Candidates for DTSAs

The table below lists packages which are fixed in unstable, but unfixed in testing. Use the testing migration checker to find out why they have not entered testing yet.

List of vulnerable packages in testing

Package	Migration	Bug	Urgency	Remote
cgif	check	CVE-2026-4985	not yet assigned	no
chromium	check	CVE-2026-4673	not yet assigned	no	(fixed in stable?)
		CVE-2026-4674	not yet assigned	no	(fixed in stable?)
		CVE-2026-4675	not yet assigned	no	(fixed in stable?)
		CVE-2026-4676	not yet assigned	no	(fixed in stable?)
		CVE-2026-4677	not yet assigned	no	(fixed in stable?)
		CVE-2026-4678	not yet assigned	no	(fixed in stable?)
		CVE-2026-4679	not yet assigned	no	(fixed in stable?)
		CVE-2026-4680	not yet assigned	no	(fixed in stable?)
		CVE-2026-5272	not yet assigned	no	(fixed in stable?)
		CVE-2026-5273	not yet assigned	no	(fixed in stable?)
		CVE-2026-5274	not yet assigned	no	(fixed in stable?)
		CVE-2026-5275	not yet assigned	no	(fixed in stable?)
		CVE-2026-5276	not yet assigned	no	(fixed in stable?)
		CVE-2026-5277	not yet assigned	no	(fixed in stable?)
		CVE-2026-5278	not yet assigned	no	(fixed in stable?)
		CVE-2026-5279	not yet assigned	no	(fixed in stable?)
		CVE-2026-5280	not yet assigned	no	(fixed in stable?)
		CVE-2026-5281	not yet assigned	no	(fixed in stable?)
		CVE-2026-5282	not yet assigned	no	(fixed in stable?)
		CVE-2026-5283	not yet assigned	no	(fixed in stable?)
		CVE-2026-5284	not yet assigned	no	(fixed in stable?)
		CVE-2026-5285	not yet assigned	no	(fixed in stable?)
		CVE-2026-5286	not yet assigned	no	(fixed in stable?)
		CVE-2026-5287	not yet assigned	no	(fixed in stable?)
		CVE-2026-5288	not yet assigned	no	(fixed in stable?)
		CVE-2026-5289	not yet assigned	no	(fixed in stable?)
		CVE-2026-5290	not yet assigned	no	(fixed in stable?)
		CVE-2026-5291	not yet assigned	no	(fixed in stable?)
		CVE-2026-5292	not yet assigned	no	(fixed in stable?)
dnsdist	check	CVE-2026-0396	not yet assigned	no
		CVE-2026-0397	not yet assigned	no
		CVE-2026-24028	not yet assigned	no
		CVE-2026-24029	not yet assigned	no
		CVE-2026-24030	not yet assigned	no
		CVE-2026-27853	not yet assigned	no
		CVE-2026-27854	not yet assigned	no
edk2	check	CVE-2024-38798	not yet assigned	no
flask	check	CVE-2026-27205	not yet assigned	no
frr	check	CVE-2026-5107	not yet assigned	no
gdk-pixbuf	check	CVE-2026-5201	not yet assigned	no
glibc	check	CVE-2026-4437	not yet assigned	no
		CVE-2026-4438	not yet assigned	no
grub2	check	CVE-2025-54770	not yet assigned	no
		CVE-2025-54771	not yet assigned	no
		CVE-2025-61661	not yet assigned	no
		CVE-2025-61662	not yet assigned	no
		CVE-2025-61663	not yet assigned	no
		CVE-2025-61664	not yet assigned	no
imagemagick	check	CVE-2026-32636	not yet assigned	no
		CVE-2026-33535	not yet assigned	no
		CVE-2026-33536	not yet assigned	no
ldap-account-manager	check	CVE-2025-58174	not yet assigned	no
		CVE-2026-27894	not yet assigned	no
		CVE-2026-27895	not yet assigned	no
libde265	check	CVE-2025-61147	not yet assigned	no
		CVE-2026-33164	not yet assigned	no
		CVE-2026-33165	not yet assigned	no
mediawiki	check	CVE-2026-34086	not yet assigned	?
		CVE-2026-34087	not yet assigned	?
		CVE-2026-34088	not yet assigned	?
		CVE-2026-34091	not yet assigned	?
		CVE-2026-34092	not yet assigned	?
		CVE-2026-34093	not yet assigned	?
		CVE-2026-34094	not yet assigned	?
		CVE-2026-34095	not yet assigned	?
		CVE-2026-5266	not yet assigned	?
modsecurity-crs	check	CVE-2026-33691	not yet assigned	no
mxml	check	CVE-2026-5037	not yet assigned	no
node-lodash	check	CVE-2026-2950	not yet assigned	no
		CVE-2026-4800	not yet assigned	no
node-undici	check	CVE-2025-47279	not yet assigned	no
		CVE-2026-1525	not yet assigned	no
		CVE-2026-1526	not yet assigned	no
		CVE-2026-1527	not yet assigned	no
		CVE-2026-1528	not yet assigned	no
		CVE-2026-2229	not yet assigned	no
		CVE-2026-2581	not yet assigned	no
node-webpack	check	CVE-2025-68157	not yet assigned	no
		CVE-2025-68458	not yet assigned	no
opensc	check	CVE-2025-66037	not yet assigned	no
python-cryptography	check	CVE-2026-34073	not yet assigned	no
python-tornado	check	CVE-2026-31958	not yet assigned	no
		CVE-2026-35536	not yet assigned	?
python3.14	check	CVE-2025-13462	not yet assigned	no
		CVE-2026-2297	not yet assigned	no
		CVE-2026-3644	not yet assigned	no
		CVE-2026-4224	not yet assigned	no
qemu	check	CVE-2026-2243	not yet assigned	no
		CVE-2026-3195	not yet assigned	?
		CVE-2026-3196	not yet assigned	?
		CVE-2026-3842	not yet assigned	?
ruby-rack	check	CVE-2026-22860	not yet assigned	no	(fixed in stable?)
		CVE-2026-25500	not yet assigned	no	(fixed in stable?)
rust-astral-tokio-tar	check	CVE-2026-32766	not yet assigned	no
rust-wasmtime	check	CVE-2026-27204	not yet assigned	no
		CVE-2026-27572	not yet assigned	no
util-linux	check	CVE-2026-27456	not yet assigned	?
webkit2gtk	check	CVE-2025-46299	not yet assigned	no
		CVE-2026-20643	not yet assigned	no
		CVE-2026-20664	not yet assigned	no
		CVE-2026-20665	not yet assigned	no
		CVE-2026-20691	not yet assigned	no
		CVE-2026-28857	not yet assigned	no
		CVE-2026-28859	not yet assigned	no
		CVE-2026-28861	not yet assigned	no
		CVE-2026-28871	not yet assigned	no
zlib	check	CVE-2026-27171	not yet assigned	no