| /[secure-testing]/data/embedded-code-copies |
Parent Directory
| 
Revision Log
| Links to HEAD: | (view) (download) (annotate) |
| Sticky Revision: |
info on texlive embeds
xinha embedded copies
new krb5 issue; dvipng texlive embed not used; xorg appears to be affected since patch has been applied to sid/squeeze
more texlive embeds
some more embeds in texlive-bin
texlive-bin embeds dvipng
update serendipity
dpkg code copies fixed
- xotcl/expat code copy fixed - qt4 triage
add libsmf/denemo code copy
wordpress-mu removed
libbz2 embeds
embedded copies updates: libm is statically linked by 5 fix two typos libmpeg2 is mpeg2dec pcre3 is embedded by 7 more one libmpeg3 embedded copy r-base-* perl module embeds, thanks Ansgar Burchardt
trigger-rally glew embed fixed in latest upload. it uses a patch plus rm -r src/glew to ensure that
2 packages embedd libtiff
13 more packages embedding libjpeg...
update libpng embedders add freeimage's embedded copies
nss doesn't include certs
wml embeds fixed
wml embeds txt2html
eclipse embeds swt
lesstif embeds xpm, bug added cleanup CVE-2010-0733 (postgresql)
php4 has been removed
more updates about php5 embedded copies
more php5 embedded copies/updates
kvm is removed
php5 embedded copies
- libpurple/qutecom code copy fixed - new minor mediawiki issues - cpio/tar maintainers notified about no-dsa for minor rmt issue
recent issues with embedded code elsewhere; bugs submitted for a couple other issues
- mp4h fixed - fcron no-dsa
various updates
fix some more latently vulnerable issues
- new openssl issue - typo3 fixed - adjust fixed version of gnash/ltdl, at least later revisions seem to have reintroduced static linking - new asterisk issue - openldap ssl cert issue already tracked as CVE-2009-3767
ghostscript/expat fixed
GLee is now in Debian
- libtunepimp/ltdl code copy fixed
grub2 embeds genisoimage bits from cdrkit
xotcl NMUd
add cdrkit embed info from dkg
- wml/ltdl not affected - new krb5 issue doesn't affect stable
- mount.cifs no longer setuid root - ytnef removed - cvsnt code copy fixed
Add GLee ITP
- bzr code copies fixed - glibc issue not a vulnerability - systemtap issue not in Etch
gnash uses system libtool; flash player issues should not be NFU as long as flashplugin-nonfree is still in the archive
- tau fixed - mark more xulrunner issues as EOLed - kernel fixed - mplayer no-dsa (mostly fixed, I'll check the status for sid) - mediatomb code copy fixed
- acl fixed - xotcl fixed by using system copy of expat - asterisk issue unstable/testing only - acl/struts no-dsa
smart embeds aren't fixed; python2.6 embeds elementree
symfony1.0 embeds
qt4-x11 in lenny is affected by webkit related issues
add GLee/warzone2100
re-add mysql notes; courier embeds maildrop
mysql 5.1 also embeds yassl and is affected by the buffer overflow
note that pstine-tar embeds a modified version of gzip's compressor
- mysql fixed - python2.6 fixed - remove errerous ilohamail entry - add now fixed gzip copy in velvet - smart fixed, dunno if the second expat was fixed as well, only saw the changelog - libsndfile issue unimportant
pidgin triage; various fixed embeds
new ruby issue
various new issues; many libltdl, prototype, and expat issues fixed
gnome-screensaver issue; libgnucrypto-java removed; add kfreebsd packages to the embedded code copies list
process one NEW package
wordpress-mu is a fork of wordpress :|
argyll embeds libusb
openjdk embeds libxerces2-java and libxerces2-java is affected has CVE-2009-2625 vulnerable code
prototype/poker-network fixed
updates on embedded code copies
expat/wbxml2 fixed; gnome-screensaver issue does not affect etch/lenny
zhpy no longer ships pyparsing
- knowledgeroot code copies - openssl fixed - align drupal5 no-dsa with drupal6 no-dsa
prototype/knowledgeroot embed fixed; potential sudo issue
mydms issue; plone3 removed; prototype/jquery embed fixed
cherokee embedds zlib
zope2.11 was removed from unstable. Reference: http://bugs.debian.org/562402
fix xfce package names; mark prototypejs/mantis embed as fixed
firebird stable update swish-e/expat not affected
centerim embedds libmsn and libyahoo2
kdevelop embeds antlr.
