Contents of /data/embedded-code-copies

Embedded code copies
====================

This file collects source packages that embed code from other projects.
This is considered bad for fixing security flaws because the fix needs
to be applied in multiple source packages.

Format:
<srcpkg> (<optional comment about srcpkg>)
        - <embedding srcpkg> <status> (<sort>; bug #<number>)
        NOTE: optional comments about the linkage of the embedding srcpkg

status: version number fixing the embedded copy, <unfixed>, <removed>,
        <itp> or <unknown> if the version number can not be determined
        <unfixable> for unavoidable cases (e.g., forks that add real value)
sort: static (linking statically against a lib)
      embed (embedding a copy of the library into another source package)
      fork (the package is not just embedding code but it is a fork and
            thus might share parts of the source code)
      old-version (the package is an older version of essentially
                   the same code)

The srcpkg might be some string to identify the code if there is no
specific source package.

Everything up to the next line is ignored.
---BEGIN
xpdf (some srcpkgs use xpdf2 code, some xpdf3 code)
        NOTE: Fixed packages link to poppler library unless otherwise noted
        - gpdf <removed>
        [sarge] - gpdf <unfixed>
        NOTE: has been replaced by evince in etch
        - pdftohtml <unknown>
        [sarge] - pdftohtml <unfixed>
        [etch] - pdftohtml <unfixed>
        NOTE: has been replaced by poppler-utils
        - kdegraphics <unfixed> (embed; bug #436164)
        NOTE: the kpdf replacement in KDE 4 is using poppler
        - tetex-bin 3.0-12 (embed)
        - texlive-bin 2007-1 (embed)
        NOTE: links to poppler
        - koffice <unfixed> (embed; bug #436163)
        - libextractor 0.5.12-1 (embed)
        NOTE: libextractor is using its own pdf decoder now
        - libextractor 0.5.12-1 (embed)
        - pdfkit.framework 0.8-4 (embed)
        - ipe <unfixed> (embed)
        NOTE: embeds small parts with renamed source files: ipestdfonts.cpp, ipefonts.cpp, ipedct.cpp
        - ruby-gnome2 <unknown> (embed)
        NOTE: copy only present in source but links to poppler

ppmd
        - libcomplearn-mod-ppmd <unfixed> (embed; bug #458152)

peercast
        - gnome-peercast <unfixed> (embed)
        NOTE: gnome-peercast may better be removed, see #466539

silc-toolkit
        - silc-client 1.1~beta6-1 (embed)

dietlibc
        - ccontrol 0.9.1+20071204-1 (static)

libiax
        - iaxmodem <unfixed> (embed)

zlib (lots of apps embed a copy, but link dynamically, but there are a few exceptions)
        - dpkg <unfixed> (embed)
        NOTE: see 18196.48620.491996.624772@davenant.relativity.greenend.org.uk on debian-devel for discussion
        - rsync <unfixed> (embed)
        NOTE: somehow derived code base
        - mono <unfixed> (embed)
        TODO: check mozilla
        - Linux kernels <unfixed> (embed)
        - pvpgn 1.7.8-2 (embed)
        - mrtg 2.12.2-1 (embed)
        - rpm <unknown> (embed)
        NOTE: pinged anibal since when rpm was fixed

libbz2
        - dpkg <unfixed> (static)

ekg
        - centericq <unfixed> (embed)
        - gaim <unfixed> (embed)
        - pigdin <unfixed> (embed)(links dynamically against libgadu)
        - kopete 4:3.3.2-5 (embed)
        - kadu <unfixed> (embed)
        - gadu <unfixed> (embed)
        NOTE: g/kadu not packaged in Debian yet

xmlrpc (which package is the "origin" of this code?)
        - drupal <unfixed> (embed)
        - phpgroupware <unfixed> (embed)
        - egroupware <unfixed> (embed)
        - phpwiki (embed)
        - php4 <unfixed> (embed)
        TODO: check, php-pear, IIRC this was reorganized some weeks ago?

