Vulnerable source packages among backports for stable

Note that the list below is based on source packages. This means that packages are not listed here once a new, fixed source version has been uploaded to the archive, even if there are still some vulnerable binary packages present in the archive.

Package	Bug	Urgency	Remote
android-platform-tools	CVE-2022-3168	not yet assigned	?
	CVE-2022-20128	not yet assigned	?
apache-jena	CVE-2021-33192	not yet assigned	no
	CVE-2021-39239	not yet assigned	no
	CVE-2022-28890	not yet assigned	no
	CVE-2022-45136	not yet assigned	no
assimp	CVE-2022-38528	not yet assigned	no
bluez-firmware (non-free)	CVE-2021-34145	not yet assigned	no
	CVE-2021-34146	not yet assigned	no
	CVE-2021-34147	not yet assigned	no
	CVE-2021-34148	not yet assigned	no
claws-mail	CVE-2019-10735	low	no
cloud-init	CVE-2022-2084	not yet assigned	?
curl	CVE-2022-32221	not yet assigned	no
	CVE-2022-35260	not yet assigned	no
	CVE-2022-42915	not yet assigned	no
	CVE-2022-42916	not yet assigned	no
dokuwiki	CVE-2016-7964	low	no
	CVE-2022-28919	not yet assigned	no
e2fsprogs	CVE-2022-1304	not yet assigned	no
exim4	CVE-2021-38371	not yet assigned	no
firmware-nonfree (non-free)	CVE-2021-23168	not yet assigned	no
	CVE-2021-23223	not yet assigned	no
	CVE-2021-37409	not yet assigned	no
	CVE-2021-44545	not yet assigned	no
	CVE-2022-21181	not yet assigned	no
ghostwriter	CVE-2022-24724	not yet assigned	no
git	CVE-2022-24765	not yet assigned	no
	CVE-2022-29187	not yet assigned	no
	CVE-2022-39253	not yet assigned	no
	CVE-2022-39260	not yet assigned	no
golang-1.16	CVE-2021-29923	not yet assigned	no
golang-1.17	CVE-2022-2879	not yet assigned	no
	CVE-2022-2880	not yet assigned	no
	CVE-2022-27664	not yet assigned	no
	CVE-2022-41715	not yet assigned	no
golang-1.18	CVE-2022-41717	not yet assigned	no
golang-1.19	CVE-2022-41717	not yet assigned	no
intel-microcode (non-free)	CVE-2022-21123	not yet assigned	no
	CVE-2022-21125	not yet assigned	no
	CVE-2022-21127	not yet assigned	no
	CVE-2022-21151	not yet assigned	no
	CVE-2022-21166	not yet assigned	no
	CVE-2022-21233	not yet assigned	no
jsoup	CVE-2022-36033	not yet assigned	no
libbpf	CVE-2022-3533	not yet assigned	no
	CVE-2022-3534	not yet assigned	no
	CVE-2022-3606	not yet assigned	no
libowasp-esapi-java	CVE-2022-23457	not yet assigned	no
	CVE-2022-24891	not yet assigned	no
libvirt	CVE-2022-0897	not yet assigned	no
linux	CVE-2013-7445	not yet assigned	no
	CVE-2018-12928	low	no
	CVE-2019-15213	not yet assigned	no
	CVE-2019-16089	not yet assigned	no
	CVE-2019-19378	not yet assigned	no
	CVE-2019-19449	not yet assigned	no
	CVE-2019-19814	not yet assigned	no
	CVE-2019-20794	not yet assigned	no
	CVE-2020-14304	not yet assigned	no
	CVE-2020-15802	not yet assigned	no
	CVE-2020-26555	not yet assigned	no
	CVE-2020-36516	not yet assigned	no
	CVE-2021-3714	not yet assigned	no
	CVE-2021-3847	not yet assigned	no
	CVE-2021-3864	not yet assigned	no
	CVE-2022-0400	not yet assigned	no
	CVE-2022-1247	not yet assigned	no
	CVE-2022-2873	not yet assigned	no
	CVE-2022-2961	not yet assigned	no
	CVE-2022-3169	not yet assigned	no
	CVE-2022-3344	not yet assigned	no
	CVE-2022-3424	not yet assigned	?
