Candidates for DTSAs

The table below lists packages which are fixed in unstable, but unfixed in testing. Use the testing migration checker to find out why they have not entered testing yet.

List of vulnerable packages in testing

Package	Migration	Bug	Urgency	Remote
apache-opennlp	check	CVE-2026-40682	not yet assigned	no
		CVE-2026-42027	not yet assigned	no
		CVE-2026-42440	not yet assigned	no
apache2	check	CVE-2026-24072	not yet assigned	no	(fixed in stable?)
		CVE-2026-28780	not yet assigned	no	(fixed in stable?)
		CVE-2026-29168	not yet assigned	no	(fixed in stable?)
		CVE-2026-29169	not yet assigned	no	(fixed in stable?)
		CVE-2026-33006	not yet assigned	no	(fixed in stable?)
		CVE-2026-33007	not yet assigned	no	(fixed in stable?)
		CVE-2026-33523	not yet assigned	no	(fixed in stable?)
		CVE-2026-33857	not yet assigned	no	(fixed in stable?)
		CVE-2026-34032	not yet assigned	no	(fixed in stable?)
		CVE-2026-34059	not yet assigned	no	(fixed in stable?)
chromium	check	CVE-2026-7896	not yet assigned	no	(fixed in stable?)
		CVE-2026-7897	not yet assigned	no	(fixed in stable?)
		CVE-2026-7898	not yet assigned	no	(fixed in stable?)
		CVE-2026-7899	not yet assigned	no	(fixed in stable?)
		CVE-2026-7900	not yet assigned	no	(fixed in stable?)
		CVE-2026-7901	not yet assigned	no	(fixed in stable?)
		CVE-2026-7902	not yet assigned	no	(fixed in stable?)
		CVE-2026-7903	not yet assigned	no	(fixed in stable?)
		CVE-2026-7904	not yet assigned	no	(fixed in stable?)
		CVE-2026-7905	not yet assigned	no	(fixed in stable?)
		CVE-2026-7906	not yet assigned	no	(fixed in stable?)
		CVE-2026-7907	not yet assigned	no	(fixed in stable?)
		CVE-2026-7908	not yet assigned	no	(fixed in stable?)
		CVE-2026-7909	not yet assigned	no	(fixed in stable?)
		CVE-2026-7910	not yet assigned	no	(fixed in stable?)
		CVE-2026-7911	not yet assigned	no	(fixed in stable?)
		CVE-2026-7912	not yet assigned	no	(fixed in stable?)
		CVE-2026-7913	not yet assigned	no	(fixed in stable?)
		CVE-2026-7914	not yet assigned	no	(fixed in stable?)
		CVE-2026-7915	not yet assigned	no	(fixed in stable?)
		CVE-2026-7916	not yet assigned	no	(fixed in stable?)
		CVE-2026-7917	not yet assigned	no	(fixed in stable?)
		CVE-2026-7918	not yet assigned	no	(fixed in stable?)
		CVE-2026-7919	not yet assigned	no	(fixed in stable?)
		CVE-2026-7920	not yet assigned	no	(fixed in stable?)
		CVE-2026-7921	not yet assigned	no	(fixed in stable?)
		CVE-2026-7922	not yet assigned	no	(fixed in stable?)
		CVE-2026-7923	not yet assigned	no	(fixed in stable?)
		CVE-2026-7924	not yet assigned	no	(fixed in stable?)
		CVE-2026-7925	not yet assigned	no	(fixed in stable?)
		CVE-2026-7926	not yet assigned	no	(fixed in stable?)
		CVE-2026-7927	not yet assigned	no	(fixed in stable?)
		CVE-2026-7928	not yet assigned	no	(fixed in stable?)
		CVE-2026-7929	not yet assigned	no	(fixed in stable?)
		CVE-2026-7930	not yet assigned	no	(fixed in stable?)
		CVE-2026-7931	not yet assigned	no	(fixed in stable?)
		CVE-2026-7932	not yet assigned	no	(fixed in stable?)
		CVE-2026-7933	not yet assigned	no	(fixed in stable?)
		CVE-2026-7934	not yet assigned	no	(fixed in stable?)
		CVE-2026-7935	not yet assigned	no	(fixed in stable?)
		CVE-2026-7936	not yet assigned	no	(fixed in stable?)
		CVE-2026-7937	not yet assigned	no	(fixed in stable?)