tla/expat fixed kvirc not affected
rearrange and annotate webkit/kde4libs tracking
make the webkit/kdelibs embedded-c-c entries slightly more correct
Fix package names.
ocropus links statically to tesseract.
pinball fixed
Add embedded copies of python-docutils and iepngfix.
libical embeds in kde fixed, pango and fontmatrix embed harfbuzz Thanks to pusling for the update. pythonqt embedded in some packages.
paramiko code copy fixed
mailman embed is fixed.
record serendipity's embeds br
processed some NEW packages: lots of embeds one issue already fixed
multiple embeds from wordpress and php world
* collectd/ltdl fixed * fckeditor code copy back in otrs2 * record lcms NMU * tdom and paragui already use the system copy of expat * remove explicit not-affected entry for apr-util/apache2 to be conformant with other packages: If a system copy has been fixed earlier than the current oldstable release we don't need to track the source package using the library * openssh fixed
recommit some of the webkit embeds to demonstrate usage of <undetermined>
nusoap embeds
ssed (a fork of sed) embeds PCRE.
grmonitor removed
- google-gadgets uses system copy of ltdl - several expat issues unimportant
gs/expat unimportant glame/ltdl already fixed
- ltdl copy in bochs fixed - libextractor ltdl fixed - cups, asterisk no-dsa
some removed packages
pywbem code copy fixed smalltalk fixed
new roundup issue new openttd issue
blender embeds bulletphysics too
add sizzlejs, it is embedded in jquery
* imagemagick uses system copy of ltdl * several no-dsa for ltdl issue * new libhaml-ruby issue already fixed * another expat no-dsa * qt4 triage * python expat issues should be fixed through DSAs
pdsh code copy fixed
fix up tracking of some embeds
more updates on embedded code copies
- track gs-gpl as old version of ghostscript - expat issue in xulrunner is unimportant
ghostscript uses system jasper shared lib
expat updates: - udunits fixed recently - vtk fixed in 2003 - texlive not affected - mark poco and simgear as unimportant parser not affected by ltdl issue
* libaws code copy fixed * puppet fixed * more ltdl updates * mark css/history issue as unimportant * mark further expat issues w/o security impact as unimportant * xfs fixed * fix srcpkg name of kpdf, fixed in 4.0 by switch to Okular
expat updates
* xulrunner fixed * clamav ltdl copy fixed some time ago * celementtree expat copy fixed before etch release
* new xulrunner issues * sitecopy code copies fixed a long time ago * xmlsec1 uses ltdl properly * ggobi ltdl code copy fixed * more severity adjustments for expat issues
another update on ltdl
* updates on libtool issues * xfig fixed * zoph fixed * liboggplay fixed * update fixed version for firefox-sage * wxwidgets code copies of expat fixed * ayttm/expat fixed * start readjusting some of the expat issue, calling most of them security issues is stretching things too far * fix acpid entry * xen fixed
expat update
some expat updates
recent non-numbered issues, libtool, and various other updates
qemu embeds
supertuxkart contains an old version of bulletphysics
libwordpress-xmlrpc-perl was removed from unstable/testing. References: - http://packages.qa.debian.org/libw/libwordpress-xmlrpc-perl/news/20091208T161759Z.html - http://packages.qa.debian.org/libw/libwordpress-xmlrpc-perl/news/20091209T163928Z.html
apr ships a copy of libtool
python-cxx-dev and zipios++ were removed from freecad source.
libtool updates
add xdotool convenience copy in keynav seen on mentors
- updates on libtool code copies: * snbc, dico and unixodbc use the system copy * hypre and babel fixed, but no-dsa for Lenny/Etch - update poppler issue for code copies - fix kfreebsd bug num - new devil issue - fix tracking for dstat
enigma embeds zipios++.
