Candidates for DTSAs

The table below lists packages which are fixed in unstable, but unfixed in testing. Use the testing migration checker to find out why they have not entered testing yet.

List of vulnerable packages in testing

Package	Migration	Bug	Urgency	Remote
arianna	check	CVE-2026-42095	not yet assigned	no
bubblewrap	check	CVE-2026-41163	not yet assigned	?
cups	check	CVE-2026-27447	not yet assigned	no
		CVE-2026-34978	not yet assigned	no
		CVE-2026-34979	not yet assigned	no
		CVE-2026-34980	not yet assigned	no
		CVE-2026-34990	not yet assigned	no
		CVE-2026-39314	not yet assigned	no
		CVE-2026-39316	not yet assigned	no
		CVE-2026-41079	not yet assigned	no
dnsdist	check	CVE-2026-33254	not yet assigned	no
		CVE-2026-33257	not yet assigned	no
		CVE-2026-33260	not yet assigned	no
		CVE-2026-33593	not yet assigned	no
		CVE-2026-33594	not yet assigned	no
		CVE-2026-33595	not yet assigned	no
		CVE-2026-33596	not yet assigned	no
		CVE-2026-33597	not yet assigned	no
		CVE-2026-33598	not yet assigned	no
		CVE-2026-33599	not yet assigned	no
		CVE-2026-33602	not yet assigned	no
edk2	check	CVE-2024-38798	not yet assigned	no
firebird4.0	check	CVE-2026-27890	not yet assigned	no
		CVE-2026-28212	not yet assigned	no
		CVE-2026-28214	not yet assigned	no
		CVE-2026-28224	not yet assigned	no
		CVE-2026-33337	not yet assigned	no
		CVE-2026-34232	not yet assigned	no
		CVE-2026-35215	not yet assigned	no
		CVE-2026-40342	not yet assigned	no
flask	check	CVE-2026-27205	not yet assigned	no
freerdp3	check	CVE-2026-40254	not yet assigned	no
imagemagick	check	CVE-2026-33899	not yet assigned	no
		CVE-2026-33900	not yet assigned	no
		CVE-2026-33901	not yet assigned	no
		CVE-2026-33902	not yet assigned	no
		CVE-2026-33905	not yet assigned	no
		CVE-2026-33908	not yet assigned	no
		CVE-2026-34238	not yet assigned	no
		CVE-2026-40169	not yet assigned	no
		CVE-2026-40183	not yet assigned	no
		CVE-2026-40310	not yet assigned	no
		CVE-2026-40311	not yet assigned	no
		CVE-2026-40312	not yet assigned	no
libxpm	check	CVE-2026-4367	not yet assigned	?
linux	check	CVE-2026-31531	not yet assigned	no
		CVE-2026-31532	not yet assigned	no
		CVE-2026-31575	not yet assigned	no
		CVE-2026-31576	not yet assigned	no
		CVE-2026-31577	not yet assigned	no
		CVE-2026-31578	not yet assigned	no
		CVE-2026-31579	not yet assigned	no
		CVE-2026-31580	not yet assigned	no
		CVE-2026-31581	not yet assigned	no
		CVE-2026-31582	not yet assigned	no
		CVE-2026-31583	not yet assigned	no
		CVE-2026-31584	not yet assigned	no
		CVE-2026-31585	not yet assigned	no
		CVE-2026-31586	not yet assigned	no
		CVE-2026-31587	not yet assigned	no
		CVE-2026-31588	not yet assigned	no
		CVE-2026-31589	not yet assigned	no
		CVE-2026-31590	not yet assigned	no
		CVE-2026-31591	not yet assigned	no
		CVE-2026-31592	not yet assigned	no
		CVE-2026-31593	not yet assigned	no
		CVE-2026-31594	not yet assigned	no
		CVE-2026-31595	not yet assigned	no
		CVE-2026-31596	not yet assigned	no
		CVE-2026-31597	not yet assigned	no
		CVE-2026-31598	not yet assigned	no