	CVE-2022-3435	not yet assigned	no
	CVE-2022-3522	not yet assigned	no
	CVE-2022-3523	not yet assigned	no
	CVE-2022-3524	not yet assigned	no
	CVE-2022-3564	not yet assigned	no
	CVE-2022-3566	not yet assigned	no
	CVE-2022-3567	not yet assigned	no
	CVE-2022-3619	not yet assigned	no
	CVE-2022-3628	not yet assigned	?
	CVE-2022-3640	not yet assigned	no
	CVE-2022-3643	not yet assigned	no
	CVE-2022-3707	not yet assigned	?
	CVE-2022-4129	not yet assigned	no
	CVE-2022-4139	not yet assigned	?
	CVE-2022-4269	not yet assigned	no
	CVE-2022-4378	not yet assigned	?
	CVE-2022-23825	not yet assigned	no
	CVE-2022-36280	not yet assigned	no
	CVE-2022-38096	not yet assigned	no
	CVE-2022-38457	not yet assigned	no
	CVE-2022-40133	not yet assigned	no
	CVE-2022-41218	not yet assigned	no
	CVE-2022-41848	not yet assigned	no
	CVE-2022-42328	not yet assigned	no
	CVE-2022-42329	not yet assigned	no
	CVE-2022-42895	not yet assigned	no
	CVE-2022-42896	not yet assigned	no
	CVE-2022-44032	not yet assigned	no
	CVE-2022-44033	not yet assigned	no
	CVE-2022-44034	not yet assigned	no
	CVE-2022-45869	not yet assigned	no
	CVE-2022-45884	not yet assigned	no
	CVE-2022-45885	not yet assigned	no
	CVE-2022-45886	not yet assigned	no
	CVE-2022-45887	not yet assigned	no
	CVE-2022-45888	not yet assigned	no
	CVE-2022-45919	not yet assigned	no
	CVE-2022-45934	not yet assigned	no
nim	CVE-2021-41259	not yet assigned	no
node-terser	CVE-2022-25858	not yet assigned	no
nvidia-graphics-drivers (non-free)	CVE-2022-28181	not yet assigned	no
	CVE-2022-28183	not yet assigned	no
	CVE-2022-28184	not yet assigned	no
	CVE-2022-28185	not yet assigned	no
	CVE-2022-28191	not yet assigned	no
	CVE-2022-28192	not yet assigned	no
	CVE-2022-31607	not yet assigned	no
	CVE-2022-31608	not yet assigned	no
	CVE-2022-31615	not yet assigned	no
	CVE-2022-34665	not yet assigned	no
	CVE-2022-34666	not yet assigned	no
	CVE-2022-34670	not yet assigned	?
	CVE-2022-34675	not yet assigned	?
	CVE-2022-34677	not yet assigned	?
	CVE-2022-34679	not yet assigned	?
	CVE-2022-34680	not yet assigned	?
	CVE-2022-34682	not yet assigned	?
	CVE-2022-34684	not yet assigned	?
	CVE-2022-42254	not yet assigned	?
	CVE-2022-42255	not yet assigned	?
	CVE-2022-42256	not yet assigned	?
	CVE-2022-42257	not yet assigned	?
	CVE-2022-42258	not yet assigned	?
	CVE-2022-42259	not yet assigned	?
	CVE-2022-42260	not yet assigned	?
	CVE-2022-42261	not yet assigned	?
	CVE-2022-42262	not yet assigned	?
	CVE-2022-42263	not yet assigned	?
	CVE-2022-42264	not yet assigned	?
nvidia-graphics-drivers-legacy-390xx (non-free)	CVE-2022-28181	not yet assigned	no
	CVE-2022-28185	not yet assigned	no
	CVE-2022-31607	not yet assigned	no
	CVE-2022-31608	not yet assigned	no
	CVE-2022-31615	not yet assigned	no
	CVE-2022-34665	not yet assigned	no
	CVE-2022-34666	not yet assigned	no
	CVE-2022-34670	not yet assigned	?
