| 1 |
Embedded code copies |
Embedded code copies |
| 2 |
==================== |
==================== |
| 3 |
|
|
| 4 |
This file collects cases, where a source package embeds code from |
This file collects source packages that embed code from other projects. |
| 5 |
other projects which is considered bad for fixing security flaws |
This is considered bad for fixing security flaws because the fix needs |
| 6 |
because the fix needs to be applied in multiple source packages. |
to be applied in multiple source packages. |
| 7 |
|
|
| 8 |
Format: |
Format: |
| 9 |
<srcpkg> (<optional comment about srcpkg>) |
<srcpkg> (<optional comment about srcpkg>) |
| 10 |
- <embedding srcpkg> <status> (<sort>; bug #<number>) |
- <embedding srcpkg> <status> (<sort>; bug #<number>) |
| 11 |
NOTE: optional comments about the linkage of the embedding srcpkg |
NOTE: optional comments about the linkage of the embedding srcpkg |
| 12 |
|
|
| 13 |
status: version number fixing the embedded copy, <unfixed>, <removed>, <itp> or <unknown> if the version number can not be determined |
status: version number fixing the embedded copy, <unfixed>, <removed>, |
| 14 |
|
<itp> or <unknown> if the version number can not be determined |
| 15 |
|
<unfixable> for unavoidable cases (e.g., forks that add real value) |
| 16 |
sort: static (linking statically against a lib) |
sort: static (linking statically against a lib) |
| 17 |
embed (embedding a copy of the library into another source package) |
embed (embedding a copy of the library into another source package) |
| 18 |
fork (the package is not just embedding code but it is a fork and thus might share parts of the source code) |
fork (the package is not just embedding code but it is a fork and |
| 19 |
|
thus might share parts of the source code) |
| 20 |
|
old-version (the package is an older version of essentially |
| 21 |
|
the same code) |
| 22 |
|
|
| 23 |
The srcpkg might be some string to identify the code if there is no specific source package. |
The srcpkg might be some string to identify the code if there is no |
| 24 |
|
specific source package. |
| 25 |
|
|
| 26 |
Everything up to the next line is ignored |
Everything up to the next line is ignored. |
| 27 |
---BEGIN |
---BEGIN |
| 28 |
xpdf (some srcpkgs use xpdf2 code, some xpdf3 code) |
xpdf (some srcpkgs use xpdf2 code, some xpdf3 code) |
| 29 |
NOTE: Fixed packages link to poppler library unless otherwise noted |
NOTE: Fixed packages link to poppler library unless otherwise noted |
| 52 |
ppmd |
ppmd |
| 53 |
- libcomplearn-mod-ppmd <unfixed> (embed; bug #458152) |
- libcomplearn-mod-ppmd <unfixed> (embed; bug #458152) |
| 54 |
|
|
| 55 |
|
peercast |
| 56 |
|
- gnome-peercast <unfixed> (embed) |
| 57 |
|
NOTE: gnome-peercast may better be removed, see #466539 |
| 58 |
|
|
| 59 |
silc-toolkit |
silc-toolkit |
| 60 |
- silc-client 1.1~beta6-1 (embed) |
- silc-client 1.1~beta6-1 (embed) |
| 61 |
|
|
| 159 |
- yacas <unfixed> (embed) |
- yacas <unfixed> (embed) |
| 160 |
NOTE: <= 1.0.x; is using pcre to scan text, can execute shell commands via the syntax anyway |
NOTE: <= 1.0.x; is using pcre to scan text, can execute shell commands via the syntax anyway |
| 161 |
- gtamsanalyzer.app 0.42-5 (embed) |
- gtamsanalyzer.app 0.42-5 (embed) |
| 162 |
|
- tin <unknown> (embed) |
| 163 |
|
|
| 164 |
tiff |
tiff |
| 165 |
- wxpythongtk <unfixed> (embed) |
- wxpythongtk <unfixed> (embed) |
| 262 |
- mimms <unfixed> (embed) |
- mimms <unfixed> (embed) |
| 263 |
|
|
| 264 |
fckeditor |
fckeditor |
| 265 |
- knowledgeroot <unfixed> (embed) |
- knowledgeroot 0.9.8.5-3 (embed; bug #461555) |
| 266 |
- moin <unfixed> (embed; bug #452599) |
- moin <unfixed> (embed; bug #452599) |
| 267 |
- karrigell <unfixed> (embed; bug #452598) |
- karrigell <unfixed> (embed; bug #452598) |
| 268 |
- gforge-plugins-extra 4.6.99+svn6225-1 (embed) |
- gforge-plugins-extra 4.6.99+svn6225-1 (embed) |
| 276 |
htmlArea (not packaged in Debian) |
