Vulnerable source packages in the unstable suite

Note that the list below is based on source packages. This means that packages are not listed here once a new, fixed source version has been uploaded to the archive, even if there are still some vulnerable binary packages present in the archive.


PackageBugUrgencyRemote
389-ds-baseCVE-2016-4992not yet assigned?
9baseCVE-2014-1935low?
accountsserviceCVE-2012-6655low?
acidbaseCVE-2012-1017lowyes
activemqCVE-2016-3088high**yes
android-platform-system-coreCVE-2012-5564low**no
android-toolsCVE-2012-5564low**no
arcTEMP-0774439-ECBE09low?
TEMP-0774527-3B586Flow?
bind9CVE-2016-2775medium**yes
CVE-2016-6170medium**yes
binutilsCVE-2016-2226low?
CVE-2016-4487low?
CVE-2016-4488low?
CVE-2016-4489low?
CVE-2016-4490low?
CVE-2016-4491low?
CVE-2016-4492low?
CVE-2016-4493low?
CVE-2016-6131low?
binutils-h8300-hmsCVE-2016-2226low?
CVE-2016-4487low?
CVE-2016-4488low?
CVE-2016-4489low?
CVE-2016-4490low?
CVE-2016-4491low?
CVE-2016-4492low?
CVE-2016-4493low?
CVE-2016-6131low?
botan1.10CVE-2015-7827medium**yes
CVE-2016-2849medium**yes
busyboxCVE-2011-5325not yet assigned?
CVE-2016-2147not yet assigned?
CVE-2016-2148not yet assigned?
TEMP-0803097-A74121not yet assigned?
byzanzCVE-2015-2785lowyes
bzip2CVE-2016-3189lowyes
cephCVE-2016-5009medium**yes
chefCVE-2015-8559not yet assigned?
cinderCVE-2013-2255not yet assigned?
core-networkTEMP-0799756-21B18Cnot yet assigned?
coreutilsCVE-2016-2781not yet assigned?
couchdbCVE-2014-2668lowyes
cpioTEMP-0815965-23B1E4low?
dc3ddTEMP-0801872-E034E1not yet assigned?
dcrawCVE-2015-8366not yet assigned?
debian-installerTEMP-0788634-523580low?
dhcpcd5CVE-2014-7913medium**yes
djbdnsCVE-2008-4392highyes
CVE-2012-1191medium**yes
duplicityCVE-2014-3495low?
elixirCVE-2012-2146lowyes
eyed3CVE-2014-1934lowno
foomatic-filtersTEMP-0000000-ACBC4Cnot yet assigned?
freeipaCVE-2015-5179not yet assigned?
gcc-h8300-hmsCVE-2016-2226low?
CVE-2016-4487low?
CVE-2016-4488low?
CVE-2016-4489low?
CVE-2016-4490low?
CVE-2016-4491low?
CVE-2016-4492low?
CVE-2016-4493low?
CVE-2016-6131low?
gdbCVE-2016-2226low?
CVE-2016-4487low?
CVE-2016-4488low?
CVE-2016-4489low?
CVE-2016-4490low?
CVE-2016-4491low?
CVE-2016-4492low?
CVE-2016-4493low?
CVE-2016-6131low?
gdk-pixbufTEMP-0832496-1496B5not yet assigned?
gksuCVE-2014-2886medium**yes
glanceCVE-2016-0757medium**yes
glibcCVE-2015-5180low?
golangCVE-2016-5386medium**yes
haskell-tlsCVE-2013-0169low**yes
heatCVE-2015-5295medium**yes
hhvmCVE-2014-9709medium**yes
CVE-2015-8865high**yes
CVE-2016-1903medium**yes
CVE-2016-4070medium**yes
CVE-2016-4539high**yes
htCVE-2016-2226low?
CVE-2016-4487low?
CVE-2016-4488low?
CVE-2016-4489low?
CVE-2016-4490low?
CVE-2016-4491low?
CVE-2016-4492low?
CVE-2016-4493low?
