Candidates for DTSAs

The table below lists packages which are fixed in unstable, but unfixed in testing. Use the testing migration checker to find out why they have not entered testing yet.

List of vulnerable packages in testing

Package	Migration	Bug	Urgency	Remote
apache2	check	CVE-2025-55753	not yet assigned	no
		CVE-2025-58098	not yet assigned	no
		CVE-2025-65082	not yet assigned	no
		CVE-2025-66200	not yet assigned	no
dante	check	CVE-2024-54662	not yet assigned	no
exim4	check	CVE-2025-67896	not yet assigned	no
firefox-esr	check	CVE-2025-14321	not yet assigned	no	(fixed in stable?)
		CVE-2025-14322	not yet assigned	no	(fixed in stable?)
		CVE-2025-14323	not yet assigned	no	(fixed in stable?)
		CVE-2025-14324	not yet assigned	no	(fixed in stable?)
		CVE-2025-14325	not yet assigned	no	(fixed in stable?)
		CVE-2025-14328	not yet assigned	no	(fixed in stable?)
		CVE-2025-14329	not yet assigned	no	(fixed in stable?)
		CVE-2025-14330	not yet assigned	no	(fixed in stable?)
		CVE-2025-14331	not yet assigned	no	(fixed in stable?)
		CVE-2025-14333	not yet assigned	no	(fixed in stable?)
linux	check	CVE-2025-68254	not yet assigned	no
		CVE-2025-68255	not yet assigned	no
		CVE-2025-68256	not yet assigned	no
		CVE-2025-68257	not yet assigned	no
		CVE-2025-68258	not yet assigned	no
		CVE-2025-68259	not yet assigned	no
		CVE-2025-68261	not yet assigned	no
		CVE-2025-68262	not yet assigned	no
		CVE-2025-68263	not yet assigned	no
		CVE-2025-68264	not yet assigned	no
		CVE-2025-68265	not yet assigned	no
		CVE-2025-68266	not yet assigned	no
		CVE-2025-68281	not yet assigned	no
qemu	check	CVE-2025-11234	not yet assigned	no
		CVE-2025-12464	not yet assigned	no
smb4k	check	CVE-2025-66002	not yet assigned	?
		CVE-2025-66003	not yet assigned	?
util-linux	check	CVE-2025-14104	not yet assigned	no
webkit2gtk	check	CVE-2025-14174	not yet assigned	no	(fixed in stable?)
		CVE-2025-43501	not yet assigned	no	(fixed in stable?)
		CVE-2025-43529	not yet assigned	no	(fixed in stable?)
		CVE-2025-43531	not yet assigned	no	(fixed in stable?)
		CVE-2025-43535	not yet assigned	no	(fixed in stable?)
		CVE-2025-43536	not yet assigned	no	(fixed in stable?)
		CVE-2025-43541	not yet assigned	no	(fixed in stable?)