shtool (affects build-time only)
        - mysql-ocaml <unfixed> (embed)
        - php4 <unfixed> (embed)

mozilla source code
        - mozilla-firefox <unfixed> (embed)
        - mozilla-thunderbird
        - firefox <removed>
        [etch] - firefox <unfixed> (embed)
        - thunderbird <removed>
        [etch] - thunderbird <unfixed> (embed)
        - iceweasel <unfixed> (embed)
        - iceape <unfixed> (embed)
        - icedove <unfixed> (embed)
        - xulrunner <unfixed> (embed)
        - nvu <removed> (embed)

xli
        - xloadimage <unfixed> (embed)

lesstif (beware: two different lesstif APIs supported in one package, MOTIF 1.2 discarded upstream)
        - openmotif <unfixed> (embed)
        - xfree86/xorg <unfixed> (embed)
        NOTE: in libxpm

kerberized apps with BSD origin
        - krb4 <unfixed> (embed)
        - krb5 <unfixed> (embed)
        - heimdal <unfixed> (embed)

grip (which pkg is the origin?)
        - libcdaudio
        - grip
        - gnome-vfs
        TODO: check vfs2 as well

fudforum
        - phpgroupware-fudforum <unfixed> (embed)
        - egroupware-fudforum <removed>
        [sarge] - egroupware-fudforum <unfixed> (embed)

cvs
        - gcvs <unfixed> (embed)
        NOTE: see cvsunix/src in tarball

pcre
        - python* <unfixed> (embed)
        - php4 <unknown> (embed)
        - analog 2:5.23-0woody1 (embed)
        - libgoffice-1 <unfixed> (embed)
        - vfu 4.06-4.1 (embed; bug #450754)
        - tf5 5.0beta7-1 (embed)
        - monotone <unfixed> (embed)
        NOTE: this only affects versions >= 0.37
        - glib <unfixed> (embed)
        NOTE: 2.14 series for gregex support, only for udeb, regular packag links dynamic
        - apache2 2.0.53-4 (embed)
        - exim4 4.10-0.srh20.12 (embed)
        - yacas <unfixed> (embed)
        NOTE: <= 1.0.x; is using pcre to scan text, can execute shell commands via the syntax anyway
        - gtamsanalyzer.app 0.42-5 (embed)
        - tin <unknown> (embed)

tiff
        - wxpythongtk <unfixed> (embed)
        TODO: check, which debian pkg this is in

uudeview
        - libconvert-uulib-perl <unfixed> (embed)

sqlite (not affected by security vulnerabilities so far)
        - amarok <unfixed> (embed)
        - monotone <unfixed> (embed)
        - iceweasel <unfixed> (embed)

util-linux/mount
        - loop-aes-utils <unfixed> (embed)
        NOTE: contains code from util-linux' mount in the mount-aes-udeb

webmin
        - usermin <unknown> (embed)
        [sarge] - usermin <unfixed> (embed)

sylpheed
        - sylpheed-claws <unfixed> (fork)

phpsysinfo
        - egroupware <unfixed> (embed)
        - phpgroupware <unfixed> (embed)

phpldapadmin
        [sarge] - egroupware <unfixed> (embed)
        NOTE: removed from egroupware after sarge

chmlib
        - kchmviewer <unknown> (embed)

libavcodec/libavformat (source: ffmpeg)
        - mplayer <unfixed> (embed; bug #395252)
        - xvidcap <unfixed> (embed)
        - kino <unfixed> (static)
        - vlc <unfixed> (static)
        - smilutils <unfixed> (static)
        - motion <unfixed> (static)
        - gst-ffmpeg <unfixed> (embed)
        - gstreamer0.10-ffmpeg <unfixed> (embed)
        - xmovie <unfixed>
        TODO: gimp-gap (potentially using ffmpeg code as well)

mad MPEG decoding lib
        - mad <unfixed> (embed)
        - xine-lib <unfixed> (embed)

libdts
        - xine-lib <unfixed> (embed)

flac
        - xine-lib <unfixed> (embed)

liba52
        - a52dec <unfixed> (embed)
        - xine-lib <unfixed> (embed)

libmpeg2
        - mpeg2dec <unfixed> (embed)
        - xine-lib <unfixed> (embed)

