| /[secure-testing]/data/embedded-code-copies |
Parent Directory
| 
Revision Log
| Links to HEAD: | (view) (download) (annotate) |
| Sticky Revision: |
various updates
Add versions for fixed feedparser embeds.
wesnoth not-affected by prototype.js issue
some fixed prototypejs issues; thanks to some quick reaction by quite a few maintainers!
scriptaculous uses system prototypejs
wordpress embeds scriptaculous, which is already fixed
Another bunch of Python-related bugs.
Fix bug number for miro/python-feedparser.
Add code copies embedded in gmic (ITPed).
Bugs for embeds of external Python modules.
bugs for prototypejs (more to do: scriptaculous, lucene, horde3, but i'm tired; will get to it in the next few days)
Add packages embedding txt2tags and htmltextview.
tin has been linking dynamically to PCRE since 980117-1.
Explain why wireshark and nipy embeds are non-issues.
paraview embeds vtk
Add embeds of agg.
- <not-affected> embeds should have a justification - can someone write justifications the wireshark and nipy issues?
Add bug# for rawdog embedding feedparser.
Add embeds of python-ply.
pidgin indeed links dynamically to libgadu. So does gaim in etch.
Fix typos.
Fix typo in a bug number.
Fix a typo, remove a duplicate.
Add embeds of feedparser.
unicode-data embeds (tracking this is somewhat pedantic since a security issue is unlikely in this data, but if there ever is one knowing the embeds will be useful)
lucene embeds
mochikit embeds
rt3.8 also embeds scriptaculous
some fixed prototypejs embeds
complete prototypejs embeds list
some fixed kernel issues and more xulrunner embeds
ffmpeg copy removed from avifile
apache and apr-util haven't used the embedded expat at least since etch
coherence (>= 0.6.2-1) does not embed mochikit.
More Python-releated embeds.
Add Python embeds.
Add embedded copies of elementtree.
Fix typos in package names.
Update version information for embeds of smart. smart uses expat only indirectly, via the cElementTree module. Starting with smart 0.51, upstream build system refrains from building this module if it is already included in the Python stdlib. smart (>= 1.0-1) packages were built with Python 2.5, which does bundle cElementTree.
expat embeds and embeds in python
More embeds of python-urlgrabber.
Add embeds for beautifulsoup, python-clientform, python-mechanize, pexpect, pyparsing.
Remove superfluous trailing colons.
Add a bunch of configobj embeds.
nmap 5.00-1 links dynamically to liblua.
gnome-peercast, luxrender, w3c-libwww have been removed from the archive. References: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=20;bug=469169 http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=21;bug=547514 http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=10;bug=552033
s/w3c-www/w3c-libwww/
Remove duplicate entry for erlang (embedding zlib).
beautifulsoup is embedded by python-mechanize, not the other way round.
gamera, hg-git updates from Jakub Wilk
track glibc as an old-version of eglibc
added enet at Ansgar Burchardt's request (#497194)
- as per discussion a while back, kompozer as unsupported - chromium issue - expat issue - expat embeds - track xerces old versions
suspend2 is an old version of tuxonice
track old versions of the linux source packages
- new xpdf issue - track poppler as fork of xpdf - bug submitted for swftools embed of xpdf
xmovie is a static embed
- advi affected by camlimages issue due to static link - bug submitted for advi static link - fix dillo issue tracking
- iaxmodem embeds - curl and wget actually fork libntlm - cntlm also forks libntlm - netbeans-ide no longer embeds prototypejs
correct uses of old-version
track opensaml/shibboleth as old-versions
linux-kbuild-2.6 embeds linux-2.6
ajaxterm embeds qweb
embeds in kvm
freecad also embedds libzipios++-dev, thanks guillem!
