/[secure-testing]/data/embedded-code-copies
ViewVC logotype

Contents of /data/embedded-code-copies

Parent Directory Parent Directory | Revision Log Revision Log

Revision 13928 - (show annotations) (download)
Wed Jan 27 07:05:28 2010 UTC (3 years, 3 months ago) by joeyh
File size: 49435 byte(s) 
note that pstine-tar embeds a modified version of gzip's compressor
1 Embedded code copies
2 ====================
3
4 This file collects source packages that embed code from other projects.
5 This is considered bad for fixing security flaws because the fix needs
6 to be applied in multiple source packages.
7
8 Format:
9 <srcpkg> (<optional comment about srcpkg>)
10 - <embedding srcpkg> <status> (<sort>; bug #<number>)
11 NOTE: optional comments about the linkage of the embedding srcpkg
12
13 status: version number fixing the embedded copy, <unfixed>, <removed>,
14 <itp>, <not-affected>, <unknown> if the version number can not
15 be determined, or <unfixable> for unavoidable cases (e.g., forks
16 that add real value)
17 sort: static (linking statically against a lib)
18 embed (embeds a copy of the library into another source package)
19 modified-embed (embeds a code copy that differs from upstream code)
20 fork (a full-blown fork of another source package)
21 old-version (an older version of essentially the same code)
22
23 The srcpkg might be some string to identify the code if there is no
24 specific source package.
25
26 Everything up to the next line is ignored.
27 ---BEGIN
28 xpdf (some srcpkgs use xpdf2 code, some xpdf3 code)
29 NOTE: Fixed packages link to poppler library unless otherwise noted
30 - pdftohtml <unknown>
31 [sarge] - pdftohtml <unfixed>
32 [etch] - pdftohtml <unfixed>
33 NOTE: has been replaced by poppler-utils
34 - kdegraphics 4:4.2.2-1 (embed; bug #436164)
35 - texlive-base 3.0-12 (embed)
36 - texlive-bin 2007-1 (embed)
37 NOTE: links to poppler
38 - koffice <unfixed> (embed; bug #436163)
39 - libextractor 0.5.12-1 (embed)
40 NOTE: libextractor is using its own pdf decoder now
41 - ipe <unfixed> (embed)
42 NOTE: embeds small parts with renamed source files: ipestdfonts.cpp, ipefonts.cpp, ipedct.cpp
43 - ruby-gnome2 <unknown> (embed)
44 NOTE: copy only present in source but links to poppler
45 - pdfedit <unfixed> (embed; bug #510794)
46 - swftools <unfixed> (embed; bug #551293)
47 - poppler <unfixable> (fork)
48
49 ppmd
50 - libcomplearn-mod-ppmd <unfixed> (fork)
51 NOTE: discussion in #458152
52
53 libevent
54 - transmission 1.71-1 (embed; bug #529372)
55
56 lrmi
57 - read-edid 2.0.0-1 (embed; bug #495131)
58 - s3switch <unfixed> (embed)
59 - xresprobe <unfixed> (embed)
60 - zhcon <unfixed> (embed)
61
62 peercast
63 - gnome-peercast <removed> (embed)
64 [etch] - gnome-peercast <unfixed> (embed)
65
66 silc-toolkit
67 - silc-client 1.1~beta6-1 (embed)
68
69 icclib
70 - ghostscript <unfixed> (embed)
71 - argyll <unfixed> (embed)
72
73 libusb
74 - argyll <unfixed> (embed)
75
76 dietlibc
77 - ccontrol 0.9.1+20071204-1 (static)
78
79 libmikmod
80 - sdl-mixer1.2 <unfixed> (embed)
81 TODO: report bug
82
83 libiax
84 - iaxmodem <unfixable> (embed; bug #548885)
85
86 spandsp
87 - iaxmodem <unfixable> (embed; bug #548885)
88
89 python-paramiko
90 - fabric 0.9.0-2 (embed; bug #561398)
91
92 zlib (lots of apps embed a copy, but link dynamically, but there are a few exceptions)
93 - dpkg <unfixed> (static)
94 NOTE: see 18196.48620.491996.624772@davenant.relativity.greenend.org.uk on debian-devel for discussion
95 - rsync <unfixed> (embed)
96 - cherokee <unfixed> (embed)
97 NOTE: somehow derived code base
98 - mono <unfixed> (embed)
99 TODO: check mozilla
100 - Linux kernels <unfixed> (embed)
101 - pvpgn 1.7.8-2 (embed)
102 - mrtg 2.12.2-1 (embed)
103 - rpm <unknown> (embed)
104 NOTE: pinged anibal since when rpm was fixed
105 - tuxcmd-modules <unfixed> (embed)
106 - zsync <unfixed>
107 - tra <unfixed>
108 - sash <unfixed>
109 - nsis <unfixed>
110 - mseide-msegui <unfixed>
111 NOTE: mseide
112 - mirrordir <unfixed>
113 - poco <unfixed>
114 - klibc <unfixed>
115 - ghostscript <unfixed>
116 - freeimage <unfixed>
117 - clamav <unfixed> (fork)
118 NOTE: from the changelog: "libclamav6 does indeed duplicate parts of the zlib code, but there is not way around that"
119 - tuxonice-userui <unfixed>
120 - plt-scheme <unfixed>
121 - perl <unfixed>
122 - paraview <unfixed>
123 - velvet 0.7.56~nozlibcopy-1
124 - gcvs <unfixed>
125 - dump <unfixed>
126 - aide <unfixed> (static)
127 - dar <unfixed> (static)
128 - avfs <unfixed>
129 - fpc <unfixed>
130 - winff <unfixed>
131 NOTE: inherited from fpc, see #472304
132 - lazarus <unfixed>
133 NOTE: inherited from fpc, see #472304
134 - erlang <unfixed> (embed)
135 - gamera 3.2.3-1 (embed)
136 - python2.4 <unfixed> (embed; bug #553403)
137 - python2.5 <unfixed> (embed; bug #553403)
138
139 dulwich
140 - hg-git 0.1.0-1 (embed; bug #541996)
141
142 libvigraimpex
143 - hugin <unfixed> (embed; bug #542259)
144 - enblend-enfuse <unfixed> (embed; bug #542258)
145 - gamera 3.2.3-1 (embed)
146
147 libbz2
148 - dpkg <unfixed> (static)
149
150 libyahoo2
151 - centerim <unfixed> (embed; bug #559783)
152
153 libmsn
154 - centerim <unfixed> (embed; bug #559783)
155
156 libgadu
157 - centerim <unfixed> (embed; bug #559783)
158 - pidgin <not-affected> (links dynamically since initial release; fixed in gaim)
159 - gaim 1:2.0.0+beta3-3 (embed; bug #360280)
160 - kdenetwork 4:3.3.2-5 (embed)
161 NOTE: from kdenetwork: kopete
162 - ekg 1:1.8~rc0-1 (embed)
163 - kadu 0.6.0.2-3 (embed; bug #504430)
164 - gadu <itp> (embed)
165
166 xmlrpc (which package is the "origin" of this code?)
167 - drupal <unfixed> (embed)
168 - phpgroupware <unfixed> (embed)
169 - egroupware <unfixed> (embed)
170 - phpwiki <unfixed> (embed)
171 - php4 <unfixed> (embed)
172 TODO: check, php-pear, IIRC this was reorganized some weeks ago?
173
174 shtool (affects build-time only)
175 - mysql-ocaml <unfixed> (embed)
176 - php4 <unfixed> (embed)
177
178 xulrunner
179 - iceape <unfixed> (embed; bug #561749)
180 - iceweasel 2.0.0.19 (embed)
181 - icedove <unfixed> (embed; bug #561750)
182 - kompozer <unfixed> (embed; bug #532168)
183 - galeon 2.0.2-4 (embed)
184 - epiphany-browser 2.14.3-8 (embed)
185 - conkeror 0.9~git080629-2 (embed)
186 - kazehakase 0.4.2-1 (embed)
187
188 xli
189 - xloadimage <unfixed> (embed)
190
191 lesstif (beware: two different lesstif APIs supported in one package, MOTIF 1.2 discarded upstream)
192 - openmotif <unfixed> (embed)
193 - libxpm <unfixed> (embed)
194
195 kerberized apps with BSD origin
196 - krb4 <removed> (embed)
197 - krb5 <unfixed> (embed)
198 - heimdal <unfixed> (embed)
199
200 grip (which pkg is the origin?)
