Vulnerable source packages among backports for stable

Note that the list below is based on source packages. This means that packages are not listed here once a new, fixed source version has been uploaded to the archive, even if there are still some vulnerable binary packages present in the archive.

Package	Bug	Urgency	Remote
ansible	CVE-2018-16837	not yet assigned	no
ant	CVE-2018-10886	not yet assigned	no
	TEMP-0904191-9063D5	not yet assigned	?
asciidoctor	CVE-2018-18385	low	no
botan	CVE-2018-12435	low**	no
	CVE-2018-9860	medium**	yes
glusterfs	CVE-2018-14651	not yet assigned	no
	CVE-2018-14652	not yet assigned	no
	CVE-2018-14653	not yet assigned	no
	CVE-2018-14654	not yet assigned	no
	CVE-2018-14659	not yet assigned	no
	CVE-2018-14660	not yet assigned	no
	CVE-2018-14661	not yet assigned	no
golang-golang-x-net-dev	CVE-2018-17846	not yet assigned	no
	CVE-2018-17847	not yet assigned	no
	CVE-2018-17848	not yet assigned	no
h2o	CVE-2018-0608	high**	yes
htslib	CVE-2018-13843	low	yes
	CVE-2018-13844	low	yes
	CVE-2018-13845	low	yes
jetty9	CVE-2017-7656	low	yes
	CVE-2017-7657	low	yes
	CVE-2017-7658	low	yes
	CVE-2018-12536	low	yes
jruby	CVE-2018-1000073	medium**	yes
	CVE-2018-1000074	medium**	yes
	CVE-2018-1000075	medium**	yes
	CVE-2018-1000076	high**	yes
	CVE-2018-1000077	medium**	yes
	CVE-2018-1000078	medium**	yes
	CVE-2018-1000079	medium**	yes
knot-resolver	CVE-2018-10920	medium**	yes
libssh	CVE-2018-10933	medium**	yes
linux	CVE-2013-7445	high**	yes
	CVE-2015-8553	low**	no
	CVE-2016-10723	medium**	no
	CVE-2016-8660	low	no
	CVE-2017-0630	low**	yes
	CVE-2017-1000379	high**	no
	CVE-2018-1000026	medium**	yes
	CVE-2018-1128	medium**	yes
	CVE-2018-1129	low**	yes
	CVE-2018-12896	low**	no
	CVE-2018-12928	low	no
	CVE-2018-12929	medium**	no
	CVE-2018-12930	high**	no
	CVE-2018-12931	high**	no
	CVE-2018-13053	medium**	no
	CVE-2018-13096	medium**	yes
	CVE-2018-13097	medium**	yes
	CVE-2018-13098	medium**	yes
	CVE-2018-13099	medium**	yes
	CVE-2018-13100	medium**	yes
	CVE-2018-14609	high**	yes
	CVE-2018-14610	high**	yes
	CVE-2018-14611	high**	yes
	CVE-2018-14612	high**	yes
	CVE-2018-14613	high**	yes
	CVE-2018-14614	high**	yes
	CVE-2018-14615	high**	yes
	CVE-2018-14616	high**	yes
	CVE-2018-14617	high**	yes
	CVE-2018-14625	not yet assigned	no
	CVE-2018-14633	high**	yes
	CVE-2018-15471	medium**	no
	CVE-2018-17182	not yet assigned	no
	CVE-2018-17972	not yet assigned	no
	CVE-2018-18021	not yet assigned	no
	CVE-2018-18281	not yet assigned	no
	CVE-2018-18445	not yet assigned	no
	CVE-2018-18559	not yet assigned	no
	CVE-2018-18710	not yet assigned	no
	CVE-2018-18955	not yet assigned	?
	CVE-2018-3693	medium**	no
	CVE-2018-7755	low**	no
linux-grsec	CVE-2017-5715	medium**	no
	CVE-2017-5753	medium**	no
	CVE-2017-5754	medium**	no
modsecurity-crs	CVE-2018-16384	low	yes
network-manager	CVE-2012-1096	low	?
nginx	CVE-2013-0337	low	yes
nvidia-graphics-drivers-legacy-304xx (non-free)	CVE-2017-5715	medium**	no
nvidia-graphics-drivers-legacy-304xx (non-free)	CVE-2017-5753	medium**	no
nvidia-graphics-drivers-legacy-304xx (non-free)	CVE-2017-5754	medium**	no