python-cxx-dev embedded by freecad
dovecot in etch/lenny also affected by cyrus code copy - note that cve text says > 1.0.4 fixed, but i've checked lenny's 1.0.15 and its code is still vulnerable
kolab-cyrus-imapd is a fork of the cyrus package
typo
texlive-bin embeds a forked icu
webkit does make use of system icu and pcre libs
webkit stuff
minor formatting update
some updates to embedded-code-copies
enblend-enfuse source was being tracked as enblend-fuse
- mozilla source is now iceape - firefox, mozilla-firefox, thunderbird, mozilla-thunderbird are all binary packages from iceape - iceweasel, icedove, and xulrunner should be considered forks - nvu is in the removed-packages list
rework versioning to use xulrunner source package rather than binary packages
more updates on xulrunner - do a better job of tracking all of the versions - cairo embedded, but correctly dynamically linked in all versions etch->experimental
checked current lenny and sid xulrunner; both are dynamically linked to libpng (clarifies ambiguous info in embedded-code-copies)
fix up my recent changes to use appropriate [release] and <itp> tags
embedded-code-copies cleanup and bring removed-packages up to date
update yajl/argyll situation
add erlang to e-c-c
Fix some entries
introduction of inject-embedded-code-copies
bug submitted for qemu embed in kvm
add info about xyssl/polarssl code copies/forkage
avifile code copy ruby fixed xerces fixed
Updated wordpress embedded code copies
new code copies, thanks to Jakub Wilk
serendipity embeds some pear modules
add xz-utils as a fork of the lzma package
- fix typo - apache issue doesn't warrant a dsa
- new non-numbered issues - new xulrunner embeds libvorbis - bugs submitted for libvorbis cve
adept embedes libept
- new non-numbered issues for the past few weeks... - avifile embeds ffmeg - info on wordpress issue
Data maintenance based on bug reports
embedded code copies from Jakub Wilk, thanks
memcachedb embeds code from memcache
add yajl
- embedded libbsd code copy fixed - django fixed in spu upload
claws embedded code copies
request-tracker3.8 embeds fckeditor
advi compiles statically against camlimages
per http://lists.debian.org/debian-security/2009/07/msg00011.html
- lrmi code copy - new backuppc issue - bugnum
proposed spu updates
kompozer issues tracking
- bugnums - another embedded code copy from the BTS
- more embedded code copies from the BTS - bugnum - new pgp4pine issue
torrentflux embedds adodb but removes it on build from the installation directory
* Note uploads for CVE-2008-6792. * Add a small remark to the status of nmap/liblua embedding.
nmap/liblua bug filed.
While we're there: nmap also embeds liblua.
nmap has an embedded libdumbnet/libdnet fork
General maintenance/cleanup
pyke embeds python-ply, thanks Chris Lamb
swfpdf embeds xpdf -- round one
libwmf embeds gd
Update list of packages embedding or linking statically to zlib, based on the lintian check
record the bouncycastle embed in earlier libitext-java
- monotone no longer uses embedded libs - remote horde ospu entry now that it's fixed in a DSA - new wireshark issues (unfixed in sid) - two new openafs issues (fixed in sid) - two new kernel issues - postgresql no-dsa (postgres point releases are regularly synced into Debian stable updates) - update on ecryptfs kernel issue - NFUs
kdegraphics is linking against poppler now
argyll affected by recent ICC issues from ghostscript
haxe & mtasc both share swflib & extc
note down irssi-plugin-silc embedding irssi code
libpng embedded in mozilla
- fckeditor and geshi code copies fixed - more bugzilla issues CVEfied - unimportant libpng issue fixed - adjust some kernel severities
Updated embedded php stuff list, thanks to the lintian check
add libiris/libidn
sdl-mixer1.2 is embedding libmikmod
geany folks revealed on the upstream bug that their scintilla copy is a minor fork
synfig embeds libltdl too
update info about the quesoglc embeds
move minorGems to the upstream line
update scintilla info, fix anjunta (embed not old-version)
update minorGems info
RFE filed upstream about scintilla shared lib
anjuta contains an old version of scintilla
halibut in nsis is actually a fork
Add pdfedit to embedded-code-copies
I have added checking of embedded-code-copies to the pre-commit hook. This is a test commit.