201 - libcdaudio <unfixed>
202 - grip <unfixed>
203 - gnome-vfs <unfixed>
204 TODO: check vfs2 as well
205
206 fudforum
207 [etch] - phpgroupware <unfixed> (embed)
208 NOTE: phpgroupware-fudforum
209 [sarge] - egroupware-fudforum <removed> (embed)
210
211 libbsd
212 - rdate 1:1.2-3 (embed)
213 - atheme-services <unfixed>
214 - libbsd-arc4random-perl <unfixed>
215 - isakmpd <unfixed>
216 - bsdgames <unfixed> (embed)
217 - bsd-mailx <unfixed> (embed)
218 - netcat-openbsd <unfixed> (embed; bug #550611)
219 - openssh <unfixed> (embed)
220 - unworkable <unfixed> (embed)
221
222 cvs
223 - gcvs <unfixed> (embed)
224 NOTE: see cvsunix/src in tarball
225
226 pcre3
227 - php4 <unknown> (embed)
228 - analog 2:5.23-0woody1 (embed)
229 - goffice <unfixed> (embed)
230 NOTE: libgoffice-*
231 - vfu 4.06-4.1 (embed; bug #450754)
232 - tf5 5.0beta7-1 (embed)
233 - monotone 0.43-1 (embed)
234 NOTE: this only affects versions >= 0.37
235 - glib2.0 2.15.2-1 (embed)
236 - apache2 2.0.53-4 (embed)
237 - exim4 4.10-0.srh20.12 (embed)
238 - yacas <unfixed> (embed)
239 NOTE: <= 1.0.x; is using pcre to scan text, can execute shell commands via the syntax anyway
240 - gtamsanalyzer.app 0.42-5 (embed)
241 - tin 980117-1 (embed)
242 - kazehakase 0.5.2-1
243 - webkit 1.0.1-1 (embed)
244 - qt4-x11 <unfixed> (embed)
245 NOTE: embedded via webkit copy
246 - erlang <unfixed> (embed)
247 - ssed <unfixed> (embed)
248
249 tiff
250 - wxwindows2.4 2.2.1 (embed)
251 - gamera 3.2.3-1 (embed)
252
253 uudeview
254 - libconvert-uulib-perl <unfixed> (embed)
255 - pan <unfixed> (embed)
256
257 sqlite (not affected by security vulnerabilities so far)
258 - amarok <unfixed> (embed)
259 - monotone 0.43-1 (embed)
260 - iceweasel <unfixed> (embed)
261 - heimdal <unfixed> (embed; bug #559616)
262
263 util-linux/mount
264 - loop-aes-utils <unfixed> (embed)
265 NOTE: contains code from util-linux' mount in the mount-aes-udeb
266
267 sylpheed
268 - sylpheed-claws <unfixed> (fork)
269
270 phpsysinfo
271 - egroupware <unfixed> (embed)
272 - phpgroupware <unfixed> (embed)
273
274 phpldapadmin
275 [sarge] - egroupware <unfixed> (embed)
276 NOTE: removed from egroupware after sarge
277
278 chmlib
279 - kchmviewer <unknown> (embed)
280
281 ffmpeg (libavcodec/libavformat)
282 - mplayer 1.0~rc2-14 (embed; bug #395252)
283 - kino 1.0.0-1
284 - vlc <not-affected> (Links dynamically since initial release)
285 - smilutils 0.3.0-10
286 NOTE: smilutils likely fixed earlier, marking Etch's version as fixed
287 - motion 3.1.19-1
288 - gstreamer0.10-ffmpeg 0.10.3-2
289 - xmovie <removed> (static)
290 TODO: gimp-gap (potentially using ffmpeg code as well)
291 - avifile 1:0.7.48~20090503.ds-1 (embed; bug #538750)
292 - audacity 1.3.7-2 (embed; bug #512278)
293
294 faad2
295 - mplayer 1.0~rc2-20 (embed)
296 - avifile <unfixed> (embed; bug #538750)
297 - ffmpeg-debian <removed> (old-version)
298
299 libmad (MPEG decoding lib)
300 - xine-lib <unfixed> (embed)
301 - avifile 1:0.7.48~20090503.ds-1 (embed) [./plugins/libmad/*]
302 TODO: check ocaml-mad, madplay, pymad, xmms-mad, xmms2
303
304 libdts
305 - xine-lib <unfixed> (embed)
306
307 flac
308 - xine-lib <unfixed> (embed)
309
310 liba52
311 - a52dec <unfixed> (embed)
312 - xine-lib <unfixed> (embed)
313
314 libmpeg2
315 - mpeg2dec <unfixed> (embed)
316 - xine-lib <unfixed> (embed)
317
318 libntlm
319 - wget <unfixed> (fork; bug #550436)
320 - curl <unfixed> (fork; bug #550437)
321 - cntlm <unfixed> (fork; bug #550438)
322
323 uw-imap
324 - pine <unfixed> (embed)
325 - alpine <unfixed> (embed)
326
327 imagemagick
328 - graphicsmagick <unfixed> (fork)
329
330 python-urlgrabber
331 - mercurial <unfixed> (embed; bug #531062)
332 - w3af <unfixed> (embed; bug #555372)
333 [experimental] - harvestman <unfixed> (embed; bug #555373)
334
335 beautifulsoup
336 - python-mechanize <unfixed> (embed; bug #555349)
337 - zope2.11 <removed> (embed; bug #555350)
338 - twill <unknown> (embed)
339
340 halibut
341 - nsis <unfixed> (fork)
342
343 libghttp
344 - hotway <unfixed> (embed)
345
346 libsndfile
347 - ardour 1:2.7.1-1 (embed)
348
349 glibmm2.4
350 - ardour 1:2.7.1-1 (embed)
351
352 libgnomecanvasmm2.6
353 - ardour 1:2.7.1-1 (embed)
354
355 libsigc++-2.0
356 - ardour 1:2.7.1-1 (embed)
357
358 soundtouch
359 - ardour 1:2.7.1-1 (embed)
360
361 libmms
362 - xine-lib <unfixed> (embed)
363 - mimms <unfixed> (embed)
364
365 fckeditor
366 - knowledgeroot 0.9.8.5-3 (embed; bug #461555)
367 - moin 1.8.2-2 (embed; bug #452599)
368 - karrigell <removed> (embed; bug #452598)
369 - gforge 4.6.99+svn6225-1 (embed)
370 - request-tracker3.8 <unfixed> (embed)
371 - otrs2 <unfixed> (embed)
372
373 ipatlas (not packaged in Debian)
374 - moodle <unfixed> (embed; bug #507185)
375
376 libphp-phpmailer
377 - moodle <unfixed> (embed; bug #507185)
378 - mahara <unfixed> (embed)
379 - symfony <unfixed> (embed; bug #566778)
380 [etch] - phpgroupware <unfixed> (embed)
381 NOTE: phpgroupware-felamimail is only in etch
382 - egroupware <unfixed> (embed; bug #504283)
383 - glpi <unfixed>
384
385 htmlArea (not packaged in Debian)
386 - moodle <unfixed> (embed)
387
388 giflib
389 - wine <unfixed> (embed; bug #466181)
390
391 bennu (not packaged in Debian, http://bennu.sourceforge.net)
392 - moodle <unfixed> (embed)
393
394 smarty
395 - moodle 1.8.2-2 (embed; bug #471158)
396 - gallery2 2.2.5-2 (embed; bug #471160)
397 - mahara 0.9.2-2 (embed; bug #471201)
398 - gosa 2.4beta1-1 (embed; bug #471200)
399
400 TinyMCE
401 - wordpress 2.5.1-3 (embed; bug #478257)
402 - moodle <unfixed> (embed; bug #507185)
403 - knowledgeroot <unfixed> (embed)
404 - joomla <itp> (bug #326398)
405
406 scintilla (upstream provides static lib, rejected shared lib http://sf.net/support/tracker.php?aid=2488121)
407 - scite <unfixed> (embed)
408 - qscintilla <unfixed> (embed)
409 - qscintilla2 <unfixed> (embed)
410 - geany <unfixed> (fork)
411 - anjuta <unfixed> (embed)
412
413 libphp-adodb
414 - moodle <unfixed> (embed; bug #507185)
415 NOTE: also AdoDB-XML Schema
416 - gallery2 <unfixed> (embed)
417 - phppgadmin <unfixed> (embed)
418 - egroupware <unfixed> (embed)
419 - phpwiki <unfixed> (embed)
420 - torrentflux 2.0beta1-2 (embed)
421 - ipplan <unfixed> (embed)
422 - typo3-src <unfixed> (embed)
423 - cacti <unknown> (embed)
424 [sarge] - cacti <unfixed> (embed)
425 NOTE: dependency exists, but internal version is used
426 - gforge 4.7~rc2-6 (embed)
427 - mahara <unfixed> (embed)
428
429 gzip
430 - linux-kernel <unfixed> (embed)
431 NOTE: lib/inflate.c
432 - klibc <unfixed> (embed)
433 NOTE: based on linux-kernel gzip code
434 - busybox <unfixed> (embed)
435 - pristine-tar <unfixed> (modified-embed)
436 NOTE: compression code only, not uncompression
437
438 neon
439 - cadaver 0.22.3+debian-1 (embed; bug #188381)
440 - gnome-vfs2 <unfixed> (embed; bug #395874)
441 [etch] - litmus <unfixed> (embed; #395875)
442 - litmus <removed> (embed; #395875)
443 [sarge] - screem <unfixed> (embed)
444 - sitecopy 1:0.16.0-1 (embed; bug #395876)
445 [etch] - tla <unfixed> (embed; bug #395877)
446 [sarge] - tla <unfixed> (embed; bug #395877)
447
448 libmodplug
449 - gst-plugins-bad0.10 <unfixed> (embed)
450
451 libvncserver
452 - vino <unfixed> (embed)
453
454 putty
455 - filezilla <unfixed> (embed)
456
457 tinyxml (not packaged in Debian; itp bug #531968)
458 - filezilla <unfixed>
459 - crystalspace <unfixed> (embed)
460 - libwfut <unfixed> (embed)
461 - rarian <unfixed> (embed)
462 - bulletml <unfixed> (embed)
463 - pokerth <unfixed> (embed)
464 - qutecom <unfixed> (embed)
465 - sofa-framework <unfixed> (embed)
466 - yate <unfixed> (embed)
467 - antigrav <unfixed> (embed)
468 - balder2d <unfixed> (embed)
469 - cal3d <unfixed> (embed)
470 - criticalmass <unfixed> (embed)
471 - ember <unfixed> (embed)
472 - epiphany <unfixed> (embed)
473 - gambit <unfixed> (embed)
474 - noiz2sa <unfixed> (embed)
475 - ogre <unfixed> (embed)
476 - opencity <unfixed> (embed)
477 - openmovieeditor <unfixed> (embed)
478 - pouetchess <unfixed> (embed)
479 - tecnoballz <unfixed> (embed)
480 - trigger-rally <unfixed> (embed)
481 - xmoto <unfixed> (embed)
482 - mapnik <unknown> (embed)
483 NOTE: uses a different XML parser by default
484 - rrootage 0.23a-6 <embed>
485 NOTE: links to libbulltetml
486 - boson <unknown> (embed)
487 NOTE: the embedded code is unused
488
489 gv
490 - evince <unfixed> (embed)
491 NOTE: ps/ tree from gv 3.5.8
492 NOTE: evince-gtk is affected (a component of evince source package)
493
494 libXbae
495 - paw <removed> (embed)
496 [etch] - paw <unfixed> (embed)
497
498 libgtkhtml
499 - claws-mail-extra-plugins <unfixed> (fork)
500
501 libXaw
502 - paw <removed> (embed)
503 [etch] - paw <unfixed> (embed)
504 NOTE: I plan to deal with the above two cases after Etch release. -- KevinMcCarty
505
506 libgd2
507 - graphviz <unfixed> (embed)
508 NOTE: lib/gd seems to be 2.0.33
509 - wml <unfixed> (embed)
510 - libwmf <unfixed> (embed)
511 NOTE: derived from gd 1.6.3
512
513 rar
514 - unrar-nonfree <unfixed> (embed)
515
516 unrar-free (maybe this code is derived from the original rar, too?)
