The table below lists packages which are fixed in unstable, but unfixed in testing. Use the testing migration checker to find out why they have not entered testing yet.
| Package | Migration | Bug | Urgency | Remote | |
|---|---|---|---|---|---|
| calibre | check | CVE-2026-25635 | not yet assigned | no | |
| CVE-2026-25636 | not yet assigned | no | |||
| CVE-2026-25731 | not yet assigned | no | |||
| CVE-2026-26064 | not yet assigned | no | |||
| CVE-2026-26065 | not yet assigned | no | |||
| CVE-2026-27810 | not yet assigned | no | |||
| CVE-2026-27824 | not yet assigned | no | |||
| chromium | check | CVE-2026-3913 | not yet assigned | no | (fixed in stable?) |
| CVE-2026-3914 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-3915 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-3916 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-3917 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-3918 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-3919 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-3920 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-3921 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-3922 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-3923 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-3924 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-3925 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-3926 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-3927 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-3928 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-3929 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-3930 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-3931 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-3932 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-3934 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-3935 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-3936 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-3937 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-3938 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-3939 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-3940 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-3941 | not yet assigned | no | (fixed in stable?) | ||
| CVE-2026-3942 | not yet assigned | no | (fixed in stable?) | ||
| cosign | check | CVE-2026-22703 | not yet assigned | no | |
| curl | check | CVE-2026-1965 | not yet assigned | no | |
| CVE-2026-3783 | not yet assigned | no | |||
| CVE-2026-3784 | not yet assigned | no | |||
| CVE-2026-3805 | not yet assigned | no | |||
| edk2 | check | CVE-2024-38798 | not yet assigned | no | |
| erlang | check | CVE-2026-21620 | not yet assigned | no | |
| flask | check | CVE-2026-27205 | not yet assigned | no | |
| freetype | check | CVE-2026-23865 | not yet assigned | no | |
| golang-github-go-git-go-git | check | CVE-2026-25934 | not yet assigned | no | |
| grub2 | check | CVE-2025-54770 | not yet assigned | no | |
| CVE-2025-54771 | not yet assigned | no | |||
| CVE-2025-61661 | not yet assigned | no | |||
| CVE-2025-61662 | not yet assigned | no | |||
| CVE-2025-61663 | not yet assigned | no | |||
| CVE-2025-61664 | not yet assigned | no | |||
| gst-plugins-bad1.0 | check | CVE-2026-1940 | not yet assigned | ? | |
| CVE-2026-2923 | not yet assigned | ? | |||
| CVE-2026-3081 | not yet assigned | ? | |||
| CVE-2026-3084 | not yet assigned | ? | |||
| CVE-2026-3086 | not yet assigned | ? | |||
| imagemagick | check | CVE-2026-28493 | not yet assigned | no | |
| CVE-2026-28494 | not yet assigned | no | |||
| CVE-2026-28686 | not yet assigned | no | |||
| CVE-2026-28687 | not yet assigned | no | |||
| CVE-2026-28688 | not yet assigned | no | |||
| CVE-2026-28689 | not yet assigned | no | |||
| CVE-2026-28690 | not yet assigned | no | |||
| CVE-2026-28691 | not yet assigned | no | |||
| CVE-2026-28692 | not yet assigned | no | |||
| CVE-2026-28693 | not yet assigned | no | |||
| CVE-2026-30883 | not yet assigned | no | |||
| CVE-2026-30929 | not yet assigned | no | |||
| CVE-2026-30931 | not yet assigned | no | |||
| CVE-2026-30935 | not yet assigned | no | |||
| CVE-2026-30936 | not yet assigned | no | |||
| CVE-2026-30937 | not yet assigned | no | |||
| CVE-2026-31853 | not yet assigned | no | |||
| CVE-2026-32259 | not yet assigned | no | |||
| libsixel | check | CVE-2022-29977 | not yet assigned | no | |
| CVE-2022-29978 | not yet assigned | no | |||
| CVE-2025-9300 | not yet assigned | no | |||
| nfs-utils | check | CVE-2025-12801 | not yet assigned | no | |
| node-rollup | check | CVE-2026-27606 | not yet assigned | no | |
| openexr | check | CVE-2025-12495 | not yet assigned | no | |
| CVE-2025-12839 | not yet assigned | no | |||
| CVE-2025-12840 | not yet assigned | no | |||
| CVE-2025-48074 | not yet assigned | no | |||
| CVE-2025-64181 | not yet assigned | no | |||
| CVE-2026-27622 | not yet assigned | no | |||
| rebar3 | check | CVE-2026-21619 | not yet assigned | no | |
| ruby-rack | check | CVE-2026-22860 | not yet assigned | no | |
| CVE-2026-25500 | not yet assigned | no | |||
| rust-wasmtime | check | CVE-2026-27204 | not yet assigned | no | |
| CVE-2026-27572 | not yet assigned | no | |||
| tinyproxy | check | CVE-2025-63938 | not yet assigned | no | |
| vim | check | CVE-2026-26269 | not yet assigned | no | |
| CVE-2026-28417 | not yet assigned | no | |||
| CVE-2026-28418 | not yet assigned | no | |||
| CVE-2026-28419 | not yet assigned | no | |||
| CVE-2026-28420 | not yet assigned | no | |||
| CVE-2026-28421 | not yet assigned | no |