curl
        - wget <unfixed> (embed)
        NOTE: code for NTLM authentication

uw-imap
        - pine <unfixed> (embed)
        - alpine <unfixed> (embed)

imagemagick
        - graphicsmagick <unfixed> (fork)

halibut
        - nsis <unfixed> (embed)

libghttp
        - hotway <unfixed> (embed)

libsndfile
        - ardour <unfixed> (embed)

glibmm2.4
        - ardour <unfixed> (embed)

libgnomecanvasmm2.6
        - ardour <unfixed> (embed)

libsigc++-2.0
        - ardour <unfixed> (embed)

soundtouch
        - ardour <unfixed> (embed)

libmms
        - xine-lib <unfixed> (embed)
        - mimms <unfixed> (embed)

fckeditor
        - knowledgeroot 0.9.8.5-3 (embed; bug #461555)
        - moin <unfixed> (embed; bug #452599)
        - karrigell <unfixed> (embed; bug #452598)
        - gforge-plugins-extra 4.6.99+svn6225-1 (embed)

ipatlas (not packaged in Debian)
        - moodle <unfixed> (embed)

libphp-phpmailer
        - moodle <unfixed> (embed)

htmlArea (not packaged in Debian)
        - moodle <unfixed> (embed)

giflib:
        - wine <unfixed> (embed; bug #466181)

bennu (not packaged in Debian)
        - moodle <unfixed> (embed)

smarty:
        - moodle <unfixed> (embed; bug #471158)
        - gallery2 <unfixed> (embed; bug #471160)
        - mahara 0.9.2-2 (embed; bug #471201)
        - gosa 2.4beta1-1 (embed; bug #471200)

TinyMCE
        - wordpress <unfixed> (embed)
        - moodle <unfixed> (embed)
        - knowledgeroot <unfixed> (embed)
        - joomla <itp> (bug #326398)

scintilla
        - scite <unfixed> (embed)
        - qscintilla <unfixed> (embed)
        - qscintilla2 <unfixed> (embed)
        - geany <unfixed> (embed)

libphp-adodb
        - moodle <unfixed> (embed)
        NOTE: also AdoDB-XML Schema
        - gallery2 <unfixed> (embed)
        - phppgadmin <unfixed> (embed)
        - egroupware <unfixed> (embed)
        - phpwiki <unfixed> (embed)
        - ipplan <unfixed> (embed)
        - typo3 <unfixed> (embed)
        - moodle <unfixed> (embed)
        - cacti <unknown> (embed)
        [sarge] - cacti <unfixed> (embed)
        NOTE: dependency exists, but internal version is used

gzip
        - linux-kernel <unfixed> (embed)
        NOTE: lib/inflate.c
        - klibc <unfixed> (embed)
        NOTE: based on linux-kernel gzip code
        - busybox <unfixed> (embed)

neon
        - cadaver <unfixed> (embed; bug #188381)
        - gnome-vfs2 <unfixed> (embed; bug #395874)
        - litmus <unfixed> (embed; #395875)
        [sarge] - screem <unfixed> (embed)
        - sitecopy <unfixed> (embed; bug #395876)
        [etch] - tla <unfixed> (embed; bug #395877)
        [sarge] - tla <unfixed> (embed; bug #395877)

libmodplug
        - gst-plugins-bad0.10 <unfixed> (embed)

libvncserver
        - vino <unfixed> (embed)

putty
        - filezilla <unfixed> (embed)

tinyxml (not packaged in Debian)
        - filezilla <unfixed>

gv
        - evince <unfixed> (embed)
        NOTE: ps/ tree from gv 3.5.8
        - evince-gtk <unfixed> (embed)
        NOTE: not packaged in Debian

libXbae
        [etch] - libpawlib2-lesstif <unfixed> (embed)
        NOTE: from Cernlib

libXaw
        [etch] - libpawlib2-lesstif
        NOTE: from Cernlib
        NOTE: I plan to deal with the above two cases after Etch release. -- KevinMcCarty

libgd2
        - graphviz <unfixed> (embed)
        NOTE: lib/gd seems to be 2.0.33
        - wml <unfixed> (embed)
        NOTE: derived from gd 1.6.3

