Candidates for DTSAs

The table below lists packages which are fixed in unstable, but unfixed in testing. Use the testing migration checker to find out why they have not entered testing yet.

List of vulnerable packages in testing

Package	Migration	Bug	Urgency	Remote
bubblewrap	check	CVE-2026-41163	not yet assigned	?
chromium	check	CVE-2026-6919	not yet assigned	no	(fixed in stable?)
		CVE-2026-6920	not yet assigned	no	(fixed in stable?)
cups	check	CVE-2026-27447	not yet assigned	no
		CVE-2026-34978	not yet assigned	no
		CVE-2026-34979	not yet assigned	no
		CVE-2026-34980	not yet assigned	no
		CVE-2026-34990	not yet assigned	no
		CVE-2026-39314	not yet assigned	no
		CVE-2026-39316	not yet assigned	no
		CVE-2026-41079	not yet assigned	no
dnsdist	check	CVE-2026-33254	not yet assigned	no
		CVE-2026-33257	not yet assigned	no
		CVE-2026-33260	not yet assigned	no
		CVE-2026-33593	not yet assigned	no
		CVE-2026-33594	not yet assigned	no
		CVE-2026-33595	not yet assigned	no
		CVE-2026-33596	not yet assigned	no
		CVE-2026-33597	not yet assigned	no
		CVE-2026-33598	not yet assigned	no
		CVE-2026-33599	not yet assigned	no
		CVE-2026-33602	not yet assigned	no
edk2	check	CVE-2024-38798	not yet assigned	no
erlang	check	CVE-2026-32147	not yet assigned	no
expat	check	CVE-2026-41080	not yet assigned	no
firebird4.0	check	CVE-2026-27890	not yet assigned	no
		CVE-2026-28212	not yet assigned	no
		CVE-2026-28214	not yet assigned	no
		CVE-2026-28224	not yet assigned	no
		CVE-2026-33337	not yet assigned	no
		CVE-2026-34232	not yet assigned	no
		CVE-2026-35215	not yet assigned	no
		CVE-2026-40342	not yet assigned	no
firefox-esr	check	CVE-2026-6746	not yet assigned	no	(fixed in stable?)
		CVE-2026-6747	not yet assigned	no	(fixed in stable?)
		CVE-2026-6748	not yet assigned	no	(fixed in stable?)
		CVE-2026-6749	not yet assigned	no	(fixed in stable?)
		CVE-2026-6750	not yet assigned	no	(fixed in stable?)
		CVE-2026-6751	not yet assigned	no	(fixed in stable?)
		CVE-2026-6752	not yet assigned	no	(fixed in stable?)
		CVE-2026-6753	not yet assigned	no	(fixed in stable?)
		CVE-2026-6754	not yet assigned	no	(fixed in stable?)
		CVE-2026-6757	not yet assigned	no	(fixed in stable?)
		CVE-2026-6761	not yet assigned	no	(fixed in stable?)
		CVE-2026-6762	not yet assigned	no	(fixed in stable?)
		CVE-2026-6763	not yet assigned	no	(fixed in stable?)
		CVE-2026-6764	not yet assigned	no	(fixed in stable?)
		CVE-2026-6765	not yet assigned	no	(fixed in stable?)
		CVE-2026-6766	not yet assigned	no	(fixed in stable?)
		CVE-2026-6767	not yet assigned	no	(fixed in stable?)
		CVE-2026-6769	not yet assigned	no	(fixed in stable?)
		CVE-2026-6770	not yet assigned	no	(fixed in stable?)
		CVE-2026-6771	not yet assigned	no	(fixed in stable?)
		CVE-2026-6772	not yet assigned	no	(fixed in stable?)
		CVE-2026-6776	not yet assigned	no	(fixed in stable?)
		CVE-2026-6785	not yet assigned	no	(fixed in stable?)