517 - clamav <unfixed> (embed)
518 NOTE: seems to be disabled in default config
519
520 mplayer (DirectMedia Object loader)
521 - xine-lib <unfixed> (embed)
522 NOTE: src/libw32dll/
523 - vlc <unfixed> (embed)
524 NOTE: modules/codec/dmo/
525 - mplayer 1.0~rc2-20 (embed)
526
527 libwpd (WordPerfect converter)
528 - openoffice.org <unfixed> (embed)
529
530 fsplib (http://sourceforge.net/projects/fsp/)
531 - gftp <unfixed> (embed)
532 NOTE: lib/fsplib version 0.3
533
534 sprng
535 - tree-puzzle <unfixed> (embed)
536
537 librpcsecgss
538 - krb5 <unfixed> (embed)
539
540 jasper
541 - ghostscript 8.64~dfsg-2 (embed)
542
543 libiris
544 - psi <unfixed> (embed)
545 - kdenetwork <unfixed> (embed)
546 NOTE: kopete embeds libiris but links dynamically to libidn
547 - kdegames <unfixed> (embed)
548 NOTE: ksirk/kde4
549
550 libidn
551 - monotone 0.43-1 (embed)
552 - psi <unfixed> (embed)
553 NOTE: psi embeds libiris which embeds libidn
554 - kdegames <unfixed> (embed)
555 NOTE: kdegames/kde4 embeds libiris which embeds libidn
556
557 lua5.1
558 - monotone 0.43-1 (embed)
559 - nmap 5.00-1 (embed; bug #527997)
560 [lenny] - nmap <unfixed> (embed; bug #527997)
561 - ocropus <unfixed> (embed)
562 - enigma <unfixed> (embed)
563 NOTE: requires lua built with C++
564 - freeciv <unfixed> (embed)
565 - spring <unfixed> (embed)
566
567 libbotan
568 - monotone 0.43-1 (embed)
569
570 NetXX
571 - monotone 0.43-1 (embed)
572
573 libgc
574 - mono <unfixed> (embed)
575
576 lzma
577 - p7zip <unfixed> (embed)
578 - xz-utils <unfixed> (fork)
579
580 lzo
581 - grub2 <unfixed> (embed)
582
583 yassl
584 - mysql-dfsg-5.0 <unfixed> (embed)
585
586 pax code
587 - tar <unfixed> (embed)
588 - cpio <unfixed> (embed)
589
590 t1lib
591 - tetex-bin 2.0.2-1 (embed)
592 - texlive-bin <unknown> (embed)
593
594 guichan
595 - boswars <unfixed> (embed)
596 NOTE: maintainer notified us, working on it
597
598 tolua
599 - boswars <unfixed> (embed)
600 NOTE: maintainer notified us, working on it
601 NOTE: actually tolua++
602 - ocropus <unfixed> (embed)
603 NOTE: actually tolua++
604 - freeciv <unfixed> (embed)
605 NOTE: actually tolua++
606 - enigma <unfixed> (embed)
607
608 asio-dev
609 - luxrender <removed> (embed)
610
611 xine-lib
612 - vlc <unfixed> (embed)
613 NOTE: only parts included in modules/access/rtsp
614
615 netpbm
616 - tcl8.3 <unfixed> (embed)
617 - tcl8.4 <unfixed> (embed)
618 - tcl8.5 <unfixed> (embed)
619 NOTE: generic/tkImgGIF.c
620
621 tk8.5
622 - tk8.0 <removed> (old-version)
623 - tk8.3 <unfixed> (old-version)
624 - tk8.4 <unfixed> (old-version)
625 - perl-tk <unfixable> (fork)
626
627 samba
628 - mc 2:4.6.2~git20080311-1 (embed)
629 NOTE: maintainer is aware of this, currently searching a solution
630
631 plib1.8.4c2
632 - boson <unfixed> (fork)
633 NOTE: embedding the font pieces of plib, based on the header file it is forked, contains "Added by AB for boson." and similar
634
635 fribidi
636 - quesoglc <unfixed> (embed)
637 NOTE: compiled against system fribidi in Debian - embed only used when fribidi is not available on the system
638
639 glew
640 - quesoglc <unfixed> (embed; bug #489341)
641 NOTE: waiting on GLEW_MX version of glew (see bug #474488)
642 - trigger <unfixed> (embed)
643 NOTE: http://lists.debian.org/debian-devel-games/2009/12/msg00007.html
644 - trigger-rally <unfixed> (embed)
645 NOTE: http://lists.debian.org/debian-devel-games/2009/12/msg00007.html
646
647 minorGems (pabs contacted upstream about shared lib, he considers minorGems an 'ever-evolving collection of reusable code fragments' for his own use)
648 - transcend <unfixed> (embed)
649 - cultivation <unfixed> (embed)
650 - passage <unfixed> (embed)
651 - gravitation <unfixed> (embed)
652
653 tar
654 - libarchive <unfixed> (embed)
655 NOTE: FreeBSD tar (tar/bsdtar.c) in libarchive 1.2 and higher. libarchive ends up statically linked into bsdtar executable
656
657 cpio
658 - libarchive <unfixed> (embed)
659 NOTE: cpio included in libarchive 2.2 and higher, but not compiled until libarchive 2.4.11-1 (as bsdcpio package)
660
661 kde4libs
662 - kdelibs <unfixable> (old-version)
663
664 webkit
665 - qt4-x11 <unfixed> (embed; bug #479851)
666 [etch] - qt4-x11 <not-affected> (webkit support introduced in version 4.4)
667 [lenny] - qt4-x11 <not-affected> (webkit support introduced in version 4.4)
668 - kde4libs <unfixable> (fork)
669 NOTE: kde4lib's khtml and webkit were forked from khtml (this tracking, which seems
670 NOTE: reversed genesis-wise, is used because of so much other stuff in kde4libs)
671
672 ftgl
673 - blender 2.46+dfsg-1 (embed)
674
675 wv
676 - abiword <unfixed>
677
678 qemu
679 - kvm <unfixed> (embed; bug #543159)