rar
        - unrar-nonfree <unfixed> (embed)

unrar-free (maybe this code is derived from the original rar, too?)
        - clamav <unfixed> (embed)
        NOTE: seems to be disabled in default config

mplayer (DirectMedia Object loader)
        - xine-lib <unfixed> (embed)
        NOTE: src/libw32dll/
        - vlc <unfixed> (embed)
        NOTE: modules/codec/dmo/

libwpd (WordPerfect converter)
        - openoffice.org <unfixed> (embed)

fsplib (http://sourceforge.net/projects/fsp/)
        - gftp <unfixed> (embed)
        NOTE: lib/fsplib version 0.3

librpcsecgss
        - krb5 <unfixed> (embed)

jasper
        - ghostscript <unfixed> (embed)
        - gs-gpl <unfixed> (embed)

libidn
        - monotone <unfixed> (embed)

liblua
        - monotone <unfixed> (embed)

libbotan
        - montone <unfixed> (embed)

NetXX
        - monotone <unfixed> (embed)

libgc
        - mono <unfixed> (embed)

lzma
        - p7zip <unfixed> (embed)

lzo
        - grub2 <unfixed> (embed)

yassl
        - mysql-dfsg-5.0 <unfixed> (embed)

pax code
        - tar <unfixed> (embed)
        - cpio <unfixed> (embed)

t1lib
        - tetex-bin 2.0.2-1 (embed)
        - texlive-bin <unknown> (embed)

guichan
        - boswars <unfixed> (embed)
        NOTE: maintainer notified us, working on it

tolua
        - boswars <unfixed> (embed)
        NOTE: maintainer notified us, working on it

asio-dev
        - luxrender <unfixed> (embed)
        NOTE: maintainer notified us, working on it
        NOTE: may be merged with boost "soon"

xine-lib
        - vlc <unfixed> (embed)
        NOTE: only parts included in modules/access/rtsp

netpbm
        - tcl8.3 <unfixed> (embed)
        - tcl8.4 <unfixed> (embed)
        - tcl8.5 <unfixed> (embed)
        NOTE: generic/tkImgGIF.c

tk8.5
        - tk8.0 <removed> (old-version)
        - tk8.3 <unfixed> (old-version)
        - tk8.4 <unfixed> (old-version)
        - perl-tk <unfixable> (fork)

samba
        - mc <unfixed> (embed)
        NOTE: maintainer is aware of this, currently searching a solution

plib1.8.4c2
        - boson <unfixed> (fork)
        NOTE: embedding the font pieces of plib, based on the header file it is forked, contains "Added by AB for boson." and similar

fribidi
        - quesoglc <unfixed> (embed)

glew
        - quesoglc <unfixed> (embed)

minorGems
        - transcend <unfixed> (embed)
        - cultivation <unfixed> (embed)

libarchive
        - tar <unfixed> (embed)
        NOTE: FreeBSD tar (tar/bsdtar.c) in libarchive 1.2 and higher. libarchive ends up statically linked into bsdtar executable
        - cpio <unfixed> (embed)
        NOTE: cpio included in libarchive 2.2 and higher, but not compiled until libarchive 2.4.11-1 (as bsdcpio package)