		CVE-2026-6786	not yet assigned	no	(fixed in stable?)
flask	check	CVE-2026-27205	not yet assigned	no
freerdp3	check	CVE-2026-40254	not yet assigned	no
imagemagick	check	CVE-2026-33899	not yet assigned	no
		CVE-2026-33900	not yet assigned	no
		CVE-2026-33901	not yet assigned	no
		CVE-2026-33902	not yet assigned	no
		CVE-2026-33905	not yet assigned	no
		CVE-2026-33908	not yet assigned	no
		CVE-2026-34238	not yet assigned	no
		CVE-2026-40169	not yet assigned	no
		CVE-2026-40183	not yet assigned	no
		CVE-2026-40310	not yet assigned	no
		CVE-2026-40311	not yet assigned	no
		CVE-2026-40312	not yet assigned	no
libgcrypt20	check	CVE-2026-41989	not yet assigned	no
		CVE-2026-41990	not yet assigned	no
libxpm	check	CVE-2026-4367	not yet assigned	?
linux	check	CVE-2026-31531	not yet assigned	no
		CVE-2026-31532	not yet assigned	no
		CVE-2026-31575	not yet assigned	no
		CVE-2026-31576	not yet assigned	no
		CVE-2026-31577	not yet assigned	no
		CVE-2026-31578	not yet assigned	no
		CVE-2026-31579	not yet assigned	no
		CVE-2026-31580	not yet assigned	no
		CVE-2026-31581	not yet assigned	no
		CVE-2026-31582	not yet assigned	no
		CVE-2026-31583	not yet assigned	no
		CVE-2026-31584	not yet assigned	no
		CVE-2026-31585	not yet assigned	no
		CVE-2026-31586	not yet assigned	no
		CVE-2026-31587	not yet assigned	no
		CVE-2026-31588	not yet assigned	no
		CVE-2026-31589	not yet assigned	no
		CVE-2026-31590	not yet assigned	no
		CVE-2026-31591	not yet assigned	no
		CVE-2026-31592	not yet assigned	no
		CVE-2026-31593	not yet assigned	no
		CVE-2026-31594	not yet assigned	no
		CVE-2026-31595	not yet assigned	no
		CVE-2026-31596	not yet assigned	no
		CVE-2026-31597	not yet assigned	no
		CVE-2026-31598	not yet assigned	no
		CVE-2026-31599	not yet assigned	no
		CVE-2026-31600	not yet assigned	no
		CVE-2026-31601	not yet assigned	no
		CVE-2026-31602	not yet assigned	no
		CVE-2026-31603	not yet assigned	no
		CVE-2026-31604	not yet assigned	no
		CVE-2026-31605	not yet assigned	no
		CVE-2026-31606	not yet assigned	no
		CVE-2026-31607	not yet assigned	no
		CVE-2026-31608	not yet assigned	no
		CVE-2026-31609	not yet assigned	no
		CVE-2026-31610	not yet assigned	no
		CVE-2026-31611	not yet assigned	no
		CVE-2026-31612	not yet assigned	no
		CVE-2026-31613	not yet assigned	no
		CVE-2026-31614	not yet assigned	no
		CVE-2026-31615	not yet assigned	no
		CVE-2026-31616	not yet assigned	no
		CVE-2026-31617	not yet assigned	no
		CVE-2026-31618	not yet assigned	no
		CVE-2026-31619	not yet assigned	no
		CVE-2026-31620	not yet assigned	no
		CVE-2026-31621	not yet assigned	no
		CVE-2026-31622	not yet assigned	no
		CVE-2026-31623	not yet assigned	no
		CVE-2026-31624	not yet assigned	no
		CVE-2026-31625	not yet assigned	no
		CVE-2026-31626	not yet assigned	no
		CVE-2026-31627	not yet assigned	no
		CVE-2026-31629	not yet assigned	no
		CVE-2026-31673	not yet assigned	no
		CVE-2026-31677	not yet assigned	no
		CVE-2026-31681	not yet assigned	no
		CVE-2026-31684	not yet assigned	no
		CVE-2026-31685	not yet assigned	no
luanti	check	CVE-2026-40959	not yet assigned	no	(fixed in stable?)