		CVE-2026-7938	not yet assigned	no	(fixed in stable?)
		CVE-2026-7939	not yet assigned	no	(fixed in stable?)
		CVE-2026-7940	not yet assigned	no	(fixed in stable?)
		CVE-2026-7941	not yet assigned	no	(fixed in stable?)
		CVE-2026-7942	not yet assigned	no	(fixed in stable?)
		CVE-2026-7943	not yet assigned	no	(fixed in stable?)
		CVE-2026-7944	not yet assigned	no	(fixed in stable?)
		CVE-2026-7945	not yet assigned	no	(fixed in stable?)
		CVE-2026-7946	not yet assigned	no	(fixed in stable?)
		CVE-2026-7947	not yet assigned	no	(fixed in stable?)
		CVE-2026-7948	not yet assigned	no	(fixed in stable?)
		CVE-2026-7949	not yet assigned	no	(fixed in stable?)
		CVE-2026-7950	not yet assigned	no	(fixed in stable?)
		CVE-2026-7951	not yet assigned	no	(fixed in stable?)
		CVE-2026-7952	not yet assigned	no	(fixed in stable?)
		CVE-2026-7953	not yet assigned	no	(fixed in stable?)
		CVE-2026-7954	not yet assigned	no	(fixed in stable?)
		CVE-2026-7955	not yet assigned	no	(fixed in stable?)
		CVE-2026-7956	not yet assigned	no	(fixed in stable?)
		CVE-2026-7957	not yet assigned	no	(fixed in stable?)
		CVE-2026-7958	not yet assigned	no	(fixed in stable?)
		CVE-2026-7959	not yet assigned	no	(fixed in stable?)
		CVE-2026-7960	not yet assigned	no	(fixed in stable?)
		CVE-2026-7961	not yet assigned	no	(fixed in stable?)
		CVE-2026-7962	not yet assigned	no	(fixed in stable?)
		CVE-2026-7963	not yet assigned	no	(fixed in stable?)
		CVE-2026-7964	not yet assigned	no	(fixed in stable?)
		CVE-2026-7965	not yet assigned	no	(fixed in stable?)
		CVE-2026-7966	not yet assigned	no	(fixed in stable?)
		CVE-2026-7967	not yet assigned	no	(fixed in stable?)
		CVE-2026-7968	not yet assigned	no	(fixed in stable?)
		CVE-2026-7969	not yet assigned	no	(fixed in stable?)
		CVE-2026-7970	not yet assigned	no	(fixed in stable?)
		CVE-2026-7971	not yet assigned	no	(fixed in stable?)
		CVE-2026-7972	not yet assigned	no	(fixed in stable?)
		CVE-2026-7973	not yet assigned	no	(fixed in stable?)
		CVE-2026-7974	not yet assigned	no	(fixed in stable?)
		CVE-2026-7975	not yet assigned	no	(fixed in stable?)
		CVE-2026-7976	not yet assigned	no	(fixed in stable?)
		CVE-2026-7977	not yet assigned	no	(fixed in stable?)
		CVE-2026-7978	not yet assigned	no	(fixed in stable?)
		CVE-2026-7979	not yet assigned	no	(fixed in stable?)
		CVE-2026-7980	not yet assigned	no	(fixed in stable?)
		CVE-2026-7981	not yet assigned	no	(fixed in stable?)
		CVE-2026-7982	not yet assigned	no	(fixed in stable?)
		CVE-2026-7983	not yet assigned	no	(fixed in stable?)
		CVE-2026-7984	not yet assigned	no	(fixed in stable?)
		CVE-2026-7985	not yet assigned	no	(fixed in stable?)
		CVE-2026-7986	not yet assigned	no	(fixed in stable?)
		CVE-2026-7987	not yet assigned	no	(fixed in stable?)
		CVE-2026-7988	not yet assigned	no	(fixed in stable?)
		CVE-2026-7989	not yet assigned	no	(fixed in stable?)
		CVE-2026-7990	not yet assigned	no	(fixed in stable?)
		CVE-2026-7991	not yet assigned	no	(fixed in stable?)
		CVE-2026-7992	not yet assigned	no	(fixed in stable?)
		CVE-2026-7993	not yet assigned	no	(fixed in stable?)
		CVE-2026-7994	not yet assigned	no	(fixed in stable?)
		CVE-2026-7995	not yet assigned	no	(fixed in stable?)