		CVE-2026-31599	not yet assigned	no
		CVE-2026-31600	not yet assigned	no
		CVE-2026-31601	not yet assigned	no
		CVE-2026-31602	not yet assigned	no
		CVE-2026-31603	not yet assigned	no
		CVE-2026-31604	not yet assigned	no
		CVE-2026-31605	not yet assigned	no
		CVE-2026-31606	not yet assigned	no
		CVE-2026-31607	not yet assigned	no
		CVE-2026-31608	not yet assigned	no
		CVE-2026-31609	not yet assigned	no
		CVE-2026-31610	not yet assigned	no
		CVE-2026-31611	not yet assigned	no
		CVE-2026-31612	not yet assigned	no
		CVE-2026-31613	not yet assigned	no
		CVE-2026-31614	not yet assigned	no
		CVE-2026-31615	not yet assigned	no
		CVE-2026-31616	not yet assigned	no
		CVE-2026-31617	not yet assigned	no
		CVE-2026-31618	not yet assigned	no
		CVE-2026-31619	not yet assigned	no
		CVE-2026-31620	not yet assigned	no
		CVE-2026-31621	not yet assigned	no
		CVE-2026-31622	not yet assigned	no
		CVE-2026-31623	not yet assigned	no
		CVE-2026-31624	not yet assigned	no
		CVE-2026-31625	not yet assigned	no
		CVE-2026-31626	not yet assigned	no
		CVE-2026-31627	not yet assigned	no
		CVE-2026-31629	not yet assigned	no
		CVE-2026-31673	not yet assigned	no
		CVE-2026-31677	not yet assigned	no
		CVE-2026-31681	not yet assigned	no
		CVE-2026-31684	not yet assigned	no
		CVE-2026-31685	not yet assigned	no
lxml	check	CVE-2026-41066	not yet assigned	no
nbconvert	check	CVE-2026-39377	not yet assigned	no
		CVE-2026-39378	not yet assigned	no
nix	check	CVE-2026-39860	not yet assigned	no
node-dompurify	check	CVE-2026-41238	not yet assigned	no
		CVE-2026-41239	not yet assigned	no
		CVE-2026-41240	not yet assigned	no
node-katex	check	CVE-2025-23207	not yet assigned	no
node-postcss	check	CVE-2026-41305	not yet assigned	no
node-proxy-agents	check	CVE-2026-39983	not yet assigned	no
node-uuid	check	CVE-2026-41907	not yet assigned	no
		CVE-2026-41988	not yet assigned	no
openjdk-21	check	CVE-2026-22007	not yet assigned	no
		CVE-2026-22013	not yet assigned	no
		CVE-2026-22016	not yet assigned	no
		CVE-2026-22018	not yet assigned	no
		CVE-2026-22021	not yet assigned	no
		CVE-2026-34268	not yet assigned	no
		CVE-2026-34282	not yet assigned	no
openjdk-25	check	CVE-2026-22007	not yet assigned	no
		CVE-2026-22008	not yet assigned	no
		CVE-2026-22013	not yet assigned	no
		CVE-2026-22016	not yet assigned	no
		CVE-2026-22018	not yet assigned	no
		CVE-2026-22021	not yet assigned	no
		CVE-2026-34268	not yet assigned	no
		CVE-2026-34282	not yet assigned	no
pupnp	check	CVE-2026-41682	not yet assigned	?
pyjwt	check	CVE-2026-32597	not yet assigned	no
python-flask-httpauth	check	CVE-2026-34531	not yet assigned	no
python-multipart	check	CVE-2026-40347	not yet assigned	no
python3.14	check	CVE-2025-13462	not yet assigned	no
		CVE-2026-2297	not yet assigned	no
		CVE-2026-3446	not yet assigned	no
		CVE-2026-3644	not yet assigned	no
		CVE-2026-4224	not yet assigned	no
		CVE-2026-4519	not yet assigned	no
qemu	check	CVE-2026-3890	not yet assigned	?
		CVE-2026-5744	not yet assigned	?
		CVE-2026-5761	not yet assigned	?
