Candidates for DTSAs

The table below lists packages which are fixed in unstable, but unfixed in testing. Use the testing migration checker to find out why they have not entered testing yet.

List of vulnerable packages in testing

Package	Migration	Bug	Urgency	Remote
apache2	check	CVE-2025-55753	not yet assigned	no
		CVE-2025-58098	not yet assigned	no
		CVE-2025-65082	not yet assigned	no
		CVE-2025-66200	not yet assigned	no
firefox-esr	check	CVE-2025-14321	not yet assigned	no	(fixed in stable?)
		CVE-2025-14322	not yet assigned	no	(fixed in stable?)
		CVE-2025-14323	not yet assigned	no	(fixed in stable?)
		CVE-2025-14324	not yet assigned	no	(fixed in stable?)
		CVE-2025-14325	not yet assigned	no	(fixed in stable?)
		CVE-2025-14328	not yet assigned	no	(fixed in stable?)
		CVE-2025-14329	not yet assigned	no	(fixed in stable?)
		CVE-2025-14330	not yet assigned	no	(fixed in stable?)
		CVE-2025-14331	not yet assigned	no	(fixed in stable?)
		CVE-2025-14333	not yet assigned	no	(fixed in stable?)
glib2.0	check	CVE-2025-13601	not yet assigned	no
		CVE-2025-14087	not yet assigned	no
		CVE-2025-14512	not yet assigned	no
network-manager	check	CVE-2025-9615	not yet assigned	?
python-django	check	CVE-2025-13372	not yet assigned	no
		CVE-2025-64460	not yet assigned	no
qtdeclarative-opensource-src	check	CVE-2025-12385	not yet assigned	no
roundcube	check	TEMP-1122899-758E69	not yet assigned	?
		TEMP-1122899-F63EED	not yet assigned	?
thunderbird	check	CVE-2025-14321	not yet assigned	no	(fixed in stable?)
		CVE-2025-14322	not yet assigned	no	(fixed in stable?)
		CVE-2025-14323	not yet assigned	no	(fixed in stable?)
		CVE-2025-14324	not yet assigned	no	(fixed in stable?)
		CVE-2025-14325	not yet assigned	no	(fixed in stable?)
		CVE-2025-14328	not yet assigned	no	(fixed in stable?)
		CVE-2025-14329	not yet assigned	no	(fixed in stable?)
		CVE-2025-14330	not yet assigned	no	(fixed in stable?)
		CVE-2025-14331	not yet assigned	no	(fixed in stable?)
		CVE-2025-14333	not yet assigned	no	(fixed in stable?)