680 NOTE: the kvm package will be removed from sid and squeeze soon (after
681 NOTE: which it will only be in experimental). superceded by qemu-kvm.
682 - qemu-kvm <unfixed> (embed; bug #560853)
683 - xen-3 3.4.2-2 (embed; bug #560856)
684 - xen-unstable <unfixed> (embed; bug #560856)
685
686 vgabios
687 - kvm <unfixed> (embed; bug #489442)
688
689 bochs
690 - kvm <unfixed> (embed; bug #489442)
691
692 speex
693 - vorbis-tools <unfixed> (embed)
694 NOTE: while comiled against libspeex-dev, ogg123/speex_format.c is compiled with embedded code copied from speexdec.c
695 - gst-plugins-good0.10 <unfixed> (embed)
696 - xine-lib <unfixed> (embed)
697 - libfishsound <unfixed> (embed)
698 - libannodex <removed> (embed)
699 - vlc <unfixed> (embed)
700 - xmms-speex <unfixed> (embed)
701 - libsdl-sound1.2 <unfixed> (embed)
702 - sweep <unfixed> (embed)
703
704 libreadline
705 - magic <itp> (old-version)
706
707 opcode
708 - ode <unfixed> (embed)
709 NOTE: opcode is not a package in debian, it is just embedded
710 NOTE: http://www.codercorner.com/Opcode.htm
711
712 gimpact
713 - ode <unfixed> (embed)
714 NOTE: gimpact is not a package in debian, it is just embedded
715 NOTE: http://gimpact.sf.net
716
717 mochikit
718 - mahara <unfixed> (embed)
719 NOTE: they require extra patches, still unmerged upstream
720 - ntop <unfixed> (embed)
721 - coherence 0.6.2-1 (embed)
722 - paste <unfixed> (embed)
723 - turbogears <unfixed> (embed)
724 - plone3 <removed> (embed)
725 - xulrunner <unfixed> (embed)
726 - libjifty-plugin-chart-perl <unfixed> (embed)
727 - sabnzbdplus <unfixed> (embed)
728 - tgmochikit <unfixed> (embed)
729
730 prototypejs
731 - netbeans-ide 6.0.1+dfsg-2 (embed)
732 - auth2db 0.2.5-2+dfsg-1 (embed; bug #555218)
733 - webcit <unfixed> (embed; bug #555219)
734 - asterisk 1:1.6.2.0~rc3-1 (embed)
735 - libjson-ruby 1.1.4-1 (embed; bug #555224)
736 - lucene2 2.9.1+ds1-2 (embed; bug #555226)
737 - horde3 <unfixed> (embed)
738 - knowledgeroot 0.9.9.5-1 (embed; bug #555230)
739 - mediatomb <unfixed> (embed; bug #555233)
740 - mt-daapd 0.9~r1696.dfsg-6lenny2 (embed)
741 - ebug-http <removed> (embed; bug #555236)
742 - libaws 2.7-1 (embed; bug #555222)
743 - phpgedview <removed> (embed)
744 - poker-network 1.7.6-1 (embed; bug #555238)
745 - rails 2.1.0-6 (embed)
746 - wordpress 2.5.0-2 (embed; bug #555243)
747 - zope <not-affected> (the prototypejs embed is not in any of the obvious zope packages, e.g. zope2.9, zope2.10, zope2.11, and zope3)
748 TODO: search through all of the other zope packages
749 - ampache 3.4.1-2 (embed)
750 - exaile 0.2.14+debian-2.1 (embed; bug #555245)
751 - hobix 0.5~svn20070319-4 (embed; bug #555247)
752 - zabbix 1.6.6-4 (embed; bug #555250)
753 - chora2 <unfixed> (embed; bug #555253)
754 - gollem <unfixed> (embed; bug # 555254)
755 - jscropperui 1.2.1-1 (embed; bug #555257)
756 - scriptaculous <not-affected> (uses system prototype.js since initial upload; bug #555260)
757 - ingo1 1.2.3+debian0-1 (embed; bug #555261)
758 - kronolith2 2.3.3+debian0-1 (embed; bug #555262)
759 - activeldap <unfixed> (embed)
760 - libv8 <not-affected> (contains a google-specific implementation of prototype.js)
761 - mantis 1.1.2+dfsg-1 (embed; bug #555265)
762 - otrs2 2.3.4-6 (embed; bug #555267)
763 - webcalendar 1.2~b1-2 (embed; bug #555269)
764 - redmine 0.9.0~svn2907-1 (embed; bug #555270)
765 - jifty 0.90519-1 (embed; bug #555271)
766 - jquery 1.4-1 (embed; bug #555272)
767 - passenger 2.2.5debian1-1 (embed; bug #555273)
768 - plone3 <removed> (embed; bug #555275)
769 - wesnoth <not-affected> (prototype.js not included in any of the binary packages; bug #555277)
770 - libhtml-prototype-perl 1.48-3 (embed; bug #538920)
771 - xulrunner <unfixed> (embed)
772 NOTE: included in iceweasel/xulrunner unit tests directory, so may not be security-relevant
773
774 gdb
775 - insight <unfixed> (embed)
776
777 e2fsprogs
778 - ldiskfsprogs <unfixable> (fork)
779
780 quazip (not packaged in Debian)
781 - qcake <unfixed> (embed)
782 NOTE: starting with upstream version 0.6.4
783
784 exo
785 - pcmanfm <unfixed> (embed; bug #499677)
786 NOTE: slightly modified source code
787
788 java
789 - openjdk-6 <unfixed>
790 - sun-java5 <unfixed>
791 - sun-java6 <unfixed>
792
793 libphp-snoopy
794 - ampache 3.4.1-2 (embed; bug #504169)
795 - gforge 4.6.99+svn6094-2 (embed)
796 - mahara 1.0.5-2 (embed; bug #504170)
797 - pixelpost 1.7.1-5 (embed; bug #504171)
798 - mediamate 0.9.3.6-5 (embed; bug #504172)
799 - opendb <removed> (embed; bug #504173)
800 [etch] - opendb <unfixed> (embed; bug #504173)
801 - wordpress 2.5.1-9 (embed; bug #443948)
802 - moodle <unfixed> (embed; bug #507185)
803 [etch] - phpgroupware <unfixed> (embed)
804 NOTE: phpgroupware-felamimail
805 - magpierss 0.72-3 (embed; bug #431089)
806
807 jquery
808 - zekr <unfixed> (embed)
809 - wordpress <unknown> (embed)
810 - yocto-reader <unfixed> (embed)
811 - textpattern <unfixed> (embed)
812 - genshi 0.5.1-1 (embed)
813 NOTE: compressed file under examples/ dir
814 - prewikka <unfixed> (embed)
815 - libramaze-ruby <unfixed> (embed)
816 - drupal5 <unfixed> (embed)
817 - b2evolution <unfixed> (embed)
818 - wesnoth <unfixed> (embed)
819
820 tablesorter (jquery plugin, not packaged yet)
821 - wesnoth <unfixed> (embed)
822
823 kses
824 - wordpress <unfixed> (embed; bug #504242)
825 NOTE: their copy has all methods renamed to wp_<foo>
826 NOTE: kses isn't in Debian, RFP: #504240
827 - moodle <unfixed> (embed; bug #507185)
828 - egroupware <unfixed> (embed)
829
830 magpierss
831 - wordpress <unfixed> (embed; bug #504242)
832 - moodle <unfixed>
833
834 php-gettext
835 - wordpress 2.8.4-1 (embed; bug #504242)
836 - docbookwiki <unfixed> (embed)
837 - knowledgeroot 0.9.9.5-1
838 NOTE: non-free
839
840 libphp-ixr (name may change, it is the Incutio XML-RPC)
841 - wordpress <unfixed> (embed; bug #504242)
842 NOTE: libphp-ixr isn't in Debian, RFP: #504236
843 - dokuwiki <unfixed> (embed)
844 - textpattern <unfixed> (embed)
845
846 libphp-cas
847 - glpi <unfixed> (embed)
848 - moodle <unfixed> (embed; bug #505984)
849
850 scriptaculous (prototype.js is among the embeds in the following)
851 - glpi <unfixed> (embed)
852 - libaws <unfixed> (embed; bug #555222)
853 - op-panel <unfixed> (embed)
854 - symfony <unfixed> (embed)
855 NOTE: maintainer says there are extra incompatible changes required
856 - pixelpost 1.7.1-6 (embed)
857 - webhelpers <unfixed> (embed)
858 - qwik <removed> (embed; bug #555241)
859 - smokeping <unfixed> (embed)
860 - turba2 <unfixed> (embed)
861 - typo3-src 4.2.3-1 (embed)
862 - request-tracker3.6 <unfixed> (embed)
863 - request-tracker3.8 <unfixed> (embed)
864 - rt-extension-emailcompletion <not-affected> (prototype.js not included in the binary package)
865 - wordpress 2.5.0-2 (embed)
866 - libhtml-prototype-perl 1.48-3 (embed)
867
868 libmarkdown-php
869 - moodle <unfixed> (embed; bug #507185)
870 - pixelpost 1.7.1-6 (embed)
871
872 php-openid
873 - wordpress-openid <itp> (embed)
874
875 geshi
876 - dokuwiki 0.0.20080505-3.1 (embed)
877 - pgfouine 1.0-1.1 (embed)
878 - websvn 2.1.0-1 (embed)
879
880 webcalendar