		CVE-2026-40960	not yet assigned	no	(fixed in stable?)
		CVE-2026-41196	not yet assigned	no	(fixed in stable?)
lxml	check	CVE-2026-41066	not yet assigned	no
nix	check	CVE-2026-39860	not yet assigned	no
node-axios	check	CVE-2026-42033	not yet assigned	no
		CVE-2026-42034	not yet assigned	no
		CVE-2026-42035	not yet assigned	no
		CVE-2026-42036	not yet assigned	no
		CVE-2026-42037	not yet assigned	no
		CVE-2026-42038	not yet assigned	no
		CVE-2026-42039	not yet assigned	no
		CVE-2026-42040	not yet assigned	no
		CVE-2026-42041	not yet assigned	no
		CVE-2026-42042	not yet assigned	no
		CVE-2026-42043	not yet assigned	no
		CVE-2026-42044	not yet assigned	no
node-dompurify	check	CVE-2026-41238	not yet assigned	no
		CVE-2026-41239	not yet assigned	no
		CVE-2026-41240	not yet assigned	no
node-proxy-agents	check	CVE-2026-39983	not yet assigned	no
node-uuid	check	CVE-2026-41907	not yet assigned	no
		CVE-2026-41988	not yet assigned	no
nss	check	CVE-2026-6766	not yet assigned	no
		CVE-2026-6767	not yet assigned	no
		CVE-2026-6772	not yet assigned	no
openjdk-21	check	CVE-2026-22007	not yet assigned	no
		CVE-2026-22013	not yet assigned	no
		CVE-2026-22016	not yet assigned	no
		CVE-2026-22018	not yet assigned	no
		CVE-2026-22021	not yet assigned	no
		CVE-2026-34268	not yet assigned	no
		CVE-2026-34282	not yet assigned	no
openjdk-25	check	CVE-2026-22007	not yet assigned	no
		CVE-2026-22008	not yet assigned	no
		CVE-2026-22013	not yet assigned	no
		CVE-2026-22016	not yet assigned	no
		CVE-2026-22018	not yet assigned	no
		CVE-2026-22021	not yet assigned	no
		CVE-2026-34268	not yet assigned	no
		CVE-2026-34282	not yet assigned	no
orthanc	check	CVE-2026-5437	not yet assigned	no
		CVE-2026-5438	not yet assigned	no
		CVE-2026-5439	not yet assigned	no
		CVE-2026-5440	not yet assigned	no
		CVE-2026-5441	not yet assigned	no
		CVE-2026-5442	not yet assigned	no
		CVE-2026-5443	not yet assigned	no
		CVE-2026-5444	not yet assigned	no
		CVE-2026-5445	not yet assigned	no
pdns-recursor	check	CVE-2026-33256	not yet assigned	no
		CVE-2026-33258	not yet assigned	no
		CVE-2026-33259	not yet assigned	no
		CVE-2026-33261	not yet assigned	no
		CVE-2026-33262	not yet assigned	no
		CVE-2026-33600	not yet assigned	no
		CVE-2026-33601	not yet assigned	no
pillow	check	CVE-2026-40192	not yet assigned	no
pyjwt	check	CVE-2026-32597	not yet assigned	no
python-multipart	check	CVE-2026-40347	not yet assigned	no
python3.14	check	CVE-2025-13462	not yet assigned	no
		CVE-2026-2297	not yet assigned	no
		CVE-2026-3446	not yet assigned	no
		CVE-2026-3644	not yet assigned	no
		CVE-2026-4224	not yet assigned	no
		CVE-2026-4519	not yet assigned	no
qemu	check	CVE-2026-3890	not yet assigned	?
		CVE-2026-5744	not yet assigned	?