CVE-2016-6131low?
icedoveCVE-2016-2805high**yes
CVE-2016-2807high**yes
icingaCVE-2015-8010not yet assigned?
icuCVE-2015-4844high**yes
CVE-2016-0494high**yes
CVE-2016-6293not yet assignedno
TEMP-0000000-7586EDnot yet assigned?
imagemagickCVE-2016-3714high**yes
CVE-2016-3715medium**yes
CVE-2016-3716medium**yes
CVE-2016-3717high**yes
CVE-2016-3718medium**yes
CVE-2016-4562medium**yes
CVE-2016-4563medium**yes
CVE-2016-4564high**yes
CVE-2016-5239not yet assigned?
CVE-2016-5687not yet assigned?
CVE-2016-5688not yet assigned?
CVE-2016-5689not yet assigned?
CVE-2016-5690not yet assigned?
CVE-2016-5691not yet assigned?
CVE-2016-5841not yet assigned?
CVE-2016-5842not yet assigned?
jasperCVE-2015-5203not yet assigned?
CVE-2015-5221not yet assigned?
CVE-2016-1577medium**yes
CVE-2016-1867medium**yes
CVE-2016-2089medium**yes
CVE-2016-2116medium**yes
jqCVE-2015-8863lowyes
CVE-2016-4074lowyes
jythonCVE-2013-2027lowno
keystoneCVE-2015-7546medium**yes
kgbCVE-2015-1192medium**yes
knotCVE-2016-6171not yet assigned?
leptonlibTEMP-0830660-09AE85not yet assigned?
libapache2-mod-fcgidCVE-2016-1000104not yet assigned?
libapache2-mod-nssCVE-2015-3277not yet assigned?
CVE-2015-5244not yet assigned?
CVE-2016-3099not yet assigned?
libblurayTEMP-0000000-EA424Anot yet assigned?
libdata-uuid-perlCVE-2013-4184low?
libfcgi-perlCVE-2012-6687medium**yes
libgcrypt20TEMP-0000000-96B2E9not yet assigned?
libibertyCVE-2016-2226low?
CVE-2016-4487low?
CVE-2016-4488low?
CVE-2016-4489low?
CVE-2016-4490low?
CVE-2016-4491low?
CVE-2016-4492low?
CVE-2016-4493low?
CVE-2016-6131low?
libicalCVE-2016-5823not yet assigned?
CVE-2016-5824not yet assigned?
CVE-2016-5825not yet assigned?
CVE-2016-5826not yet assigned?
CVE-2016-5827not yet assigned?
libjackson-json-javaCVE-2015-5211not yet assigned?
libjgroups-javaCVE-2016-2141lowyes
libjpeg8CVE-2016-3616not yet assigned?
libjpeg9CVE-2016-3616not yet assigned?
libmp3-info-perlCVE-2013-6499not yet assigned?
libnet-server-perlCVE-2013-1841lowyes
librsyncCVE-2014-8242lowyes
libspring-javaCVE-2015-5211not yet assigned?
CVE-2016-1000027not yet assigned?
CVE-2016-5007not yet assigned?
libtirpcCVE-2016-4429high**yes
libtorrent-rasterbarCVE-2016-5301medium**yes
libui-dialog-perlCVE-2008-7315not yet assigned?
libupnpCVE-2016-6255not yet assigned?
libvirtCVE-2015-5160low?
libvpxCVE-2015-4506medium**yes
CVE-2016-1621high**yes
libxsltCVE-2016-1683medium**yes
CVE-2016-1684medium**yes
linuxCVE-2013-7445high**yes
CVE-2015-1350low**no
CVE-2015-8553low**no
CVE-2016-1575high**no
CVE-2016-1576high**no
CVE-2016-2188medium**no
CVE-2016-5400not yet assigned?
CVE-2016-5696not yet assigned?
CVE-2016-6136not yet assigned?
CVE-2016-6156not yet assigned?
CVE-2016-6213not yet assigned?
TEMP-0000000-F7A20Fnot yet assigned?
man-dbCVE-2015-1336not yet assigned?
matTEMP-0826101-4D75ECnot yet assigned?
minissdpdCVE-2016-3178not yet assigned?
