| /[secure-testing]/data/embedded-code-copies |
Parent Directory
| 
Revision Log
| Links to HEAD: | (view) (download) (annotate) |
| Sticky Revision: |
fix broken embedded-code-copies entry for gadu, ekg also affected by CVE-2008-4776 and fixed in 1:1.8~rc0-1
CVE-2008-4776 fixed in kadu 0.6.0.2-3 by linking against libgadu
kadu embedding libgadu
wordpress fixed
mahara fixed
Some pseudo/bin-pkg to srcpkg name conversions plus a large update of php and js related packages
egroupware vulnerable to libphp-phpmailer issue; added note to embedded-code-copies for egw; added note to copies file for phpgroupware
ampache and mediamate fixed in sid; mediamate issue is unimportant
Update the list of affected packages by CVE-2008-4796 and CVE-2007-3215, now those in etch but not in lenny
Partially update the list of embedded js and php scripts with lintian's reports
Know about the embedded copy of Snoopy.class in wordpress and moodle (CVE-2008-4796), and the bug number for wordpress/CVE-2008-1502
Finish snoopy triage (I had the dog now)
add some embeddings found by Steffen
add java/openjdk
add notle about pcmanfm embedding exo
qemu is embedded by xen
pcmanfm embeds exo, thanks Yves-Alexis Perez
qcake embeds quazip starting from 0.6.4
ldiskfsprogs from Lustre will embed e2fsprogs
icedove fixed emacs22 fixed
wordpress doesnt use embedded tinymce copy anymore. please only mark as not-affected if it is really not, if the code was present some time ago but is not anymore then mark this version as the fixed one
gallery2 now uses system wide smarty copy
updates on ffmpeg embedders
checked another ffmpeg embedding issue
new embedding: sprng xvidcap not in the archive kino fixed
kvm embeds vgabios and bochsbios from bochs
fix glib source package name
glib udeb also builds against system pcre version since 2.15.2-1
updates on embedded code copies bugzilla no-dsa add missing CVE ID to libimager-perl DSA fix two incorrect ruby entries remove some NOTEs present in the respective CVE entries new kernel issue, mark unfixed for now until it's been figured out when this was fixed upstream resolve old gpg TODO NFUs
insight embeds a copy of gdb
pan embeds uudeview, however not affected by CVE-2008-2266
update for blender as supplied by Cyril Brulebois
phpgedview removed (but fixed a few weeks ago anyway, but still has a copy in stable)
pcre embedded by webkit and thus qt4-x11
fix srcpackage name of tetex embedding xpdf
record kazehakase/pcre
add a ton of packages that embed prototype.js
reverse entries i just added
Add bug number for tinymce embedded in wordpress Add magic RFS embedded code copy Add ode embedded code copies of opcode and gimpact
added speex to embedded-code-copies
kvm embeds qemu, properly list libarchive
abiword embeds wv
Add blender to embedded-code-copies, thanks to Cyril
fix wxwindows embedding tiff, thanks Ron for the pointer
qt4 embeds webkit, thanks pusling for the heads up
embedded-code-copies: update libarchive
embedded-code-copies: added libarchive
tin embedds pcre but uses system wide copy for linking
embedded code copies: quesoglc, cultivation and transcend for: fribidi, glew and minorGems
mahara embedding smarty fixed in 0.9.2-2
gosa dropped Smarty years ago, only in oldstable still
smarty also embedded by mahara and gosa mediawiki cveified
gallery2/moodle embed smarty
boson embeds a forked plib
fixing source package name
mc embedds libsmb-dev
gnome-peercast embeds peercast. See bug, removal seems the best solution.
wine embedds giflib
embedded-code-copies: Describe Tk situation
embedded-code-copies: Dcoument syntax additions
wml embeds libgd fork insecure tmpfile handling fixed in wml 2.0.11-3.1
knowledgeroot now uses system wide copy of fckeditor
reword and rewrap
- new mplayer/xine-lib issues - CVE-2006-4484 affects tk and netpbm
vlc embedds parts of xine-lib
add more code copies reported by Cyril Brulebois
filed bug for knowledgeroot embedding fckeditor
mysql embedds yassl
fix typo
some syntax fixes
further conversions, mission accomplished
further format conversions
further conversions
adding the fork sort and adjusting sylpheed
more conversions to new format
conversions to new file format
more work on code copies
adapted zlib to new embedded copies format
libcomplearn-mod-ppmd is embedding ppmd
record fix for texlive simplify a bit
converting more items to the new format
use embed/static instead of static/dynamic
clamav DSA asterisk issue postponed one cups issue still affects sarge, though not really severe
adding distribution tags instead of NOTE
adapting xpdf to new embedded code copies format
adding format specification for embedded code copies, cleanup follows
gtamsanalyzer.app embeds pcre in older versions
embedded copy of pcre in vfu fixed in NMU by KiBi
update on yacas embedded code copy
add yacas to pcre embedded copies
embedded-code-copies: tetex-bin and texlive-bin use system t1lib
embedded-code-copies: xpdf in texlive-bin (but uses poppler)
embedded-code-copies: t1lib in tetex-bin and texlive-bin
pigdin update no-dsa for dar
added information about poppler embedded in ruby-gnome2
we dont have tikiwik in the archive
kchmviewer exists as a package, modified
Roland is fast
- fckeditor now packaged separately, filed bugs - pcre fixes in sarge and etch address older pcre issue as well - libpng no-dsa
embedded-code-copies: exim4 has embedded pcre but links against external
embedded-code-copies: apache2 has embedded pcre, but linked to external
bug for vfu
