The table below lists packages which are fixed in unstable, but unfixed in testing. Use the testing migration checker to find out why they have not entered testing yet.
| Package | Migration | Bug | Urgency | Remote | |
|---|---|---|---|---|---|
| ceph | check | CVE-2024-31884 | not yet assigned | ? | |
| chromium | check | CVE-2026-4673 | not yet assigned | no | (fixed in stable?) |
| CVE-2026-4674 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-4675 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-4676 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-4677 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-4678 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-4679 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-4680 | not yet assigned | no | (fixed in stable?) | ||
| edk2 | check | CVE-2024-38798 | not yet assigned | no | |
| ffmpeg | check | CVE-2025-69693 | not yet assigned | no | |
| firefox-esr | check | CVE-2025-59375 | not yet assigned | no | (fixed in stable?) |
| CVE-2026-4684 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-4685 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-4686 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-4687 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-4688 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-4689 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-4690 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-4691 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-4692 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-4693 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-4694 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-4695 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-4696 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-4697 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-4698 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-4699 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-4700 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-4701 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-4702 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-4704 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-4705 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-4706 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-4707 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-4708 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-4709 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-4710 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-4713 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-4714 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-4715 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-4716 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-4717 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-4718 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-4719 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-4720 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-4721 | not yet assigned | no | (fixed in stable?) | ||
| flask | check | CVE-2026-27205 | not yet assigned | no | |
| freeciv | check | CVE-2026-33250 | not yet assigned | no | |
| grub2 | check | CVE-2025-54770 | not yet assigned | no | |
| CVE-2025-54771 | not yet assigned | no | |||
| CVE-2025-61661 | not yet assigned | no | |||
| CVE-2025-61662 | not yet assigned | no | |||
| CVE-2025-61663 | not yet assigned | no | |||
| CVE-2025-61664 | not yet assigned | no | |||
| imagemagick | check | CVE-2026-28493 | not yet assigned | no | |
| CVE-2026-28494 | not yet assigned | no | |||
| CVE-2026-28686 | not yet assigned | no | |||
| CVE-2026-28687 | not yet assigned | no | |||
| CVE-2026-28688 | not yet assigned | no | |||
| CVE-2026-28689 | not yet assigned | no | |||
| CVE-2026-28690 | not yet assigned | no | |||
| CVE-2026-28691 | not yet assigned | no | |||
| CVE-2026-28692 | not yet assigned | no | |||
| CVE-2026-28693 | not yet assigned | no | |||
| CVE-2026-30883 | not yet assigned | no | |||
| CVE-2026-30929 | not yet assigned | no | |||
| CVE-2026-30931 | not yet assigned | no | |||
| CVE-2026-30935 | not yet assigned | no | |||
| CVE-2026-30936 | not yet assigned | no | |||
| CVE-2026-30937 | not yet assigned | no | |||
| CVE-2026-31853 | not yet assigned | no | |||
| CVE-2026-32259 | not yet assigned | no | |||
| isc-kea | check | CVE-2026-3608 | not yet assigned | no | |