1	Embedded code copies
2	====================
3
4	This file collects source packages that embed code from other projects.
5	This is considered bad for fixing security flaws because the fix needs
6	to be applied in multiple source packages.
7
8	Format:
9	<srcpkg> (<optional comment about srcpkg>)
10	- <embedding srcpkg> <status> (<sort>; bug #<number>)
11	NOTE: optional comments about the linkage of the embedding srcpkg
12
13	status: version number fixing the embedded copy, <unfixed>, <removed>,
14	<itp> or <unknown> if the version number can not be determined
15	<unfixable> for unavoidable cases (e.g., forks that add real value)
16	sort: static (linking statically against a lib)
17	embed (embedding a copy of the library into another source package)
18	fork (the package is not just embedding code but it is a fork and
19	thus might share parts of the source code)
20	old-version (the package is an older version of essentially
21	the same code)
22
23	The srcpkg might be some string to identify the code if there is no
24	specific source package.
25
26	Everything up to the next line is ignored.
27	---BEGIN
28	xpdf (some srcpkgs use xpdf2 code, some xpdf3 code)
29	NOTE: Fixed packages link to poppler library unless otherwise noted
30	- gpdf <removed>
31	[sarge] - gpdf <unfixed>
32	NOTE: has been replaced by evince in etch
33	- pdftohtml <unknown>
34	[sarge] - pdftohtml <unfixed>
35	[etch] - pdftohtml <unfixed>
36	NOTE: has been replaced by poppler-utils
37	- kdegraphics <unfixed> (embed; bug #436164)
38	NOTE: the kpdf replacement in KDE 4 is using poppler
39	- tetex-bin 3.0-12 (embed)
40	- texlive-bin 2007-1 (embed)
41	NOTE: links to poppler
42	- koffice <unfixed> (embed; bug #436163)
43	- libextractor 0.5.12-1 (embed)
44	NOTE: libextractor is using its own pdf decoder now
45	- libextractor 0.5.12-1 (embed)
46	- pdfkit.framework 0.8-4 (embed)
47	- ipe <unfixed> (embed)
48	NOTE: embeds small parts with renamed source files: ipestdfonts.cpp, ipefonts.cpp, ipedct.cpp
49	- ruby-gnome2 <unknown> (embed)
50	NOTE: copy only present in source but links to poppler
51
52	ppmd
53	- libcomplearn-mod-ppmd <unfixed> (embed; bug #458152)
54
55	peercast
56	- gnome-peercast <unfixed> (embed)
57	NOTE: gnome-peercast may better be removed, see #466539
58
59	silc-toolkit
60	- silc-client 1.1~beta6-1 (embed)
61
62	dietlibc
63	- ccontrol 0.9.1+20071204-1 (static)
64
65	libiax
66	- iaxmodem <unfixed> (embed)
67
68	zlib (lots of apps embed a copy, but link dynamically, but there are a few exceptions)
69	- dpkg <unfixed> (embed)
70	NOTE: see 18196.48620.491996.624772@davenant.relativity.greenend.org.uk on debian-devel for discussion
71	- rsync <unfixed> (embed)
72	NOTE: somehow derived code base
73	- mono <unfixed> (embed)
74	TODO: check mozilla
75	- Linux kernels <unfixed> (embed)
76	- pvpgn 1.7.8-2 (embed)
77	- mrtg 2.12.2-1 (embed)
78	- rpm <unknown> (embed)
79	NOTE: pinged anibal since when rpm was fixed
80
81	libbz2
82	- dpkg <unfixed> (static)
83
84	ekg
85	- centericq <unfixed> (embed)
86	- gaim <unfixed> (embed)
87	- pigdin <unfixed> (embed)(links dynamically against libgadu)
88	- kopete 4:3.3.2-5 (embed)
89	- kadu <unfixed> (embed)
90	- gadu <unfixed> (embed)
91	NOTE: g/kadu not packaged in Debian yet
92
93	xmlrpc (which package is the "origin" of this code?)
