Candidates for DTSAs

The table below lists packages which are fixed in unstable, but unfixed in testing. Use the testing migration checker to find out why they have not entered testing yet.

List of vulnerable packages in testing

Package	Migration	Bug	Urgency	Remote
calibre	check	CVE-2026-25635	not yet assigned	no
		CVE-2026-25636	not yet assigned	no
		CVE-2026-25731	not yet assigned	no
		CVE-2026-26064	not yet assigned	no
		CVE-2026-26065	not yet assigned	no
		CVE-2026-27810	not yet assigned	no
		CVE-2026-27824	not yet assigned	no
cosign	check	CVE-2026-22703	not yet assigned	no
edk2	check	CVE-2024-38798	not yet assigned	no
firefox-esr	check	CVE-2026-2757	not yet assigned	no	(fixed in stable?)
		CVE-2026-2758	not yet assigned	no	(fixed in stable?)
		CVE-2026-2759	not yet assigned	no	(fixed in stable?)
		CVE-2026-2760	not yet assigned	no	(fixed in stable?)
		CVE-2026-2761	not yet assigned	no	(fixed in stable?)
		CVE-2026-2762	not yet assigned	no	(fixed in stable?)
		CVE-2026-2763	not yet assigned	no	(fixed in stable?)
		CVE-2026-2764	not yet assigned	no	(fixed in stable?)
		CVE-2026-2765	not yet assigned	no	(fixed in stable?)
		CVE-2026-2766	not yet assigned	no	(fixed in stable?)
		CVE-2026-2767	not yet assigned	no	(fixed in stable?)
		CVE-2026-2768	not yet assigned	no	(fixed in stable?)
		CVE-2026-2769	not yet assigned	no	(fixed in stable?)
		CVE-2026-2770	not yet assigned	no	(fixed in stable?)
		CVE-2026-2771	not yet assigned	no	(fixed in stable?)
		CVE-2026-2772	not yet assigned	no	(fixed in stable?)
		CVE-2026-2773	not yet assigned	no	(fixed in stable?)
		CVE-2026-2774	not yet assigned	no	(fixed in stable?)
		CVE-2026-2775	not yet assigned	no	(fixed in stable?)
		CVE-2026-2776	not yet assigned	no	(fixed in stable?)
		CVE-2026-2777	not yet assigned	no	(fixed in stable?)
		CVE-2026-2778	not yet assigned	no	(fixed in stable?)
		CVE-2026-2779	not yet assigned	no	(fixed in stable?)
		CVE-2026-2780	not yet assigned	no	(fixed in stable?)
		CVE-2026-2781	not yet assigned	no	(fixed in stable?)
		CVE-2026-2782	not yet assigned	no	(fixed in stable?)
		CVE-2026-2783	not yet assigned	no	(fixed in stable?)
		CVE-2026-2784	not yet assigned	no	(fixed in stable?)
		CVE-2026-2785	not yet assigned	no	(fixed in stable?)
		CVE-2026-2786	not yet assigned	no	(fixed in stable?)
		CVE-2026-2787	not yet assigned	no	(fixed in stable?)
		CVE-2026-2788	not yet assigned	no	(fixed in stable?)
		CVE-2026-2789	not yet assigned	no	(fixed in stable?)
		CVE-2026-2790	not yet assigned	no	(fixed in stable?)
		CVE-2026-2791	not yet assigned	no	(fixed in stable?)
		CVE-2026-2792	not yet assigned	no	(fixed in stable?)
		CVE-2026-2793	not yet assigned	no	(fixed in stable?)
flask	check	CVE-2026-27205	not yet assigned	no
grub2	check	CVE-2025-54770	not yet assigned	no
		CVE-2025-54771	not yet assigned	no
		CVE-2025-61661	not yet assigned	no
		CVE-2025-61662	not yet assigned	no
		CVE-2025-61663	not yet assigned	no
