Vulnerable source packages among backports for stable

Note that the list below is based on source packages. This means that packages are not listed here once a new, fixed source version has been uploaded to the archive, even if there are still some vulnerable binary packages present in the archive.

Package	Bug	Urgency	Remote
ansible	CVE-2018-16876	medium**	yes
ant	CVE-2018-10886	not yet assigned	no
	TEMP-0904191-9063D5	not yet assigned	?
asciidoctor	CVE-2018-18385	low	no
botan	CVE-2018-12435	low**	no
	CVE-2018-20187	not yet assigned	?
	CVE-2018-9860	medium**	yes
cacti	CVE-2018-20723	low**	yes
	CVE-2018-20724	low**	yes
	CVE-2018-20725	low**	yes
	CVE-2018-20726	low**	yes
ceph	CVE-2018-14662	not yet assigned	no
	CVE-2018-16846	not yet assigned	no
	CVE-2018-16889	low	?
firmware-nonfree (non-free)	CVE-2018-5383	medium**	yes
gitlab (contrib)	CVE-2018-15472	not yet assigned	?
gitlab (contrib)	CVE-2018-16049	medium**	yes
gitlab (contrib)	CVE-2018-16050	medium**	yes
gitlab (contrib)	CVE-2018-16051	medium**	yes
gitlab (contrib)	CVE-2018-17449	not yet assigned	?
gitlab (contrib)	CVE-2018-17450	not yet assigned	?
gitlab (contrib)	CVE-2018-17451	not yet assigned	?
gitlab (contrib)	CVE-2018-17452	not yet assigned	?
gitlab (contrib)	CVE-2018-17453	not yet assigned	?
gitlab (contrib)	CVE-2018-17454	not yet assigned	?
gitlab (contrib)	CVE-2018-17455	not yet assigned	?
gitlab (contrib)	CVE-2018-17536	not yet assigned	?
gitlab (contrib)	CVE-2018-17537	not yet assigned	?
gitlab (contrib)	CVE-2018-17939	not yet assigned	no
gitlab (contrib)	CVE-2018-17975	not yet assigned	no
gitlab (contrib)	CVE-2018-17976	medium**	yes
gitlab (contrib)	CVE-2018-18640	medium**	yes
gitlab (contrib)	CVE-2018-18641	medium**	yes
gitlab (contrib)	CVE-2018-18645	medium**	yes
gitlab (contrib)	CVE-2018-18646	medium**	yes
gitlab (contrib)	CVE-2018-19359	not yet assigned	?
gitlab (contrib)	CVE-2018-19493	not yet assigned	?
gitlab (contrib)	CVE-2018-19494	not yet assigned	?
gitlab (contrib)	CVE-2018-19495	not yet assigned	?
gitlab (contrib)	CVE-2018-19496	not yet assigned	?
gitlab (contrib)	CVE-2018-19569	not yet assigned	?
gitlab (contrib)	CVE-2018-19570	not yet assigned	?
gitlab (contrib)	CVE-2018-19571	not yet assigned	?
gitlab (contrib)	CVE-2018-19572	not yet assigned	?
gitlab (contrib)	CVE-2018-19573	not yet assigned	?
gitlab (contrib)	CVE-2018-19574	not yet assigned	?
gitlab (contrib)	CVE-2018-19575	not yet assigned	?
gitlab (contrib)	CVE-2018-19576	not yet assigned	?
gitlab (contrib)	CVE-2018-19577	not yet assigned	?
gitlab (contrib)	CVE-2018-19580	not yet assigned	?
gitlab (contrib)	CVE-2018-19583	not yet assigned	?
gitlab (contrib)	CVE-2018-19585	not yet assigned	?
gitlab (contrib)	CVE-2018-20144	not yet assigned	?
gitlab (contrib)	CVE-2018-20229	not yet assigned	?
gitlab (contrib)	CVE-2018-20488	not yet assigned	?
gitlab (contrib)	CVE-2018-20489	not yet assigned	?
gitlab (contrib)	CVE-2018-20490	not yet assigned	?
gitlab (contrib)	CVE-2018-20491	not yet assigned	?
gitlab (contrib)	CVE-2018-20492	not yet assigned	?
gitlab (contrib)	CVE-2018-20493	not yet assigned	?
gitlab (contrib)	CVE-2018-20494	not yet assigned	?
gitlab (contrib)	CVE-2018-20495	not yet assigned	?