94	- drupal <unfixed> (embed)
95	- phpgroupware <unfixed> (embed)
96	- egroupware <unfixed> (embed)
97	- phpwiki (embed)
98	- php4 <unfixed> (embed)
99	TODO: check, php-pear, IIRC this was reorganized some weeks ago?
100
101	shtool (affects build-time only)
102	- mysql-ocaml <unfixed> (embed)
103	- php4 <unfixed> (embed)
104
105	mozilla source code
106	- mozilla-firefox <unfixed> (embed)
107	- mozilla-thunderbird
108	- firefox <removed>
109	[etch] - firefox <unfixed> (embed)
110	- thunderbird <removed>
111	[etch] - thunderbird <unfixed> (embed)
112	- iceweasel <unfixed> (embed)
113	- iceape <unfixed> (embed)
114	- icedove <unfixed> (embed)
115	- xulrunner <unfixed> (embed)
116	- nvu <removed> (embed)
117
118	xli
119	- xloadimage <unfixed> (embed)
120
121	lesstif (beware: two different lesstif APIs supported in one package, MOTIF 1.2 discarded upstream)
122	- openmotif <unfixed> (embed)
123	- xfree86/xorg <unfixed> (embed)
124	NOTE: in libxpm
125
126	kerberized apps with BSD origin
127	- krb4 <unfixed> (embed)
128	- krb5 <unfixed> (embed)
129	- heimdal <unfixed> (embed)
130
131	grip (which pkg is the origin?)
132	- libcdaudio
133	- grip
134	- gnome-vfs
135	TODO: check vfs2 as well
136
137	fudforum
138	- phpgroupware-fudforum <unfixed> (embed)
139	- egroupware-fudforum <removed>
140	[sarge] - egroupware-fudforum <unfixed> (embed)
141
142	cvs
143	- gcvs <unfixed> (embed)
144	NOTE: see cvsunix/src in tarball
145
146	pcre
147	- python* <unfixed> (embed)
148	- php4 <unknown> (embed)
149	- analog 2:5.23-0woody1 (embed)
150	- libgoffice-1 <unfixed> (embed)
151	- vfu 4.06-4.1 (embed; bug #450754)
152	- tf5 5.0beta7-1 (embed)
153	- monotone <unfixed> (embed)
154	NOTE: this only affects versions >= 0.37
155	- glib <unfixed> (embed)
156	NOTE: 2.14 series for gregex support, only for udeb, regular packag links dynamic
157	- apache2 2.0.53-4 (embed)
158	- exim4 4.10-0.srh20.12 (embed)
159	- yacas <unfixed> (embed)
160	NOTE: <= 1.0.x; is using pcre to scan text, can execute shell commands via the syntax anyway
161	- gtamsanalyzer.app 0.42-5 (embed)
162	- tin <unknown> (embed)
163
164	tiff
165	- wxpythongtk <unfixed> (embed)
166	TODO: check, which debian pkg this is in
167
168	uudeview
169	- libconvert-uulib-perl <unfixed> (embed)
170
171	sqlite (not affected by security vulnerabilities so far)
172	- amarok <unfixed> (embed)
173	- monotone <unfixed> (embed)
174	- iceweasel <unfixed> (embed)
175
176	util-linux/mount
177	- loop-aes-utils <unfixed> (embed)
178	NOTE: contains code from util-linux' mount in the mount-aes-udeb
179
180	webmin
181	- usermin <unknown> (embed)
182	[sarge] - usermin <unfixed> (embed)
183
184	sylpheed
185	- sylpheed-claws <unfixed> (fork)
186
187	phpsysinfo
188	- egroupware <unfixed> (embed)
189	- phpgroupware <unfixed> (embed)
190
191	phpldapadmin
192	[sarge] - egroupware <unfixed> (embed)
193	NOTE: removed from egroupware after sarge
194
195	chmlib
196	- kchmviewer <unknown> (embed)
197
198	libavcodec/libavformat (source: ffmpeg)
199	- mplayer <unfixed> (embed; bug #395252)
200	- xvidcap <unfixed> (embed)
201	- kino <unfixed> (static)
202	- vlc <unfixed> (static)
203	- smilutils <unfixed> (static)
204	- motion <unfixed> (static)
205	- gst-ffmpeg <unfixed> (embed)
206	- gstreamer0.10-ffmpeg <unfixed> (embed)
