Vulnerable source packages among backports for stable

Note that the list below is based on source packages. This means that packages are not listed here once a new, fixed source version has been uploaded to the archive, even if there are still some vulnerable binary packages present in the archive.

Package	Bug	Urgency	Remote
ansible	CVE-2018-10855	not yet assigned	no
	CVE-2018-10874	not yet assigned	no
	CVE-2018-10875	not yet assigned	no
ant	CVE-2018-10886	not yet assigned	no
	TEMP-0904191-9063D5	not yet assigned	?
botan	CVE-2018-12435	not yet assigned	no
	CVE-2018-9860	medium**	yes
devscripts	CVE-2018-13043	low	no
firmware-nonfree (non-free)	CVE-2017-9417	high**	yes
glusterfs	CVE-2018-10841	not yet assigned	no
h2o	CVE-2018-0608	not yet assigned	no
htslib	CVE-2018-13843	low	no
	CVE-2018-13844	low	no
	CVE-2018-13845	low	no
jetty9	CVE-2017-7656	low	no
	CVE-2017-7657	low	no
	CVE-2017-7658	low	no
	CVE-2018-12536	not yet assigned	no
jruby	CVE-2018-1000073	medium**	yes
	CVE-2018-1000074	medium**	yes
	CVE-2018-1000075	medium**	yes
	CVE-2018-1000076	high**	yes
	CVE-2018-1000077	medium**	yes
	CVE-2018-1000078	medium**	yes
	CVE-2018-1000079	medium**	yes
librelp	CVE-2018-1000140	high**	yes
linux	CVE-2013-7445	high**	yes
	CVE-2015-8553	low**	no
	CVE-2016-10723	not yet assigned	no
	CVE-2016-8660	low	no
	CVE-2017-1000379	high**	no
	CVE-2018-1000026	medium**	yes
	CVE-2018-10840	not yet assigned	no
	CVE-2018-10876	not yet assigned	?
	CVE-2018-10877	not yet assigned	no
	CVE-2018-10878	not yet assigned	?
	CVE-2018-10879	not yet assigned	?
	CVE-2018-10880	not yet assigned	?
	CVE-2018-10881	not yet assigned	?
	CVE-2018-10882	not yet assigned	?
	CVE-2018-10883	not yet assigned	?
	CVE-2018-1118	low**	no
	CVE-2018-11412	medium**	yes
	CVE-2018-12232	not yet assigned	no
	CVE-2018-12233	not yet assigned	no
	CVE-2018-12633	not yet assigned	no
	CVE-2018-12896	not yet assigned	no
	CVE-2018-12928	low	no
	CVE-2018-12929	not yet assigned	no
	CVE-2018-12930	not yet assigned	no
	CVE-2018-12931	not yet assigned	no
	CVE-2018-13053	not yet assigned	no
	CVE-2018-13093	not yet assigned	no
	CVE-2018-13094	not yet assigned	no
	CVE-2018-13095	not yet assigned	no
	CVE-2018-13096	not yet assigned	no
	CVE-2018-13097	not yet assigned	no
	CVE-2018-13098	not yet assigned	no
	CVE-2018-13099	not yet assigned	no
	CVE-2018-13100	not yet assigned	no
	CVE-2018-13405	not yet assigned	no
	CVE-2018-13406	not yet assigned	no
	CVE-2018-3693	medium**	no
	CVE-2018-7755	medium**	yes
linux-grsec	CVE-2017-5715	medium**	no
	CVE-2017-5753	medium**	no
	CVE-2017-5754	medium**	no
nginx	CVE-2013-0337	low	yes
nvidia-graphics-drivers-legacy-304xx (non-free)	CVE-2017-5715	medium**	no
nvidia-graphics-drivers-legacy-304xx (non-free)	CVE-2017-5753	medium**	no
nvidia-graphics-drivers-legacy-304xx (non-free)	CVE-2017-5754	medium**	no
nvidia-graphics-drivers-legacy-304xx (non-free)	CVE-2017-6266	medium**	no
