Candidates for DTSAs

The table below lists packages which are fixed in unstable, but unfixed in testing. Use the testing migration checker to find out why they have not entered testing yet.

List of vulnerable packages in testing

Package	Migration	Bug	Urgency	Remote
chromium	check	CVE-2019-5786	not yet assigned	?	(fixed in stable?)
		CVE-2019-5787	not yet assigned	?	(fixed in stable?)
		CVE-2019-5788	not yet assigned	?	(fixed in stable?)
		CVE-2019-5789	not yet assigned	?	(fixed in stable?)
		CVE-2019-5790	not yet assigned	?	(fixed in stable?)
		CVE-2019-5791	not yet assigned	?	(fixed in stable?)
		CVE-2019-5792	not yet assigned	?	(fixed in stable?)
		CVE-2019-5793	not yet assigned	?	(fixed in stable?)
		CVE-2019-5794	not yet assigned	?	(fixed in stable?)
		CVE-2019-5795	not yet assigned	?	(fixed in stable?)
		CVE-2019-5796	not yet assigned	?	(fixed in stable?)
		CVE-2019-5797	not yet assigned	?	(fixed in stable?)
		CVE-2019-5798	not yet assigned	?	(fixed in stable?)
		CVE-2019-5799	not yet assigned	?	(fixed in stable?)
		CVE-2019-5800	not yet assigned	?	(fixed in stable?)
		CVE-2019-5802	not yet assigned	?	(fixed in stable?)
		CVE-2019-5803	not yet assigned	?	(fixed in stable?)
cron	check	CVE-2019-9704	low	no
		CVE-2019-9705	low	no
		CVE-2019-9706	low**	no
firefox-esr	check	CVE-2018-18506	medium**	yes	(fixed in stable?)
		CVE-2019-9788	not yet assigned	?	(fixed in stable?)
		CVE-2019-9790	not yet assigned	?	(fixed in stable?)
		CVE-2019-9791	not yet assigned	?	(fixed in stable?)
		CVE-2019-9792	not yet assigned	?	(fixed in stable?)
		CVE-2019-9793	not yet assigned	?	(fixed in stable?)
		CVE-2019-9795	not yet assigned	?	(fixed in stable?)
		CVE-2019-9796	not yet assigned	?	(fixed in stable?)
golang-1.11	check	CVE-2019-9741	medium**	yes
libapache2-mod-auth-mellon	check	CVE-2019-3877	not yet assigned	?
		CVE-2019-3878	not yet assigned	?
libmatio	check	CVE-2019-9026	low	yes
		CVE-2019-9027	low	yes
		CVE-2019-9028	low	yes
		CVE-2019-9029	low	yes
		CVE-2019-9030	low	yes
		CVE-2019-9031	low	yes
		CVE-2019-9032	low	yes
		CVE-2019-9033	low	yes
		CVE-2019-9034	low	yes
		CVE-2019-9035	low	yes
		CVE-2019-9036	low	yes
		CVE-2019-9037	low	yes
		CVE-2019-9038	low	yes
linux	check	CVE-2019-7308	high**	yes
		CVE-2019-8912	high**	no
		CVE-2019-8980	high**	yes
		CVE-2019-9003	high**	yes
		CVE-2018-16880	medium**	no
		CVE-2019-3819	medium**	no
		CVE-2019-6974	medium**	yes
		CVE-2019-9162	medium**	no
		CVE-2019-9213	medium**	no
		CVE-2019-7221	not yet assigned	no
		CVE-2019-7222	not yet assigned	no
		CVE-2019-8956	not yet assigned	?
mupdf	check	CVE-2018-16647	medium**	yes
		CVE-2018-16648	medium**	yes
openjdk-8	check	CVE-2018-3136	low**	yes	(fixed in stable?)
		CVE-2018-3139	low**	yes	(fixed in stable?)
		CVE-2018-2952	medium**	yes	(fixed in stable?)
		CVE-2018-3149	medium**	yes	(fixed in stable?)
		CVE-2018-3169	medium**	yes	(fixed in stable?)
		CVE-2018-3180	medium**	yes	(fixed in stable?)
		CVE-2018-3183	medium**	yes	(fixed in stable?)
		CVE-2018-3214	medium**	yes	(fixed in stable?)
		CVE-2019-2422	medium**	yes	(fixed in stable?)
otrs2 (non-free)	check	CVE-2019-9751	low**	yes
passenger	check	CVE-2017-16355	low**	yes	(fixed in stable?)
putty	check	CVE-2019-9895	high**	yes
		CVE-2019-9898	high**	yes
		CVE-2019-9894	medium**	yes
		CVE-2019-9897	medium**	yes
qemu	check	CVE-2019-9824	not yet assigned	?
rails	check	CVE-2019-5418	not yet assigned	?
		CVE-2019-5419	not yet assigned	?
		CVE-2019-5420	not yet assigned	?
sqlite3	check	CVE-2019-9936	low	no
		CVE-2019-9937	low	no
tintin++	check	CVE-2019-7629	low	yes
uap-core	check	CVE-2018-20164	medium**	yes
wordpress	check	CVE-2019-9787	medium**	yes