Add more lua/tolua(++) embeds.
freeradius uses system libltdl
another expat embed
orpie used to embed ocamlgsl.
bugs submitted for libtool...yay
classpath issue
php5 issue also affects php4
info for dovecot and libgadu issues
info for jasper, ghostscript, and vlc issues
info for wordpress and jetty issues
new webkit issues
Embedded copies from Guillem Jover.
there is an itp for tinyxml with a package already available on mentors - anyone want to sponsor this?
Embeds of tinyxml.
correct bug for xulrunner embeds
Embedded copies of IPC
Embedded copies of dtoa.
- evolution unimportant - two BSD issues NFU - only one CVE ID is used for the dtoa issue - mark two browser RNG issues as unimportant - xen fixed - libhtml-prototype-perl fixed, also fixes code copies
Add iceape/libvorbis bug.
Remove liboggz/liboggplay xulrunner bugs since they are the wrong one and there does not appear to be bugs about these.
- iceweasel uses xulrunner - theora instances are embeds (only the makefile differs) - track some more cases of embeds in iceape
Mozilla stuff supporting HTML5 contains a patched-up libtheora. Notification at http://lwn.net/Articles/364655/
add trigger-rally/glew
some quake engine embeds
- exaile patch was broken, update fixed version - fix CVE ID in wireshark DSA - update gforge code copies - mark kdegraphics 4 as fixed, since okular links dynamically against poppler - mysql-ocaml, fwbuilder fixed - xerces buglet won't be fixed - track fwbuilder by source package name
codespeak-lib and ruledispatch no longer embed Python stdlib modules.
another package that embeds prototypejs
python-django-extension no longer embeds Python stdlib modules.
jhbuild no longer embed stdlib Python modules.
freeciv embeds tolua.
Fix typo in a package name.
ocropus embeds lua and tolua.
- bugs submitted for kvm issues - kernel triage - prototypejs updates - bugs submitted for libjs-yui issue
NFUs CVE-2007-2383 and CVE-2008-7720 fixed in hobix 0.5~svn20070319-4
pixelpost embedded copies were fixed in 1.7.1-6.
Add embedded copy of python-dateutil.
boa-constructor no longer embeds pyparsing.
More embeds of Python stdlib modules.
Update embeds for duplicity.
bugs submitted for some old low-urgency firefox issues
- some prototypejs updates - eglibc issue fixed in sid
gedit no longer embeds elementtree.
various updates
Add versions for fixed feedparser embeds.
wesnoth not-affected by prototype.js issue
some fixed prototypejs issues; thanks to some quick reaction by quite a few maintainers!
scriptaculous uses system prototypejs
wordpress embeds scriptaculous, which is already fixed
Another bunch of Python-related bugs.
Fix bug number for miro/python-feedparser.
Add code copies embedded in gmic (ITPed).
Bugs for embeds of external Python modules.
bugs for prototypejs (more to do: scriptaculous, lucene, horde3, but i'm tired; will get to it in the next few days)
Add packages embedding txt2tags and htmltextview.
tin has been linking dynamically to PCRE since 980117-1.
Explain why wireshark and nipy embeds are non-issues.
paraview embeds vtk
Add embeds of agg.
- <not-affected> embeds should have a justification - can someone write justifications the wireshark and nipy issues?
Add bug# for rawdog embedding feedparser.
Add embeds of python-ply.
pidgin indeed links dynamically to libgadu. So does gaim in etch.
Fix typos.