remove duplicate bennu entry
wesnoth devel branch now contains jquery and its tablesorter extension
mc doesn't have samba support anymore
openjdk-6 embeds lcms (version 1.16, it seems)
mplayer builds against system-wide faad copy which fixes CVE-2008-5244
tuxcmd-modules(itp) embeds zlib
- fix broken moodle entry - updates on embedded code copies
one genshi code copy fixed
New batch of embedded code copies (more will come thanks to lintian)
New php issue
axyl is gone use libphp-cas to track the copies of domxml-php4-php5.php new minor php5 issue know about partially-published phpcas issues
Add bugreport for moodle embedded code copies
moodle is bad, but a single entry for libphp-adodb is still sufficient :)
embedded code copy in typo3 fixed
gforge embedded code copies fixed
dokuwiki fixed by using php-geshi
pgfouine 1.0-1.1 now uses system-wide geshi copy CVE-2008-4810 fixed in moodle 1.8.2-2 CVE-2008-4192 fixed in redhat-cluster 2.20081102-1
New upload of moodle fixes most issues
Processed some CVEs and added information about embedded copies in KDE stuff
fix srcpkg name
Know about typo's itp and the copy of webcalendar in gforge-plugins-extra
- fix source package name - kadu fixed
dokuwiki and pgfuine are also affected by the GeSHi issue
fix broken embedded-code-copies entry for gadu, ekg also affected by CVE-2008-4776 and fixed in 1:1.8~rc0-1
CVE-2008-4776 fixed in kadu 0.6.0.2-3 by linking against libgadu
kadu embedding libgadu
wordpress fixed
mahara fixed
Some pseudo/bin-pkg to srcpkg name conversions plus a large update of php and js related packages
egroupware vulnerable to libphp-phpmailer issue; added note to embedded-code-copies for egw; added note to copies file for phpgroupware
ampache and mediamate fixed in sid; mediamate issue is unimportant
Update the list of affected packages by CVE-2008-4796 and CVE-2007-3215, now those in etch but not in lenny
Partially update the list of embedded js and php scripts with lintian's reports
Know about the embedded copy of Snoopy.class in wordpress and moodle (CVE-2008-4796), and the bug number for wordpress/CVE-2008-1502
Finish snoopy triage (I had the dog now)
add some embeddings found by Steffen
add java/openjdk
add notle about pcmanfm embedding exo
qemu is embedded by xen
pcmanfm embeds exo, thanks Yves-Alexis Perez
qcake embeds quazip starting from 0.6.4
ldiskfsprogs from Lustre will embed e2fsprogs
icedove fixed emacs22 fixed
wordpress doesnt use embedded tinymce copy anymore. please only mark as not-affected if it is really not, if the code was present some time ago but is not anymore then mark this version as the fixed one
gallery2 now uses system wide smarty copy
updates on ffmpeg embedders
checked another ffmpeg embedding issue
new embedding: sprng xvidcap not in the archive kino fixed
kvm embeds vgabios and bochsbios from bochs
fix glib source package name
glib udeb also builds against system pcre version since 2.15.2-1
updates on embedded code copies bugzilla no-dsa add missing CVE ID to libimager-perl DSA fix two incorrect ruby entries remove some NOTEs present in the respective CVE entries new kernel issue, mark unfixed for now until it's been figured out when this was fixed upstream resolve old gpg TODO NFUs
insight embeds a copy of gdb
pan embeds uudeview, however not affected by CVE-2008-2266
update for blender as supplied by Cyril Brulebois
phpgedview removed (but fixed a few weeks ago anyway, but still has a copy in stable)
pcre embedded by webkit and thus qt4-x11
fix srcpackage name of tetex embedding xpdf
record kazehakase/pcre
add a ton of packages that embed prototype.js
reverse entries i just added
Add bug number for tinymce embedded in wordpress Add magic RFS embedded code copy Add ode embedded code copies of opcode and gimpact
added speex to embedded-code-copies
kvm embeds qemu, properly list libarchive
abiword embeds wv
Add blender to embedded-code-copies, thanks to Cyril
fix wxwindows embedding tiff, thanks Ron for the pointer
qt4 embeds webkit, thanks pusling for the heads up
embedded-code-copies: update libarchive
embedded-code-copies: added libarchive
tin embedds pcre but uses system wide copy for linking
embedded code copies: quesoglc, cultivation and transcend for: fribidi, glew and minorGems
mahara embedding smarty fixed in 0.9.2-2
gosa dropped Smarty years ago, only in oldstable still
smarty also embedded by mahara and gosa mediawiki cveified
gallery2/moodle embed smarty
boson embeds a forked plib
fixing source package name
mc embedds libsmb-dev
gnome-peercast embeds peercast. See bug, removal seems the best solution.
