Candidates for DTSAs

The table below lists packages which are fixed in unstable, but unfixed in testing. Use the testing migration checker to find out why they have not entered testing yet.

List of vulnerable packages in testing

Package	Migration	Bug	Urgency	Remote
chromium	check	CVE-2026-6296	not yet assigned	no	(fixed in stable?)
		CVE-2026-6297	not yet assigned	no	(fixed in stable?)
		CVE-2026-6298	not yet assigned	no	(fixed in stable?)
		CVE-2026-6299	not yet assigned	no	(fixed in stable?)
		CVE-2026-6300	not yet assigned	no	(fixed in stable?)
		CVE-2026-6301	not yet assigned	no	(fixed in stable?)
		CVE-2026-6302	not yet assigned	no	(fixed in stable?)
		CVE-2026-6303	not yet assigned	no	(fixed in stable?)
		CVE-2026-6304	not yet assigned	no	(fixed in stable?)
		CVE-2026-6305	not yet assigned	no	(fixed in stable?)
		CVE-2026-6306	not yet assigned	no	(fixed in stable?)
		CVE-2026-6307	not yet assigned	no	(fixed in stable?)
		CVE-2026-6308	not yet assigned	no	(fixed in stable?)
		CVE-2026-6309	not yet assigned	no	(fixed in stable?)
		CVE-2026-6310	not yet assigned	no	(fixed in stable?)
		CVE-2026-6311	not yet assigned	no	(fixed in stable?)
		CVE-2026-6312	not yet assigned	no	(fixed in stable?)
		CVE-2026-6313	not yet assigned	no	(fixed in stable?)
		CVE-2026-6314	not yet assigned	no	(fixed in stable?)
		CVE-2026-6315	not yet assigned	no	(fixed in stable?)
		CVE-2026-6316	not yet assigned	no	(fixed in stable?)
		CVE-2026-6317	not yet assigned	no	(fixed in stable?)
		CVE-2026-6318	not yet assigned	no	(fixed in stable?)
		CVE-2026-6319	not yet assigned	no	(fixed in stable?)
		CVE-2026-6358	not yet assigned	no	(fixed in stable?)
		CVE-2026-6359	not yet assigned	no	(fixed in stable?)
		CVE-2026-6360	not yet assigned	no	(fixed in stable?)
		CVE-2026-6361	not yet assigned	no	(fixed in stable?)
		CVE-2026-6362	not yet assigned	no	(fixed in stable?)
		CVE-2026-6363	not yet assigned	no	(fixed in stable?)
		CVE-2026-6364	not yet assigned	no	(fixed in stable?)
cpp-httplib	check	CVE-2025-46728	not yet assigned	no
		CVE-2025-53628	not yet assigned	no
		CVE-2025-53629	not yet assigned	no
		CVE-2025-66570	not yet assigned	no
		CVE-2025-66577	not yet assigned	no
		CVE-2026-21428	not yet assigned	no
		CVE-2026-22776	not yet assigned	no
		CVE-2026-28434	not yet assigned	no
		CVE-2026-28435	not yet assigned	no
		CVE-2026-29076	not yet assigned	no
		CVE-2026-31870	not yet assigned	no
		CVE-2026-32627	not yet assigned	no
		CVE-2026-33745	not yet assigned	no
edk2	check	CVE-2024-38798	not yet assigned	no
flask	check	CVE-2026-27205	not yet assigned	no
grub2	check	CVE-2025-54770	not yet assigned	no
		CVE-2025-54771	not yet assigned	no
		CVE-2025-61661	not yet assigned	no
		CVE-2025-61662	not yet assigned	no
		CVE-2025-61663	not yet assigned	no
		CVE-2025-61664	not yet assigned	no
imagemagick	check	CVE-2026-33899	not yet assigned	no
		CVE-2026-33900	not yet assigned	no
		CVE-2026-33901	not yet assigned	no
		CVE-2026-33902	not yet assigned	no
		CVE-2026-33905	not yet assigned	no
		CVE-2026-33908	not yet assigned	no
		CVE-2026-34238	not yet assigned	no
		CVE-2026-40169	not yet assigned	no
		CVE-2026-40183	not yet assigned	no
		CVE-2026-40310	not yet assigned	no
		CVE-2026-40311	not yet assigned	no
		CVE-2026-40312	not yet assigned	no
jackson-core	check	CVE-2025-52999	not yet assigned	no
jq	check	CVE-2026-32316	not yet assigned	no
		CVE-2026-33947	not yet assigned	no
		CVE-2026-33948	not yet assigned	no
		CVE-2026-39956	not yet assigned	no
		CVE-2026-39979	not yet assigned	no
		CVE-2026-40164	not yet assigned	no
kamailio	check	CVE-2026-39863	not yet assigned	no
ldap-account-manager	check	CVE-2025-58174	not yet assigned	no
		CVE-2026-27894	not yet assigned	no
		CVE-2026-27895	not yet assigned	no
libexif	check	CVE-2026-32775	not yet assigned	no
		CVE-2026-40385	not yet assigned	no
		CVE-2026-40386	not yet assigned	no
libpng1.6	check	CVE-2026-34757	not yet assigned	no
linux	check	CVE-2026-31414	not yet assigned	no
		CVE-2026-31415	not yet assigned	no