		CVE-2026-5763	not yet assigned	?
rust-coreutils	check	CVE-2026-35339	not yet assigned	no
		CVE-2026-35340	not yet assigned	no
		CVE-2026-35342	not yet assigned	no
		CVE-2026-35346	not yet assigned	no
		CVE-2026-35347	not yet assigned	no
		CVE-2026-35349	not yet assigned	no
		CVE-2026-35353	not yet assigned	no
		CVE-2026-35355	not yet assigned	no
		CVE-2026-35356	not yet assigned	no
		CVE-2026-35358	not yet assigned	no
		CVE-2026-35361	not yet assigned	no
		CVE-2026-35362	not yet assigned	no
		CVE-2026-35366	not yet assigned	no
		CVE-2026-35369	not yet assigned	no
rust-openssl	check	CVE-2026-41676	not yet assigned	no
		CVE-2026-41677	not yet assigned	no
		CVE-2026-41678	not yet assigned	no
		CVE-2026-41681	not yet assigned	no
		CVE-2026-41898	not yet assigned	no
rust-rand	check	TEMP-0000000-51E97C	not yet assigned	?
rust-rpm-sequoia	check	CVE-2026-2625	not yet assigned	no
strongswan	check	CVE-2026-35328	not yet assigned	?
		CVE-2026-35329	not yet assigned	?
		CVE-2026-35330	not yet assigned	?
		CVE-2026-35331	not yet assigned	?
		CVE-2026-35332	not yet assigned	?
		CVE-2026-35333	not yet assigned	?
		CVE-2026-35334	not yet assigned	?
thunderbird	check	CVE-2026-6746	not yet assigned	no	(fixed in stable?)
		CVE-2026-6747	not yet assigned	no	(fixed in stable?)
		CVE-2026-6748	not yet assigned	no	(fixed in stable?)
		CVE-2026-6749	not yet assigned	no	(fixed in stable?)
		CVE-2026-6750	not yet assigned	no	(fixed in stable?)
		CVE-2026-6751	not yet assigned	no	(fixed in stable?)
		CVE-2026-6752	not yet assigned	no	(fixed in stable?)
		CVE-2026-6753	not yet assigned	no	(fixed in stable?)
		CVE-2026-6754	not yet assigned	no	(fixed in stable?)
		CVE-2026-6757	not yet assigned	no	(fixed in stable?)
		CVE-2026-6761	not yet assigned	no	(fixed in stable?)
		CVE-2026-6762	not yet assigned	no	(fixed in stable?)
		CVE-2026-6763	not yet assigned	no	(fixed in stable?)
		CVE-2026-6764	not yet assigned	no	(fixed in stable?)
		CVE-2026-6765	not yet assigned	no	(fixed in stable?)
		CVE-2026-6766	not yet assigned	no	(fixed in stable?)
		CVE-2026-6767	not yet assigned	no	(fixed in stable?)
		CVE-2026-6769	not yet assigned	no	(fixed in stable?)
		CVE-2026-6770	not yet assigned	no	(fixed in stable?)
		CVE-2026-6771	not yet assigned	no	(fixed in stable?)
		CVE-2026-6772	not yet assigned	no	(fixed in stable?)
		CVE-2026-6776	not yet assigned	no	(fixed in stable?)
		CVE-2026-6785	not yet assigned	no	(fixed in stable?)
		CVE-2026-6786	not yet assigned	no	(fixed in stable?)
xorg-server	check	CVE-2026-33999	not yet assigned	no
		CVE-2026-34000	not yet assigned	?
		CVE-2026-34001	not yet assigned	no
		CVE-2026-34002	not yet assigned	?
		CVE-2026-34003	not yet assigned	no
xrdp	check	CVE-2026-32105	not yet assigned	no
		CVE-2026-32107	not yet assigned	no
		CVE-2026-32623	not yet assigned	no
		CVE-2026-32624	not yet assigned	no
		CVE-2026-33145	not yet assigned	no
		CVE-2026-33516	not yet assigned	no
		CVE-2026-33689	not yet assigned	no
		CVE-2026-35512	not yet assigned	no