		CVE-2026-7996	not yet assigned	no	(fixed in stable?)
		CVE-2026-7997	not yet assigned	no	(fixed in stable?)
		CVE-2026-7998	not yet assigned	no	(fixed in stable?)
		CVE-2026-7999	not yet assigned	no	(fixed in stable?)
		CVE-2026-8000	not yet assigned	no	(fixed in stable?)
		CVE-2026-8001	not yet assigned	no	(fixed in stable?)
		CVE-2026-8002	not yet assigned	no	(fixed in stable?)
		CVE-2026-8003	not yet assigned	no	(fixed in stable?)
		CVE-2026-8004	not yet assigned	no	(fixed in stable?)
		CVE-2026-8005	not yet assigned	no	(fixed in stable?)
		CVE-2026-8006	not yet assigned	no	(fixed in stable?)
		CVE-2026-8007	not yet assigned	no	(fixed in stable?)
		CVE-2026-8008	not yet assigned	no	(fixed in stable?)
		CVE-2026-8009	not yet assigned	no	(fixed in stable?)
		CVE-2026-8010	not yet assigned	no	(fixed in stable?)
		CVE-2026-8011	not yet assigned	no	(fixed in stable?)
		CVE-2026-8012	not yet assigned	no	(fixed in stable?)
		CVE-2026-8013	not yet assigned	no	(fixed in stable?)
		CVE-2026-8014	not yet assigned	no	(fixed in stable?)
		CVE-2026-8015	not yet assigned	no	(fixed in stable?)
		CVE-2026-8016	not yet assigned	no	(fixed in stable?)
		CVE-2026-8017	not yet assigned	no	(fixed in stable?)
		CVE-2026-8018	not yet assigned	no	(fixed in stable?)
		CVE-2026-8019	not yet assigned	no	(fixed in stable?)
		CVE-2026-8020	not yet assigned	no	(fixed in stable?)
		CVE-2026-8021	not yet assigned	no	(fixed in stable?)
		CVE-2026-8022	not yet assigned	no	(fixed in stable?)
cimg	check	CVE-2026-42144	not yet assigned	no
		CVE-2026-42146	not yet assigned	no
corosync	check	CVE-2026-35091	not yet assigned	no
		CVE-2026-35092	not yet assigned	no
cups	check	CVE-2026-27447	not yet assigned	no
		CVE-2026-34978	not yet assigned	no
		CVE-2026-34979	not yet assigned	no
		CVE-2026-34980	not yet assigned	no
		CVE-2026-34990	not yet assigned	no
		CVE-2026-39314	not yet assigned	no
		CVE-2026-39316	not yet assigned	no
		CVE-2026-41079	not yet assigned	no
curl	check	CVE-2026-4873	not yet assigned	?
		CVE-2026-5545	not yet assigned	?
		CVE-2026-5773	not yet assigned	?
		CVE-2026-6253	not yet assigned	?
		CVE-2026-6276	not yet assigned	?
		CVE-2026-6429	not yet assigned	?
		CVE-2026-7168	not yet assigned	?
deepdiff	check	CVE-2026-33155	not yet assigned	no
deskflow	check	CVE-2026-41476	not yet assigned	no
edk2	check	CVE-2024-38798	not yet assigned	no
emacs	check	CVE-2026-6861	not yet assigned	no
firefox-esr	check	CVE-2026-8090	not yet assigned	no	(fixed in stable?)
		CVE-2026-8092	not yet assigned	no	(fixed in stable?)
		CVE-2026-8094	not yet assigned	no	(fixed in stable?)
flask	check	CVE-2026-27205	not yet assigned	no
freerdp3	check	CVE-2026-40254	not yet assigned	no
gnutls28	check	CVE-2026-33845	not yet assigned	no
		CVE-2026-33846	not yet assigned	no
		CVE-2026-3832	not yet assigned	no
		CVE-2026-3833	not yet assigned	no
		CVE-2026-42009	not yet assigned	?
		CVE-2026-42010	not yet assigned	no
		CVE-2026-42011	not yet assigned	no
		CVE-2026-42012	not yet assigned	?
		CVE-2026-42013	not yet assigned	?
		CVE-2026-42014	not yet assigned	?
		CVE-2026-42015	not yet assigned	?
		CVE-2026-5260	not yet assigned	?
