Candidates for DTSAs

The table below lists packages which are fixed in unstable, but unfixed in testing. Use the testing migration checker to find out why they have not entered testing yet.

List of vulnerable packages in testing

Package	Migration	Bug	Urgency	Remote
7zip-rar (non-free)	check	CVE-2025-53816	not yet assigned	no
angular.js	check	CVE-2022-25844	not yet assigned	no
		CVE-2023-26116	not yet assigned	no
		CVE-2023-26117	not yet assigned	no
		CVE-2023-26118	not yet assigned	no
		CVE-2024-21490	not yet assigned	no
		CVE-2024-8372	not yet assigned	no
		CVE-2024-8373	not yet assigned	no
		CVE-2025-0716	not yet assigned	no
		CVE-2025-2336	not yet assigned	no
bind9	check	CVE-2025-40777	not yet assigned	no
chromium	check	CVE-2025-6558	not yet assigned	no	(fixed in stable?)
		CVE-2025-7656	not yet assigned	no	(fixed in stable?)
		CVE-2025-7657	not yet assigned	no	(fixed in stable?)
commons-beanutils	check	CVE-2025-48734	not yet assigned	no
firefox-esr	check	CVE-2025-6424	not yet assigned	no	(fixed in stable?)
		CVE-2025-6425	not yet assigned	no	(fixed in stable?)
		CVE-2025-6429	not yet assigned	no	(fixed in stable?)
		CVE-2025-6430	not yet assigned	no	(fixed in stable?)
gdk-pixbuf	check	CVE-2025-7345	not yet assigned	no
imagemagick	check	CVE-2025-43965	not yet assigned	no
		CVE-2025-46393	not yet assigned	no
		CVE-2025-53014	not yet assigned	no
		CVE-2025-53015	not yet assigned	no
		CVE-2025-53019	not yet assigned	no
		CVE-2025-53101	not yet assigned	no
libxml2	check	CVE-2025-49794	not yet assigned	no
		CVE-2025-49796	not yet assigned	no
		CVE-2025-6021	not yet assigned	no
linux	check	CVE-2024-36350	not yet assigned	no
		CVE-2024-36357	not yet assigned	no
		CVE-2024-57976	not yet assigned	no
		CVE-2024-58091	not yet assigned	no
		CVE-2025-22101	not yet assigned	no
		CVE-2025-23155	not yet assigned	no
		CVE-2025-37842	not yet assigned	no
		CVE-2025-38139	not yet assigned	no
		CVE-2025-38230	not yet assigned	no
		CVE-2025-38236	not yet assigned	no
		CVE-2025-38239	not yet assigned	no
		CVE-2025-38242	not yet assigned	no
		CVE-2025-38244	not yet assigned	no
		CVE-2025-38245	not yet assigned	no
		CVE-2025-38246	not yet assigned	no
		CVE-2025-38249	not yet assigned	no
		CVE-2025-38250	not yet assigned	no
		CVE-2025-38251	not yet assigned	no
		CVE-2025-38253	not yet assigned	no
		CVE-2025-38255	not yet assigned	no
		CVE-2025-38256	not yet assigned	no
		CVE-2025-38257	not yet assigned	no
		CVE-2025-38258	not yet assigned	no
		CVE-2025-38259	not yet assigned	no
		CVE-2025-38260	not yet assigned	no
		CVE-2025-38262	not yet assigned	no
		CVE-2025-38263	not yet assigned	no
		CVE-2025-38264	not yet assigned	no
		CVE-2025-38279	not yet assigned	no
		CVE-2025-38289	not yet assigned	no
		CVE-2025-38350	not yet assigned	no
mbedtls	check	CVE-2025-47917	not yet assigned	?
		CVE-2025-48965	not yet assigned	?
		CVE-2025-49087	not yet assigned	?
		CVE-2025-49600	not yet assigned	no
		CVE-2025-49601	not yet assigned	no
		CVE-2025-52496	not yet assigned	no
		CVE-2025-52497	not yet assigned	no
node-on-headers	check	CVE-2025-7339	not yet assigned	no
openjdk-21	check	CVE-2025-30749	not yet assigned	no
		CVE-2025-30754	not yet assigned	no
		CVE-2025-50059	not yet assigned	no
		CVE-2025-50106	not yet assigned	no
python-urllib3	check	CVE-2025-50181	not yet assigned	no
		CVE-2025-50182	not yet assigned	no
qt6-base	check	CVE-2025-5992	not yet assigned	no
redis	check	CVE-2025-27151	not yet assigned	no
		CVE-2025-32023	not yet assigned	no
		CVE-2025-48367	not yet assigned	no
ruby-rack	check	CVE-2025-46727	not yet assigned	no
		CVE-2025-49007	not yet assigned	no
rust-static-alloc	check	TEMP-0000000-1926D8	not yet assigned	?
squid	check	CVE-2025-21311	not yet assigned	no