The table below lists packages which are fixed in unstable, but unfixed in testing. Use the testing migration checker to find out why they have not entered testing yet.
| Package | Migration | Bug | Urgency | Remote | |
|---|---|---|---|---|---|
| capnproto | check | CVE-2026-32239 | not yet assigned | no | |
| CVE-2026-32240 | not yet assigned | no | |||
| cosign | check | CVE-2026-22703 | not yet assigned | no | |
| edk2 | check | CVE-2024-38798 | not yet assigned | no | |
| erlang | check | CVE-2026-23941 | not yet assigned | no | |
| CVE-2026-23942 | not yet assigned | no | |||
| CVE-2026-23943 | not yet assigned | no | |||
| expat | check | CVE-2026-32776 | not yet assigned | no | |
| CVE-2026-32777 | not yet assigned | no | |||
| CVE-2026-32778 | not yet assigned | no | |||
| flask | check | CVE-2026-27205 | not yet assigned | no | |
| freerdp3 | check | CVE-2026-29774 | not yet assigned | no | |
| CVE-2026-29775 | not yet assigned | no | |||
| CVE-2026-29776 | not yet assigned | no | |||
| CVE-2026-31806 | not yet assigned | no | |||
| CVE-2026-31883 | not yet assigned | no | |||
| CVE-2026-31884 | not yet assigned | no | |||
| CVE-2026-31885 | not yet assigned | no | |||
| CVE-2026-31897 | not yet assigned | no | |||
| glances | check | CVE-2026-32596 | not yet assigned | no | |
| CVE-2026-32608 | not yet assigned | no | |||
| CVE-2026-32609 | not yet assigned | no | |||
| CVE-2026-32610 | not yet assigned | no | |||
| CVE-2026-32611 | not yet assigned | no | |||
| CVE-2026-32632 | not yet assigned | no | |||
| CVE-2026-32633 | not yet assigned | no | |||
| CVE-2026-32634 | not yet assigned | no | |||
| golang-github-go-git-go-git | check | CVE-2026-25934 | not yet assigned | no | |
| golang-golang-x-net | check | CVE-2025-47911 | not yet assigned | no | |
| CVE-2025-58190 | not yet assigned | no | |||
| grub2 | check | CVE-2025-54770 | not yet assigned | no | |
| CVE-2025-54771 | not yet assigned | no | |||
| CVE-2025-61661 | not yet assigned | no | |||
| CVE-2025-61662 | not yet assigned | no | |||
| CVE-2025-61663 | not yet assigned | no | |||
| CVE-2025-61664 | not yet assigned | no | |||
| imagemagick | check | CVE-2026-28493 | not yet assigned | no | |
| CVE-2026-28494 | not yet assigned | no | |||
| CVE-2026-28686 | not yet assigned | no | |||
| CVE-2026-28687 | not yet assigned | no | |||
| CVE-2026-28688 | not yet assigned | no | |||
| CVE-2026-28689 | not yet assigned | no | |||
| CVE-2026-28690 | not yet assigned | no | |||
| CVE-2026-28691 | not yet assigned | no | |||
| CVE-2026-28692 | not yet assigned | no | |||
| CVE-2026-28693 | not yet assigned | no | |||
| CVE-2026-30883 | not yet assigned | no | |||
| CVE-2026-30929 | not yet assigned | no | |||
| CVE-2026-30931 | not yet assigned | no | |||
| CVE-2026-30935 | not yet assigned | no | |||
| CVE-2026-30936 | not yet assigned | no | |||
| CVE-2026-30937 | not yet assigned | no | |||
| CVE-2026-31853 | not yet assigned | no | |||
| CVE-2026-32259 | not yet assigned | no | |||
| incus | check | CVE-2026-28384 | not yet assigned | no | |
| libsixel | check | CVE-2022-29977 | not yet assigned | no | |
| CVE-2022-29978 | not yet assigned | no | |||
| CVE-2025-9300 | not yet assigned | no | |||
| libssh | check | CVE-2026-0964 | not yet assigned | ? | |
| CVE-2026-0965 | not yet assigned | ? | |||
| CVE-2026-0966 | not yet assigned | ? | |||
| CVE-2026-0967 | not yet assigned | ? | |||
| CVE-2026-0968 | not yet assigned | ? | |||
| CVE-2026-3731 | not yet assigned | no | |||
| linux | check | CVE-2026-23244 | not yet assigned | no | |
| CVE-2026-23245 | not yet assigned | no | |||
| CVE-2026-23246 | not yet assigned | no | |||
| CVE-2026-23247 | not yet assigned | no | |||
| CVE-2026-23248 | not yet assigned | no | |||
| CVE-2026-23253 | not yet assigned | no | |||
| CVE-2026-23270 | not yet assigned | no | |||
| node-flatted | check | CVE-2026-32141 | not yet assigned | no | |
| openexr | check | CVE-2025-12495 | not yet assigned | no | |
| CVE-2025-12839 | not yet assigned | no | |||
| CVE-2025-12840 | not yet assigned | no | |||
| CVE-2025-48074 | not yet assigned | no | |||
| CVE-2025-64181 | not yet assigned | no | |||
| CVE-2026-27622 | not yet assigned | no | |||
| ormar | check | CVE-2026-26198 | not yet assigned | no | |
| pypdf | check | CVE-2025-55197 | not yet assigned | no | |
| CVE-2025-62707 | not yet assigned | no | |||
| CVE-2025-62708 | not yet assigned | no | |||
| CVE-2026-22690 | not yet assigned | no | |||
| CVE-2026-22691 | not yet assigned | no | |||
| CVE-2026-24688 | not yet assigned | no | |||
| CVE-2026-27024 | not yet assigned | no | |||
| CVE-2026-27025 | not yet assigned | no | |||
| CVE-2026-27026 | not yet assigned | no | |||
| CVE-2026-27628 | not yet assigned | no | |||
| CVE-2026-27888 | not yet assigned | no | |||
| CVE-2026-28351 | not yet assigned | no | |||
| CVE-2026-28804 | not yet assigned | no | |||
| ruby-rack | check | CVE-2026-22860 | not yet assigned | no | |
| CVE-2026-25500 | not yet assigned | no | |||
| rust-lz4-flex | check | CVE-2026-32829 | not yet assigned | ? | |
| rust-wasmtime | check | CVE-2026-27204 | not yet assigned | no | |
| CVE-2026-27572 | not yet assigned | no | |||
| vim | check | CVE-2026-26269 | not yet assigned | no | |
| CVE-2026-28417 | not yet assigned | no | |||
| CVE-2026-28418 | not yet assigned | no | |||
| CVE-2026-28419 | not yet assigned | no | |||
| CVE-2026-28420 | not yet assigned | no | |||
| CVE-2026-28421 | not yet assigned | no | |||
| wordpress | check | CVE-2026-3906 | not yet assigned | no | |
| zookeeper | check | CVE-2026-24281 | not yet assigned | no | |
| CVE-2026-24308 | not yet assigned | no |