CVE-2016-3179not yet assigned?
mplayerTEMP-0000000-A54DD8low?
mupdfCVE-2016-6265not yet assigned?
mysql-5.6CVE-2016-3459medium**yes
CVE-2016-3477high**no
CVE-2016-3486medium**yes
CVE-2016-3501medium**yes
CVE-2016-3521medium**yes
CVE-2016-3614low**yes
CVE-2016-3615medium**yes
CVE-2016-5439medium**yes
CVE-2016-5440medium**yes
nagios3CVE-2013-7107lowyes
CVE-2013-7108lowyes
CVE-2013-7205lowyes
CVE-2014-1878medium**yes
CVE-2016-6209not yet assigned?
nesccCVE-2016-2226low?
CVE-2016-4487low?
CVE-2016-4488low?
CVE-2016-4489low?
CVE-2016-4490low?
CVE-2016-4491low?
CVE-2016-4492low?
CVE-2016-4493low?
CVE-2016-6131low?
netty-3.9CVE-2015-2156not yet assigned?
network-managerCVE-2012-1096low?
newlibCVE-2015-2305medium**yes
nginxCVE-2016-1000103not yet assigned?
node-cliTEMP-0809252-619BDFnot yet assigned?
novaCVE-2013-2255not yet assigned?
CVE-2015-3241medium**yes
CVE-2015-5162low?
CVE-2015-7548low**yes
CVE-2015-8749medium**yes
CVE-2016-2140low**yes
npmCVE-2016-3956medium**yes
nsdCVE-2016-6173not yet assigned?
ntpCVE-2015-7705not yet assigned?
CVE-2016-0727low?
ocamlCVE-2015-8869medium**yes
openntpdCVE-2016-5117not yet assigned?
opensslCVE-2016-2177lowyes
CVE-2016-2178lowno
CVE-2016-2180not yet assigned?
openstack-troveCVE-2015-3156low?
opus-toolsCVE-2014-9639medium**yes
parallelCVE-2015-4155low**no
CVE-2015-4156low**no
pcre3TEMP-0827564-93E4E3not yet assigned?
pcsCVE-2015-5189medium**yes
pdnsCVE-2016-6172not yet assigned?
pgpdumpCVE-2016-4021high**yes
phantomjsCVE-2013-4549medium**yes
php5CVE-2014-5459lowno
TEMP-0800564-79703Bnot yet assigned?
policykit-1CVE-2016-2568not yet assigned?
proftpd-dfsgCVE-2016-3125high**yes
TEMP-0000000-3815A2not yet assigned?
protobufCVE-2015-5237low?
pyradCVE-2013-0342low?
python-keystonemiddlewareCVE-2015-7546medium**yes
python-restkitCVE-2015-2674not yet assigned?
python-sqlalchemy-utilsTEMP-0000000-EBC4D4not yet assigned?
qemuCVE-2014-3672low**no
CVE-2016-6351not yet assigned?
qpid-cppCVE-2012-4446lowyes
CVE-2012-4458lowyes
CVE-2012-4459lowyes
CVE-2012-4460lowyes
CVE-2014-0212low?
CVE-2014-3629lowyes
CVE-2015-0203not yet assigned?
CVE-2015-0223medium**yes
quaggaCVE-2016-4036low**no
CVE-2016-4049medium**yes
radare2CVE-2015-2305lowyes
rar (non-free)TEMP-0774172-B2A845not yet assigned?
rawtherapeeCVE-2015-8366not yet assigned?
rhn-client-toolsCVE-2015-1777not yet assigned?
ropeCVE-2014-3539not yet assigned?
roundcubeCVE-2016-4068not yet assigned?
rsyncTEMP-0786423-948688low?
ruby-sidekiqTEMP-0000000-23C1BDnot yet assigned?
TEMP-0000000-BD209Fnot yet assigned?
TEMP-0000000-F9A459not yet assigned?
sdccCVE-2016-2226low?
CVE-2016-4487low?
CVE-2016-4488low?
CVE-2016-4489low?
CVE-2016-4490low?