Fix typo in a bug number.
Fix a typo, remove a duplicate.
Add embeds of feedparser.
unicode-data embeds (tracking this is somewhat pedantic since a security issue is unlikely in this data, but if there ever is one knowing the embeds will be useful)
lucene embeds
mochikit embeds
rt3.8 also embeds scriptaculous
some fixed prototypejs embeds
complete prototypejs embeds list
some fixed kernel issues and more xulrunner embeds
ffmpeg copy removed from avifile
apache and apr-util haven't used the embedded expat at least since etch
coherence (>= 0.6.2-1) does not embed mochikit.
More Python-releated embeds.
Add Python embeds.
Add embedded copies of elementtree.
Fix typos in package names.
Update version information for embeds of smart. smart uses expat only indirectly, via the cElementTree module. Starting with smart 0.51, upstream build system refrains from building this module if it is already included in the Python stdlib. smart (>= 1.0-1) packages were built with Python 2.5, which does bundle cElementTree.
expat embeds and embeds in python
More embeds of python-urlgrabber.
Add embeds for beautifulsoup, python-clientform, python-mechanize, pexpect, pyparsing.
Remove superfluous trailing colons.
Add a bunch of configobj embeds.
nmap 5.00-1 links dynamically to liblua.
gnome-peercast, luxrender, w3c-libwww have been removed from the archive. References: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=20;bug=469169 http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=21;bug=547514 http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=10;bug=552033
s/w3c-www/w3c-libwww/
Remove duplicate entry for erlang (embedding zlib).
beautifulsoup is embedded by python-mechanize, not the other way round.
gamera, hg-git updates from Jakub Wilk
track glibc as an old-version of eglibc
added enet at Ansgar Burchardt's request (#497194)
- as per discussion a while back, kompozer as unsupported - chromium issue - expat issue - expat embeds - track xerces old versions
suspend2 is an old version of tuxonice
track old versions of the linux source packages
- new xpdf issue - track poppler as fork of xpdf - bug submitted for swftools embed of xpdf
xmovie is a static embed
- advi affected by camlimages issue due to static link - bug submitted for advi static link - fix dillo issue tracking
- iaxmodem embeds - curl and wget actually fork libntlm - cntlm also forks libntlm - netbeans-ide no longer embeds prototypejs
correct uses of old-version
track opensaml/shibboleth as old-versions
linux-kbuild-2.6 embeds linux-2.6
ajaxterm embeds qweb
embeds in kvm
freecad also embedds libzipios++-dev, thanks guillem!
python-cxx-dev embedded by freecad
dovecot in etch/lenny also affected by cyrus code copy - note that cve text says > 1.0.4 fixed, but i've checked lenny's 1.0.15 and its code is still vulnerable
kolab-cyrus-imapd is a fork of the cyrus package
typo
texlive-bin embeds a forked icu
webkit does make use of system icu and pcre libs
webkit stuff
minor formatting update
some updates to embedded-code-copies
enblend-enfuse source was being tracked as enblend-fuse
- mozilla source is now iceape - firefox, mozilla-firefox, thunderbird, mozilla-thunderbird are all binary packages from iceape - iceweasel, icedove, and xulrunner should be considered forks - nvu is in the removed-packages list
rework versioning to use xulrunner source package rather than binary packages