881 - gforge 4.7~rc2-6 (embed; bug #504758)
882
883 libical
884 - kdepim <unknown> (fork)
885 NOTE: fixed at some point during 4.0
886 - kdepimlibs 4.2.0-1 (fork)
887 - claws-mail-extra-plugins <unfixed> (fork)
888
889 harfbuzz
890 - qt4-x11 <unfixed> (embed)
891 - pango1.0 <unfixed> (embed)
892 - fontmatrix <unfixed> (embed)
893
894 libzip
895 - php5 <unfixable> (modified-embed)
896 - odt2txt <unfixed> (embed; bug #523808)
897
898 json.php (not packaged; should be replaced with php's built-in functions)
899 - moodle <unfixed>
900 - yui <unfixed>
901 - gallery2 <unfixed>
902 - dokuwiki <unfixed>
903 - typo3-src <unfixed>
904
905 php-fpdf
906 - tcpdf <itp> (fork)
907 - moodle <unfixed>
908 - phpwiki <unfixed>
909 - egroupware <unfixed>
910 - ldap-account-manager <unfixed> (fork)
911
912 tcpdf (itp: #495985)
913 - moodle <unfixed>
914 - phpmyadmin <unfixed>
915
916 typo3
917 - moodle <unfixed>
918
919 spreadsheet_writeexcel (PHP port of libspreadsheet-writeexcel-perl; itp: #487557)
920 - moodle <unfixed>
921 - gosa <unfixed>
922
923 php-ole (itp: #487558)
924 - moodle <unfixed>
925
926 pieforms (http://www.catalyst.net.nz)
927 - mahara <unfixed>
928
929 savant2 (http://phpsavant.com)
930 - egroupware <unfixed>
931
932 rssparser (http://nwow.org)
933 - egroupware <unfixed>
934 - phpgroupware <unfixed>
935
936 lcms
937 - openjdk-6 <unfixed> (fork)
938
939 libphp-phplayersmenu
940 - diogenes <unfixed>
941 - phpldapadmin <unfixed>
942
943 libphp-pclzip
944 - docvert <unfixed>
945 - moodle <unfixed>
946 - egroupware <unfixed>
947
948 libphp-simplepie
949 - dokuwiki <unfixed>
950 - wordpress <unfixed>
951
952 libphp-jpgraph
953 - egroupware <unfixed>
954
955 php-simpletest
956 - moodle <unfixed>
957
958 libpng
959 - iceweasel <not-affected> (uses xulrunner)
960 - icedove 1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1, 2.0.0.19-1 (embed)
961 - iceape 1.0.13~pre080614i-0etch1 (embed)
962 - xulrunner 1.9.0.13-1 (embed)
963 [lenny] - xulrunner 1.9.0.11-0lenny1
964 [etch] - xulrunner 1.8.0.15~pre080614i-0etch1 (embed)
965 - gamera 3.2.3-1 (embed)
966
967 irssi
968 - silc-client <unfixed> (embed)
969 NOTE: Seems to be a pre-0.8.12 version that is used in irssi-plugin-silc
970
971 extc
972 - mtasc <unfixed> (embed)
973 - haxe <unfixed> (embed)
974
975 swflib
976 - mtasc <unfixed> (embed)
977 - haxe <unfixed> (embed)
978
979 libitext-java
980 - bouncycastle 2.1.4-1 (embed)
981
982 python-ply
983 - pyke <unfixed> (embed; bug #555363)
984 - pywbem 0.7.0-4 (embed; bug #555364)
985 - sepolgen <unfixed> (embed; bug #555365)
986 - zope-textindexng3 <unknown> (embed)
987 - iceweasel <not-affected> (uses xulrunner)
988 - xulrunner <unknown> (embed)
989 - wireshark <not-affected> (python-ply modules are not installed into binary packages; see #554613)
990
991 libdumbnet (libdnet upstream)
992 - nmap <unfixed> (fork)
993
994 gcc-4.4
995 - gcc-mingw32 <unfixed> (embed)
996
997 camlimages
998 - advi <unfixed> (static; bug #550441)
999
1000 memcached
1001 - memcachedb <unfixed> (embed)
1002
1003 yajl
1004 - argyll <unfixed> (embed; bug #544223)
1005 NOTE: reference, confirmed by build logs: http://lists.debian.org/debian-mentors/2009/08/msg00062.html
1006
1007 nusoap
1008 - gforge 4.8.2-1 (embed)
1009 - ampache <unfixed> (embed)
1010 - poker-network <unfixed> (old-version)
1011 - moodle <unfixed> (old-version)
1012 NOTE: code is not used when running under php5 and soap is enabled
1013 - phpwiki <unfixed> (old-version)
1014 - gallery2 <unfixed> (old-version)
1015 - typo3-src <unfixed> (old-version)
1016
1017 libept
1018 - adept <unfixed> (embed; bug #540649)
1019
1020 libvorbis
1021 - iceweasel <not-affected> (uses xulrunner)
1022 - xulrunner <unfixed> (embed; bug #540959)
1023 [etch] - xulrunner <not-affected> (introduced in firefox 3.5)
1024 [lenny] - xulrunner <not-affected> (introduced in firefox 3.5)
1025 - iceape <unfixed> (embed)
1026 [etch] - iceape <not-affected> (introduced in 2.0)
1027 [lenny] - iceape <not-affected> (introduced in 2.0)
1028
1029 cairo
1030 - iceweasel <not-affected> (uses xulrunner)
1031 - xulrunner 1.8.0.15~pre080614i-0etch1 (embed)
1032
1033 liboggz
1034 - iceweasel <not-affected> (uses xulrunner)
1035 - xulrunner <unfixed> (embed; bug #540959)
1036 [etch] - xulrunner <not-affected> (introduced in firefox 3.5)
1037 [lenny] - xulrunner <not-affected> (introduced in firefox 3.5)
1038 - iceape <unfixed> (embed)
1039 [etch] - iceape <not-affected> (introduced in 2.0)
1040 [lenny] - iceape <not-affected> (introduced in 2.0)
1041
1042 liboggplay
1043 - iceweasel <not-affected> (uses xulrunner)
1044 - xulrunner <unfixed> (embed; bug #540959)
1045 [etch] - xulrunner <not-affected> (introduced in firefox 3.5)
1046 [lenny] - xulrunner <not-affected> (introduced in firefox 3.5)
1047 - iceape <unfixed> (embed)
1048 [etch] - iceape <not-affected> (introduced in 2.0)
1049 [lenny] - iceape <not-affected> (introduced in 2.0)
1050
1051 php-net-dnsbl
1052 - serendipity <unfixed> (embed; bug #541740)
1053
1054 php-onyx-rss
1055 - serendipity <unfixed> (embed; bug #541740)
1056
1057 php-text-wiki
1058 - serendipity <unfixed> (embed; bug #541740)
1059
1060 php-xml-rpc
1061 - serendipity <unfixed> (embed; bug #541740)
1062
1063 polarssl (does not have a shared library)
1064 - pdkim <itp> (embed; bug #543150)
1065 - xyssl <unfixed> (old-version)
1066
1067 pidgin
1068 - gaim <removed> (old-version)
1069 - qutecom <unfixed> (embed; bug #559785)
1070
1071 icu
1072 - webkit 1.0.1-1 (embed; bug #547214)
1073 - texlive-bin <unfixed> (fork)
1074 NOTE: texlive upstream working with icu upstream to merge their changes
1075
1076 cyrus-imapd-2.2
1077 - kolab-cyrus-imapd <unfixed> (fork)
1078 - dovecot 1:1.2.1-1 (embed) [/dovecot-sieve/src/libsieve/*]
1079
1080 python-cxx-dev
1081 - freecad 0.9.2646.3-1 (embed; bug #547936)
1082
1083 zipios++
1084 - freecad 0.9.2646.3-1 (embed; bug #547941)
1085 - enigma 0.92.3-3 (embed)
1086 NOTE: likely fixed earlier, marking etch's version as fixed
1087
1088 linux-2.6
1089 - kvm <removed> (embed; bug #549973) [./kernel/*]
1090 - linux-kbuild-2.6 <unfixed> (embed; bug #550379) [./kbuild/*]
1091 - kernel-source-2.6.8 <removed> (old-version)
1092 - kernel-source-2.4.27 <removed> (old-version)
1093 - kernel-source-2.4.24 <removed> (old-version)
1094 - kernel-source-2.2.25 <removed> (old-version)
1095 - kernel-source-2.2.20 <removed> (old-version)
1096
1097 libfdt (not yet packaged separately for debian; http://www.jdl.com/software/)
1098 - kvm <removed> (embed) [./libfdt/*]
1099 - qemu-kvm <unfixed> (embed) [./libfdt/*]
1100
1101 qweb (not packaged)
1102 - ajaxterm <unfixed>
1103
1104 opensaml2
1105 - opensaml <removed> (old-version)
1106
1107 shibboleth-sp2
1108 - shibboleth-sp <removed> (old-version)
1109
1110 tuxonice-userui
1111 - suspend2-userui <removed> (old-version)
1112
1113 expat
1114 - w3c-libwww <removed> (embed; bug #551941)
1115 [etch] - w3c-libwww <unfixed> (embed; bug #551941) [./modules/expat/*]
1116 - python-xml <unfixed> (embed; bug #551940) [./extensions/expat/*]
1117 - python2.5 <unfixable> (embed; bug #553403) [./Modules/expat/*]
