Candidates for DTSAs

The table below lists packages which are fixed in unstable, but unfixed in testing. Use the testing migration checker to find out why they have not entered testing yet.

List of vulnerable packages in testing

Package	Migration	Bug	Urgency	Remote
black	check	CVE-2026-32274	not yet assigned	no
calibre	check	CVE-2026-33205	not yet assigned	no
		CVE-2026-33206	not yet assigned	no
cbor2	check	CVE-2026-26209	not yet assigned	no
ceph	check	CVE-2024-31884	not yet assigned	?
chromium	check	CVE-2026-4673	not yet assigned	no	(fixed in stable?)
		CVE-2026-4674	not yet assigned	no	(fixed in stable?)
		CVE-2026-4675	not yet assigned	no	(fixed in stable?)
		CVE-2026-4676	not yet assigned	no	(fixed in stable?)
		CVE-2026-4677	not yet assigned	no	(fixed in stable?)
		CVE-2026-4678	not yet assigned	no	(fixed in stable?)
		CVE-2026-4679	not yet assigned	no	(fixed in stable?)
		CVE-2026-4680	not yet assigned	no	(fixed in stable?)
crun	check	CVE-2026-30892	not yet assigned	no
edk2	check	CVE-2024-38798	not yet assigned	no
firefox-esr	check	CVE-2025-59375	not yet assigned	no	(fixed in stable?)
		CVE-2026-4684	not yet assigned	no	(fixed in stable?)
		CVE-2026-4685	not yet assigned	no	(fixed in stable?)
		CVE-2026-4686	not yet assigned	no	(fixed in stable?)
		CVE-2026-4687	not yet assigned	no	(fixed in stable?)
		CVE-2026-4688	not yet assigned	no	(fixed in stable?)
		CVE-2026-4689	not yet assigned	no	(fixed in stable?)
		CVE-2026-4690	not yet assigned	no	(fixed in stable?)
		CVE-2026-4691	not yet assigned	no	(fixed in stable?)
		CVE-2026-4692	not yet assigned	no	(fixed in stable?)
		CVE-2026-4693	not yet assigned	no	(fixed in stable?)
		CVE-2026-4694	not yet assigned	no	(fixed in stable?)
		CVE-2026-4695	not yet assigned	no	(fixed in stable?)
		CVE-2026-4696	not yet assigned	no	(fixed in stable?)
		CVE-2026-4697	not yet assigned	no	(fixed in stable?)
		CVE-2026-4698	not yet assigned	no	(fixed in stable?)
		CVE-2026-4699	not yet assigned	no	(fixed in stable?)
		CVE-2026-4700	not yet assigned	no	(fixed in stable?)
		CVE-2026-4701	not yet assigned	no	(fixed in stable?)
		CVE-2026-4702	not yet assigned	no	(fixed in stable?)
		CVE-2026-4704	not yet assigned	no	(fixed in stable?)
		CVE-2026-4705	not yet assigned	no	(fixed in stable?)
		CVE-2026-4706	not yet assigned	no	(fixed in stable?)
		CVE-2026-4707	not yet assigned	no	(fixed in stable?)
		CVE-2026-4708	not yet assigned	no	(fixed in stable?)
		CVE-2026-4709	not yet assigned	no	(fixed in stable?)
		CVE-2026-4710	not yet assigned	no	(fixed in stable?)
		CVE-2026-4713	not yet assigned	no	(fixed in stable?)
		CVE-2026-4714	not yet assigned	no	(fixed in stable?)
		CVE-2026-4715	not yet assigned	no	(fixed in stable?)
		CVE-2026-4716	not yet assigned	no	(fixed in stable?)
		CVE-2026-4717	not yet assigned	no	(fixed in stable?)
		CVE-2026-4718	not yet assigned	no	(fixed in stable?)
		CVE-2026-4719	not yet assigned	no	(fixed in stable?)
		CVE-2026-4720	not yet assigned	no	(fixed in stable?)
