (potentially using ffmpeg code as well)
208
209	mad MPEG decoding lib
210	- mad <unfixed> (embed)
211	- xine-lib <unfixed> (embed)
212
213	libdts
214	- xine-lib <unfixed> (embed)
215
216	flac
217	- xine-lib <unfixed> (embed)
218
219	liba52
220	- a52dec <unfixed> (embed)
221	- xine-lib <unfixed> (embed)
222
223	libmpeg2
224	- mpeg2dec <unfixed> (embed)
225	- xine-lib <unfixed> (embed)
226
227	curl
228	- wget <unfixed> (embed)
229	NOTE: code for NTLM authentication
230
231	uw-imap
232	- pine <unfixed> (embed)
233	- alpine <unfixed> (embed)
234
235	imagemagick
236	- graphicsmagick <unfixed> (fork)
237
238	halibut
239	- nsis <unfixed> (embed)
240
241	libghttp
242	- hotway <unfixed> (embed)
243
244	libsndfile
245	- ardour <unfixed> (embed)
246
247	glibmm2.4
248	- ardour <unfixed> (embed)
249
250	libgnomecanvasmm2.6
251	- ardour <unfixed> (embed)
252
253	libsigc++-2.0
254	- ardour <unfixed> (embed)
255
256	soundtouch
257	- ardour <unfixed> (embed)
258
259	libmms
260	- xine-lib <unfixed> (embed)
261	- mimms <unfixed> (embed)
262
263	fckeditor
264	- knowledgeroot 0.9.8.5-3 (embed; bug #461555)
265	- moin <unfixed> (embed; bug #452599)
266	- karrigell <unfixed> (embed; bug #452598)
267	- gforge-plugins-extra 4.6.99+svn6225-1 (embed)
268
269	ipatlas (not packaged in Debian)
270	- moodle <unfixed> (embed)
271
272	libphp-phpmailer
273	- moodle <unfixed> (embed)
274
275	htmlArea (not packaged in Debian)
276	- moodle <unfixed> (embed)
277
278	giflib:
279	- wine <unfixed> (embed; bug #466181)
280
281	bennu (not packaged in Debian)
282	- moodle <unfixed> (embed)
283
284	smarty:
285	- moodle <unfixed> (embed; bug #471158)
286	- gallery2 <unfixed> (embed; bug #471160)
287	- mahara 0.9.2-2 (embed; bug #471201)
288	- gosa 2.4beta1-1 (embed; bug #471200)
289
290	TinyMCE
291	- wordpress <unfixed> (embed)
292	- moodle <unfixed> (embed)
293	- knowledgeroot <unfixed> (embed)
294	- joomla <itp> (bug #326398)
295
296	scintilla
297	- scite <unfixed> (embed)
298	- qscintilla <unfixed> (embed)
299	- qscintilla2 <unfixed> (embed)
300	- geany <unfixed> (embed)
301
302	libphp-adodb
303	- moodle <unfixed> (embed)
304	NOTE: also AdoDB-XML Schema
305	- gallery2 <unfixed> (embed)
306	- phppgadmin <unfixed> (embed)
307	- egroupware <unfixed> (embed)
308	- phpwiki <unfixed> (embed)
309	- ipplan <unfixed> (embed)
310	- typo3 <unfixed> (embed)
311	- moodle <unfixed> (embed)
312	- cacti <unknown> (embed)
313	[sarge] - cacti <unfixed> (embed)
314	NOTE: dependency exists, but internal version is used
315
316	gzip
317	- linux-kernel <unfixed> (embed)
318	NOTE: lib/inflate.c
319	- klibc <unfixed> (embed)
320	NOTE: based on linux-kernel gzip code
321	- busybox <unfixed> (embed)
322
323	neon
324	- cadaver <unfixed> (embed; bug #188381)
325	- gnome-vfs2 <unfixed> (embed; bug #395874)
326	- litmus <unfixed> (embed; #395875)
327	[sarge] - screem <unfixed> (embed)
328	- sitecopy <unfixed> (embed; bug #395876)
329	[etch] - tla <unfixed> (embed; bug #395877)
330	[sarge] - tla <unfixed> (embed; bug #395877)
331
332	libmodplug
333	- gst-plugins-bad0.10 <unfixed> (embed)
334
335	libvncserver
336	- vino <unfixed> (embed)
337
338	putty
339	- filezilla <unfixed> (embed)
340
341	tinyxml (not packaged in Debian)
342	- filezilla <unfixed>
343
344	gv
345	- evince <unfixed> (embed)
346	NOTE: ps/ tree from gv 3.5.8
347	- evince-gtk <unfixed> (embed)
348	NOTE: not packaged in Debian
349
350	libXbae
351	[etch] - libpawlib2-lesstif <unfixed> (embed)
352	NOTE: from Cernlib
353
354	libXaw
355	[etch] - libpawlib2-lesstif
356	NOTE: from Cernlib
357	NOTE: I plan to deal with the above two cases after Etch release. -- KevinMcCarty
358
359	libgd2
360	- graphviz <unfixed> (embed)
361	NOTE: lib/gd seems to be 2.0.33
362	- wml <unfixed> (embed)
363	NOTE: derived from gd 1.6.3
364
365	rar
366	- unrar-nonfree <unfixed> (embed)
367
368	unrar-free (maybe this code is derived from the original rar, too?)
