Vulnerable source packages among backports for stable

Note that the list below is based on source packages. This means that packages are not listed here once a new, fixed source version has been uploaded to the archive, even if there are still some vulnerably binary packages present in the archive.

Package	Bug	Urgency	Remote
bitcoin	CVE-2011-4447	not yet assigned	???
	CVE-2012-1909	not yet assigned	???
cifs-utils	CVE-2012-1586	low	???
gajim	CVE-2012-2093	low	???
heimdal	CVE-2011-4862	high	yes
icedove	CVE-2011-1187	low	yes
	CVE-2011-3062	medium**	yes
	CVE-2011-3670	medium**	yes
	CVE-2012-0442	high**	yes
	CVE-2012-0444	high**	yes
	CVE-2012-0445	medium**	yes
	CVE-2012-0446	medium**	yes
	CVE-2012-0447	medium**	yes
	CVE-2012-0449	high**	yes
	CVE-2012-0450	low**	no
	CVE-2012-0451	medium**	yes
	CVE-2012-0455	medium**	yes
	CVE-2012-0456	medium**	yes
	CVE-2012-0457	high**	yes
	CVE-2012-0458	medium**	yes
	CVE-2012-0459	high**	yes
	CVE-2012-0460	medium**	yes
	CVE-2012-0461	high**	yes
	CVE-2012-0462	high**	yes
	CVE-2012-0464	high**	yes
	CVE-2012-0467	high**	yes
	CVE-2012-0469	high**	yes
	CVE-2012-0470	high**	yes
	CVE-2012-0471	medium**	yes
	CVE-2012-0473	medium**	yes
	CVE-2012-0474	medium**	yes
	CVE-2012-0475	low**	yes
	CVE-2012-0477	medium**	yes
	CVE-2012-0478	high**	yes
	CVE-2012-0479	medium**	yes
libav	CVE-2011-3929	not yet assigned	???
	CVE-2011-3936	not yet assigned	???
	CVE-2011-3937	not yet assigned	???
	CVE-2011-3940	not yet assigned	???
	CVE-2011-3945	not yet assigned	???
	CVE-2011-3947	not yet assigned	???
	CVE-2011-3951	not yet assigned	???
	CVE-2011-3952	not yet assigned	???
	CVE-2012-0848	not yet assigned	???
	CVE-2012-0853	not yet assigned	???
	CVE-2012-0858	not yet assigned	???
	CVE-2012-0947	not yet assigned	???
libgssglue	CVE-2011-2709	low	???
libspring-java	CVE-2011-2894	medium**	yes
libvirt	CVE-2011-4600	low	???
linux-2.6	CVE-2011-1747	low	no
	CVE-2011-4086	low	???
	CVE-2011-4127	not yet assigned	???
	CVE-2011-4347	not yet assigned	???
	CVE-2011-4604	not yet assigned	???
	CVE-2012-0810	not yet assigned	???
	CVE-2012-1601	low	???
	CVE-2012-2119	not yet assigned	???
	CVE-2012-2121	not yet assigned	???
	CVE-2012-2123	not yet assigned	???
	CVE-2012-2133	not yet assigned	???
	CVE-2012-2313	not yet assigned	???
	CVE-2012-2319	low	???
munin	CVE-2012-2103	not yet assigned	???
	CVE-2012-2104	not yet assigned	???
	CVE-2012-2147	not yet assigned	???
nagios3	CVE-2011-2477	low**	yes
network-manager	CVE-2006-7246	not yet assigned	???
	CVE-2011-2176	low	no
	CVE-2012-1096	not yet assigned	???
pastescript	CVE-2012-0878	low	yes
redmine	CVE-2012-0327	medium**	yes
	CVE-2012-2054	medium**	yes
ruby-actionpack-2.3	CVE-2012-1098	medium**	yes
	CVE-2012-1099	medium**	yes
rubygems	CVE-2012-2125	not yet assigned	???
	CVE-2012-2126	not yet assigned	???
sbuild	TEMP-0661037-1A43A9	not yet assigned	???
sympa	CVE-2012-2352	high	???
tor	CVE-2011-2778	high**	yes
typo3-src	CVE-2012-2112	not yet assigned	???
virtualbox	CVE-2012-0111	low**	no
xorg	CVE-2011-4613	low	???
	CVE-2012-1093	not yet assigned	???
	TEMP-0000000-269968	low	???
xorg-server	CVE-2011-4028	low	???
	CVE-2011-4029	low	???
	CVE-2012-0064	high	???
	CVE-2012-2118	not yet assigned	???

If a "**" is included, the urgency field was automatically assigned by the NVD (National Vulnerability Database). Note that this rating is automatically derived from a set of known factors about the issue (such as access complexity, confidentiality impact, exploitability, remediation level, and others). Human intervention is involved in determining the values of these factors, but the rating itself comes from a fully automated formula.

Home - Testing Security Team - Debian Security - Source (SVN)