| jpeg-xl | check | CVE-2025-12474 | not yet assigned | no | |
| CVE-2026-1837 | not yet assigned | no | |||
| libsixel | check | CVE-2022-29977 | not yet assigned | no | |
| CVE-2022-29978 | not yet assigned | no | |||
| CVE-2025-9300 | not yet assigned | no | |||
| libssh | check | CVE-2026-0964 | not yet assigned | ? | |
| CVE-2026-0965 | not yet assigned | ? | |||
| CVE-2026-0966 | not yet assigned | ? | |||
| CVE-2026-0967 | not yet assigned | ? | |||
| CVE-2026-0968 | not yet assigned | ? | |||
| CVE-2026-3731 | not yet assigned | no | |||
| node-flatted | check | CVE-2026-33228 | not yet assigned | no | |
| node-undici | check | CVE-2025-47279 | not yet assigned | no | |
| CVE-2026-1525 | not yet assigned | no | |||
| CVE-2026-1526 | not yet assigned | no | |||
| CVE-2026-1527 | not yet assigned | no | |||
| CVE-2026-1528 | not yet assigned | no | |||
| CVE-2026-2229 | not yet assigned | no | |||
| CVE-2026-2581 | not yet assigned | no | |||
| nodejs | check | CVE-2026-21637 | not yet assigned | no | |
| CVE-2026-21710 | not yet assigned | ? | |||
| CVE-2026-21713 | not yet assigned | ? | |||
| CVE-2026-21714 | not yet assigned | ? | |||
| CVE-2026-21715 | not yet assigned | ? | |||
| CVE-2026-21716 | not yet assigned | ? | |||
| CVE-2026-21717 | not yet assigned | ? | |||
| openexr | check | CVE-2025-12495 | not yet assigned | no | |
| CVE-2025-12839 | not yet assigned | no | |||
| CVE-2025-12840 | not yet assigned | no | |||
| CVE-2025-48074 | not yet assigned | no | |||
| CVE-2025-64181 | not yet assigned | no | |||
| CVE-2026-27622 | not yet assigned | no | |||
| pypdf | check | CVE-2026-33123 | not yet assigned | no | |
| CVE-2026-33699 | not yet assigned | ? | |||
| python-dynaconf | check | CVE-2026-33154 | not yet assigned | no | |
| qemu | check | CVE-2026-2243 | not yet assigned | no | |
| CVE-2026-3195 | not yet assigned | ? | |||
| CVE-2026-3196 | not yet assigned | ? | |||
| CVE-2026-3842 | not yet assigned | ? | |||
| ruby-bcrypt | check | CVE-2026-33306 | not yet assigned | no | |
| ruby-rack | check | CVE-2026-22860 | not yet assigned | no | |
| CVE-2026-25500 | not yet assigned | no | |||
| rust-wasmtime | check | CVE-2026-27204 | not yet assigned | no | |
| CVE-2026-27572 | not yet assigned | no | |||
| simpleeval | check | CVE-2026-32640 | not yet assigned | no | |
| sogo | check | CVE-2025-71276 | not yet assigned | no | |
| CVE-2026-3054 | not yet assigned | no | |||
| CVE-2026-33550 | not yet assigned | no | |||
| thunderbird | check | CVE-2025-59375 | not yet assigned | no | |
| CVE-2026-3889 | not yet assigned | no | |||
| CVE-2026-4371 | not yet assigned | no | |||
| CVE-2026-4684 | not yet assigned | no | |||
| CVE-2026-4685 | not yet assigned | no | |||
| CVE-2026-4686 | not yet assigned | no | |||
| CVE-2026-4687 | not yet assigned | no | |||
| CVE-2026-4688 | not yet assigned | no | |||
| CVE-2026-4689 | not yet assigned | no | |||
| CVE-2026-4690 | not yet assigned | no | |||
| CVE-2026-4691 | not yet assigned | no | |||
| CVE-2026-4692 | not yet assigned | no | |||
| CVE-2026-4693 | not yet assigned | no | |||
| CVE-2026-4694 | not yet assigned | no | |||
| CVE-2026-4695 | not yet assigned | no | |||
| CVE-2026-4696 | not yet assigned | no | |||
| CVE-2026-4697 | not yet assigned | no | |||
| CVE-2026-4698 | not yet assigned | no | |||
| CVE-2026-4699 | not yet assigned | no | |||
| CVE-2026-4700 | not yet assigned | no | |||
| CVE-2026-4701 | not yet assigned | no | |||
| CVE-2026-4702 | not yet assigned | no | |||
| CVE-2026-4704 | not yet assigned | no | |||
| CVE-2026-4705 | not yet assigned | no | |||
| CVE-2026-4706 | not yet assigned | no | |||
| CVE-2026-4707 | not yet assigned | no | |||
| CVE-2026-4708 | not yet assigned | no | |||
| CVE-2026-4709 | not yet assigned | no | |||
| CVE-2026-4710 | not yet assigned | no | |||
| CVE-2026-4713 | not yet assigned | no | |||
| CVE-2026-4714 | not yet assigned | no | |||
| CVE-2026-4715 | not yet assigned | no | |||
| CVE-2026-4716 | not yet assigned | no | |||
| CVE-2026-4717 | not yet assigned | no | |||
| CVE-2026-4718 | not yet assigned | no | |||
| CVE-2026-4719 | not yet assigned | no | |||
| CVE-2026-4720 | not yet assigned | no | |||
| CVE-2026-4721 | not yet assigned | no | |||
| webkit2gtk | check | CVE-2025-46299 | not yet assigned | no | |
| wpewebkit | check | CVE-2025-46299 | not yet assigned | no |