	CVE-2022-34674	not yet assigned	?
	CVE-2022-34675	not yet assigned	?
	CVE-2022-34677	not yet assigned	?
	CVE-2022-34680	not yet assigned	?
	CVE-2022-42257	not yet assigned	?
	CVE-2022-42258	not yet assigned	?
	CVE-2022-42259	not yet assigned	?
openvswitch	CVE-2019-25076	not yet assigned	no
	CVE-2021-36980	not yet assigned	no
otrs2 (non-free)	CVE-2021-36100	not yet assigned	no
	CVE-2021-41182	not yet assigned	no
	CVE-2021-41183	not yet assigned	no
	CVE-2021-41184	not yet assigned	no
pyjwt	CVE-2022-29217	not yet assigned	no
python-django	CVE-2022-28346	not yet assigned	no
	CVE-2022-28347	not yet assigned	no
	CVE-2022-34265	not yet assigned	no
	CVE-2022-36359	not yet assigned	no
	CVE-2022-41323	not yet assigned	no
qemu	CVE-2019-12067	low	no
	CVE-2020-25741	not yet assigned	no
	CVE-2020-25742	not yet assigned	no
	CVE-2020-25743	not yet assigned	no
	CVE-2020-35503	not yet assigned	no
	CVE-2021-3735	not yet assigned	no
	CVE-2021-20255	not yet assigned	no
	CVE-2022-3165	not yet assigned	no
	CVE-2022-3872	not yet assigned	no
	CVE-2022-4144	not yet assigned	no
	CVE-2022-4172	not yet assigned	no
rsync	CVE-2022-29154	not yet assigned	no
ruby-devise-two-factor	CVE-2021-43177	not yet assigned	no
ruby-kubeclient	CVE-2022-0759	not yet assigned	no
sympa	CVE-2020-26880	not yet assigned	no
systemd	CVE-2022-45873	not yet assigned	no
webkit2gtk	CVE-2021-30887	not yet assigned	no
	CVE-2021-30890	not yet assigned	no
	CVE-2021-30934	not yet assigned	no
	CVE-2021-30936	not yet assigned	no
	CVE-2021-30951	not yet assigned	no
	CVE-2021-30952	not yet assigned	no
	CVE-2021-30953	not yet assigned	no
	CVE-2021-30954	not yet assigned	no
	CVE-2021-30984	not yet assigned	no
	CVE-2022-22589	not yet assigned	no
	CVE-2022-22590	not yet assigned	no
	CVE-2022-22592	not yet assigned	no
	CVE-2022-22594	not yet assigned	no
	CVE-2022-22620	not yet assigned	no
	CVE-2022-22624	not yet assigned	no
	CVE-2022-22628	not yet assigned	no
	CVE-2022-22629	not yet assigned	no
	CVE-2022-22637	not yet assigned	no
	CVE-2022-22662	not yet assigned	no
	CVE-2022-22677	not yet assigned	no
	CVE-2022-26700	not yet assigned	no
	CVE-2022-26709	not yet assigned	no
	CVE-2022-26710	not yet assigned	no
	CVE-2022-26716	not yet assigned	no
	CVE-2022-26717	not yet assigned	no
	CVE-2022-26719	not yet assigned	no
	CVE-2022-30293	not yet assigned	no
	CVE-2022-32792	not yet assigned	no
	CVE-2022-32816	not yet assigned	no
	CVE-2022-32886	not yet assigned	no
	CVE-2022-32888	not yet assigned	no
	CVE-2022-32891	not yet assigned	?
	CVE-2022-32893	not yet assigned	no
	CVE-2022-32923	not yet assigned	no
	CVE-2022-42799	not yet assigned	no
	CVE-2022-42823	not yet assigned	no
	CVE-2022-42824	not yet assigned	no

If a "**" is included, the urgency field was automatically assigned by the NVD (National Vulnerability Database). Note that this rating is automatically derived from a set of known factors about the issue (such as access complexity, confidentiality impact, exploitability, remediation level, and others). Human intervention is involved in determining the values of these factors, but the rating itself comes from a fully automated formula.