The table below lists packages which are fixed in unstable, but unfixed in testing. Use the testing migration checker to find out why they have not entered testing yet.
| Package | Migration | Bug | Urgency | Remote | |
|---|---|---|---|---|---|
| chromium | check | CVE-2025-2476 | not yet assigned | no | (fixed in stable?) |
| dcmtk | check | CVE-2025-2357 | not yet assigned | no | |
| expat | check | CVE-2024-8176 | not yet assigned | no | |
| golang-github-golang-jwt-jwt | check | CVE-2024-51744 | not yet assigned | no | |
| CVE-2025-30204 | not yet assigned | no | |||
| golang-github-golang-jwt-jwt-v5 | check | CVE-2025-30204 | not yet assigned | no | |
| libcap2 | check | CVE-2025-1390 | not yet assigned | no | |
| libeddsa-java | check | CVE-2020-36843 | not yet assigned | no | |
| php8.4 | check | CVE-2024-11235 | not yet assigned | ? | |
| CVE-2025-1217 | not yet assigned | ? | |||
| CVE-2025-1219 | not yet assigned | ? | |||
| CVE-2025-1734 | not yet assigned | ? | |||
| CVE-2025-1736 | not yet assigned | ? | |||
| CVE-2025-1861 | not yet assigned | ? | |||
| ruby-rack | check | CVE-2025-25184 | not yet assigned | no | |
| CVE-2025-27111 | not yet assigned | no | |||
| CVE-2025-27610 | not yet assigned | no | |||
| rust-hickory-proto | check | CVE-2025-25188 | not yet assigned | no | |
| tinyxml2 | check | CVE-2024-50615 | not yet assigned | no | |
| varnish | check | CVE-2025-30346 | not yet assigned | no | |
| wpa | check | CVE-2022-37660 | not yet assigned | no | |
| xmedcon | check | CVE-2025-2581 | not yet assigned | no |