Candidates for DTSAs

The table below lists packages which are fixed in unstable, but unfixed in testing. Use the testing migration checker to find out why they have not entered testing yet.

List of vulnerable packages in testing

Package	Migration	Bug	Urgency	Remote
bind9	check	CVE-2026-1519	not yet assigned	no
		CVE-2026-3104	not yet assigned	no
		CVE-2026-3119	not yet assigned	no
		CVE-2026-3591	not yet assigned	no
cbor2	check	CVE-2026-26209	not yet assigned	no
ceph	check	CVE-2024-31884	not yet assigned	?
chromium	check	CVE-2026-4673	not yet assigned	no	(fixed in stable?)
		CVE-2026-4674	not yet assigned	no	(fixed in stable?)
		CVE-2026-4675	not yet assigned	no	(fixed in stable?)
		CVE-2026-4676	not yet assigned	no	(fixed in stable?)
		CVE-2026-4677	not yet assigned	no	(fixed in stable?)
		CVE-2026-4678	not yet assigned	no	(fixed in stable?)
		CVE-2026-4679	not yet assigned	no	(fixed in stable?)
		CVE-2026-4680	not yet assigned	no	(fixed in stable?)
edk2	check	CVE-2024-38798	not yet assigned	no
ffmpeg	check	CVE-2025-69693	not yet assigned	no
firefox-esr	check	CVE-2025-59375	not yet assigned	no	(fixed in stable?)
		CVE-2026-4684	not yet assigned	no	(fixed in stable?)
		CVE-2026-4685	not yet assigned	no	(fixed in stable?)
		CVE-2026-4686	not yet assigned	no	(fixed in stable?)
		CVE-2026-4687	not yet assigned	no	(fixed in stable?)
		CVE-2026-4688	not yet assigned	no	(fixed in stable?)
		CVE-2026-4689	not yet assigned	no	(fixed in stable?)
		CVE-2026-4690	not yet assigned	no	(fixed in stable?)
		CVE-2026-4691	not yet assigned	no	(fixed in stable?)
		CVE-2026-4692	not yet assigned	no	(fixed in stable?)
		CVE-2026-4693	not yet assigned	no	(fixed in stable?)
		CVE-2026-4694	not yet assigned	no	(fixed in stable?)
		CVE-2026-4695	not yet assigned	no	(fixed in stable?)
		CVE-2026-4696	not yet assigned	no	(fixed in stable?)
		CVE-2026-4697	not yet assigned	no	(fixed in stable?)
		CVE-2026-4698	not yet assigned	no	(fixed in stable?)
		CVE-2026-4699	not yet assigned	no	(fixed in stable?)
		CVE-2026-4700	not yet assigned	no	(fixed in stable?)
		CVE-2026-4701	not yet assigned	no	(fixed in stable?)
		CVE-2026-4702	not yet assigned	no	(fixed in stable?)
		CVE-2026-4704	not yet assigned	no	(fixed in stable?)
		CVE-2026-4705	not yet assigned	no	(fixed in stable?)
		CVE-2026-4706	not yet assigned	no	(fixed in stable?)
		CVE-2026-4707	not yet assigned	no	(fixed in stable?)
		CVE-2026-4708	not yet assigned	no	(fixed in stable?)
		CVE-2026-4709	not yet assigned	no	(fixed in stable?)
		CVE-2026-4710	not yet assigned	no	(fixed in stable?)
		CVE-2026-4713	not yet assigned	no	(fixed in stable?)
		CVE-2026-4714	not yet assigned	no	(fixed in stable?)
		CVE-2026-4715	not yet assigned	no	(fixed in stable?)
		CVE-2026-4716	not yet assigned	no	(fixed in stable?)
		CVE-2026-4717	not yet assigned	no	(fixed in stable?)
		CVE-2026-4718	not yet assigned	no	(fixed in stable?)
		CVE-2026-4719	not yet assigned	no	(fixed in stable?)
		CVE-2026-4720	not yet assigned	no	(fixed in stable?)
		CVE-2026-4721	not yet assigned	no	(fixed in stable?)
flask	check	CVE-2026-27205	not yet assigned	no
freeciv	check	CVE-2026-33250	not yet assigned	no
freerdp3	check	CVE-2026-33952	not yet assigned	?
		CVE-2026-33977	not yet assigned	?
		CVE-2026-33982	not yet assigned	?
		CVE-2026-33983	not yet assigned	?