gitlab (contrib)	CVE-2018-20496	not yet assigned	?
gitlab (contrib)	CVE-2018-20497	not yet assigned	?
gitlab (contrib)	CVE-2018-20498	not yet assigned	?
gitlab (contrib)	CVE-2018-20499	not yet assigned	?
gitlab (contrib)	CVE-2018-20500	not yet assigned	?
gitlab (contrib)	CVE-2018-20501	not yet assigned	?
gitlab (contrib)	CVE-2018-20507	not yet assigned	?
gitlab (contrib)	CVE-2019-6240	not yet assigned	?
gitlab (contrib)	TEMP-0000000-077068	not yet assigned	?
gitlab (contrib)	TEMP-0000000-DE2DCD	not yet assigned	?
glusterfs	CVE-2018-14651	medium**	yes
	CVE-2018-14652	medium**	yes
	CVE-2018-14653	medium**	yes
	CVE-2018-14654	high**	yes
	CVE-2018-14659	medium**	yes
	CVE-2018-14660	not yet assigned	no
	CVE-2018-14661	not yet assigned	no
golang-golang-x-net-dev	CVE-2018-17846	medium**	yes
	CVE-2018-17847	low	yes
	CVE-2018-17848	low	yes
h2o	CVE-2018-0608	high**	yes
htslib	CVE-2018-13843	low	yes
	CVE-2018-13844	low	yes
	CVE-2018-13845	low	yes
jruby	CVE-2018-1000073	medium**	yes
	CVE-2018-1000074	medium**	yes
	CVE-2018-1000075	medium**	yes
	CVE-2018-1000076	high**	yes
	CVE-2018-1000077	medium**	yes
	CVE-2018-1000078	medium**	yes
	CVE-2018-1000079	medium**	yes
knot-resolver	CVE-2018-10920	medium**	yes
libssh	CVE-2018-10933	medium**	yes
linux	CVE-2013-7445	high**	yes
	CVE-2015-8553	low**	no
	CVE-2016-10723	medium**	no
	CVE-2016-8660	low	no
	CVE-2017-0630	low**	yes
	CVE-2017-1000379	high**	no
	CVE-2018-1000026	medium**	yes
	CVE-2018-12928	low	no
	CVE-2018-12929	medium**	no
	CVE-2018-12930	high**	no
	CVE-2018-12931	high**	no
	CVE-2018-16882	not yet assigned	no
	CVE-2018-16884	not yet assigned	no
	CVE-2018-19985	not yet assigned	?
	CVE-2018-3693	medium**	no
	CVE-2019-3459	not yet assigned	?
	CVE-2019-3460	not yet assigned	?
	CVE-2019-5489	not yet assigned	no
linux-grsec	CVE-2017-5715	medium**	no
	CVE-2017-5753	medium**	no
	CVE-2017-5754	medium**	no
modsecurity-crs	CVE-2018-16384	low	yes
mumble	TEMP-0919249-E10379	not yet assigned	?
network-manager	CVE-2012-1096	low	?
nginx	CVE-2013-0337	low	yes
nvidia-graphics-drivers (non-free)	CVE-2018-6260	low**	no
nvidia-graphics-drivers-legacy-304xx (non-free)	CVE-2017-5715	medium**	no
nvidia-graphics-drivers-legacy-304xx (non-free)	CVE-2017-5753	medium**	no
nvidia-graphics-drivers-legacy-304xx (non-free)	CVE-2017-5754	medium**	no
nvidia-graphics-drivers-legacy-304xx (non-free)	CVE-2017-6266	medium**	no
nvidia-graphics-drivers-legacy-304xx (non-free)	CVE-2017-6267	medium**	no
nvidia-graphics-drivers-legacy-304xx (non-free)	CVE-2017-6272	high**	no
nvidia-graphics-drivers-legacy-304xx (non-free)	CVE-2018-6249	high**	no
nvidia-graphics-drivers-legacy-304xx (non-free)	CVE-2018-6253	medium**	no
nvidia-graphics-drivers-legacy-304xx (non-free)	CVE-2018-6260	low**	no
nvidia-graphics-drivers-legacy-340xx (non-free)	CVE-2017-6266	medium**	no
nvidia-graphics-drivers-legacy-340xx (non-free)	CVE-2017-6267	medium**	no
nvidia-graphics-drivers-legacy-340xx (non-free)	CVE-2017-6272	high**	no
nvidia-graphics-drivers-legacy-340xx (non-free)	CVE-2018-6249	high**	no
nvidia-graphics-drivers-legacy-340xx (non-free)	CVE-2018-6253	medium**	no