		CVE-2025-61664	not yet assigned	no
gvfs	check	CVE-2026-28295	not yet assigned	no
		CVE-2026-28296	not yet assigned	no
mumble	check	TEMP-1129178-7C9A9B	not yet assigned	?
node-proxy-agents	check	CVE-2026-27699	not yet assigned	no
nss	check	CVE-2026-2781	not yet assigned	no
pillow	check	CVE-2026-25990	not yet assigned	no
rust-wasmtime	check	CVE-2026-27204	not yet assigned	no
		CVE-2026-27572	not yet assigned	no
spip	check	CVE-2026-22205	not yet assigned	no
		CVE-2026-22206	not yet assigned	no
thunderbird	check	CVE-2026-2757	not yet assigned	no	(fixed in stable?)
		CVE-2026-2758	not yet assigned	no	(fixed in stable?)
		CVE-2026-2759	not yet assigned	no	(fixed in stable?)
		CVE-2026-2761	not yet assigned	no	(fixed in stable?)
		CVE-2026-2762	not yet assigned	no	(fixed in stable?)
		CVE-2026-2763	not yet assigned	no	(fixed in stable?)
		CVE-2026-2764	not yet assigned	no	(fixed in stable?)
		CVE-2026-2765	not yet assigned	no	(fixed in stable?)
		CVE-2026-2766	not yet assigned	no	(fixed in stable?)
		CVE-2026-2767	not yet assigned	no	(fixed in stable?)
		CVE-2026-2768	not yet assigned	no	(fixed in stable?)
		CVE-2026-2769	not yet assigned	no	(fixed in stable?)
		CVE-2026-2770	not yet assigned	no	(fixed in stable?)
		CVE-2026-2771	not yet assigned	no	(fixed in stable?)
		CVE-2026-2772	not yet assigned	no	(fixed in stable?)
		CVE-2026-2773	not yet assigned	no	(fixed in stable?)
		CVE-2026-2774	not yet assigned	no	(fixed in stable?)
		CVE-2026-2775	not yet assigned	no	(fixed in stable?)
		CVE-2026-2776	not yet assigned	no	(fixed in stable?)
		CVE-2026-2777	not yet assigned	no	(fixed in stable?)
		CVE-2026-2778	not yet assigned	no	(fixed in stable?)
		CVE-2026-2779	not yet assigned	no	(fixed in stable?)
		CVE-2026-2780	not yet assigned	no	(fixed in stable?)
		CVE-2026-2781	not yet assigned	no	(fixed in stable?)
		CVE-2026-2782	not yet assigned	no	(fixed in stable?)
		CVE-2026-2783	not yet assigned	no	(fixed in stable?)
		CVE-2026-2784	not yet assigned	no	(fixed in stable?)
		CVE-2026-2785	not yet assigned	no	(fixed in stable?)
		CVE-2026-2786	not yet assigned	no	(fixed in stable?)
		CVE-2026-2787	not yet assigned	no	(fixed in stable?)
		CVE-2026-2788	not yet assigned	no	(fixed in stable?)
		CVE-2026-2789	not yet assigned	no	(fixed in stable?)
		CVE-2026-2790	not yet assigned	no	(fixed in stable?)
		CVE-2026-2791	not yet assigned	no	(fixed in stable?)
		CVE-2026-2792	not yet assigned	no	(fixed in stable?)
		CVE-2026-2793	not yet assigned	no	(fixed in stable?)
udisks2	check	CVE-2026-26103	not yet assigned	no
		CVE-2026-26104	not yet assigned	no
vips	check	CVE-2026-3145	not yet assigned	no
		CVE-2026-3146	not yet assigned	no
		CVE-2026-3147	not yet assigned	no
		CVE-2026-3281	not yet assigned	no
		CVE-2026-3282	not yet assigned	no
		CVE-2026-3283	not yet assigned	no
		CVE-2026-3284	not yet assigned	no
wireshark	check	CVE-2026-3201	not yet assigned	no
		CVE-2026-3202	not yet assigned	no
		CVE-2026-3203	not yet assigned	no