		CVE-2026-33984	not yet assigned	?
		CVE-2026-33985	not yet assigned	?
		CVE-2026-33986	not yet assigned	?
		CVE-2026-33987	not yet assigned	?
		CVE-2026-33995	not yet assigned	?
gimp	check	CVE-2026-4887	not yet assigned	no
gobgp	check	CVE-2025-7464	not yet assigned	no
		CVE-2026-30405	not yet assigned	no
grub2	check	CVE-2025-54770	not yet assigned	no
		CVE-2025-54771	not yet assigned	no
		CVE-2025-61661	not yet assigned	no
		CVE-2025-61662	not yet assigned	no
		CVE-2025-61663	not yet assigned	no
		CVE-2025-61664	not yet assigned	no
imagemagick	check	CVE-2026-28493	not yet assigned	no
		CVE-2026-28494	not yet assigned	no
		CVE-2026-28686	not yet assigned	no
		CVE-2026-28687	not yet assigned	no
		CVE-2026-28688	not yet assigned	no
		CVE-2026-28689	not yet assigned	no
		CVE-2026-28690	not yet assigned	no
		CVE-2026-28691	not yet assigned	no
		CVE-2026-28692	not yet assigned	no
		CVE-2026-28693	not yet assigned	no
		CVE-2026-30883	not yet assigned	no
		CVE-2026-30929	not yet assigned	no
		CVE-2026-30931	not yet assigned	no
		CVE-2026-30935	not yet assigned	no
		CVE-2026-30936	not yet assigned	no
		CVE-2026-30937	not yet assigned	no
		CVE-2026-31853	not yet assigned	no
		CVE-2026-32259	not yet assigned	no
incus	check	CVE-2026-33542	not yet assigned	no
		CVE-2026-33743	not yet assigned	no
		CVE-2026-33897	not yet assigned	no
		CVE-2026-33945	not yet assigned	no
isc-kea	check	CVE-2026-3608	not yet assigned	no
jpeg-xl	check	CVE-2025-12474	not yet assigned	no
		CVE-2026-1837	not yet assigned	no
libsixel	check	CVE-2022-29977	not yet assigned	no
		CVE-2022-29978	not yet assigned	no
		CVE-2025-9300	not yet assigned	no
libssh	check	CVE-2026-0964	not yet assigned	no
		CVE-2026-0965	not yet assigned	no
		CVE-2026-0966	not yet assigned	no
		CVE-2026-0967	not yet assigned	no
		CVE-2026-0968	not yet assigned	no
		CVE-2026-3731	not yet assigned	no
libxml2	check	CVE-2026-0989	not yet assigned	no
		CVE-2026-0990	not yet assigned	no
		CVE-2026-0992	not yet assigned	no
nats-server	check	CVE-2026-27889	not yet assigned	no
		CVE-2026-29785	not yet assigned	no
		CVE-2026-33215	not yet assigned	no
		CVE-2026-33216	not yet assigned	no
		CVE-2026-33217	not yet assigned	no
		CVE-2026-33218	not yet assigned	no
		CVE-2026-33219	not yet assigned	no
		CVE-2026-33222	not yet assigned	no
		CVE-2026-33223	not yet assigned	no
		CVE-2026-33246	not yet assigned	no
		CVE-2026-33247	not yet assigned	no
		CVE-2026-33248	not yet assigned	no
		CVE-2026-33249	not yet assigned	no
node-undici	check	CVE-2025-47279	not yet assigned	no
		CVE-2026-1525	not yet assigned	no
		CVE-2026-1526	not yet assigned	no
		CVE-2026-1527	not yet assigned	no
		CVE-2026-1528	not yet assigned	no
		CVE-2026-2229	not yet assigned	no
		CVE-2026-2581	not yet assigned	no
nodejs	check	CVE-2026-21637	not yet assigned	no
		CVE-2026-21710	not yet assigned	?
		CVE-2026-21713	not yet assigned	?
		CVE-2026-21714	not yet assigned	?
		CVE-2026-21715	not yet assigned	?
		CVE-2026-21716	not yet assigned	?
		CVE-2026-21717	not yet assigned	?
openexr	check	CVE-2025-12495	not yet assigned	no
		CVE-2025-12839	not yet assigned	no
		CVE-2025-12840	not yet assigned	no
		CVE-2025-48074	not yet assigned	no
		CVE-2025-64181	not yet assigned	no
		CVE-2026-27622	not yet assigned	no
pypdf	check	CVE-2026-33123	not yet assigned	no
		CVE-2026-33699	not yet assigned	no
qemu	check	CVE-2026-2243	not yet assigned	no
		CVE-2026-3195	not yet assigned	?