nvidia-graphics-drivers-legacy-304xx (non-free)	CVE-2017-6266	medium**	no
nvidia-graphics-drivers-legacy-304xx (non-free)	CVE-2017-6267	medium**	no
nvidia-graphics-drivers-legacy-304xx (non-free)	CVE-2017-6272	high**	no
nvidia-graphics-drivers-legacy-304xx (non-free)	CVE-2018-6249	high**	no
nvidia-graphics-drivers-legacy-304xx (non-free)	CVE-2018-6253	medium**	no
nvidia-graphics-drivers-legacy-340xx (non-free)	CVE-2017-6266	medium**	no
nvidia-graphics-drivers-legacy-340xx (non-free)	CVE-2017-6267	medium**	no
nvidia-graphics-drivers-legacy-340xx (non-free)	CVE-2017-6272	high**	no
nvidia-graphics-drivers-legacy-340xx (non-free)	CVE-2018-6249	high**	no
nvidia-graphics-drivers-legacy-340xx (non-free)	CVE-2018-6253	medium**	no
openjdk-11	CVE-2018-12438	low	no
	CVE-2018-3136	low**	yes
	CVE-2018-3139	low**	yes
	CVE-2018-3149	medium**	yes
	CVE-2018-3150	medium**	yes
	CVE-2018-3157	medium**	yes
	CVE-2018-3169	medium**	yes
	CVE-2018-3180	medium**	yes
otrs2 (non-free)	CVE-2018-19142	not yet assigned	no
otrs2 (non-free)	CVE-2018-19143	not yet assigned	no
password-store	CVE-2018-12356	high**	yes
phpldapadmin	CVE-2017-11107	medium**	yes
pycryptodome	CVE-2018-6594	medium**	yes
python-django	CVE-2018-14574	medium**	yes
python-pysaml2	CVE-2016-10127	low	yes
	CVE-2017-1000433	medium**	yes
qpdf	CVE-2018-18020	not yet assigned	no
	CVE-2018-9918	medium**	yes
ruby-grape	CVE-2018-3769	medium**	yes
ruby-loofah	CVE-2018-16468	not yet assigned	no
ruby-net-ldap	CVE-2017-17718	medium**	yes
ruby-rack	CVE-2018-16471	not yet assigned	no
ruby-sanitize	CVE-2018-3740	medium**	yes
suricata	CVE-2018-14568	medium**	yes
	CVE-2018-18956	not yet assigned	no
systemd	CVE-2018-15686	not yet assigned	no
telegram-desktop	CVE-2018-17613	not yet assigned	no
	CVE-2018-17780	not yet assigned	no
virtualbox (contrib)	CVE-2018-2909	medium**	no
virtualbox (contrib)	CVE-2018-3287	medium**	no
virtualbox (contrib)	CVE-2018-3288	medium**	no
virtualbox (contrib)	CVE-2018-3289	medium**	no
virtualbox (contrib)	CVE-2018-3290	medium**	no
virtualbox (contrib)	CVE-2018-3291	medium**	no
virtualbox (contrib)	CVE-2018-3292	medium**	no
virtualbox (contrib)	CVE-2018-3293	medium**	no
virtualbox (contrib)	CVE-2018-3294	medium**	yes
virtualbox (contrib)	CVE-2018-3295	medium**	no
virtualbox (contrib)	CVE-2018-3296	medium**	no
virtualbox (contrib)	CVE-2018-3297	medium**	no
virtualbox (contrib)	CVE-2018-3298	medium**	no
virtualbox (contrib)	TEMP-0913137-22A98C	not yet assigned	?
wesnoth-1.14	CVE-2018-1999023	medium**	yes
wine	CVE-2018-12932	low	yes
	CVE-2018-12933	low	yes
zabbix	CVE-2017-2826	low	yes

If a "**" is included, the urgency field was automatically assigned by the NVD (National Vulnerability Database). Note that this rating is automatically derived from a set of known factors about the issue (such as access complexity, confidentiality impact, exploitability, remediation level, and others). Human intervention is involved in determining the values of these factors, but the rating itself comes from a fully automated formula.