add pcre embedded in glib udeb info
ipplan embedds adodb as well
typo3 also ships adodb
fixes for ffmpeg
more embedded code copies
Add note about pax code being in tar and cpio
add package to copies not other way round
add package to copies not other way round
add libgc and zlib for mono
add qscintilla2
gforge-plugins-extra also embedds fckeditor
Add moin and karrigell to the code duplication file
jasper is embedded in ghostscript
- monotone embeds lots of things - remove fckeditor duplicate - add alpine
added libiax included by iaxmodem to embedded code copies, thanks Julien Blache
added ccontrol embedded dietlibc code (via static linking)
CVE-2005-2491 vfu not-affected added vfu to the embedded code copies of pcre, thanks Seo Sanghyeon
silc-client embedds parts of silc-toolkit, thanks Jérémy Bobbio
synfig does no longer include its own copy of etl
knowledgeroot ships its own copy of fckeditor
add ardour embedded code copies
rpcsec_gss code
fix mecab version spamassassin no-dsa
NFUs: 31 unfixed: gftp linux-2.6 openssl fixed: libvorbis sleuthkit vim not-affected: wpasupplicant embedded: fpslib in gftp
update xpdf status
ipe embeds xpdf
add libwpd to the embedded-code-copies list
checked vlc for DMO overflow
NFUs: 6 unfixed: mplayer viewcvs xine-lib fixed: iceweasel libapache2-mod-python xulrunner
update embedded-code-copies for rar/unrar
really merge all entries from the wiki
merge additional entries from wiki page and update some other entries
- gst-plugins-bad0.10 embeds libmodplug - CVE-2006-4192 affects gst-plugins-bad0.10
- CVE-2006-433[5-7]: gzip issues affect lha as well (high) - CVE-2006-4800 gst-ffmpeg and gstreamer0.10-ffmpeg contain ffmpeg (medium) - CVE-2006-5751: new linux issue (medium) - CVE-2006-6071: new twiki issue
added neon embeds
mplayer embeds ffmpeg
added everythign moodle embeds
merged two entries
noted cacti's fix in etch, thanks seanius
added busybox to gzip
added some gzip embedded code copies, note I checked CVE-2006-4338 CVE-2006-4337, CVE-2006-4336, CVE-2006-4335, CVE-2005-0988 and none affect
- CVE-2006-4561 new firefox issue (low) - tikiwiki CVEified - CVE-2006-4618 adodb not affected (in 6 packages) - CVE-2006-4455 xchat not affected - some NFUs
Added some scite, qscintilla and geany as embedding scintilla code
- knowledgeroot includes FCKeditor. This may involve CVE-2006-3362, CVE-2006-2529, CVE-2006-0921, CVE-2006-0658, CVE-2005-4094, CVE-2005-4095, CVE-2005-0613 - TinyMCE is included in wordpress, moodle, knowledgeroot: This might involve CVE-2005-4599, CVE-2005-4600, CVE-2006-3602 - CVE-2006-3011: new php safe mode issue - CVE-2006-3336: new TWiki issue - CVE-2006-3360: new phpsysinfo issue - some NFUs
xine-lib includes libmms and is affected by CVE-2006-2200
two more DSAs
Added cacti as embedding libphp-adodb
Added info on who runs what buildd arch, added libphp-adodb info to embedded copies list and bug numbers for moodle security issues
bomberclone fixed
noting some other embedded code copies
update on xpdf mess claim
new xpdf issue remove mydns dupe
yeah, another xpdf copy gone
doh, the firefox src pkg has been renamed for 1.5 some bugnums
new pdfkit.framework DSA
graphicsmagick embeds imagemagick code, fixed now
new pine issue
new cpio issue some not-affected phpmyadmin issue turned out to be unimportant lots of NFUs
more syntax conversions
libavcodec should really be fixed to provide a library to link dynmically against
claim
CVE-2005-4048: mplayer, gst-ffmpeg vulnerable; kino is not CVE-2005-3392, CVE-2005-3391: PHP safe mode vulnerabilities, low impact
updates on embedded-code-copies
new curl issue track another local code copy
libextractor embeds a copy of xpdf as well, what a mess
track koffice copy of xpdf code xpdf fixed (info from changelog is wrong) minor kernel update xpdf bugnums
track embedded code copies from xine-lib; what a mess
flash installer "fixed"
more code incest
phpsysinfo issues affect egroupware as well
bugnums, add sylpheed to e-c-c
more removed code copies, pvpgn embedded zlib until recently
webmin/usermin code incest
firefox strikes again
add ref mount code
the ongoing phpbb2 version madness
uudeview shares code with uudecode perl module remove stray aide entry from the dsa list (already covered in CAN/list)
gnumeric/pcre confirmed non-vulnerable amarok/sqlite code sharing (no vulnerabilities known, but let's be prepared)
xvpm fixed current gnumeric does not contain pcre libconvert-uulib-perl contains a copy of uulib from uudeview
update on embedded copies new firefox dsa. joeyh: the firefox dtsa should probably be reverted and based on 1.0.6
new phpldapadmin issue minor update on embedded-c-c BTW, why are the openvpn issues tracked as urgency high? AFAICS these are only relatively hard to triggerable DoS vulnerabilities, or does anyone have additional information?
cvs fixed python2.1 fixed some updates on embedded-code-copies
poppler embeds xpdf code as well
cplay and tleds fixed, pythons seem to embed a pcre copy as well
pcre fixed, gnumeric seems affected as well
gcvs embeds vulnerable cvsbug script
processed most of my block, unclaimed the rest fudforum bug
new clamav dsa track more local code copies
gadu/gaim update
lots of new cases of embedded code, which had security problems in the past.
lets track embedded code copies
This form allows you to request diffs between any two revisions of this file. For each of the two "sides" of the diff, enter a numeric revision.
| ViewVC Help | |
| Powered by ViewVC 1.1.5 |