207	- xmovie <unfixed>
208	TODO: gimp-gap (potentially using ffmpeg code as well)
209
210	mad MPEG decoding lib
211	- mad <unfixed> (embed)
212	- xine-lib <unfixed> (embed)
213
214	libdts
215	- xine-lib <unfixed> (embed)
216
217	flac
218	- xine-lib <unfixed> (embed)
219
220	liba52
221	- a52dec <unfixed> (embed)
222	- xine-lib <unfixed> (embed)
223
224	libmpeg2
225	- mpeg2dec <unfixed> (embed)
226	- xine-lib <unfixed> (embed)
227
228	curl
229	- wget <unfixed> (embed)
230	NOTE: code for NTLM authentication
231
232	uw-imap
233	- pine <unfixed> (embed)
234	- alpine <unfixed> (embed)
235
236	imagemagick
237	- graphicsmagick <unfixed> (fork)
238
239	halibut
240	- nsis <unfixed> (embed)
241
242	libghttp
243	- hotway <unfixed> (embed)
244
245	libsndfile
246	- ardour <unfixed> (embed)
247
248	glibmm2.4
249	- ardour <unfixed> (embed)
250
251	libgnomecanvasmm2.6
252	- ardour <unfixed> (embed)
253
254	libsigc++-2.0
255	- ardour <unfixed> (embed)
256
257	soundtouch
258	- ardour <unfixed> (embed)
259
260	libmms
261	- xine-lib <unfixed> (embed)
262	- mimms <unfixed> (embed)
263
264	fckeditor
265	- knowledgeroot 0.9.8.5-3 (embed; bug #461555)
266	- moin <unfixed> (embed; bug #452599)
267	- karrigell <unfixed> (embed; bug #452598)
268	- gforge-plugins-extra 4.6.99+svn6225-1 (embed)
269
270	ipatlas (not packaged in Debian)
271	- moodle <unfixed> (embed)
272
273	libphp-phpmailer
274	- moodle <unfixed> (embed)
275
276	htmlArea (not packaged in Debian)
277	- moodle <unfixed> (embed)
278
279	giflib:
280	- wine <unfixed> (embed; bug #466181)
281
282	bennu (not packaged in Debian)
283	- moodle <unfixed> (embed)
284
285	smarty:
286	- moodle <unfixed> (embed; bug #471158)
287	- gallery2 <unfixed> (embed; bug #471160)
288	- mahara 0.9.2-2 (embed; bug #471201)
289	- gosa 2.4beta1-1 (embed; bug #471200)
290
291	TinyMCE
292	- wordpress <unfixed> (embed)
293	- moodle <unfixed> (embed)
294	- knowledgeroot <unfixed> (embed)
295	- joomla <itp> (bug #326398)
296
297	scintilla
298	- scite <unfixed> (embed)
299	- qscintilla <unfixed> (embed)
300	- qscintilla2 <unfixed> (embed)
301	- geany <unfixed> (embed)
302
303	libphp-adodb
304	- moodle <unfixed> (embed)
305	NOTE: also AdoDB-XML Schema
306	- gallery2 <unfixed> (embed)
307	- phppgadmin <unfixed> (embed)
308	- egroupware <unfixed> (embed)
309	- phpwiki <unfixed> (embed)
310	- ipplan <unfixed> (embed)
311	- typo3 <unfixed> (embed)
312	- moodle <unfixed> (embed)
313	- cacti <unknown> (embed)
314	[sarge] - cacti <unfixed> (embed)
315	NOTE: dependency exists, but internal version is used
316
317	gzip
318	- linux-kernel <unfixed> (embed)
319	NOTE: lib/inflate.c
320	- klibc <unfixed> (embed)
321	NOTE: based on linux-kernel gzip code
322	- busybox <unfixed> (embed)
323
324	neon
325	- cadaver <unfixed> (embed; bug #188381)
326	- gnome-vfs2 <unfixed> (embed; bug #395874)
327	- litmus <unfixed> (embed; #395875)
328	[sarge] - screem <unfixed> (embed)
329	- sitecopy <unfixed> (embed; bug #395876)
330	[etch] - tla <unfixed> (embed; bug #395877)
331	[sarge] - tla <unfixed> (embed; bug #395877)
332
333	libmodplug
334	- gst-plugins-bad0.10 <unfixed> (embed)
335
336	libvncserver
337	- vino <unfixed> (embed)
338
339	putty
340	- filezilla <unfixed> (embed)
341
342	tinyxml (not packaged in Debian)
343	- filezilla <unfixed>