		CVE-2026-5419	not yet assigned	?
gobgp	check	CVE-2026-42285	not yet assigned	no
golang-1.25	check	CVE-2026-33811	not yet assigned	no
		CVE-2026-39817	not yet assigned	no
		CVE-2026-39819	not yet assigned	no
		CVE-2026-39820	not yet assigned	no
		CVE-2026-39823	not yet assigned	no
		CVE-2026-39825	not yet assigned	no
		CVE-2026-39826	not yet assigned	no
		CVE-2026-42499	not yet assigned	no
		CVE-2026-42501	not yet assigned	no
golang-1.26	check	CVE-2026-33811	not yet assigned	no
		CVE-2026-39817	not yet assigned	no
		CVE-2026-39819	not yet assigned	no
		CVE-2026-39820	not yet assigned	no
		CVE-2026-39823	not yet assigned	no
		CVE-2026-39825	not yet assigned	no
		CVE-2026-39826	not yet assigned	no
		CVE-2026-42499	not yet assigned	no
		CVE-2026-42501	not yet assigned	no
horizon	check	CVE-2026-43002	not yet assigned	no
imagemagick	check	CVE-2026-33899	not yet assigned	no
		CVE-2026-33900	not yet assigned	no
		CVE-2026-33901	not yet assigned	no
		CVE-2026-33902	not yet assigned	no
		CVE-2026-33905	not yet assigned	no
		CVE-2026-33908	not yet assigned	no
		CVE-2026-34238	not yet assigned	no
		CVE-2026-40169	not yet assigned	no
		CVE-2026-40183	not yet assigned	no
		CVE-2026-40310	not yet assigned	no
		CVE-2026-40311	not yet assigned	no
		CVE-2026-40312	not yet assigned	no
		CVE-2026-42050	not yet assigned	?
incus	check	CVE-2026-35527	not yet assigned	no
		CVE-2026-40195	not yet assigned	no
		CVE-2026-40197	not yet assigned	no
		CVE-2026-40243	not yet assigned	no
		CVE-2026-40251	not yet assigned	no
		CVE-2026-41647	not yet assigned	no
		CVE-2026-41648	not yet assigned	no
		CVE-2026-41684	not yet assigned	no
		CVE-2026-41685	not yet assigned	no
invesalius	check	CVE-2024-42845	not yet assigned	no
ironic	check	CVE-2026-42510	not yet assigned	no
		CVE-2026-42997	not yet assigned	no
		CVE-2026-44916	not yet assigned	no
kissfft	check	CVE-2025-34297	not yet assigned	no
		CVE-2026-41445	not yet assigned	no
lcms2	check	CVE-2026-42798	not yet assigned	no
libdancer-perl	check	CVE-2026-5080	not yet assigned	no
libimage-exiftool-perl	check	CVE-2026-7580	not yet assigned	no
libskia	check	CVE-2026-7920	not yet assigned	no
		CVE-2026-7923	not yet assigned	no
		CVE-2026-7949	not yet assigned	no
libtext-csv-xs-perl	check	CVE-2026-7111	not yet assigned	no
libxml-security-java	check	CVE-2023-44483	not yet assigned	no
lxc	check	CVE-2026-39402	not yet assigned	no
modsecurity	check	CVE-2026-30923	not yet assigned	no
		CVE-2026-42268	not yet assigned	?
musl	check	CVE-2026-40200	not yet assigned	no
		CVE-2026-6042	not yet assigned	no
node-ajv	check	CVE-2026-6321	not yet assigned	no
		CVE-2026-6322	not yet assigned	no
node-xmldom	check	CVE-2026-41672	not yet assigned	no
		CVE-2026-41673	not yet assigned	no
		CVE-2026-41674	not yet assigned	no
		CVE-2026-41675	not yet assigned	no
nsis	check	CVE-2026-42171	not yet assigned	no
openjpeg2	check	CVE-2026-6192	not yet assigned	no
optee-os	check	CVE-2026-33317	not yet assigned	no
		CVE-2026-33662	not yet assigned	no
pdns	check	CVE-2026-33257	not yet assigned	no
		CVE-2026-33260	not yet assigned	no
		CVE-2026-33608	not yet assigned	no
		CVE-2026-33609	not yet assigned	no
		CVE-2026-33610	not yet assigned	no
		CVE-2026-33611	not yet assigned	no
pgbouncer	check	CVE-2026-6664	not yet assigned	no
		CVE-2026-6665	not yet assigned	no
		CVE-2026-6666	not yet assigned	no
		CVE-2026-6667	not yet assigned	no
php8.4	check	CVE-2025-14179	not yet assigned	?	(fixed in stable?)
