The table below lists packages which are fixed in unstable, but unfixed in testing. Use the testing migration checker to find out why they have not entered testing yet.
| Package | Migration | Bug | Urgency | Remote | |
|---|---|---|---|---|---|
| arduino-core-avr | check | CVE-2025-69209 | not yet assigned | no | |
| avahi | check | CVE-2024-52616 | not yet assigned | no | |
| CVE-2025-68276 | not yet assigned | no | |||
| CVE-2025-68468 | not yet assigned | no | |||
| CVE-2025-68471 | not yet assigned | no | |||
| CVE-2026-24401 | not yet assigned | no | |||
| busybox | check | CVE-2023-42366 | not yet assigned | no | |
| CVE-2024-58251 | not yet assigned | no | |||
| CVE-2025-46394 | not yet assigned | no | |||
| CVE-2025-60876 | not yet assigned | no | |||
| edk2 | check | CVE-2024-38798 | not yet assigned | no | |
| gimp | check | CVE-2025-15059 | not yet assigned | no | |
| golang-1.24 | check | CVE-2025-61726 | not yet assigned | no | |
| CVE-2025-61727 | not yet assigned | no | |||
| CVE-2025-61728 | not yet assigned | no | |||
| CVE-2025-61729 | not yet assigned | no | |||
| CVE-2025-61730 | not yet assigned | no | |||
| CVE-2025-61731 | not yet assigned | no | |||
| CVE-2025-68121 | not yet assigned | ? | |||
| golang-1.25 | check | CVE-2025-61726 | not yet assigned | no | |
| CVE-2025-61727 | not yet assigned | no | |||
| CVE-2025-61728 | not yet assigned | no | |||
| CVE-2025-61729 | not yet assigned | no | |||
| CVE-2025-61730 | not yet assigned | no | |||
| CVE-2025-61731 | not yet assigned | no | |||
| CVE-2025-68119 | not yet assigned | no | |||
| CVE-2025-68121 | not yet assigned | ? | |||
| libchdr | check | CVE-2025-14369 | not yet assigned | no | |
| node-lodash | check | CVE-2025-13465 | not yet assigned | no | |
| thunderbird | check | CVE-2026-0818 | not yet assigned | no | |
| xrdp | check | CVE-2025-68670 | not yet assigned | no |