CVE-2016-4491low?
CVE-2016-4492low?
CVE-2016-4493low?
shadowCVE-2016-6252not yet assigned?
sogoCVE-2014-9905not yet assigned?
CVE-2015-5395not yet assigned?
CVE-2016-6188not yet assigned?
CVE-2016-6189not yet assigned?
CVE-2016-6190not yet assigned?
CVE-2016-6191not yet assigned?
spice-gtkCVE-2016-3066not yet assigned?
stalinCVE-2015-8697not yet assigned?
systemdCVE-2016-6349not yet assigned?
tiffCVE-2015-7313not yet assigned?
CVE-2015-7554high**yes
CVE-2015-8668high**yes
CVE-2016-3186medium**yes
CVE-2016-3619low?
CVE-2016-3620low?
CVE-2016-3621low?
CVE-2016-3622low?
CVE-2016-3623not yet assigned?
CVE-2016-3624not yet assigned?
CVE-2016-3625not yet assigned?
CVE-2016-3631not yet assigned?
CVE-2016-3632not yet assigned?
CVE-2016-3633not yet assigned?
CVE-2016-3634not yet assigned?
CVE-2016-3658low?
CVE-2016-3945not yet assigned?
CVE-2016-3990not yet assigned?
CVE-2016-3991not yet assigned?
CVE-2016-5102not yet assigned?
CVE-2016-5315not yet assigned?
CVE-2016-5317not yet assigned?
CVE-2016-5318not yet assigned?
CVE-2016-5319not yet assigned?
CVE-2016-5322not yet assigned?
TEMP-0000000-E3A9E7not yet assigned?
tikaCVE-2016-4434not yet assigned?
tinymceCVE-2012-4230lowyes
tomcat7CVE-2016-5388medium**yes
tomcat8CVE-2016-5388medium**yes
twistedCVE-2016-1000111not yet assigned?
unshieldCVE-2015-1386low?
util-linuxCVE-2016-2779not yet assigned?
CVE-2016-5011not yet assigned?
valgrindCVE-2016-2226low?
CVE-2016-4487low?
CVE-2016-4488low?
CVE-2016-4489low?
CVE-2016-4490low?
CVE-2016-4491low?
CVE-2016-4492low?
CVE-2016-4493low?
CVE-2016-6131low?
w3afCVE-2013-2099lowyes
wineTEMP-0816034-9C45DClow?
wine-developmentTEMP-0816034-9C45DClow?
wolfsslCVE-2015-6925medium**yes
x11vncTEMP-0672435-7C494Cnot yet assigned?
xdebTEMP-0781595-E39EEEnot yet assigned?
xenCVE-2014-9066medium**no
CVE-2015-5307medium**no
CVE-2015-6654low**no
CVE-2015-7311low**no
CVE-2015-8104medium**no
CVE-2015-8338high**no
CVE-2015-8339medium**no
CVE-2015-8340medium**no
CVE-2015-8341high**yes
CVE-2015-8550medium**no
CVE-2015-8555medium**yes
CVE-2015-8615low**no
CVE-2016-1570medium**no
CVE-2016-1571medium**no
CVE-2016-2270medium**no
CVE-2016-2271low**no
CVE-2016-3158low**no
CVE-2016-3159low**no
CVE-2016-3960high**no
CVE-2016-4480high**no
CVE-2016-4962medium**no
CVE-2016-4963low**no
CVE-2016-5242medium**no
CVE-2016-6258not yet assigned?
CVE-2016-6259not yet assigned?
TEMP-0000000-CE3B44not yet assigned?
xmlrpc-epiCVE-2016-6296not yet assignedno
yuiCVE-2013-6780lowyes
zooTEMP-0774453-CA58EElow?

If a "**" is included, the urgency field was automatically assigned by the NVD (National Vulnerability Database). Note that this rating is automatically derived from a set of known factors about the issue (such as access complexity, confidentiality impact, exploitability, remediation level, and others). Human intervention is involved in determining the values of these factors, but the rating itself comes from a fully automated formula.


Search for package or bug name: Reporting problems