		CVE-2026-6104	not yet assigned	?	(fixed in stable?)
		CVE-2026-6722	not yet assigned	?	(fixed in stable?)
		CVE-2026-6735	not yet assigned	?	(fixed in stable?)
		CVE-2026-7258	not yet assigned	?	(fixed in stable?)
		CVE-2026-7259	not yet assigned	?	(fixed in stable?)
		CVE-2026-7261	not yet assigned	?	(fixed in stable?)
		CVE-2026-7262	not yet assigned	?	(fixed in stable?)
		CVE-2026-7263	not yet assigned	?	(fixed in stable?)
		CVE-2026-7568	not yet assigned	?	(fixed in stable?)
postfix	check	CVE-2026-43964	not yet assigned	no
proftpd-dfsg	check	CVE-2026-44331	not yet assigned	no
pydicom	check	CVE-2026-32711	not yet assigned	no
python-aiohttp	check	CVE-2026-22815	not yet assigned	no
		CVE-2026-34513	not yet assigned	no
		CVE-2026-34514	not yet assigned	no
		CVE-2026-34516	not yet assigned	no
		CVE-2026-34517	not yet assigned	no
		CVE-2026-34518	not yet assigned	no
		CVE-2026-34519	not yet assigned	no
		CVE-2026-34520	not yet assigned	no
		CVE-2026-34525	not yet assigned	no
python-django	check	CVE-2026-35192	not yet assigned	no
		CVE-2026-5766	not yet assigned	no
		CVE-2026-6907	not yet assigned	no
python-git	check	CVE-2026-42215	not yet assigned	no
		CVE-2026-42284	not yet assigned	no
		CVE-2026-44243	not yet assigned	no
		CVE-2026-44244	not yet assigned	no
python-multipart	check	CVE-2026-40347	not yet assigned	no
python3.14	check	CVE-2026-6019	not yet assigned	no
		CVE-2026-6100	not yet assigned	no
qemu	check	CVE-2026-3890	not yet assigned	?
		CVE-2026-5744	not yet assigned	?
		CVE-2026-5761	not yet assigned	?
		CVE-2026-5763	not yet assigned	?
		CVE-2026-6502	not yet assigned	?
ruby-rack-session	check	CVE-2026-39324	not yet assigned	no
ruby-ruby-lsp	check	CVE-2026-34060	not yet assigned	no
rust-astral-tokio-tar	check	TEMP-0000000-5DEDAF	not yet assigned	?
		TEMP-0000000-E81ECD	not yet assigned	?
rust-openssl	check	CVE-2026-41676	not yet assigned	no
		CVE-2026-41677	not yet assigned	no
		CVE-2026-41678	not yet assigned	no
		CVE-2026-41681	not yet assigned	no
		CVE-2026-41898	not yet assigned	no
starlet	check	CVE-2026-40561	not yet assigned	no
starman	check	CVE-2026-40560	not yet assigned	no
streamlink	check	CVE-2026-44353	not yet assigned	?
swupdate	check	CVE-2026-28525	not yet assigned	no
thrift	check	CVE-2025-48431	not yet assigned	no
		CVE-2026-41602	not yet assigned	no
		CVE-2026-41603	not yet assigned	no
		CVE-2026-41606	not yet assigned	no
		CVE-2026-41607	not yet assigned	no
tor	check	CVE-2026-44597	not yet assigned	no
		CVE-2026-44599	not yet assigned	no
		CVE-2026-44600	not yet assigned	no
		CVE-2026-44601	not yet assigned	no
		CVE-2026-44602	not yet assigned	no
		CVE-2026-44603	not yet assigned	no
vim	check	CVE-2026-41411	not yet assigned	no
		CVE-2026-42307	not yet assigned	no
wlc	check	CVE-2026-42150	not yet assigned	no
xrdp	check	CVE-2026-32105	not yet assigned	no
		CVE-2026-32107	not yet assigned	no
		CVE-2026-32623	not yet assigned	no
		CVE-2026-32624	not yet assigned	no
		CVE-2026-33145	not yet assigned	no
		CVE-2026-33516	not yet assigned	no
		CVE-2026-33689	not yet assigned	no
		CVE-2026-35512	not yet assigned	no