The table below lists packages which are fixed in unstable, but unfixed in testing. Use the testing migration checker to find out why they have not entered testing yet.
| Package | Migration | Bug | Urgency | Remote | |
|---|---|---|---|---|---|
| beets | check | CVE-2026-42052 | not yet assigned | no | |
| botan3 | check | CVE-2026-44378 | not yet assigned | ? | |
| docker.io | check | CVE-2026-33997 | not yet assigned | no | |
| CVE-2026-34040 | not yet assigned | no | |||
| edk2 | check | CVE-2024-38798 | not yet assigned | no | |
| golang-github-go-git-go-git | check | CVE-2026-41506 | not yet assigned | no | |
| golang-github-sigstore-timestamp-authority | check | CVE-2026-39984 | not yet assigned | no | |
| golang-go.crypto | check | CVE-2026-39827 | not yet assigned | no | |
| CVE-2026-39828 | not yet assigned | no | |||
| CVE-2026-39829 | not yet assigned | no | |||
| CVE-2026-39830 | not yet assigned | no | |||
| CVE-2026-39831 | not yet assigned | no | |||
| CVE-2026-39832 | not yet assigned | no | |||
| CVE-2026-39833 | not yet assigned | no | |||
| CVE-2026-39834 | not yet assigned | no | |||
| CVE-2026-39835 | not yet assigned | no | |||
| CVE-2026-42508 | not yet assigned | no | |||
| CVE-2026-46595 | not yet assigned | no | |||
| CVE-2026-46597 | not yet assigned | no | |||
| CVE-2026-46598 | not yet assigned | no | |||
| golang-opentelemetry-otel | check | CVE-2026-39882 | not yet assigned | no | |
| imagemagick | check | CVE-2026-42326 | not yet assigned | ? | |
| CVE-2026-45031 | not yet assigned | ? | |||
| CVE-2026-45358 | not yet assigned | ? | |||
| CVE-2026-45359 | not yet assigned | ? | |||
| CVE-2026-45624 | not yet assigned | ? | |||
| CVE-2026-45664 | not yet assigned | ? | |||
| CVE-2026-46520 | not yet assigned | ? | |||
| CVE-2026-46521 | not yet assigned | ? | |||
| CVE-2026-46522 | not yet assigned | ? | |||
| CVE-2026-46523 | not yet assigned | ? | |||
| CVE-2026-46557 | not yet assigned | ? | |||
| CVE-2026-46559 | not yet assigned | ? | |||
| CVE-2026-46692 | not yet assigned | ? | |||
| CVE-2026-46693 | not yet assigned | ? | |||
| CVE-2026-47165 | not yet assigned | ? | |||
| CVE-2026-47166 | not yet assigned | ? | |||
| jq | check | CVE-2026-47770 | not yet assigned | ? | |
| lcms2 | check | CVE-2026-42798 | not yet assigned | no | |
| libxml-libxml-perl | check | CVE-2026-8177 | not yet assigned | no | |
| memcached | check | CVE-2026-47783 | not yet assigned | no | |
| CVE-2026-47784 | not yet assigned | no | |||
| node-xmldom | check | CVE-2026-41672 | not yet assigned | no | |
| CVE-2026-41673 | not yet assigned | no | |||
| CVE-2026-41674 | not yet assigned | no | |||
| CVE-2026-41675 | not yet assigned | no | |||
| papers | check | CVE-2026-46529 | not yet assigned | ? | |
| putty | check | CVE-2026-48850 | not yet assigned | no | |
| CVE-2026-48851 | not yet assigned | no | |||
| CVE-2026-48852 | not yet assigned | no | |||
| pydicom | check | CVE-2026-32711 | not yet assigned | no | |
| python-django | check | CVE-2026-35192 | not yet assigned | no | |
| CVE-2026-5766 | not yet assigned | no | |||
| CVE-2026-6907 | not yet assigned | no | |||
| python-multipart | check | CVE-2026-40347 | not yet assigned | no | |
| python-pip | check | CVE-2026-3219 | not yet assigned | no | |
| CVE-2026-6357 | not yet assigned | no | |||
| pytorch | check | CVE-2025-2998 | not yet assigned | no | |
| CVE-2025-2999 | not yet assigned | no | |||
| CVE-2025-3001 | not yet assigned | no | |||
| CVE-2025-3730 | not yet assigned | no | |||
| CVE-2025-46148 | not yet assigned | no | |||
| CVE-2025-46149 | not yet assigned | no | |||
| CVE-2025-46150 | not yet assigned | no | |||
| CVE-2025-46152 | not yet assigned | no | |||
| CVE-2025-46153 | not yet assigned | no | |||
| CVE-2025-55551 | not yet assigned | no | |||
| CVE-2025-55552 | not yet assigned | no | |||
| CVE-2025-55553 | not yet assigned | no | |||
| CVE-2025-55557 | not yet assigned | no | |||
| CVE-2025-55558 | not yet assigned | no | |||
| CVE-2025-55560 | not yet assigned | no | |||
| CVE-2026-24747 | not yet assigned | no | |||
| qemu | check | CVE-2024-6519 | not yet assigned | no | |
| CVE-2026-3890 | not yet assigned | ? | |||
| CVE-2026-5744 | not yet assigned | ? | |||
| CVE-2026-5761 | not yet assigned | ? | |||
| CVE-2026-5763 | not yet assigned | ? | |||
| CVE-2026-6502 | not yet assigned | ? | |||
| rust-openssl | check | CVE-2026-41676 | not yet assigned | no | |
| CVE-2026-41677 | not yet assigned | no | |||
| CVE-2026-41678 | not yet assigned | no | |||
| CVE-2026-41681 | not yet assigned | no | |||
| CVE-2026-41898 | not yet assigned | no | |||
| CVE-2026-42327 | not yet assigned | no | |||
| CVE-2026-44662 | not yet assigned | no | |||
| samba | check | CVE-2026-1933 | not yet assigned | ? | |
| CVE-2026-2340 | not yet assigned | ? | |||
| CVE-2026-3012 | not yet assigned | ? | |||
| CVE-2026-3238 | not yet assigned | ? | |||
| CVE-2026-4408 | not yet assigned | ? | |||
| CVE-2026-4480 | not yet assigned | no | |||
| tomcat11 | check | CVE-2026-41284 | not yet assigned | no | |
| CVE-2026-41293 | not yet assigned | no | |||
| CVE-2026-42498 | not yet assigned | no | |||
| CVE-2026-43512 | not yet assigned | no | |||
| CVE-2026-43513 | not yet assigned | no | |||
| CVE-2026-43514 | not yet assigned | no | |||
| CVE-2026-43515 | not yet assigned | no | |||
| twisted | check | CVE-2026-42304 | not yet assigned | no | |
| vim | check | CVE-2026-43961 | not yet assigned | ? | |
| CVE-2026-46483 | not yet assigned | no | |||
| xrdp | check | CVE-2026-32105 | not yet assigned | no | |
| CVE-2026-32107 | not yet assigned | no | |||
| CVE-2026-32623 | not yet assigned | no | |||
| CVE-2026-32624 | not yet assigned | no | |||
| CVE-2026-33145 | not yet assigned | no | |||
| CVE-2026-33516 | not yet assigned | no | |||
| CVE-2026-33689 | not yet assigned | no | |||
| CVE-2026-35512 | not yet assigned | no |