		CVE-2026-31416	not yet assigned	no
		CVE-2026-31417	not yet assigned	no
		CVE-2026-31418	not yet assigned	no
		CVE-2026-31419	not yet assigned	no
		CVE-2026-31420	not yet assigned	no
		CVE-2026-31421	not yet assigned	no
		CVE-2026-31422	not yet assigned	no
		CVE-2026-31423	not yet assigned	no
		CVE-2026-31424	not yet assigned	no
		CVE-2026-31425	not yet assigned	no
node-minimatch	check	CVE-2026-26996	not yet assigned	no
		CVE-2026-27903	not yet assigned	no
		CVE-2026-27904	not yet assigned	no
opam	check	CVE-2026-41082	not yet assigned	no
openssh	check	CVE-2026-35385	not yet assigned	no
		CVE-2026-35386	not yet assigned	no
		CVE-2026-35387	not yet assigned	no
		CVE-2026-35388	not yet assigned	no
		CVE-2026-35414	not yet assigned	no
openssl	check	CVE-2026-2673	not yet assigned	no
		CVE-2026-28386	not yet assigned	no
		CVE-2026-28387	not yet assigned	no
		CVE-2026-28388	not yet assigned	no
		CVE-2026-28389	not yet assigned	no
		CVE-2026-28390	not yet assigned	no
		CVE-2026-31789	not yet assigned	no
		CVE-2026-31790	not yet assigned	no
orthanc	check	CVE-2026-5437	not yet assigned	no
		CVE-2026-5438	not yet assigned	no
		CVE-2026-5439	not yet assigned	no
		CVE-2026-5440	not yet assigned	no
		CVE-2026-5441	not yet assigned	no
		CVE-2026-5442	not yet assigned	no
		CVE-2026-5443	not yet assigned	no
		CVE-2026-5444	not yet assigned	no
		CVE-2026-5445	not yet assigned	no
python-cryptography	check	CVE-2026-39892	not yet assigned	no
python3.14	check	CVE-2025-13462	not yet assigned	no
		CVE-2026-2297	not yet assigned	no
		CVE-2026-3446	not yet assigned	no
		CVE-2026-3644	not yet assigned	no
		CVE-2026-4224	not yet assigned	no
		CVE-2026-4519	not yet assigned	no
rust-rustls-webpki	check	TEMP-1133085-EC036F	not yet assigned	?
rust-wasmtime	check	CVE-2026-34941	not yet assigned	no
		CVE-2026-34942	not yet assigned	no
		CVE-2026-34943	not yet assigned	no
		CVE-2026-34944	not yet assigned	no
		CVE-2026-34945	not yet assigned	no
		CVE-2026-34946	not yet assigned	no
		CVE-2026-34971	not yet assigned	no
		CVE-2026-34983	not yet assigned	no
		CVE-2026-34987	not yet assigned	no
		CVE-2026-34988	not yet assigned	no
		CVE-2026-35186	not yet assigned	no
		CVE-2026-35195	not yet assigned	no
thunderbird	check	CVE-2026-5731	not yet assigned	no	(fixed in stable?)
		CVE-2026-5732	not yet assigned	no	(fixed in stable?)
		CVE-2026-5734	not yet assigned	no	(fixed in stable?)
tomcat10	check	CVE-2026-24880	not yet assigned	no
		CVE-2026-25854	not yet assigned	no
		CVE-2026-29129	not yet assigned	no
		CVE-2026-29145	not yet assigned	no
		CVE-2026-29146	not yet assigned	no
		CVE-2026-32990	not yet assigned	no
		CVE-2026-34483	not yet assigned	no
		CVE-2026-34487	not yet assigned	no
		CVE-2026-34500	not yet assigned	no
tomcat11	check	CVE-2026-24880	not yet assigned	no
		CVE-2026-25854	not yet assigned	no
		CVE-2026-29129	not yet assigned	no
		CVE-2026-29145	not yet assigned	no
		CVE-2026-29146	not yet assigned	no
		CVE-2026-32990	not yet assigned	no
		CVE-2026-34483	not yet assigned	no
		CVE-2026-34487	not yet assigned	no
		CVE-2026-34500	not yet assigned	no
vim	check	CVE-2026-34714	not yet assigned	no
		CVE-2026-34982	not yet assigned	no
		CVE-2026-35177	not yet assigned	no
		CVE-2026-39881	not yet assigned	no
webkit2gtk	check	CVE-2025-46299	not yet assigned	no
		CVE-2026-20643	not yet assigned	no
		CVE-2026-20664	not yet assigned	no
		CVE-2026-20665	not yet assigned	no
		CVE-2026-20691	not yet assigned	no
		CVE-2026-28857	not yet assigned	no
		CVE-2026-28859	not yet assigned	no
		CVE-2026-28861	not yet assigned	no
		CVE-2026-28871	not yet assigned	no
xorg-server	check	CVE-2026-33999	not yet assigned	?
		CVE-2026-34000	not yet assigned	?
		CVE-2026-34001	not yet assigned	?
		CVE-2026-34002	not yet assigned	?
		CVE-2026-34003	not yet assigned	?
xwayland	check	CVE-2026-33999	not yet assigned	?
		CVE-2026-34000	not yet assigned	?
		CVE-2026-34001	not yet assigned	?
		CVE-2026-34002	not yet assigned	?
		CVE-2026-34003	not yet assigned	?
zlib	check	CVE-2026-27171	not yet assigned	no