1118 - python2.4 <unfixable> (embed; bug #553403)
1119 - python-4suite <unfixed> (embed; bug #516935)
1120 - wxwindows2.4 <removed> (embed)
1121 - wxwidgets2.6 2.6.3.2.2-4 (embed)
1122 - wxwidgets2.8 2.8.10.1-2 (embed)
1123 - celementtree 1.0.5-8 (embed)
1124 NOTE: Maybe that was fixed even earlier
1125 - audacity 1.3.2-1 (embed)
1126 - matanza <unfixed> (embed)
1127 - tdom 0.8.3~20080525-1 (embed)
1128 - udunits 2.1.8-4 (embed)
1129 - apr-util 1.2 (embed)
1130 - ayttm <unfxed> (embed; bug #561006)
1131 - cableswig <unfixed> (embed)
1132 - cadaver <unfixed> (embed)
1133 - cmake 2.6.0-6 (embed)
1134 - coin3 <unfixed> (embed)
1135 - gdcm 2.0.14-2 (embed)
1136 - ghostscript <unfixed> (embed)
1137 - grmonitor <removed> (embed)
1138 - iceape <unfixed> (embed)
1139 - insighttoolkit 3.16.0-1 (embed)
1140 NOTE: insighttoolkit might've been fixed earlier
1141 - libparagui1.1 1.0.2-1 (embed)
1142 - paraview 3.6.2-1 (embed)
1143 - poco 1.3.6p1-1 (embed)
1144 - simgear <unfixed> (embed)
1145 - sitecopy 1:0.16.0-1
1146 - smart 1.0-1 (embed)
1147 - swish-e <not-affected> (Linked against libxml, which is used instead)
1148 - tla 1.3.5+dfsg-15 (embed)
1149 - vtk 4.1.20030227-1 (embed)
1150 - wbxml2 <not-affected> (expat code is only used on Mac OS X, see #560941)
1151 - xmlrpc-c <unfixed> (embed)
1152 - iceweasel <unfixed> (embed)
1153 - kompozer <unfixed> (embed)
1154 - vxl 1.13.0-2 (embed)
1155 - xulrunner <unfixed> (embed)
1156 - apache2 2.2 (embed)
1157 - texlive-bin <not-affected> (Embedded code not compiled in)
1158 - vnc4 <unfixed> (embed)
1159 - xotcl <unfixed> (embed)
1160
1161 xerces-c
1162 - xerces-c2 <unfixed> (old-version)
1163 - xerces27 <removed> (old-version)
1164
1165 md5 (RSA's version; not the gnu version provided by coreutils)
1166 - w3c-libwww <removed> (embed; bug #551942)
1167 [etch] - w3c-libwww <unfixed> (embed; bug #551942) [./modules/md5/*]
1168
1169 libparagui1.1
1170 - asc <unfixable> (fork)
1171
1172 enet
1173 - sauerbraten <unfixed> (embed; #497194)
1174
1175 eglibc
1176 - glibc <removed> (old-version)
1177
1178 galib
1179 - gamera 3.2.3-1 (embed)
1180
1181 configobj
1182 - bzr <unfixed> (embed; bug #555336)
1183 - elisa <unfixed> (embed; bug #555337)
1184 - gaupol <unfixed> (embed; bug #555338)
1185 - ipython <unfixed> (embed; bug #555339)
1186 - pida <unfixed> (embed; bug #555340)
1187 - psychopy <unfixed> (embed; bug #555341)
1188 - rest2web <unfixed> (embed; bug #555342)
1189 - auth2db <unknown> (embed)
1190 - dynagen <unknown> (embed)
1191 - iceweasel <unknown> (embed)
1192 - sabnzbdplus <unknown> (embed)
1193 - xulrunner <unknown> (embed)
1194 - nipy <not-affected> (part of an example [/examples/neurospin/neurospy/configobj.py], which is not installed into binary packages)
1195
1196 python-clientform
1197 - bibus <unfixed> (embed; bug #555332)
1198 - zope2.10 <unfixed> (embed; bug #555333)
1199 - zope2.11 <removed> (embed; bug #555334)
1200 - python-mechanize <unknown> (embed)
1201 - twill <unknown> (embed)
1202
1203 python-mechanize
1204 - zope2.10 <unfixed> (embed; bug #555337)
1205 - zope2.11 <removed> (embed; bug #555338)
1206 - twill <unknown> (embed; bug #555339)
1207
1208 pexpect
1209 - duplicity 0.6.06-1 (embed; bug #555361)
1210 - hplip <unfixed> (embed; bug #555362)
1211 - smart <unfixed> (embed; bug #555363)
1212
1213 pyparsing
1214 - bauble <unfixed> (embed; bug #555366)
1215 - boa-constructor 0.6.1-8 (embed; bug #555367)
1216 - calibre <unfixed> (embed; bug #555368)
1217 - matplotlib <unfixed> (embed; bug #531024)
1218 - zhpy 1.7.3.1-1 (embed; bug #555370)
1219 - polybori <unknown> (embed)
1220 - python-whoosh <unknown> (embed)
1221 - twill <unknown> (embed)
1222 - zope-textindexng3 <unknown> (embed)
1223
1224 python-pysqlite2
1225 - python2.4 <unfixed> (embed; bug #553403)
1226 - python2.5 <unfixed> (embed; bug #553403)
1227
1228 celementtree
1229 - python2.5 <unfixed> (embed)
1230 - smart 1.0-1 (embed)
1231 [etch] - smart <unfixed> (embed)
1232
1233 elementtree
1234 - python2.5 <unfixed> (embed)
1235 - bzr <unfixed> (embed; bug #555343)
1236 - gedit 2.28.2-1 (embed; bug #555344)
1237 - smart 1.0-1 (embed)
1238 [etch] - smart <unfixed> (embed)
1239 - solfege <unfixed> (embed; bug #555345)
1240 - w3af <unfixed> (embed; bug #555346)
1241 - python-qt4 <unknown> (embed)
1242 - sphinx <unknown> (embed)
1243 - python-nltk <itp> (embed)
1244
1245 python2.5
1246 - python2.4 <unfixed> (old-version)
1247 - jython <unfixed> (embed)
1248 NOTE: embeds many stdlib modules
1249 - python-django <unfixed> (embed; bug #555419)
1250 NOTE: embeds stdlib modules: doctest, decimal
1251 - gamera 3.2.3-1 (embed)
1252 NOTE: embeds stdlib modules: ConfigParser, optparse, sets, textwrap
1253 - boa-constructor <unfixed> (embed; bug #555426)
1254 NOTE: embeds stdlib modules: ConfigParser, tarfile, zipfile, xmlrpclib
1255 - nicotine <unfixed> (embed; bug #555427)
1256 NOTE: embeds stdlib modules: ConfigParser
1257 - museek+ <unfixed> (embed; bug #555428)
1258 NOTE: embeds stdlib modules: ConfigParser
1259 - vegastrike-data <unfixed> (embed)
1260 NOTE: embeds many stdlib modules
1261 - codespeak-lib 1.1.1-1 (embed; bug #555420)
1262 NOTE: embeds stdlib modules: doctest, optparse, subprocess, textwrap
1263 - config-manager <unfixed> (embed; bug #555423)
1264 NOTE: embeds stdlib modules: optparse
1265 - jhbuild 2.28.0-1 (embed; bug #555421)
1266 NOTE: embeds stdlib modules: optparse, subprocess
1267 - smart <unfixed> (embed; bug #555432)
1268 NOTE: embeds stdlib modules: optparse
1269 - pyprotocols 1.0a.svn20070625-5 (embed; bug #555433)
1270 NOTE: embeds stdlib modules: doctest
1271 - ruledispatch 0.5a.svn20080510-4 (embed; bug #555434)
1272 NOTE: embeds stdlib modules: doctest
1273 - distribute <unfixed> (embed)
1274 NOTE: embeds stdlib modules: doctest
1275 - python-setuptools <unfixed> (embed; bug #555435)
1276 NOTE: embeds stdlib modules: doctest
1277 - zope.testing <unfixed> (embed; bug #555436)
1278 NOTE: embeds stdlib modules: doctest
1279 - translate-toolkit <unfixed> (embed; bug #555422)
1280 NOTE: embeds stdlib modules: textwrap, contextlib
1281 - libtpclient-py <unfixed> (embed; bug #555424)
1282 NOTE: embeds stdlib modules: subprocess
1283 - grass <unfixed> (embed; bug #555425)
1284 NOTE: embeds stdlib modules: subprocess
1285 - coherence <unfixed> (embed; bug #555429)
1286 NOTE: embeds stdlib modules: uuid
1287 - python-django-extensions 0.4.2pre+git200911182050-1 (embed; bug #555430)
1288 NOTE: embeds stdlib modules: uuid
1289 - setroubleshoot <unfixed> (embed; bug #555431)
1290 NOTE: embeds stdlib modules: uuid
1291 - linkchecker <unfixed> (embed; bug #555414)
1292 NOTE: embeds msgfmt.py script
1293 - imdbpy <unfixed> (embed)
1294 NOTE: embeds msgfmt.py script
1295 - kiwi <unfixed> (embed)
1296 NOTE: embeds msgfmt.py script
1297 - moin <unfixed> (embed)
1298 NOTE: embeds msgfmt.py script, stdlib modules: cgitb, difflib, tarfile
1299 - plone3 <removed> (embed)
1300 NOTE: embeds msgfmt.py script
1301 - roundup <unfixed> (embed)
1302 NOTE: embeds msgfmt.py script, stdlib modules: cgitb
1303 - rednotebook <unfixed> (embed; bug #555415)