		CVE-2026-4721	not yet assigned	no	(fixed in stable?)
flask	check	CVE-2026-27205	not yet assigned	no
freeciv	check	CVE-2026-33250	not yet assigned	no
freeipmi	check	CVE-2026-33554	not yet assigned	no
glibc	check	CVE-2026-4437	not yet assigned	no
		CVE-2026-4438	not yet assigned	no
gobgp	check	CVE-2025-7464	not yet assigned	no
		CVE-2026-30405	not yet assigned	no
grub2	check	CVE-2025-54770	not yet assigned	no
		CVE-2025-54771	not yet assigned	no
		CVE-2025-61661	not yet assigned	no
		CVE-2025-61662	not yet assigned	no
		CVE-2025-61663	not yet assigned	no
		CVE-2025-61664	not yet assigned	no
incus	check	CVE-2026-33542	not yet assigned	no
		CVE-2026-33743	not yet assigned	no
		CVE-2026-33897	not yet assigned	no
		CVE-2026-33945	not yet assigned	no
ldap-account-manager	check	CVE-2025-58174	not yet assigned	no
		CVE-2026-27894	not yet assigned	no
		CVE-2026-27895	not yet assigned	no
libjwt3	check	CVE-2026-33996	not yet assigned	no
libpng1.6	check	CVE-2026-33416	not yet assigned	no
		CVE-2026-33636	not yet assigned	no
linux	check	CVE-2026-23274	not yet assigned	no
		CVE-2026-23275	not yet assigned	no
		CVE-2026-23276	not yet assigned	no
		CVE-2026-23277	not yet assigned	no
		CVE-2026-23278	not yet assigned	no
		CVE-2026-23391	not yet assigned	no
		CVE-2026-23392	not yet assigned	no
		CVE-2026-23393	not yet assigned	no
		CVE-2026-23394	not yet assigned	no
		CVE-2026-23395	not yet assigned	no
		CVE-2026-23396	not yet assigned	no
		CVE-2026-23397	not yet assigned	no
		CVE-2026-23398	not yet assigned	no
		CVE-2026-23399	not yet assigned	no
		CVE-2026-31788	not yet assigned	no
nghttp2	check	CVE-2026-27135	not yet assigned	no
nginx	check	CVE-2026-27651	not yet assigned	no
		CVE-2026-27654	not yet assigned	no
		CVE-2026-27784	not yet assigned	no
		CVE-2026-28753	not yet assigned	no
		CVE-2026-28755	not yet assigned	no
		CVE-2026-32647	not yet assigned	no
node-anymatch	check	CVE-2026-33671	not yet assigned	no
		CVE-2026-33672	not yet assigned	no
node-brace-expansion	check	CVE-2026-33750	not yet assigned	no
node-handlebars	check	CVE-2026-33916	not yet assigned	no
		CVE-2026-33937	not yet assigned	no
		CVE-2026-33938	not yet assigned	no
		CVE-2026-33939	not yet assigned	no
		CVE-2026-33940	not yet assigned	no
		CVE-2026-33941	not yet assigned	no
node-path-to-regexp	check	CVE-2026-4923	not yet assigned	no
		CVE-2026-4926	not yet assigned	no
node-undici	check	CVE-2025-47279	not yet assigned	no
		CVE-2026-1525	not yet assigned	no
		CVE-2026-1526	not yet assigned	no
		CVE-2026-1527	not yet assigned	no
		CVE-2026-1528	not yet assigned	no
		CVE-2026-2229	not yet assigned	no
		CVE-2026-2581	not yet assigned	no
node-yaml	check	CVE-2026-33532	not yet assigned	no
nodejs	check	CVE-2026-21637	not yet assigned	no
		CVE-2026-21710	not yet assigned	?
		CVE-2026-21713	not yet assigned	?
		CVE-2026-21714	not yet assigned	?
		CVE-2026-21715	not yet assigned	?
		CVE-2026-21716	not yet assigned	?
		CVE-2026-21717	not yet assigned	?
openssh	check	CVE-2026-3497	not yet assigned	no
pypdf	check	CVE-2026-33123	not yet assigned	no
		CVE-2026-33699	not yet assigned	no
python3.14	check	CVE-2025-13462	not yet assigned	no
		CVE-2026-2297	not yet assigned	no
		CVE-2026-3644	not yet assigned	no
		CVE-2026-4224	not yet assigned	no
qemu	check	CVE-2026-2243	not yet assigned	no
		CVE-2026-3195	not yet assigned	?
		CVE-2026-3196	not yet assigned	?
		CVE-2026-3842	not yet assigned	?
ruby-bcrypt	check	CVE-2026-33306	not yet assigned	no
ruby-rack	check	CVE-2026-22860	not yet assigned	no	(fixed in stable?)