		CVE-2026-5761	not yet assigned	?
		CVE-2026-5763	not yet assigned	?
rust-coreutils	check	CVE-2026-35339	not yet assigned	no
		CVE-2026-35340	not yet assigned	no
		CVE-2026-35342	not yet assigned	no
		CVE-2026-35346	not yet assigned	no
		CVE-2026-35347	not yet assigned	no
		CVE-2026-35349	not yet assigned	no
		CVE-2026-35353	not yet assigned	no
		CVE-2026-35355	not yet assigned	no
		CVE-2026-35356	not yet assigned	no
		CVE-2026-35358	not yet assigned	no
		CVE-2026-35361	not yet assigned	no
		CVE-2026-35362	not yet assigned	no
		CVE-2026-35366	not yet assigned	no
		CVE-2026-35369	not yet assigned	no
rust-openssl	check	CVE-2026-41676	not yet assigned	no
		CVE-2026-41677	not yet assigned	no
		CVE-2026-41678	not yet assigned	no
		CVE-2026-41681	not yet assigned	no
		CVE-2026-41898	not yet assigned	no
rust-rand	check	TEMP-0000000-51E97C	not yet assigned	?
rust-rustls-webpki	check	TEMP-0000000-A510E8	not yet assigned	?
		TEMP-1133085-EC036F	not yet assigned	?
thunderbird	check	CVE-2026-6746	not yet assigned	no	(fixed in stable?)
		CVE-2026-6747	not yet assigned	no	(fixed in stable?)
		CVE-2026-6748	not yet assigned	no	(fixed in stable?)
		CVE-2026-6749	not yet assigned	no	(fixed in stable?)
		CVE-2026-6750	not yet assigned	no	(fixed in stable?)
		CVE-2026-6751	not yet assigned	no	(fixed in stable?)
		CVE-2026-6752	not yet assigned	no	(fixed in stable?)
		CVE-2026-6753	not yet assigned	no	(fixed in stable?)
		CVE-2026-6754	not yet assigned	no	(fixed in stable?)
		CVE-2026-6757	not yet assigned	no	(fixed in stable?)
		CVE-2026-6761	not yet assigned	no	(fixed in stable?)
		CVE-2026-6762	not yet assigned	no	(fixed in stable?)
		CVE-2026-6763	not yet assigned	no	(fixed in stable?)
		CVE-2026-6764	not yet assigned	no	(fixed in stable?)
		CVE-2026-6765	not yet assigned	no	(fixed in stable?)
		CVE-2026-6766	not yet assigned	no	(fixed in stable?)
		CVE-2026-6767	not yet assigned	no	(fixed in stable?)
		CVE-2026-6769	not yet assigned	no	(fixed in stable?)
		CVE-2026-6770	not yet assigned	no	(fixed in stable?)
		CVE-2026-6771	not yet assigned	no	(fixed in stable?)
		CVE-2026-6772	not yet assigned	no	(fixed in stable?)
		CVE-2026-6776	not yet assigned	no	(fixed in stable?)
		CVE-2026-6785	not yet assigned	no	(fixed in stable?)
		CVE-2026-6786	not yet assigned	no	(fixed in stable?)
xorg-server	check	CVE-2026-33999	not yet assigned	no
		CVE-2026-34000	not yet assigned	?
		CVE-2026-34001	not yet assigned	no
		CVE-2026-34002	not yet assigned	?
		CVE-2026-34003	not yet assigned	no
xrdp	check	CVE-2026-32105	not yet assigned	no
		CVE-2026-32107	not yet assigned	no
		CVE-2026-32623	not yet assigned	no
		CVE-2026-32624	not yet assigned	no
		CVE-2026-33145	not yet assigned	no
		CVE-2026-33516	not yet assigned	no
		CVE-2026-33689	not yet assigned	no
		CVE-2026-35512	not yet assigned	no
zlib	check	CVE-2026-27171	not yet assigned	no