Candidates for DTSAs

The table below lists packages which are fixed in unstable, but unfixed in testing. Use the testing migration checker to find out why they have not entered testing yet.

List of vulnerable packages in testing

Package	Migration	Bug	Urgency	Remote
cups	check	CVE-2026-27447	not yet assigned	no
		CVE-2026-34978	not yet assigned	no
		CVE-2026-34979	not yet assigned	no
		CVE-2026-34980	not yet assigned	no
		CVE-2026-34990	not yet assigned	no
		CVE-2026-39314	not yet assigned	no
		CVE-2026-39316	not yet assigned	no
dnsmasq	check	CVE-2026-6507	not yet assigned	no
edk2	check	CVE-2024-38798	not yet assigned	no
firebird3.0	check	CVE-2025-65104	not yet assigned	no
		CVE-2026-27890	not yet assigned	no
		CVE-2026-28212	not yet assigned	no
		CVE-2026-28214	not yet assigned	no
		CVE-2026-28224	not yet assigned	no
		CVE-2026-33337	not yet assigned	no
		CVE-2026-34232	not yet assigned	no
		CVE-2026-35215	not yet assigned	no
		CVE-2026-40342	not yet assigned	no
firebird4.0	check	CVE-2026-27890	not yet assigned	no
		CVE-2026-28212	not yet assigned	no
		CVE-2026-28214	not yet assigned	no
		CVE-2026-28224	not yet assigned	no
		CVE-2026-33337	not yet assigned	no
		CVE-2026-34232	not yet assigned	no
		CVE-2026-35215	not yet assigned	no
		CVE-2026-40342	not yet assigned	no
flask	check	CVE-2026-27205	not yet assigned	no
glibc	check	CVE-2026-4046	not yet assigned	no
imagemagick	check	CVE-2026-33899	not yet assigned	no
		CVE-2026-33900	not yet assigned	no
		CVE-2026-33901	not yet assigned	no
		CVE-2026-33902	not yet assigned	no
		CVE-2026-33905	not yet assigned	no
		CVE-2026-33908	not yet assigned	no
		CVE-2026-34238	not yet assigned	no
		CVE-2026-40169	not yet assigned	no
		CVE-2026-40183	not yet assigned	no
		CVE-2026-40310	not yet assigned	no
		CVE-2026-40311	not yet assigned	no
		CVE-2026-40312	not yet assigned	no
jackson-core	check	CVE-2025-52999	not yet assigned	no
jq	check	CVE-2026-32316	not yet assigned	no
		CVE-2026-33947	not yet assigned	no
		CVE-2026-33948	not yet assigned	no
		CVE-2026-39956	not yet assigned	no
		CVE-2026-39979	not yet assigned	no
		CVE-2026-40164	not yet assigned	no
libarchive	check	CVE-2026-4111	not yet assigned	no
libcdio	check	CVE-2024-36600	not yet assigned	no
libcoap3	check	CVE-2025-34468	not yet assigned	no
		CVE-2026-29013	not yet assigned	no
libpng1.6	check	CVE-2026-34757	not yet assigned	no
linux	check	CVE-2025-54505	not yet assigned	?
		CVE-2026-31414	not yet assigned	no
		CVE-2026-31415	not yet assigned	no
		CVE-2026-31416	not yet assigned	no
		CVE-2026-31417	not yet assigned	no
		CVE-2026-31418	not yet assigned	no
		CVE-2026-31419	not yet assigned	no
		CVE-2026-31420	not yet assigned	no
		CVE-2026-31421	not yet assigned	no
		CVE-2026-31422	not yet assigned	no
		CVE-2026-31423	not yet assigned	no
		CVE-2026-31424	not yet assigned	no
		CVE-2026-31425	not yet assigned	no
		CVE-2026-31429	not yet assigned	?
		CVE-2026-31430	not yet assigned	?
mupdf	check	CVE-2026-40505	not yet assigned	no
ngtcp2	check	CVE-2026-40170	not yet assigned	no
openssh	check	CVE-2026-35385	not yet assigned	no
		CVE-2026-35386	not yet assigned	no
		CVE-2026-35387	not yet assigned	no
		CVE-2026-35388	not yet assigned	no
		CVE-2026-35414	not yet assigned	no
orthanc	check	CVE-2026-5437	not yet assigned	no
		CVE-2026-5438	not yet assigned	no
		CVE-2026-5439	not yet assigned	no
		CVE-2026-5440	not yet assigned	no
		CVE-2026-5441	not yet assigned	no
		CVE-2026-5442	not yet assigned	no
		CVE-2026-5443	not yet assigned	no
		CVE-2026-5444	not yet assigned	no
		CVE-2026-5445	not yet assigned	no
python-cryptography	check	CVE-2026-39892	not yet assigned	no
python-multipart	check	CVE-2026-40347	not yet assigned	no
python3.14	check	CVE-2025-13462	not yet assigned	no
		CVE-2026-2297	not yet assigned	no
		CVE-2026-3446	not yet assigned	no
		CVE-2026-3644	not yet assigned	no
		CVE-2026-4224	not yet assigned	no
		CVE-2026-4519	not yet assigned	no
rust-rand	check	TEMP-0000000-51E97C	not yet assigned	?
rust-rustls-webpki	check	TEMP-1133085-EC036F	not yet assigned	?
rust-wasmtime	check	CVE-2026-34941	not yet assigned	no
		CVE-2026-34942	not yet assigned	no
		CVE-2026-34943	not yet assigned	no
		CVE-2026-34944	not yet assigned	no
		CVE-2026-34945	not yet assigned	no
		CVE-2026-34946	not yet assigned	no
		CVE-2026-34971	not yet assigned	no
		CVE-2026-34983	not yet assigned	no
		CVE-2026-34987	not yet assigned	no
		CVE-2026-34988	not yet assigned	no
		CVE-2026-35186	not yet assigned	no
		CVE-2026-35195	not yet assigned	no
vim	check	CVE-2026-34714	not yet assigned	no
		CVE-2026-34982	not yet assigned	no
		CVE-2026-35177	not yet assigned	no
		CVE-2026-39881	not yet assigned	no
webkit2gtk	check	CVE-2025-46299	not yet assigned	no
		CVE-2026-20643	not yet assigned	no
		CVE-2026-20664	not yet assigned	no
		CVE-2026-20665	not yet assigned	no
		CVE-2026-20691	not yet assigned	no
		CVE-2026-28857	not yet assigned	no
		CVE-2026-28859	not yet assigned	no
		CVE-2026-28861	not yet assigned	no
		CVE-2026-28871	not yet assigned	no
xorg-server	check	CVE-2026-33999	not yet assigned	?
		CVE-2026-34000	not yet assigned	?
		CVE-2026-34001	not yet assigned	?
		CVE-2026-34002	not yet assigned	?
		CVE-2026-34003	not yet assigned	?
xrdp	check	CVE-2026-32105	not yet assigned	no
		CVE-2026-32107	not yet assigned	no
		CVE-2026-32623	not yet assigned	no
		CVE-2026-32624	not yet assigned	no
		CVE-2026-33145	not yet assigned	no
		CVE-2026-33516	not yet assigned	no
		CVE-2026-33689	not yet assigned	no
		CVE-2026-35512	not yet assigned	no
zlib	check	CVE-2026-27171	not yet assigned	no