		CVE-2026-3196	not yet assigned	?
		CVE-2026-3842	not yet assigned	?
ruby-bcrypt	check	CVE-2026-33306	not yet assigned	no
ruby-rack	check	CVE-2026-22860	not yet assigned	no	(fixed in stable?)
		CVE-2026-25500	not yet assigned	no	(fixed in stable?)
rust-astral-tokio-tar	check	CVE-2026-32766	not yet assigned	no
rust-wasmtime	check	CVE-2026-27204	not yet assigned	no
		CVE-2026-27572	not yet assigned	no
rustc	check	CVE-2026-33055	not yet assigned	no
		CVE-2026-33056	not yet assigned	no
sogo	check	CVE-2025-71276	not yet assigned	no
		CVE-2026-3054	not yet assigned	no
		CVE-2026-33550	not yet assigned	no
squid	check	CVE-2026-32748	not yet assigned	no
		CVE-2026-33515	not yet assigned	no
		CVE-2026-33526	not yet assigned	no
thunderbird	check	CVE-2025-59375	not yet assigned	no	(fixed in stable?)
		CVE-2026-3889	not yet assigned	no	(fixed in stable?)
		CVE-2026-4371	not yet assigned	no	(fixed in stable?)
		CVE-2026-4684	not yet assigned	no	(fixed in stable?)
		CVE-2026-4685	not yet assigned	no	(fixed in stable?)
		CVE-2026-4686	not yet assigned	no	(fixed in stable?)
		CVE-2026-4687	not yet assigned	no	(fixed in stable?)
		CVE-2026-4688	not yet assigned	no	(fixed in stable?)
		CVE-2026-4689	not yet assigned	no	(fixed in stable?)
		CVE-2026-4690	not yet assigned	no	(fixed in stable?)
		CVE-2026-4691	not yet assigned	no	(fixed in stable?)
		CVE-2026-4692	not yet assigned	no	(fixed in stable?)
		CVE-2026-4693	not yet assigned	no	(fixed in stable?)
		CVE-2026-4694	not yet assigned	no	(fixed in stable?)
		CVE-2026-4695	not yet assigned	no	(fixed in stable?)
		CVE-2026-4696	not yet assigned	no	(fixed in stable?)
		CVE-2026-4697	not yet assigned	no	(fixed in stable?)
		CVE-2026-4698	not yet assigned	no	(fixed in stable?)
		CVE-2026-4699	not yet assigned	no	(fixed in stable?)
		CVE-2026-4700	not yet assigned	no	(fixed in stable?)
		CVE-2026-4701	not yet assigned	no	(fixed in stable?)
		CVE-2026-4702	not yet assigned	no	(fixed in stable?)
		CVE-2026-4704	not yet assigned	no	(fixed in stable?)
		CVE-2026-4705	not yet assigned	no	(fixed in stable?)
		CVE-2026-4706	not yet assigned	no	(fixed in stable?)
		CVE-2026-4707	not yet assigned	no	(fixed in stable?)
		CVE-2026-4708	not yet assigned	no	(fixed in stable?)
		CVE-2026-4709	not yet assigned	no	(fixed in stable?)
		CVE-2026-4710	not yet assigned	no	(fixed in stable?)
		CVE-2026-4713	not yet assigned	no	(fixed in stable?)
		CVE-2026-4714	not yet assigned	no	(fixed in stable?)
		CVE-2026-4715	not yet assigned	no	(fixed in stable?)
		CVE-2026-4716	not yet assigned	no	(fixed in stable?)
		CVE-2026-4717	not yet assigned	no	(fixed in stable?)
		CVE-2026-4718	not yet assigned	no	(fixed in stable?)
		CVE-2026-4719	not yet assigned	no	(fixed in stable?)
		CVE-2026-4720	not yet assigned	no	(fixed in stable?)
		CVE-2026-4721	not yet assigned	no	(fixed in stable?)
webkit2gtk	check	CVE-2025-46299	not yet assigned	no
woof-doom	check	CVE-2026-4750	not yet assigned	no
wpewebkit	check	CVE-2025-46299	not yet assigned	no
znuny (non-free)	check	CVE-2025-52204	not yet assigned	no
		CVE-2025-59490	not yet assigned	?