more updates on xulrunner - do a better job of tracking all of the versions - cairo embedded, but correctly dynamically linked in all versions etch->experimental
checked current lenny and sid xulrunner; both are dynamically linked to libpng (clarifies ambiguous info in embedded-code-copies)
fix up my recent changes to use appropriate [release] and <itp> tags
embedded-code-copies cleanup and bring removed-packages up to date
update yajl/argyll situation
add erlang to e-c-c
Fix some entries
introduction of inject-embedded-code-copies
bug submitted for qemu embed in kvm
add info about xyssl/polarssl code copies/forkage
avifile code copy ruby fixed xerces fixed
Updated wordpress embedded code copies
new code copies, thanks to Jakub Wilk
serendipity embeds some pear modules
add xz-utils as a fork of the lzma package
- fix typo - apache issue doesn't warrant a dsa
- new non-numbered issues - new xulrunner embeds libvorbis - bugs submitted for libvorbis cve
adept embedes libept
- new non-numbered issues for the past few weeks... - avifile embeds ffmeg - info on wordpress issue
Data maintenance based on bug reports
embedded code copies from Jakub Wilk, thanks
memcachedb embeds code from memcache
add yajl
- embedded libbsd code copy fixed - django fixed in spu upload
claws embedded code copies
request-tracker3.8 embeds fckeditor
advi compiles statically against camlimages
per http://lists.debian.org/debian-security/2009/07/msg00011.html
- lrmi code copy - new backuppc issue - bugnum
proposed spu updates
kompozer issues tracking
- bugnums - another embedded code copy from the BTS
- more embedded code copies from the BTS - bugnum - new pgp4pine issue
torrentflux embedds adodb but removes it on build from the installation directory
* Note uploads for CVE-2008-6792. * Add a small remark to the status of nmap/liblua embedding.
nmap/liblua bug filed.
While we're there: nmap also embeds liblua.
nmap has an embedded libdumbnet/libdnet fork
General maintenance/cleanup
pyke embeds python-ply, thanks Chris Lamb
swfpdf embeds xpdf -- round one
libwmf embeds gd
Update list of packages embedding or linking statically to zlib, based on the lintian check
record the bouncycastle embed in earlier libitext-java
- monotone no longer uses embedded libs - remote horde ospu entry now that it's fixed in a DSA - new wireshark issues (unfixed in sid) - two new openafs issues (fixed in sid) - two new kernel issues - postgresql no-dsa (postgres point releases are regularly synced into Debian stable updates) - update on ecryptfs kernel issue - NFUs
kdegraphics is linking against poppler now
argyll affected by recent ICC issues from ghostscript
haxe & mtasc both share swflib & extc
note down irssi-plugin-silc embedding irssi code
libpng embedded in mozilla
- fckeditor and geshi code copies fixed - more bugzilla issues CVEfied - unimportant libpng issue fixed - adjust some kernel severities
Updated embedded php stuff list, thanks to the lintian check
add libiris/libidn
sdl-mixer1.2 is embedding libmikmod
geany folks revealed on the upstream bug that their scintilla copy is a minor fork
synfig embeds libltdl too
update info about the quesoglc embeds
move minorGems to the upstream line
update scintilla info, fix anjunta (embed not old-version)
update minorGems info
RFE filed upstream about scintilla shared lib
anjuta contains an old version of scintilla
halibut in nsis is actually a fork
Add pdfedit to embedded-code-copies
I have added checking of embedded-code-copies to the pre-commit hook. This is a test commit.
