Vulnerable source packages among backports for stable

Note that the list below is based on source packages. This means that packages are not listed here once a new, fixed source version has been uploaded to the archive, even if there are still some vulnerable binary packages present in the archive.

Package	Bug	Urgency	Remote
ant	CVE-2018-10886	not yet assigned	no
	TEMP-0904191-9063D5	not yet assigned	?
bind9	CVE-2018-5740	not yet assigned	?
botan	CVE-2018-12435	low**	no
	CVE-2018-9860	medium**	yes
glusterfs	CVE-2018-10841	medium**	yes
	CVE-2018-10904	not yet assigned	no
	CVE-2018-10907	not yet assigned	no
	CVE-2018-10911	not yet assigned	no
	CVE-2018-10913	not yet assigned	no
	CVE-2018-10914	not yet assigned	no
	CVE-2018-10923	not yet assigned	no
	CVE-2018-10926	not yet assigned	no
	CVE-2018-10927	not yet assigned	no
	CVE-2018-10928	not yet assigned	no
	CVE-2018-10929	not yet assigned	no
	CVE-2018-10930	not yet assigned	no
h2o	CVE-2018-0608	high**	yes
htslib	CVE-2018-13843	low	yes
	CVE-2018-13844	low	yes
	CVE-2018-13845	low	yes
jetty9	CVE-2017-7656	low	yes
	CVE-2017-7657	low	yes
	CVE-2017-7658	low	yes
	CVE-2018-12536	low	yes
jruby	CVE-2018-1000073	medium**	yes
	CVE-2018-1000074	medium**	yes
	CVE-2018-1000075	medium**	yes
	CVE-2018-1000076	high**	yes
	CVE-2018-1000077	medium**	yes
	CVE-2018-1000078	medium**	yes
	CVE-2018-1000079	medium**	yes
knot-resolver	CVE-2018-10920	not yet assigned	no
linux	CVE-2013-7445	high**	yes
	CVE-2015-8553	low**	no
	CVE-2016-10723	medium**	no
	CVE-2016-8660	low	no
	CVE-2017-0630	low**	yes
	CVE-2017-1000379	high**	no
	CVE-2018-1000026	medium**	yes
	CVE-2018-1128	medium**	yes
	CVE-2018-1129	low**	yes
	CVE-2018-12896	low**	no
	CVE-2018-12928	low	no
	CVE-2018-12929	medium**	no
	CVE-2018-12930	high**	no
	CVE-2018-12931	high**	no
	CVE-2018-13053	medium**	no
	CVE-2018-13096	medium**	yes
	CVE-2018-13097	medium**	yes
	CVE-2018-13098	medium**	yes
	CVE-2018-13099	medium**	yes
	CVE-2018-13100	medium**	yes
	CVE-2018-14609	not yet assigned	no
	CVE-2018-14610	not yet assigned	no
	CVE-2018-14611	not yet assigned	no
	CVE-2018-14612	not yet assigned	no
	CVE-2018-14613	not yet assigned	no
	CVE-2018-14614	not yet assigned	no
	CVE-2018-14615	not yet assigned	no
	CVE-2018-14616	not yet assigned	no
	CVE-2018-14617	not yet assigned	no
	CVE-2018-14625	not yet assigned	no
	CVE-2018-15471	not yet assigned	no
	CVE-2018-17182	not yet assigned	?
	CVE-2018-3693	medium**	no
	CVE-2018-7755	low**	no
linux-grsec	CVE-2017-5715	medium**	no
	CVE-2017-5753	medium**	no
	CVE-2017-5754	medium**	no
modsecurity-crs	CVE-2018-16384	low	no
nginx	CVE-2013-0337	low	yes
nvidia-graphics-drivers-legacy-304xx (non-free)	CVE-2017-5715	medium**	no
nvidia-graphics-drivers-legacy-304xx (non-free)	CVE-2017-5753	medium**	no
nvidia-graphics-drivers-legacy-304xx (non-free)	CVE-2017-5754	medium**	no
nvidia-graphics-drivers-legacy-304xx (non-free)	CVE-2017-6266	medium**	no
nvidia-graphics-drivers-legacy-304xx (non-free)	CVE-2017-6267	medium**	no
nvidia-graphics-drivers-legacy-304xx (non-free)	CVE-2017-6272	high**	no
nvidia-graphics-drivers-legacy-304xx (non-free)	CVE-2018-6249	high**	no
nvidia-graphics-drivers-legacy-304xx (non-free)	CVE-2018-6253	medium**	no
nvidia-graphics-drivers-legacy-340xx (non-free)	CVE-2017-6266	medium**	no
nvidia-graphics-drivers-legacy-340xx (non-free)	CVE-2017-6267	medium**	no
nvidia-graphics-drivers-legacy-340xx (non-free)	CVE-2017-6272	high**	no
nvidia-graphics-drivers-legacy-340xx (non-free)	CVE-2018-6249	high**	no
nvidia-graphics-drivers-legacy-340xx (non-free)	CVE-2018-6253	medium**	no
openjdk-9	CVE-2017-10274	medium**	yes
	CVE-2017-10281	medium**	yes
	CVE-2017-10285	medium**	yes
	CVE-2017-10295	medium**	yes
	CVE-2017-10345	low**	yes
	CVE-2017-10346	medium**	yes
	CVE-2017-10347	medium**	yes
	CVE-2017-10348	medium**	yes
	CVE-2017-10349	medium**	yes
	CVE-2017-10350	medium**	yes
	CVE-2017-10355	medium**	yes
	CVE-2017-10356	low**	no
	CVE-2017-10357	medium**	yes
	CVE-2017-10388	medium**	yes
	CVE-2018-2579	medium**	yes
	CVE-2018-2582	medium**	yes
	CVE-2018-2588	medium**	yes
	CVE-2018-2599	medium**	yes
	CVE-2018-2602	low**	no
	CVE-2018-2603	medium**	yes
	CVE-2018-2618	medium**	yes
	CVE-2018-2629	low**	yes
	CVE-2018-2633	medium**	yes
	CVE-2018-2634	medium**	yes
	CVE-2018-2637	medium**	yes
	CVE-2018-2641	low**	yes
	CVE-2018-2663	medium**	yes
	CVE-2018-2677	medium**	yes
	CVE-2018-2678	medium**	yes
otrs2 (non-free)	CVE-2018-14593	not yet assigned	no
password-store	CVE-2018-12356	high**	yes
pycryptodome	CVE-2018-6594	medium**	yes
python-django	CVE-2018-14574	not yet assigned	no
qpdf	CVE-2018-9918	medium**	yes
ruby-grape	CVE-2018-3769	medium**	yes
ruby-net-ldap	CVE-2017-17718	medium**	yes
ruby-sanitize	CVE-2018-3740	medium**	yes
suricata	CVE-2018-14568	not yet assigned	no
systemd	CVE-2018-6954	high**	no
wesnoth-1.14	CVE-2018-1999023	not yet assigned	no
wine	CVE-2018-12932	low	yes
	CVE-2018-12933	low	yes
zabbix	CVE-2017-2826	low	yes

If a "**" is included, the urgency field was automatically assigned by the NVD (National Vulnerability Database). Note that this rating is automatically derived from a set of known factors about the issue (such as access complexity, confidentiality impact, exploitability, remediation level, and others). Human intervention is involved in determining the values of these factors, but the rating itself comes from a fully automated formula.