Candidates for DTSAs

The table below lists packages which are fixed in unstable, but unfixed in testing. Use the testing migration checker to find out why they have not entered testing yet.

List of vulnerable packages in testing

Package	Migration	Bug	Urgency	Remote
edk2	check	CVE-2024-38798	not yet assigned	no
firefox-esr	check	CVE-2025-14321	not yet assigned	no	(fixed in stable?)
		CVE-2025-14322	not yet assigned	no	(fixed in stable?)
		CVE-2025-14323	not yet assigned	no	(fixed in stable?)
		CVE-2025-14324	not yet assigned	no	(fixed in stable?)
		CVE-2025-14325	not yet assigned	no	(fixed in stable?)
		CVE-2025-14328	not yet assigned	no	(fixed in stable?)
		CVE-2025-14329	not yet assigned	no	(fixed in stable?)
		CVE-2025-14330	not yet assigned	no	(fixed in stable?)
		CVE-2025-14331	not yet assigned	no	(fixed in stable?)
		CVE-2025-14333	not yet assigned	no	(fixed in stable?)
fonttools	check	CVE-2025-66034	not yet assigned	no
harfbuzz	check	CVE-2026-22693	not yet assigned	no
imagemagick	check	CVE-2025-65955	not yet assigned	no
		CVE-2025-66628	not yet assigned	no
		CVE-2025-68618	not yet assigned	no
		CVE-2025-68950	not yet assigned	no
		CVE-2025-69204	not yet assigned	no
libarchive	check	CVE-2025-5918	not yet assigned	no
linux	check	CVE-2025-68351	not yet assigned	no
		CVE-2025-68353	not yet assigned	no
		CVE-2025-68357	not yet assigned	no
		CVE-2025-68365	not yet assigned	no
		CVE-2025-68368	not yet assigned	no
		CVE-2025-68725	not yet assigned	no
		CVE-2025-68736	not yet assigned	no
		CVE-2025-68745	not yet assigned	no
		CVE-2025-68767	not yet assigned	?
		CVE-2025-68768	not yet assigned	?
		CVE-2025-68769	not yet assigned	?
		CVE-2025-68770	not yet assigned	?
		CVE-2025-68771	not yet assigned	?
		CVE-2025-68772	not yet assigned	?
		CVE-2025-68773	not yet assigned	?
		CVE-2025-68774	not yet assigned	?
		CVE-2025-68775	not yet assigned	?
		CVE-2025-68776	not yet assigned	?
		CVE-2025-68777	not yet assigned	?
		CVE-2025-68778	not yet assigned	?
		CVE-2025-68780	not yet assigned	?
		CVE-2025-68781	not yet assigned	?
		CVE-2025-68782	not yet assigned	?
		CVE-2025-68783	not yet assigned	?
		CVE-2025-68784	not yet assigned	?
		CVE-2025-68785	not yet assigned	?
		CVE-2025-68786	not yet assigned	?
		CVE-2025-68787	not yet assigned	?
		CVE-2025-68788	not yet assigned	?
		CVE-2025-68789	not yet assigned	?
		CVE-2025-68791	not yet assigned	?
		CVE-2025-68792	not yet assigned	?
		CVE-2025-68793	not yet assigned	?
		CVE-2025-68794	not yet assigned	?
		CVE-2025-68795	not yet assigned	?
		CVE-2025-68796	not yet assigned	?
		CVE-2025-68797	not yet assigned	?
		CVE-2025-68798	not yet assigned	?
		CVE-2025-68799	not yet assigned	?
		CVE-2025-68800	not yet assigned	?
		CVE-2025-68801	not yet assigned	?
		CVE-2025-68802	not yet assigned	?
		CVE-2025-68803	not yet assigned	?
		CVE-2025-68804	not yet assigned	?
		CVE-2025-68805	not yet assigned	?
		CVE-2025-68806	not yet assigned	?
		CVE-2025-68807	not yet assigned	?
		CVE-2025-68808	not yet assigned	?
		CVE-2025-68809	not yet assigned	?
		CVE-2025-68810	not yet assigned	?
		CVE-2025-68811	not yet assigned	?
		CVE-2025-68812	not yet assigned	?
		CVE-2025-68813	not yet assigned	?
		CVE-2025-68814	not yet assigned	?
		CVE-2025-68815	not yet assigned	?
		CVE-2025-68816	not yet assigned	?
		CVE-2025-68817	not yet assigned	?
		CVE-2025-68818	not yet assigned	?
		CVE-2025-68819	not yet assigned	?
		CVE-2025-68820	not yet assigned	?
		CVE-2025-68821	not yet assigned	?
		CVE-2025-68822	not yet assigned	?
		CVE-2025-68823	not yet assigned	?
		CVE-2025-71064	not yet assigned	?
		CVE-2025-71065	not yet assigned	?
		CVE-2025-71066	not yet assigned	?
		CVE-2025-71067	not yet assigned	?
		CVE-2025-71068	not yet assigned	?
		CVE-2025-71069	not yet assigned	?
		CVE-2025-71070	not yet assigned	?
		CVE-2025-71071	not yet assigned	?
		CVE-2025-71072	not yet assigned	?
		CVE-2025-71073	not yet assigned	?
		CVE-2025-71074	not yet assigned	?
		CVE-2025-71075	not yet assigned	?
		CVE-2025-71076	not yet assigned	?
		CVE-2025-71077	not yet assigned	?
net-snmp	check	CVE-2025-68615	not yet assigned	no	(fixed in stable?)
node-qs	check	CVE-2025-15284	not yet assigned	no
python-filelock	check	CVE-2025-68146	not yet assigned	no
python-urllib3	check	CVE-2025-66418	not yet assigned	no
		CVE-2026-21441	not yet assigned	no
qemu	check	CVE-2025-11234	not yet assigned	no
		CVE-2025-12464	not yet assigned	no
tlp	check	CVE-2025-67859	not yet assigned	?