nvidia-graphics-drivers-legacy-340xx (non-free)	CVE-2018-6260	low**	no
nvidia-graphics-drivers-legacy-390xx (non-free)	CVE-2018-6260	low**	no
openjdk-11	CVE-2018-12438	low	no
	CVE-2019-2422	medium**	yes
otrs2 (non-free)	CVE-2018-19142	low**	yes
otrs2 (non-free)	CVE-2018-19143	medium**	yes
password-store	CVE-2018-12356	high**	yes
phpldapadmin	CVE-2017-11107	medium**	yes
pycryptodome	CVE-2018-6594	medium**	yes
python-pysaml2	CVE-2016-10127	low	yes
	CVE-2017-1000433	medium**	yes
qpdf	CVE-2018-18020	medium**	yes
	CVE-2018-9918	medium**	yes
r-cran-igraph	CVE-2018-20349	medium**	yes
rabbitmq-server	CVE-2018-1279	low**	yes
rails	CVE-2018-16476	medium**	yes
	CVE-2018-16477	medium**	yes
ruby-grape	CVE-2018-3769	medium**	yes
ruby-loofah	CVE-2018-16468	low**	yes
ruby-net-ldap	CVE-2017-17718	medium**	yes
ruby-rack	CVE-2018-16471	not yet assigned	no
svgpp	CVE-2019-6245	not yet assigned	no
	CVE-2019-6246	not yet assigned	no
	CVE-2019-6247	not yet assigned	no
sysstat	CVE-2018-19416	low	yes
	CVE-2018-19517	low	yes
systemd	CVE-2018-16864	not yet assigned	no
	CVE-2018-16865	not yet assigned	no
	CVE-2018-16866	not yet assigned	no
telegram-desktop	CVE-2018-17613	medium**	yes
	CVE-2018-17780	medium**	yes
virtualbox (contrib)	CVE-2019-2446	low**	no
virtualbox (contrib)	CVE-2019-2448	low**	no
virtualbox (contrib)	CVE-2019-2450	low**	no
virtualbox (contrib)	CVE-2019-2451	low**	no
virtualbox (contrib)	CVE-2019-2500	medium**	no
virtualbox (contrib)	CVE-2019-2501	low**	no
virtualbox (contrib)	CVE-2019-2504	low**	no
virtualbox (contrib)	CVE-2019-2505	low**	no
virtualbox (contrib)	CVE-2019-2506	low**	no
virtualbox (contrib)	CVE-2019-2508	medium**	no
virtualbox (contrib)	CVE-2019-2509	medium**	no
virtualbox (contrib)	CVE-2019-2511	high**	yes
virtualbox (contrib)	CVE-2019-2520	medium**	no
virtualbox (contrib)	CVE-2019-2521	medium**	no
virtualbox (contrib)	CVE-2019-2522	medium**	no
virtualbox (contrib)	CVE-2019-2523	medium**	no
virtualbox (contrib)	CVE-2019-2524	medium**	no
virtualbox (contrib)	CVE-2019-2525	low**	no
virtualbox (contrib)	CVE-2019-2526	medium**	no
virtualbox (contrib)	CVE-2019-2527	low**	no
virtualbox (contrib)	CVE-2019-2548	medium**	no
virtualbox (contrib)	CVE-2019-2552	medium**	no
virtualbox (contrib)	CVE-2019-2553	low**	no
virtualbox (contrib)	CVE-2019-2554	low**	no
virtualbox (contrib)	CVE-2019-2555	low**	no
virtualbox (contrib)	CVE-2019-2556	low**	no
virtualbox (contrib)	CVE-2019-3309	not yet assigned	?
wine	CVE-2018-12932	low	yes
	CVE-2018-12933	low	yes
zabbix	CVE-2017-2826	low	yes
zoneminder	CVE-2018-1000832	not yet assigned	no
	CVE-2018-1000833	not yet assigned	no

If a "**" is included, the urgency field was automatically assigned by the NVD (National Vulnerability Database). Note that this rating is automatically derived from a set of known factors about the issue (such as access complexity, confidentiality impact, exploitability, remediation level, and others). Human intervention is involved in determining the values of these factors, but the rating itself comes from a fully automated formula.