369	- clamav <unfixed> (embed)
370	NOTE: seems to be disabled in default config
371
372	mplayer (DirectMedia Object loader)
373	- xine-lib <unfixed> (embed)
374	NOTE: src/libw32dll/
375	- vlc <unfixed> (embed)
376	NOTE: modules/codec/dmo/
377
378	libwpd (WordPerfect converter)
379	- openoffice.org <unfixed> (embed)
380
381	fsplib (http://sourceforge.net/projects/fsp/)
382	- gftp <unfixed> (embed)
383	NOTE: lib/fsplib version 0.3
384
385	librpcsecgss
386	- krb5 <unfixed> (embed)
387
388	jasper
389	- ghostscript <unfixed> (embed)
390	- gs-gpl <unfixed> (embed)
391
392	libidn
393	- monotone <unfixed> (embed)
394
395	liblua
396	- monotone <unfixed> (embed)
397
398	libbotan
399	- montone <unfixed> (embed)
400
401	NetXX
402	- monotone <unfixed> (embed)
403
404	libgc
405	- mono <unfixed> (embed)
406
407	lzma
408	- p7zip <unfixed> (embed)
409
410	lzo
411	- grub2 <unfixed> (embed)
412
413	yassl
414	- mysql-dfsg-5.0 <unfixed> (embed)
415
416	pax code
417	- tar <unfixed> (embed)
418	- cpio <unfixed> (embed)
419
420	t1lib
421	- tetex-bin 2.0.2-1 (embed)
422	- texlive-bin <unknown> (embed)
423
424	guichan
425	- boswars <unfixed> (embed)
426	NOTE: maintainer notified us, working on it
427
428	tolua
429	- boswars <unfixed> (embed)
430	NOTE: maintainer notified us, working on it
431
432	asio-dev
433	- luxrender <unfixed> (embed)
434	NOTE: maintainer notified us, working on it
435	NOTE: may be merged with boost "soon"
436
437	xine-lib
438	- vlc <unfixed> (embed)
439	NOTE: only parts included in modules/access/rtsp
440
441	netpbm
442	- tcl8.3 <unfixed> (embed)
443	- tcl8.4 <unfixed> (embed)
444	- tcl8.5 <unfixed> (embed)
445	NOTE: generic/tkImgGIF.c
446
447	tk8.5
448	- tk8.0 <removed> (old-version)
449	- tk8.3 <unfixed> (old-version)
450	- tk8.4 <unfixed> (old-version)
451	- perl-tk <unfixable> (fork)
452
453	samba
454	- mc <unfixed> (embed)
455	NOTE: maintainer is aware of this, currently searching a solution
456
457	plib1.8.4c2
458	- boson <unfixed> (fork)
459	NOTE: embedding the font pieces of plib, based on the header file it is forked, contains "Added by AB for boson." and similar
460
461	fribidi
462	- quesoglc <unfixed> (embed)
463
464	glew
465	- quesoglc <unfixed> (embed)
466
467	minorGems
468	- transcend <unfixed> (embed)
469	- cultivation <unfixed> (embed)