Candidates for DTSAs

The table below lists packages which are fixed in unstable, but unfixed in testing. Use the testing migration checker to find out why they have not entered testing yet.

List of vulnerable packages in testing

Package	Migration	Bug	Urgency	Remote
amd64-microcode (non-free-firmware)	check	CVE-2024-36350	not yet assigned	no
		CVE-2024-36357	not yet assigned	no
		CVE-2025-62626	not yet assigned	no
apache2	check	CVE-2025-55753	not yet assigned	no
		CVE-2025-58098	not yet assigned	no
		CVE-2025-65082	not yet assigned	no
		CVE-2025-66200	not yet assigned	no
chromium	check	CVE-2025-13630	not yet assigned	no	(fixed in stable?)
		CVE-2025-13631	not yet assigned	no	(fixed in stable?)
		CVE-2025-13632	not yet assigned	no	(fixed in stable?)
		CVE-2025-13633	not yet assigned	no	(fixed in stable?)
		CVE-2025-13634	not yet assigned	no	(fixed in stable?)
		CVE-2025-13635	not yet assigned	no	(fixed in stable?)
		CVE-2025-13636	not yet assigned	no	(fixed in stable?)
		CVE-2025-13637	not yet assigned	no	(fixed in stable?)
		CVE-2025-13638	not yet assigned	no	(fixed in stable?)
		CVE-2025-13639	not yet assigned	no	(fixed in stable?)
		CVE-2025-13640	not yet assigned	no	(fixed in stable?)
		CVE-2025-13720	not yet assigned	no	(fixed in stable?)
		CVE-2025-13721	not yet assigned	no	(fixed in stable?)
gnutls28	check	CVE-2025-9820	not yet assigned	?
golang-go.crypto	check	CVE-2025-47914	not yet assigned	no
		CVE-2025-58181	not yet assigned	no
libpng1.6	check	CVE-2025-66293	not yet assigned	no
libvirt	check	CVE-2025-12748	not yet assigned	no
		CVE-2025-13193	not yet assigned	no
linux	check	CVE-2025-40246	not yet assigned	no
		CVE-2025-40247	not yet assigned	no
		CVE-2025-40248	not yet assigned	no
		CVE-2025-40249	not yet assigned	no
		CVE-2025-40250	not yet assigned	no
		CVE-2025-40251	not yet assigned	no
		CVE-2025-40252	not yet assigned	no
		CVE-2025-40253	not yet assigned	no
		CVE-2025-40254	not yet assigned	no
		CVE-2025-40255	not yet assigned	no
		CVE-2025-40256	not yet assigned	no
		CVE-2025-40257	not yet assigned	no
		CVE-2025-40258	not yet assigned	no
		CVE-2025-40259	not yet assigned	no
		CVE-2025-40260	not yet assigned	no
		CVE-2025-40261	not yet assigned	no
		CVE-2025-40262	not yet assigned	no
		CVE-2025-40263	not yet assigned	no
		CVE-2025-40264	not yet assigned	no
		CVE-2025-40265	not yet assigned	no
		CVE-2025-40266	not yet assigned	no
nagvis	check	CVE-2025-39665	not yet assigned	no
python-django	check	CVE-2025-13372	not yet assigned	no
		CVE-2025-64460	not yet assigned	no
python3.13	check	CVE-2025-12084	not yet assigned	no
		CVE-2025-13836	not yet assigned	no
		CVE-2025-13837	not yet assigned	no
		CVE-2025-6075	not yet assigned	no
		CVE-2025-8291	not yet assigned	no
python3.14	check	CVE-2025-12084	not yet assigned	no
		CVE-2025-13836	not yet assigned	no
		CVE-2025-13837	not yet assigned	no
		CVE-2025-6075	not yet assigned	no
webkit2gtk	check	CVE-2025-13947	not yet assigned	no
		CVE-2025-43421	not yet assigned	no
		CVE-2025-43458	not yet assigned	no
		CVE-2025-66287	not yet assigned	no
wpewebkit	check	CVE-2025-13947	not yet assigned	no
		CVE-2025-43421	not yet assigned	no
		CVE-2025-43458	not yet assigned	no
		CVE-2025-66287	not yet assigned	no
xen	check	CVE-2024-28956	not yet assigned	no	(fixed in stable?)
		CVE-2024-36350	not yet assigned	no	(fixed in stable?)
		CVE-2024-36357	not yet assigned	no	(fixed in stable?)
		CVE-2025-27465	not yet assigned	no	(fixed in stable?)
		CVE-2025-27466	not yet assigned	no	(fixed in stable?)
		CVE-2025-58142	not yet assigned	no	(fixed in stable?)
		CVE-2025-58143	not yet assigned	no	(fixed in stable?)
		CVE-2025-58144	not yet assigned	no	(fixed in stable?)
		CVE-2025-58145	not yet assigned	no	(fixed in stable?)
		CVE-2025-58147	not yet assigned	no	(fixed in stable?)
		CVE-2025-58148	not yet assigned	no	(fixed in stable?)
		CVE-2025-58149	not yet assigned	no	(fixed in stable?)