1304 NOTE: embeds msgfmt.py script
1305 - turbogears <unfixed> (embed)
1306 NOTE: embeds msgfmt.py script
1307 - elisa <unfixed> (embed)
1308 NOTE: embeds msgfmt.py script, stdlib modules: uuid
1309 - calibre <unfixed> (embed)
1310 NOTE: embeds msgfmt.py script, stdlib modules: zipfile
1311 - mailman 1:2.1.13-1 (embed; #555416)
1312 NOTE: embeds msgfmt.py script
1313 - python-docutils <unknown> (embed)
1314 NOTE: embeds stdlib modules: optparse, textwrap
1315 - python-imaging <unknown> (embed)
1316 NOTE: embeds stdlib modules: doctest
1317 - python-mechanize <unknown> (embed)
1318 NOTE: embeds stdlib modules: doctest
1319 - twill <unknown> (embed)
1320 NOTE: embeds stdlib modules: subprocess
1321 - zeroc-ice <unknown> (embed)
1322 NOTE: embeds stdlib modules: subprocess
1323 - wxwidgets2.8 <unknown> (embed)
1324 NOTE: embeds stdlib modules: subprocess
1325 - cycle <unknown> (embed)
1326 NOTE: embeds msgfmt.py script
1327 - deluge <unknown> (embed)
1328 NOTE: embeds msgfmt.py script
1329 - opendict <unknown> (embed)
1330 NOTE: embeds msgfmt.py script
1331 - openerp-client <unknown> (embed)
1332 NOTE: embeds msgfmt.py script
1333 - rapidsvn <unknown> (embed)
1334 NOTE: embeds msgfmt.py script
1335 - wammu <unknown> (embed)
1336 NOTE: embeds msgfmt.py script
1337 - gaphor <unknown> (embed)
1338 NOTE: embeds msgfmt.py script
1339 - pida <unknown> (embed)
1340 NOTE: embeds msgfmt.py script
1341 - python-formencode <unknown> (embed)
1342 NOTE: embeds msgfmt.py script
1343 - duplicity <unfixed> (embed)
1344 NOTE: embeds stdlib module: urlparse, tarfile
1345 - pygopherd <unfixed> (embed)
1346 NOTE: embeds stdlib module: zipfile
1347
1348 argparse
1349 - twill <unfixed> (embed; bug #555347)
1350 - ipython <unfixed> (embed; bug #555348)
1351
1352 coherence
1353 - elisa <unfixed> (embed; bug #555335)
1354
1355 simpletal
1356 - plastex <unfixed> (embed; bug #555371)
1357
1358 flickrpc (not packaged in Debian, http://burtonini.com/bzr/flickrpc/)
1359 - postr <unfixed> (embed)
1360 - elisa <unfixed> (embed)
1361
1362 simplegeneric (not packaged in Debian, http://pypi.python.org/pypi/simplegeneric)
1363 - apertium-tolk <unfixed> (embed)
1364 - ipython <unfixed> (embed)
1365 - virtaal <unfixed> (embed)
1366
1367 distribute
1368 - setuptools <removed> (old-version)
1369
1370 rails
1371 - jruby1.2 <unfixed> (embed) [./bench/rails/*]
1372 - libgettext-ruby <unfixed> (embed) [./samples/rails/*]
1373 - libopenid-ruby <unfixed> (embed) [./examples/rails_openid/*]
1374 - thin <unfixed> (embed) [./spec/rails_app/*]
1375 NOTE: this is a subdirectory of examples, which in general is a non-issue, but may
1376 NOTE: be dangerous if developers are naively basing their code off of the examples
1377 NOTE: prototype.js is among the example files
1378
1379 lucene2 (prototype.js is among the embeds in the following)
1380 - lucene <unfixed> (old-version)
1381 - pylucene <unfixed> (embed)
1382 - libpdfbox-java <unfixed> (embed)
1383 - libfontbox-java <unfixed> (embed)
1384 - libjempbox-java <unfixed> (embed)
1385 - solr <unfixed> (embed)
1386
1387 unicode-data
1388 - syslinux <unfixed> (embed)
1389 - camomile <unfixed> (embed)
1390 - fribidi <unfixed> (embed)
1391 - m17n-db <unfixed> (embed)
1392 - sbcl <unfixed> (embed)
1393 - heimdal <unfixed> (embed)
1394 - icu <unfixed> (embed)
1395 - icu4j <unfixed> (embed)
1396 - krb5 <unfixed> (embed)
1397 - moodle <unfixed> (embed)
1398 - openldap <unfixed> (embed)
1399 - pike7.6 <unfixed> (embed)
1400 - samba <unfixed> (embed)
1401 - samba4 <unfixed> (embed)
1402 - cmucl <unfixed> (embed)
1403 - typo3-src <unfixed> (embed)
1404 - mauve <unfixed> (embed)
1405 - texlive-bin <unfixed> (embed)
1406 - ypsilon <unfixed> (embed)
1407 - jeuclid <unfixed> (embed)
1408 - charmap.app <unfixed> (embed)
1409 - clisp <unfixed> (embed)
1410 - gnulib <unfixed> (embed)
1411 - opensrs-client <unfixed> (embed)
1412 - saxonb <unfixed> (embed)
1413 - rails <unfixed> (embed)
1414
1415 feedparser
1416 - rawdog <unfixed> (embed; bug #383422)
1417 - miro <unfixed> (embed; bug #555351)
1418 - calibre <unfixed> (embed; bug #555352)
1419 - freevo <unfixed> (embed; bug #555353)
1420 - pida <unfixed> (embed; bug #555354)
1421 - planet-venus <unfixed> (embed; bug #555355)
1422 - plone3 <removed> (embed; bug #555356)
1423 - exaile 0.2.14+debian-1 (embed)
1424 - screenlets 0.1.2-3 (embed)
1425 NOTE: included twice
1426
1427 agg:
1428 - matplotlib <unfixed> (embed: bug #377271)
1429 - contextfree <unfixed> (embed)
1430 NOTE: since 2.2-1 it links statically to system libagg, but still uses the embedded copy
1431 - exactimage <unfixed> (embed)
1432 - python-enable <unfixed> (embed)
1433 - mapnik 0.5.1-3 (embed)
1434 NOTE: links statically to agg, but shared library is not available (bug #377271)
1435
1436 vtk
1437 - paraview <unfixable> (embed; bug #495426)
1438
1439 txt2tags
1440 - rednotebook <unfixed> (embed)
1441
1442 htmltextview (not packaged in Debian, http://www.gnome.org/~gjc/htmltextview.py)
1443 - gajim <unfixed> (embed)
1444 - emesene <unfixed> (embed)
1445 - convirt <unfixed> (embed)
1446 - pida <unfixed> (embed)
1447 - rednotebook <unfixed> (embed)
1448
1449 horde3 (prototype.js is among the embeds in the following)
1450 - mnemo2 <unfixed> (embed)
1451 - nag2 <unfixed> (embed)
1452 - wordpress <unfixed> (embed)
1453 NOTE: Text_Diff (wp-includes/Text/Diff*)
1454
1455 cimg
1456 - gmic <itp> (embed)
1457
1458 mootools
1459 - gmic <itp> (embed)
1460
1461 openldap
1462 - openldap2.3 <removed> (old-version)
1463
1464 grub2
1465 - grub <unfixed> (old-version)
1466
1467 gnupginterface
1468 - duplicity <unfixed> (embed)
1469
1470 python-dateutil
1471 - awn-extras-applets <unfixed> (embed)
1472 - matplotlib <unknown> (embed)
1473
1474 cups
1475 - cupsys <removed> (old-version)
1476
1477 yui
1478 - bcfg2 <not-affected> (present in source but not included in any binary files)
1479 - serendipity <unfixed> (embed; bug #557746)
1480 - moodle 1.8.2.dfsg-5 (embed)
1481 - jifty 0.91117-1 (embed; bug #557748)
1482 - webgui 7.7.26-1 (embed)
1483 - loggerhead 1.17-1 (embed)
1484
1485 quake3 (vanilla source not packaged in debian)
1486 - openarena <unfixable> (fork)
1487
1488 quake2 (vanilla source not packaged in debian)
1489 - alien-arena <unfixable> (fork)
1490 - warsow <unfixable> (fork)
1491
1492 libtheora
1493 - iceweasel <not-affected> (uses xulrunner)
1494 - xulrunner <unfixed> (embed; bug #540959)
1495 [etch] - xulrunner <not-affected> (introduced in firefox 3.5)
1496 [lenny] - xulrunner <not-affected> (introduced in firefox 3.5)
1497 - iceape <unfixed> (embed; bug #559276)
1498 [etch] - iceape <not-affected> (introduced in iceape 2.0)
1499 [lenny] - iceape <not-affected> (introduced in iceape 2.0)
1500
1501 dtoa
1502 - bfilter <unfixed> (embed)
1503 - cacao <unfixed> (embed)
1504 - cdrdao <unfixed> (embed)
1505 - classpath <unfixed> (embed)
1506 - freej <unfixed> (embed)
1507 - iceape <unfixed> (embed)
1508 - iceweasel <unfixed> (embed)
1509 - jscoverage <unfixed> (embed)
1510 - kde4libs <unfixed> (embed)
1511 - kdelibs <unfixed> (embed)
1512 - kompozer <unfixed> (embed)