wine embedds giflib
embedded-code-copies: Describe Tk situation
embedded-code-copies: Dcoument syntax additions
wml embeds libgd fork insecure tmpfile handling fixed in wml 2.0.11-3.1
knowledgeroot now uses system wide copy of fckeditor
reword and rewrap
- new mplayer/xine-lib issues - CVE-2006-4484 affects tk and netpbm
vlc embedds parts of xine-lib
add more code copies reported by Cyril Brulebois
filed bug for knowledgeroot embedding fckeditor
mysql embedds yassl
fix typo
some syntax fixes
further conversions, mission accomplished
further format conversions
further conversions
adding the fork sort and adjusting sylpheed
more conversions to new format
conversions to new file format
more work on code copies
adapted zlib to new embedded copies format
libcomplearn-mod-ppmd is embedding ppmd
record fix for texlive simplify a bit
converting more items to the new format
use embed/static instead of static/dynamic
clamav DSA asterisk issue postponed one cups issue still affects sarge, though not really severe
adding distribution tags instead of NOTE
adapting xpdf to new embedded code copies format
adding format specification for embedded code copies, cleanup follows
gtamsanalyzer.app embeds pcre in older versions
embedded copy of pcre in vfu fixed in NMU by KiBi
update on yacas embedded code copy
add yacas to pcre embedded copies
embedded-code-copies: tetex-bin and texlive-bin use system t1lib
embedded-code-copies: xpdf in texlive-bin (but uses poppler)
embedded-code-copies: t1lib in tetex-bin and texlive-bin
pigdin update no-dsa for dar
added information about poppler embedded in ruby-gnome2
we dont have tikiwik in the archive
kchmviewer exists as a package, modified
Roland is fast
- fckeditor now packaged separately, filed bugs - pcre fixes in sarge and etch address older pcre issue as well - libpng no-dsa
embedded-code-copies: exim4 has embedded pcre but links against external
embedded-code-copies: apache2 has embedded pcre, but linked to external
bug for vfu
add pcre embedded in glib udeb info
ipplan embedds adodb as well
typo3 also ships adodb
fixes for ffmpeg
more embedded code copies
Add note about pax code being in tar and cpio
add package to copies not other way round
add package to copies not other way round
add libgc and zlib for mono
add qscintilla2
gforge-plugins-extra also embedds fckeditor
Add moin and karrigell to the code duplication file
jasper is embedded in ghostscript
- monotone embeds lots of things - remove fckeditor duplicate - add alpine
added libiax included by iaxmodem to embedded code copies, thanks Julien Blache
added ccontrol embedded dietlibc code (via static linking)
CVE-2005-2491 vfu not-affected added vfu to the embedded code copies of pcre, thanks Seo Sanghyeon
silc-client embedds parts of silc-toolkit, thanks Jérémy Bobbio
synfig does no longer include its own copy of etl
knowledgeroot ships its own copy of fckeditor
add ardour embedded code copies
rpcsec_gss code
fix mecab version spamassassin no-dsa
NFUs: 31 unfixed: gftp linux-2.6 openssl fixed: libvorbis sleuthkit vim not-affected: wpasupplicant embedded: fpslib in gftp
update xpdf status
ipe embeds xpdf
add libwpd to the embedded-code-copies list
checked vlc for DMO overflow
NFUs: 6 unfixed: mplayer viewcvs xine-lib fixed: iceweasel libapache2-mod-python xulrunner
update embedded-code-copies for rar/unrar
really merge all entries from the wiki
merge additional entries from wiki page and update some other entries
- gst-plugins-bad0.10 embeds libmodplug - CVE-2006-4192 affects gst-plugins-bad0.10
- CVE-2006-433[5-7]: gzip issues affect lha as well (high) - CVE-2006-4800 gst-ffmpeg and gstreamer0.10-ffmpeg contain ffmpeg (medium) - CVE-2006-5751: new linux issue (medium) - CVE-2006-6071: new twiki issue