		CVE-2026-25500	not yet assigned	no	(fixed in stable?)
rust-astral-tokio-tar	check	CVE-2026-32766	not yet assigned	no
rust-wasmtime	check	CVE-2026-27204	not yet assigned	no
		CVE-2026-27572	not yet assigned	no
rustc	check	CVE-2026-33055	not yet assigned	no
		CVE-2026-33056	not yet assigned	no
sogo	check	CVE-2025-71276	not yet assigned	no
		CVE-2026-3054	not yet assigned	no
		CVE-2026-33550	not yet assigned	no
squid	check	CVE-2026-32748	not yet assigned	no
		CVE-2026-33515	not yet assigned	no
		CVE-2026-33526	not yet assigned	no
thunderbird	check	CVE-2025-59375	not yet assigned	no	(fixed in stable?)
		CVE-2026-3889	not yet assigned	no	(fixed in stable?)
		CVE-2026-4371	not yet assigned	no	(fixed in stable?)
		CVE-2026-4684	not yet assigned	no	(fixed in stable?)
		CVE-2026-4685	not yet assigned	no	(fixed in stable?)
		CVE-2026-4686	not yet assigned	no	(fixed in stable?)
		CVE-2026-4687	not yet assigned	no	(fixed in stable?)
		CVE-2026-4688	not yet assigned	no	(fixed in stable?)
		CVE-2026-4689	not yet assigned	no	(fixed in stable?)
		CVE-2026-4690	not yet assigned	no	(fixed in stable?)
		CVE-2026-4691	not yet assigned	no	(fixed in stable?)
		CVE-2026-4692	not yet assigned	no	(fixed in stable?)
		CVE-2026-4693	not yet assigned	no	(fixed in stable?)
		CVE-2026-4694	not yet assigned	no	(fixed in stable?)
		CVE-2026-4695	not yet assigned	no	(fixed in stable?)
		CVE-2026-4696	not yet assigned	no	(fixed in stable?)
		CVE-2026-4697	not yet assigned	no	(fixed in stable?)
		CVE-2026-4698	not yet assigned	no	(fixed in stable?)
		CVE-2026-4699	not yet assigned	no	(fixed in stable?)
		CVE-2026-4700	not yet assigned	no	(fixed in stable?)
		CVE-2026-4701	not yet assigned	no	(fixed in stable?)
		CVE-2026-4702	not yet assigned	no	(fixed in stable?)
		CVE-2026-4704	not yet assigned	no	(fixed in stable?)
		CVE-2026-4705	not yet assigned	no	(fixed in stable?)
		CVE-2026-4706	not yet assigned	no	(fixed in stable?)
		CVE-2026-4707	not yet assigned	no	(fixed in stable?)
		CVE-2026-4708	not yet assigned	no	(fixed in stable?)
		CVE-2026-4709	not yet assigned	no	(fixed in stable?)
		CVE-2026-4710	not yet assigned	no	(fixed in stable?)
		CVE-2026-4713	not yet assigned	no	(fixed in stable?)
		CVE-2026-4714	not yet assigned	no	(fixed in stable?)
		CVE-2026-4715	not yet assigned	no	(fixed in stable?)
		CVE-2026-4716	not yet assigned	no	(fixed in stable?)
		CVE-2026-4717	not yet assigned	no	(fixed in stable?)
		CVE-2026-4718	not yet assigned	no	(fixed in stable?)
		CVE-2026-4719	not yet assigned	no	(fixed in stable?)
		CVE-2026-4720	not yet assigned	no	(fixed in stable?)
		CVE-2026-4721	not yet assigned	no	(fixed in stable?)
webkit2gtk	check	CVE-2025-46299	not yet assigned	no
		CVE-2026-20643	not yet assigned	no
		CVE-2026-20664	not yet assigned	no
		CVE-2026-20665	not yet assigned	no
		CVE-2026-20691	not yet assigned	no
		CVE-2026-28857	not yet assigned	no
		CVE-2026-28859	not yet assigned	no
		CVE-2026-28861	not yet assigned	no
		CVE-2026-28871	not yet assigned	no
woof-doom	check	CVE-2026-4750	not yet assigned	no
wpewebkit	check	CVE-2025-46299	not yet assigned	no
		CVE-2026-20643	not yet assigned	no
		CVE-2026-20664	not yet assigned	no
		CVE-2026-20665	not yet assigned	no
		CVE-2026-20691	not yet assigned	no
		CVE-2026-28857	not yet assigned	no
		CVE-2026-28859	not yet assigned	no
		CVE-2026-28861	not yet assigned	no
		CVE-2026-28871	not yet assigned	no