nvidia-graphics-drivers-legacy-304xx (non-free)	CVE-2017-6267	medium**	no
nvidia-graphics-drivers-legacy-304xx (non-free)	CVE-2017-6272	high**	no
nvidia-graphics-drivers-legacy-304xx (non-free)	CVE-2018-6249	high**	no
nvidia-graphics-drivers-legacy-304xx (non-free)	CVE-2018-6253	medium**	no
nvidia-graphics-drivers-legacy-340xx (non-free)	CVE-2017-6266	medium**	no
nvidia-graphics-drivers-legacy-340xx (non-free)	CVE-2017-6267	medium**	no
nvidia-graphics-drivers-legacy-340xx (non-free)	CVE-2017-6272	high**	no
nvidia-graphics-drivers-legacy-340xx (non-free)	CVE-2018-6249	high**	no
nvidia-graphics-drivers-legacy-340xx (non-free)	CVE-2018-6253	medium**	no
openjdk-9	CVE-2017-10274	medium**	yes
	CVE-2017-10281	medium**	yes
	CVE-2017-10285	medium**	yes
	CVE-2017-10295	medium**	yes
	CVE-2017-10345	low**	yes
	CVE-2017-10346	medium**	yes
	CVE-2017-10347	medium**	yes
	CVE-2017-10348	medium**	yes
	CVE-2017-10349	medium**	yes
	CVE-2017-10350	medium**	yes
	CVE-2017-10355	medium**	yes
	CVE-2017-10356	low**	no
	CVE-2017-10357	medium**	yes
	CVE-2017-10388	medium**	yes
	CVE-2018-2579	medium**	yes
	CVE-2018-2582	medium**	yes
	CVE-2018-2588	medium**	yes
	CVE-2018-2599	medium**	yes
	CVE-2018-2602	low**	no
	CVE-2018-2603	medium**	yes
	CVE-2018-2618	medium**	yes
	CVE-2018-2629	low**	yes
	CVE-2018-2633	medium**	yes
	CVE-2018-2634	medium**	yes
	CVE-2018-2637	medium**	yes
	CVE-2018-2641	low**	yes
	CVE-2018-2663	medium**	yes
	CVE-2018-2677	medium**	yes
	CVE-2018-2678	medium**	yes
password-store	CVE-2018-12356	not yet assigned	no
pycryptodome	CVE-2018-6594	medium**	yes
qpdf	CVE-2018-9918	medium**	yes
r-cran-haven	CVE-2018-11364	low	yes
	CVE-2018-11365	low	yes
ruby-doorkeeper	CVE-2018-1000088	medium**	yes
	CVE-2018-1000211	not yet assigned	no
ruby-grape	CVE-2018-3769	not yet assigned	no
ruby-net-ldap	CVE-2017-17718	medium**	yes
systemd	CVE-2018-6954	high**	no
tomcat8	CVE-2018-8014	high**	yes
virtualbox (contrib)	CVE-2018-3005	not yet assigned	no
virtualbox (contrib)	CVE-2018-3055	not yet assigned	no
virtualbox (contrib)	CVE-2018-3085	not yet assigned	no
virtualbox (contrib)	CVE-2018-3086	not yet assigned	no
virtualbox (contrib)	CVE-2018-3087	not yet assigned	no
virtualbox (contrib)	CVE-2018-3088	not yet assigned	no
virtualbox (contrib)	CVE-2018-3089	not yet assigned	no
virtualbox (contrib)	CVE-2018-3090	not yet assigned	no
virtualbox (contrib)	CVE-2018-3091	not yet assigned	no
wesnoth-1.14	CVE-2018-1999023	not yet assigned	?
wine	CVE-2018-12932	low	no
	CVE-2018-12933	low	no
zabbix	CVE-2017-2826	low	yes

If a "**" is included, the urgency field was automatically assigned by the NVD (National Vulnerability Database). Note that this rating is automatically derived from a set of known factors about the issue (such as access complexity, confidentiality impact, exploitability, remediation level, and others). Human intervention is involved in determining the values of these factors, but the rating itself comes from a fully automated formula.