added neon embeds
mplayer embeds ffmpeg
added everythign moodle embeds
merged two entries
noted cacti's fix in etch, thanks seanius
added busybox to gzip
added some gzip embedded code copies, note I checked CVE-2006-4338 CVE-2006-4337, CVE-2006-4336, CVE-2006-4335, CVE-2005-0988 and none affect
- CVE-2006-4561 new firefox issue (low) - tikiwiki CVEified - CVE-2006-4618 adodb not affected (in 6 packages) - CVE-2006-4455 xchat not affected - some NFUs
Added some scite, qscintilla and geany as embedding scintilla code
- knowledgeroot includes FCKeditor. This may involve CVE-2006-3362, CVE-2006-2529, CVE-2006-0921, CVE-2006-0658, CVE-2005-4094, CVE-2005-4095, CVE-2005-0613 - TinyMCE is included in wordpress, moodle, knowledgeroot: This might involve CVE-2005-4599, CVE-2005-4600, CVE-2006-3602 - CVE-2006-3011: new php safe mode issue - CVE-2006-3336: new TWiki issue - CVE-2006-3360: new phpsysinfo issue - some NFUs
xine-lib includes libmms and is affected by CVE-2006-2200
two more DSAs
Added cacti as embedding libphp-adodb
Added info on who runs what buildd arch, added libphp-adodb info to embedded copies list and bug numbers for moodle security issues
bomberclone fixed
noting some other embedded code copies
update on xpdf mess claim
new xpdf issue remove mydns dupe
yeah, another xpdf copy gone
doh, the firefox src pkg has been renamed for 1.5 some bugnums
new pdfkit.framework DSA
graphicsmagick embeds imagemagick code, fixed now
new pine issue
new cpio issue some not-affected phpmyadmin issue turned out to be unimportant lots of NFUs
more syntax conversions
libavcodec should really be fixed to provide a library to link dynmically against
claim
CVE-2005-4048: mplayer, gst-ffmpeg vulnerable; kino is not CVE-2005-3392, CVE-2005-3391: PHP safe mode vulnerabilities, low impact
updates on embedded-code-copies
new curl issue track another local code copy
libextractor embeds a copy of xpdf as well, what a mess
track koffice copy of xpdf code xpdf fixed (info from changelog is wrong) minor kernel update xpdf bugnums
track embedded code copies from xine-lib; what a mess
flash installer "fixed"
more code incest
phpsysinfo issues affect egroupware as well
bugnums, add sylpheed to e-c-c
more removed code copies, pvpgn embedded zlib until recently
webmin/usermin code incest
firefox strikes again
add ref mount code
the ongoing phpbb2 version madness
uudeview shares code with uudecode perl module remove stray aide entry from the dsa list (already covered in CAN/list)
gnumeric/pcre confirmed non-vulnerable amarok/sqlite code sharing (no vulnerabilities known, but let's be prepared)
xvpm fixed current gnumeric does not contain pcre libconvert-uulib-perl contains a copy of uulib from uudeview
update on embedded copies new firefox dsa. joeyh: the firefox dtsa should probably be reverted and based on 1.0.6
new phpldapadmin issue minor update on embedded-c-c BTW, why are the openvpn issues tracked as urgency high? AFAICS these are only relatively hard to triggerable DoS vulnerabilities, or does anyone have additional information?
cvs fixed python2.1 fixed some updates on embedded-code-copies
poppler embeds xpdf code as well
cplay and tleds fixed, pythons seem to embed a pcre copy as well
pcre fixed, gnumeric seems affected as well
gcvs embeds vulnerable cvsbug script
processed most of my block, unclaimed the rest fudforum bug
new clamav dsa track more local code copies
gadu/gaim update
lots of new cases of embedded code, which had security problems in the past.
lets track embedded code copies
This form allows you to request diffs between any two revisions of this file. For each of the two "sides" of the diff, enter a numeric revision.
| ViewVC Help | |
| Powered by ViewVC 1.1.5 |