remove duplicate bennu entry
wesnoth devel branch now contains jquery and its tablesorter extension
mc doesn't have samba support anymore
openjdk-6 embeds lcms (version 1.16, it seems)
mplayer builds against system-wide faad copy which fixes CVE-2008-5244
tuxcmd-modules(itp) embeds zlib
- fix broken moodle entry - updates on embedded code copies
one genshi code copy fixed
New batch of embedded code copies (more will come thanks to lintian)
New php issue
axyl is gone use libphp-cas to track the copies of domxml-php4-php5.php new minor php5 issue know about partially-published phpcas issues
Add bugreport for moodle embedded code copies
moodle is bad, but a single entry for libphp-adodb is still sufficient :)
embedded code copy in typo3 fixed
gforge embedded code copies fixed
dokuwiki fixed by using php-geshi
pgfouine 1.0-1.1 now uses system-wide geshi copy CVE-2008-4810 fixed in moodle 1.8.2-2 CVE-2008-4192 fixed in redhat-cluster 2.20081102-1
New upload of moodle fixes most issues
Processed some CVEs and added information about embedded copies in KDE stuff
fix srcpkg name
Know about typo's itp and the copy of webcalendar in gforge-plugins-extra
- fix source package name - kadu fixed
dokuwiki and pgfuine are also affected by the GeSHi issue
fix broken embedded-code-copies entry for gadu, ekg also affected by CVE-2008-4776 and fixed in 1:1.8~rc0-1
CVE-2008-4776 fixed in kadu 0.6.0.2-3 by linking against libgadu
kadu embedding libgadu
wordpress fixed
mahara fixed
Some pseudo/bin-pkg to srcpkg name conversions plus a large update of php and js related packages
egroupware vulnerable to libphp-phpmailer issue; added note to embedded-code-copies for egw; added note to copies file for phpgroupware
ampache and mediamate fixed in sid; mediamate issue is unimportant
Update the list of affected packages by CVE-2008-4796 and CVE-2007-3215, now those in etch but not in lenny
Partially update the list of embedded js and php scripts with lintian's reports
Know about the embedded copy of Snoopy.class in wordpress and moodle (CVE-2008-4796), and the bug number for wordpress/CVE-2008-1502
Finish snoopy triage (I had the dog now)
add some embeddings found by Steffen
add java/openjdk
add notle about pcmanfm embedding exo
qemu is embedded by xen
pcmanfm embeds exo, thanks Yves-Alexis Perez
qcake embeds quazip starting from 0.6.4
ldiskfsprogs from Lustre will embed e2fsprogs
icedove fixed emacs22 fixed
wordpress doesnt use embedded tinymce copy anymore. please only mark as not-affected if it is really not, if the code was present some time ago but is not anymore then mark this version as the fixed one
gallery2 now uses system wide smarty copy
updates on ffmpeg embedders
checked another ffmpeg embedding issue
new embedding: sprng xvidcap not in the archive kino fixed
kvm embeds vgabios and bochsbios from bochs
fix glib source package name
glib udeb also builds against system pcre version since 2.15.2-1
updates on embedded code copies bugzilla no-dsa add missing CVE ID to libimager-perl DSA fix two incorrect ruby entries remove some NOTEs present in the respective CVE entries new kernel issue, mark unfixed for now until it's been figured out when this was fixed upstream resolve old gpg TODO NFUs
insight embeds a copy of gdb
pan embeds uudeview, however not affected by CVE-2008-2266
update for blender as supplied by Cyril Brulebois
phpgedview removed (but fixed a few weeks ago anyway, but still has a copy in stable)
pcre embedded by webkit and thus qt4-x11
fix srcpackage name of tetex embedding xpdf
record kazehakase/pcre
add a ton of packages that embed prototype.js
reverse entries i just added
Add bug number for tinymce embedded in wordpress Add magic RFS embedded code copy Add ode embedded code copies of opcode and gimpact
added speex to embedded-code-copies
kvm embeds qemu, properly list libarchive
abiword embeds wv
Add blender to embedded-code-copies, thanks to Cyril
fix wxwindows embedding tiff, thanks Ron for the pointer
qt4 embeds webkit, thanks pusling for the heads up
embedded-code-copies: update libarchive
embedded-code-copies: added libarchive
tin embedds pcre but uses system wide copy for linking
embedded code copies: quesoglc, cultivation and transcend for: fribidi, glew and minorGems
mahara embedding smarty fixed in 0.9.2-2
gosa dropped Smarty years ago, only in oldstable still
smarty also embedded by mahara and gosa mediawiki cveified
gallery2/moodle embed smarty
boson embeds a forked plib
fixing source package name
mc embedds libsmb-dev
gnome-peercast embeds peercast. See bug, removal seems the best solution.