htmlArea (not packaged in Debian) |
| 277 |
- moodle <unfixed> (embed) |
- moodle <unfixed> (embed) |
| 278 |
|
|
| 279 |
|
giflib: |
| 280 |
|
- wine <unfixed> (embed; bug #466181) |
| 281 |
|
|
| 282 |
bennu (not packaged in Debian) |
bennu (not packaged in Debian) |
| 283 |
- moodle <unfixed> (embed) |
- moodle <unfixed> (embed) |
| 284 |
|
|
| 285 |
smarty: |
smarty: |
| 286 |
- moodle <unfixed> (embed) |
- moodle <unfixed> (embed; bug #471158) |
| 287 |
|
- gallery2 <unfixed> (embed; bug #471160) |
| 288 |
|
- mahara 0.9.2-2 (embed; bug #471201) |
| 289 |
|
- gosa 2.4beta1-1 (embed; bug #471200) |
| 290 |
|
|
| 291 |
TinyMCE |
TinyMCE |
| 292 |
- wordpress <unfixed> (embed) |
- wordpress <unfixed> (embed) |
| 353 |
NOTE: from Cernlib |
NOTE: from Cernlib |
| 354 |
|
|
| 355 |
libXaw |
libXaw |
| 356 |
[etc] - libpawlib2-lesstif |
[etch] - libpawlib2-lesstif |
| 357 |
NOTE: from Cernlib |
NOTE: from Cernlib |
| 358 |
NOTE: I plan to deal with the above two cases after Etch release. -- KevinMcCarty |
NOTE: I plan to deal with the above two cases after Etch release. -- KevinMcCarty |
| 359 |
|
|
| 360 |
libgd2 |
libgd2 |
| 361 |
- graphviz <unfixed> (embed) |
- graphviz <unfixed> (embed) |
| 362 |
NOTE: lib/gd seems to be 2.0.33 |
NOTE: lib/gd seems to be 2.0.33 |
| 363 |
|
- wml <unfixed> (embed) |
| 364 |
|
NOTE: derived from gd 1.6.3 |
| 365 |
|
|
| 366 |
rar |
rar |
| 367 |
- unrar-nonfree <unfixed> (embed) |
- unrar-nonfree <unfixed> (embed) |
| 411 |
lzo |
lzo |
| 412 |
- grub2 <unfixed> (embed) |
- grub2 <unfixed> (embed) |
| 413 |
|
|
| 414 |
|
yassl |
| 415 |
|
- mysql-dfsg-5.0 <unfixed> (embed) |
| 416 |
|
|
| 417 |
pax code |
pax code |
| 418 |
- tar <unfixed> (embed) |
- tar <unfixed> (embed) |
| 419 |
- cpio <unfixed> (embed) |
- cpio <unfixed> (embed) |
| 421 |
t1lib |
t1lib |
| 422 |
- tetex-bin 2.0.2-1 (embed) |
- tetex-bin 2.0.2-1 (embed) |
| 423 |
- texlive-bin <unknown> (embed) |
- texlive-bin <unknown> (embed) |
| 424 |
|
|
| 425 |
|
guichan |
| 426 |
|
- boswars <unfixed> (embed) |
| 427 |
|
NOTE: maintainer notified us, working on it |
| 428 |
|
|
| 429 |
|
tolua |
| 430 |
|
- boswars <unfixed> (embed) |
| 431 |
|
NOTE: maintainer notified us, working on it |
| 432 |
|
|
| 433 |
|
asio-dev |
| 434 |
|
- luxrender <unfixed> (embed) |
| 435 |
|
NOTE: maintainer notified us, working on it |
| 436 |
|
NOTE: may be merged with boost "soon" |
| 437 |
|
|
| 438 |
|
xine-lib |
| 439 |
|
- vlc <unfixed> (embed) |
| 440 |
|
NOTE: only parts included in modules/access/rtsp |
| 441 |
|
|
| 442 |
|
netpbm |
| 443 |
|
- tcl8.3 <unfixed> (embed) |
| 444 |
|
- tcl8.4 <unfixed> (embed) |
| 445 |
|
- tcl8.5 <unfixed> (embed) |
| 446 |
|
NOTE: generic/tkImgGIF.c |
| 447 |
|
|
| 448 |
|
tk8.5 |
| 449 |
|
- tk8.0 <removed> (old-version) |
| 450 |
|
- tk8.3 <unfixed> (old-version) |
| 451 |
|
- tk8.4 <unfixed> (old-version) |
| 452 |
|
- perl-tk <unfixable> (fork) |
| 453 |
|
|
| 454 |
|
samba |
| 455 |
|
- mc <unfixed> (embed) |
| 456 |
|
NOTE: maintainer is aware of this, currently searching a solution |
| 457 |
|
|
| 458 |
|
plib1.8.4c2 |
| 459 |
|
- boson <unfixed> (fork) |
| 460 |
|
NOTE: embedding the font pieces of plib, based on the header file it is forked, contains "Added by AB for boson." and similar |
| 461 |
|
|
| 462 |
|
fribidi |
| 463 |
|
- quesoglc <unfixed> (embed) |
| 464 |
|
|
| 465 |
|
glew |
| 466 |
|
- quesoglc <unfixed> (embed) |
| 467 |
|
|
| 468 |
|
minorGems |
| 469 |
|
- transcend <unfixed> (embed) |
| 470 |
|
- cultivation <unfixed> (embed) |
| 471 |
|
|
| 472 |
|
libarchive |
| 473 |
|
- tar <unfixed> (embed) |
| 474 |
|
NOTE: FreeBSD tar (tar/bsdtar.c) in libarchive 1.2 and higher. libarchive ends up statically linked into bsdtar executable |
| 475 |
|
- cpio <unfixed> (embed) |
| 476 |
|
NOTE: cpio included in libarchive 2.2 and higher, but not compiled until libarchive 2.4.11-1 (as bsdcpio package) |
| 477 |
|
|
Parent Directory
| 
Revision Log
| 
Patch