344
345	gv
346	- evince <unfixed> (embed)
347	NOTE: ps/ tree from gv 3.5.8
348	- evince-gtk <unfixed> (embed)
349	NOTE: not packaged in Debian
350
351	libXbae
352	[etch] - libpawlib2-lesstif <unfixed> (embed)
353	NOTE: from Cernlib
354
355	libXaw
356	[etch] - libpawlib2-lesstif
357	NOTE: from Cernlib
358	NOTE: I plan to deal with the above two cases after Etch release. -- KevinMcCarty
359
360	libgd2
361	- graphviz <unfixed> (embed)
362	NOTE: lib/gd seems to be 2.0.33
363	- wml <unfixed> (embed)
364	NOTE: derived from gd 1.6.3
365
366	rar
367	- unrar-nonfree <unfixed> (embed)
368
369	unrar-free (maybe this code is derived from the original rar, too?)
370	- clamav <unfixed> (embed)
371	NOTE: seems to be disabled in default config
372
373	mplayer (DirectMedia Object loader)
374	- xine-lib <unfixed> (embed)
375	NOTE: src/libw32dll/
376	- vlc <unfixed> (embed)
377	NOTE: modules/codec/dmo/
378
379	libwpd (WordPerfect converter)
380	- openoffice.org <unfixed> (embed)
381
382	fsplib (http://sourceforge.net/projects/fsp/)
383	- gftp <unfixed> (embed)
384	NOTE: lib/fsplib version 0.3
385
386	librpcsecgss
387	- krb5 <unfixed> (embed)
388
389	jasper
390	- ghostscript <unfixed> (embed)
391	- gs-gpl <unfixed> (embed)
392
393	libidn
394	- monotone <unfixed> (embed)
395
396	liblua
397	- monotone <unfixed> (embed)
398
399	libbotan
400	- montone <unfixed> (embed)
401
402	NetXX
403	- monotone <unfixed> (embed)
404
405	libgc
406	- mono <unfixed> (embed)
407
408	lzma
409	- p7zip <unfixed> (embed)
410
411	lzo
412	- grub2 <unfixed> (embed)
413
414	yassl
415	- mysql-dfsg-5.0 <unfixed> (embed)
416
417	pax code
418	- tar <unfixed> (embed)
419	- cpio <unfixed> (embed)
420
421	t1lib
422	- tetex-bin 2.0.2-1 (embed)
423	- texlive-bin <unknown> (embed)
424
425	guichan
426	- boswars <unfixed> (embed)
427	NOTE: maintainer notified us, working on it
428
429	tolua
430	- boswars <unfixed> (embed)
431	NOTE: maintainer notified us, working on it
432
433	asio-dev
434	- luxrender <unfixed> (embed)
435	NOTE: maintainer notified us, working on it
436	NOTE: may be merged with boost "soon"
437
438	xine-lib
439	- vlc <unfixed> (embed)
440	NOTE: only parts included in modules/access/rtsp
441
442	netpbm
443	- tcl8.3 <unfixed> (embed)
444	- tcl8.4 <unfixed> (embed)
445	- tcl8.5 <unfixed> (embed)
446	NOTE: generic/tkImgGIF.c
447
448	tk8.5
449	- tk8.0 <removed> (old-version)
450	- tk8.3 <unfixed> (old-version)
451	- tk8.4 <unfixed> (old-version)
452	- perl-tk <unfixable> (fork)
453
454	samba
455	- mc <unfixed> (embed)
456	NOTE: maintainer is aware of this, currently searching a solution
457
458	plib1.8.4c2
459	- boson <unfixed> (fork)
460	NOTE: embedding the font pieces of plib, based on the header file it is forked, contains "Added by AB for boson." and similar
461
462	fribidi
463	- quesoglc <unfixed> (embed)
464
465	glew
466	- quesoglc <unfixed> (embed)
467
468	minorGems
469	- transcend <unfixed> (embed)
470	- cultivation <unfixed> (embed)
471
472	libarchive
473	- tar <unfixed> (embed)
474	NOTE: FreeBSD tar (tar/bsdtar.c) in libarchive 1.2 and higher. libarchive ends up statically linked into bsdtar executable
475	- cpio <unfixed> (embed)
476	NOTE: cpio included in libarchive 2.2 and higher, but not compiled until libarchive 2.4.11-1 (as bsdcpio package)
477