wine embedds giflib
embedded-code-copies: Describe Tk situation
embedded-code-copies: Dcoument syntax additions
wml embeds libgd fork insecure tmpfile handling fixed in wml 2.0.11-3.1
knowledgeroot now uses system wide copy of fckeditor
reword and rewrap
- new mplayer/xine-lib issues - CVE-2006-4484 affects tk and netpbm
vlc embedds parts of xine-lib
add more code copies reported by Cyril Brulebois
filed bug for knowledgeroot embedding fckeditor
mysql embedds yassl
fix typo
some syntax fixes
further conversions, mission accomplished
further format conversions
further conversions
adding the fork sort and adjusting sylpheed
more conversions to new format
conversions to new file format
more work on code copies
adapted zlib to new embedded copies format
libcomplearn-mod-ppmd is embedding ppmd
record fix for texlive simplify a bit
converting more items to the new format
use embed/static instead of static/dynamic
clamav DSA asterisk issue postponed one cups issue still affects sarge, though not really severe
adding distribution tags instead of NOTE
adapting xpdf to new embedded code copies format
adding format specification for embedded code copies, cleanup follows
gtamsanalyzer.app embeds pcre in older versions
embedded copy of pcre in vfu fixed in NMU by KiBi
update on yacas embedded code copy
add yacas to pcre embedded copies
embedded-code-copies: tetex-bin and texlive-bin use system t1lib
embedded-code-copies: xpdf in texlive-bin (but uses poppler)
embedded-code-copies: t1lib in tetex-bin and texlive-bin
pigdin update no-dsa for dar
added information about poppler embedded in ruby-gnome2
we dont have tikiwik in the archive
kchmviewer exists as a package, modified
Roland is fast
- fckeditor now packaged separately, filed bugs - pcre fixes in sarge and etch address older pcre issue as well - libpng no-dsa
embedded-code-copies: exim4 has embedded pcre but links against external
embedded-code-copies: apache2 has embedded pcre, but linked to external
bug for vfu
add pcre embedded in glib udeb info
ipplan embedds adodb as well
typo3 also ships adodb
fixes for ffmpeg
more embedded code copies
Add note about pax code being in tar and cpio
add package to copies not other way round
add package to copies not other way round
add libgc and zlib for mono
add qscintilla2
gforge-plugins-extra also embedds fckeditor
Add moin and karrigell to the code duplication file
jasper is embedded in ghostscript
- monotone embeds lots of things - remove fckeditor duplicate - add alpine
added libiax included by iaxmodem to embedded code copies, thanks Julien Blache
added ccontrol embedded dietlibc code (via static linking)
CVE-2005-2491 vfu not-affected added vfu to the embedded code copies of pcre, thanks Seo Sanghyeon
silc-client embedds parts of silc-toolkit, thanks Jérémy Bobbio
synfig does no longer include its own copy of etl
knowledgeroot ships its own copy of fckeditor
add ardour embedded code copies
rpcsec_gss code
fix mecab version spamassassin no-dsa
NFUs: 31 unfixed: gftp linux-2.6 openssl fixed: libvorbis sleuthkit vim not-affected: wpasupplicant embedded: fpslib in gftp
update xpdf status
ipe embeds xpdf
add libwpd to the embedded-code-copies list
checked vlc for DMO overflow
NFUs: 6 unfixed: mplayer viewcvs xine-lib fixed: iceweasel libapache2-mod-python xulrunner
update embedded-code-copies for rar/unrar
really merge all entries from the wiki
merge additional entries from wiki page and update some other entries
- gst-plugins-bad0.10 embeds libmodplug - CVE-2006-4192 affects gst-plugins-bad0.10
- CVE-2006-433[5-7]: gzip issues affect lha as well (high) - CVE-2006-4800 gst-ffmpeg and gstreamer0.10-ffmpeg contain ffmpeg (medium) - CVE-2006-5751: new linux issue (medium) - CVE-2006-6071: new twiki issue