1513 - libv8 <unfixed> (embed)
1514 - mono <unfixed> (embed)
1515 - newlib <unfixed> (embed)
1516 - nspr <unfixed> (embed)
1517 - php5 <unfixed> (embed)
1518 - polyml <unfixed> (embed)
1519 - qt4-x11 <unfixed> (embed)
1520 - rhino <unfixed> (embed)
1521 NOTE: code translated to Java
1522 - ruby1.8 <unfixed> (embed)
1523 - ruby1.9 <unfixed> (embed)
1524 - ruby1.9.1 <unfixed> (embed)
1525 - sdd <unfixed> (embed)
1526 - sfind <unfixed> (embed)
1527 - star <unfixed> (embed)
1528 - tinymux <unfixed> (embed)
1529 - virtualbox-ose <unfixed> (embed)
1530 - webkit <unfixed> (embed)
1531 - xulrunner <unfixed> (embed)
1532
1533 ipc (not packaged in Debian; see http://mozdev.org/pipermail/enigmail/2009-November/011678.html)
1534 - firegpg <unfixed> (embed)
1535 - enigmail <unfixed> (embed)
1536
1537 ptmalloc (not packaged in Debian)
1538 - crystalspace <unfixed> (embed)
1539 - qt4-x11 <unfixed> (embed)
1540
1541 svgalib
1542 - usplash <unfixed> (embed)
1543
1544 bogl
1545 - usplash <unfixed> (embed)
1546
1547 taglist
1548 - usplash <unfixed> (embed)
1549
1550 portaudio
1551 - audacity <unfixed> (embed; bug #323711)
1552
1553 nyquist
1554 - audacity <unfixed> (embed)
1555 NOTE: embeds a forked nyquist with support for a shared library
1556
1557 vamp-plugin-sdk
1558 - audacity <unfixed> (embed)
1559
1560 wordpress
1561 - libwordpress-xmlrpc-perl <removed> (embed) [./xmlrpc.php]
1562 - wordpress-mu <unfixed> (fork)
1563
1564 php5
1565 - php4 <removed> (old-version)
1566
1567 classpath
1568 - libgnucrypto-java <removed> (embed; bug #559788)
1569
1570 libtool
1571 - apr <unfixed> (static; bug #489625)
1572 NOTE: ships copy of libtool in libapr1-dev; was 'embed' before 1.3.2-3
1573 - arts <unfixed> (embed)
1574 - bochs 2.4.2-1 (embed; bug #560884)
1575 - camserv <unfixed> (embed)
1576 - collectd 4.8.2-1 (embed)
1577 - courier-authlib 0.58-4 (embed)
1578 NOTE: The etch version of courier-authlib was the earliest version checked, might be fixed earlier
1579 - cvsnt <unfixed> (embed)
1580 - dico <not-affected> (Uses the system copy of ltdl)
1581 - freeradius 0.1+20010527-1 (embed)
1582 NOTE: Earliest reference I could find from the changelog is from 27 May 2001
1583 - ggobi 2.1.9~20091212-1 (embed)
1584 - glame 2.0.1-4 (embed)
1585 NOTE: The etch version of glame was the earliest version checked, might be fixed earlier
1586 - gnash <unfixed> (embed)
1587 - gnu-smalltalk <unfixed> (embed; bug #566777)
1588 - google-gadgets 0.10.5-0.3 (embed)
1589 NOTE: 0.10.5-0.3 was the earliest version checked, was fixed earlier
1590 - graphicsmagick 1.3.5-6 (embed)
1591 - graphviz 2.8-3 (embed)
1592 NOTE: The etch version of graphviz was the earliest version checked, might be fixed earlier
1593 - guile-1.6 1.6.8-7 (embed)
1594 - hamlib <unfixed> (embed)
1595 - hercules 3.06-1.2 (embed)
1596 - jags 1.0.4-3 (embed; bug #560864)
1597 - kdelibs <unfixed> (embed)
1598 - libannodex <removed> (embed)
1599 - libextractor 0.5.23+dfsg-4 (embed)
1600 - libmcrypt <not-affected> (libtool source present but not included in any of the binary packages)
1601 - libtunepimp <unfixed> (embed)
1602 - mp4h <unfixed> (embed)
1603 - naim <removed> (embed)
1604 - parser-mysql <unfixed> (embed)
1605 - pinball 0.3.1-11 (embed)
1606 - redland <unfixed> (embed)
1607 - siproxd <unfixed> (embed)
1608 - ski <unfixed> (embed)
1609 - synfig 0.62.00-1 (embed)
1610 - unixodbc 2.2.4-5 (embed)
1611 - xmlsec1 <not-affected> (Doesn't enable dynamic loading of crypto modules)
1612 - clamav 0.95+dfsg-1 (embed)
1613 - imagemagick 6:6.2.3.1-1 (embed)
1614 - hypre 2.4.0b-5 (embed)
1615 - lam <unfixed> (embed)
1616 - openmpi <unfixable> (embed; bug #559386)
1617 - parser <unfixed> (embed)
1618 - pdsh 2.18-5 (embed; bug #560892)
1619 - sbnc 1.2-8 (embed)
1620 - sdcc <unfixed> (embed)
1621 - wml <unfixed> (embed)
1622 - proftpd-dfsg <unfixed> (embed; bug #561748)
1623 - babel 1.4.0.dfsg-5 (embed)
1624 - libprelude 0.9.14-2 (embed)
1625 - heartbeat 2.1.4-7 (embed)
1626 NOTE: From Squeeze onwards the system copy of ltdl is used, use the current version from Squeeze,
1627 NOTE: might've been fixed earlier
1628 - gcc-* <unknown> (embed)
1629
1630 ocamlgsl
1631 - orpie 1.5.1-7.1 (embed; bug #550058)
1632
1633 xdotool
1634 - keynav <unfixed> (embed; bug #560103)
1635
1636 bulletphysics (not packaged; http://www.bulletphysics.org/)
1637 - supertuxkart <unfixed> (embed)
1638 - blender <unfixed> (embed)
1639
1640 ghostscript
1641 - gs-gpl <removed> (old-version)
1642
1643 icedove
1644 - thunderbird <removed> (old-version)
1645
1646 sizzlejs (not packaged in Debian, http://sizzlejs.com/)
1647 - jquery <unfixed> (embed)
1648
1649 sed
1650 - ssed <unfixed> (fork)
1651
1652 phpatomlib (http://code.google.com/p/phpatomlib)
1653 - wordpress <unfixed> (embed)
1654
1655 Services_JSON (http://pear.php.net/package/Services_JSON)
1656 - wordpress <unfixed> (embed)
1657
1658 phpass (http://www.openwall.com/phpass/)
1659 - gallery2 <unfixed> (embed)
1660 - wordpress <unfixed> (embed)
1661 - typo3-src <unfixed> (fork)
1662 NOTE: file refers to drupal, maybe there's a copy somewhere there
1663 NOTE: a copyright owner search didn't match anything
1664 - libauthen-passphrase-perl <unfixable> (fork)
1665 NOTE: perl implementation of phpass
1666
1667 squirrelmail
1668 - wordpress <unfixed> (embed)
1669 NOTE: class-pop3.php
1670
1671 ezSQL (http://www.woyano.com/jv/ezsql)
1672 - wordpress <unfixable> (fork)
1673 NOTE: wp-db.php
1674
1675 Diff.php (Clay Loveless' version/killersoft.com)
1676 - php-versioncontrol-svn <unfixed>
1677
1678 libm
1679 - spring <unfixed> (embed)
1680 NOTE: embedded by embedded copy of streflop
1681
1682 streflop
1683 - spring <unfixed> (embed)
1684
1685 minizip
1686 - spring <unfixed> (embed)
1687
1688 oscpack
1689 - spring <unfixed> (embed)
1690
1691 hpiutil2
1692 - spring <unfixed> (embed)
1693
1694 p7zip
1695 - spring <unfixed> (embed)
1696
1697 pythonqt (doesn't seem to be python-qtN, unknown source)
1698 - fontmatrix <unfixed> (embed)
1699 - elmerfem <unfixed> (embed)
1700
1701 iepngfix (not packaged in Debian; http://www.twinhelix.com/css/iepngfix/)
1702 - docvert <unfixed> (embed)
1703 - jifty <unfixed> (embed)
1704 - kdenetwork <unfixed> (embed)
1705 - mediatomb <unfixed> (embed)
1706 - plastex <unfixed> (embed)
1707 - plone3 <removed> (embed)
1708 - python-chaco <unfixed> (embed)
1709 - python-docutils <unfixed> (embed)
1710 - s5 <unfixed> (embed)
1711 - zope2.10 <unfixed> (embed)
1712 - zope2.11 <removed> (embed)
1713 - cython <not-affcted> (embed)
1714 NOTE: part of documentation, which is not installed into the binary package
1715
1716 python-docutils
1717 - zope2.10 <unfixed> (embed)
1718 - zope2.11 <removed> (embed)
1719
1720 tesseract
1721 - ocropus <unfixed> (static)
1722
1723 antlr
1724 - kdevelop <unfixed> (embed)
1725
1726 libxerces2
1727 - openjdk-6 <unfixed> (embed)
1728
1729 kfreebsd-8
1730 - kfreebsd-7 <unfixed> (old-version)
1731 - kfreebsd-6 <removed> (old-version)
1732
1733 ruby1.9.1
1734 - ruby1.9 <unfixed> (old-version)
1735 - ruby1.8 <unfixed> (old-version)
  ViewVC Help
Powered by ViewVC 1.1.5