added neon embeds
mplayer embeds ffmpeg
added everythign moodle embeds
merged two entries
noted cacti's fix in etch, thanks seanius
added busybox to gzip
added some gzip embedded code copies, note I checked CVE-2006-4338 CVE-2006-4337, CVE-2006-4336, CVE-2006-4335, CVE-2005-0988 and none affect
- CVE-2006-4561 new firefox issue (low) - tikiwiki CVEified - CVE-2006-4618 adodb not affected (in 6 packages) - CVE-2006-4455 xchat not affected - some NFUs
Added some scite, qscintilla and geany as embedding scintilla code
- knowledgeroot includes FCKeditor. This may involve CVE-2006-3362, CVE-2006-2529, CVE-2006-0921, CVE-2006-0658, CVE-2005-4094, CVE-2005-4095, CVE-2005-0613 - TinyMCE is included in wordpress, moodle, knowledgeroot: This might involve CVE-2005-4599, CVE-2005-4600, CVE-2006-3602 - CVE-2006-3011: new php safe mode issue - CVE-2006-3336: new TWiki issue - CVE-2006-3360: new phpsysinfo issue - some NFUs
xine-lib includes libmms and is affected by CVE-2006-2200
two more DSAs
Added cacti as embedding libphp-adodb
Added info on who runs what buildd arch, added libphp-adodb info to embedded copies list and bug numbers for moodle security issues
bomberclone fixed
noting some other embedded code copies
update on xpdf mess claim
new xpdf issue remove mydns dupe
yeah, another xpdf copy gone
doh, the firefox src pkg has been renamed for 1.5 some bugnums
new pdfkit.framework DSA
graphicsmagick embeds imagemagick code, fixed now
new pine issue
new cpio issue some not-affected phpmyadmin issue turned out to be unimportant lots of NFUs
more syntax conversions
libavcodec should really be fixed to provide a library to link dynmically against
claim
CVE-2005-4048: mplayer, gst-ffmpeg vulnerable; kino is not CVE-2005-3392, CVE-2005-3391: PHP safe mode vulnerabilities, low impact
updates on embedded-code-copies
new curl issue track another local code copy
libextractor embeds a copy of xpdf as well, what a mess
track koffice copy of xpdf code xpdf fixed (info from changelog is wrong) minor kernel update xpdf bugnums
track embedded code copies from xine-lib; what a mess
flash installer "fixed"
more code incest
phpsysinfo issues affect egroupware as well
bugnums, add sylpheed to e-c-c
more removed code copies, pvpgn embedded zlib until recently
webmin/usermin code incest
firefox strikes again
add ref mount code
the ongoing phpbb2 version madness
uudeview shares code with uudecode perl module remove stray aide entry from the dsa list (already covered in CAN/list)
gnumeric/pcre confirmed non-vulnerable amarok/sqlite code sharing (no vulnerabilities known, but let's be prepared)
xvpm fixed current gnumeric does not contain pcre libconvert-uulib-perl contains a copy of uulib from uudeview
update on embedded copies new firefox dsa. joeyh: the firefox dtsa should probably be reverted and based on 1.0.6
new phpldapadmin issue minor update on embedded-c-c BTW, why are the openvpn issues tracked as urgency high? AFAICS these are only relatively hard to triggerable DoS vulnerabilities, or does anyone have additional information?
cvs fixed python2.1 fixed some updates on embedded-code-copies
poppler embeds xpdf code as well
cplay and tleds fixed, pythons seem to embed a pcre copy as well
pcre fixed, gnumeric seems affected as well
gcvs embeds vulnerable cvsbug script
processed most of my block, unclaimed the rest fudforum bug
new clamav dsa track more local code copies
gadu/gaim update
lots of new cases of embedded code, which had security problems in the past.
lets track embedded code copies
This form allows you to request diffs between any two revisions of this file. For each of the two "sides" of the diff, enter a numeric revision.
| ViewVC Help | |
| Powered by ViewVC 1.1.5 |