Register | Log in

beets

music tagger and library organizer

Choose email to subscribe with

general

source: beets (main)
version: 2.11.0-1
maintainer: Debian Python Team (DMD)
uploaders: Ryan Kavanagh [DMD] – Pieter Lenaerts [DMD]
arch: all
std-ver: 4.7.4
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.4.9-7
oldstable: 1.6.0-4
stable: 2.2.0-3
testing: 2.8.0-1
unstable: 2.11.0-1

versioned links

1.4.9-7: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.6.0-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.2.0-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.8.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.11.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

beets (2 bugs: 0, 2, 0, 0)
beets-doc

action needed

Marked for autoremoval on 08 June due to starlette: #1134850 high

Version 2.8.0-1 of beets is marked for autoremoval from testing on Mon 08 Jun 2026. It depends (transitively) on starlette, affected by #1134850. You should try to prevent the removal by fixing these RC bugs.

Created: 2026-05-02 Last update: 2026-05-20 20:34

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2026-42052: Beets is the media library management system. Prior to version 2.10.0, the bundled web UI uses Underscore template interpolation mode <%= ... %> for untrusted metadata fields. In this runtime, <%= ... %> is raw insertion and HTML escaping is only performed by <%- ... %>. Rendered output is then inserted with .html(...), allowing attacker-controlled markup to become active DOM. This issue has been patched in version 2.10.0.

Created: 2026-05-05 Last update: 2026-05-17 18:30

1 low-priority security issue in trixie low

There is 1 open security issue in trixie.

1 issue left for the package maintainer to handle:

CVE-2026-42052: (needs triaging) Beets is the media library management system. Prior to version 2.10.0, the bundled web UI uses Underscore template interpolation mode <%= ... %> for untrusted metadata fields. In this runtime, <%= ... %> is raw insertion and HTML escaping is only performed by <%- ... %>. Rendered output is then inserted with .html(...), allowing attacker-controlled markup to become active DOM. This issue has been patched in version 2.10.0.

You can find information about how to handle this issue in the security team's documentation.

Created: 2026-05-15 Last update: 2026-05-17 18:30

testing migrations

excuses:
- Migrates after: pyacoustid
- Migration status for beets (2.8.0-1 to 2.11.0-1): Waiting for test results or another package, or too young (no action required now - check later)
- Issues preventing migration:
- ∙ ∙ Autopkgtest for beets/2.11.0-1: amd64: Pass, arm64: Pass, i386: Test triggered, ppc64el: Pass, riscv64: Test triggered, s390x: Pass
- ∙ ∙ Build-Depends(-Arch): beets pyacoustid (not considered)
- Additional info (not blocking):
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/b/beets.html
- ∙ ∙ Reproduced on amd64 - info
- ∙ ∙ Reproduced on arm64 - info
- ∙ ∙ Reproduced on armhf - info
- ∙ ∙ Reproduced on i386 - info
- ∙ ∙ 5 days old (needed 5 days)
- Not considered

news

[2026-05-16] Accepted beets 2.11.0-1 (source) into unstable (Pieter Lenaerts) (signed by: Jeroen Ploemen)
[2026-04-14] beets 2.8.0-1 MIGRATED to testing (Debian testing watch)
[2026-04-11] Accepted beets 2.8.0-1 (source) into unstable (Pieter Lenaerts) (signed by: Jeroen Ploemen)
[2026-03-29] beets 2.7.1-1 MIGRATED to testing (Debian testing watch)
[2026-03-26] Accepted beets 2.7.1-1 (source) into unstable (Pieter Lenaerts) (signed by: Emmanuel Arias)
[2026-03-13] beets 2.6.2-1 MIGRATED to testing (Debian testing watch)
[2026-03-06] Accepted beets 2.6.2-1 (source) into unstable (Pieter Lenaerts) (signed by: Emmanuel Arias)
[2026-02-19] beets 2.5.1-4 MIGRATED to testing (Debian testing watch)
[2026-02-16] Accepted beets 2.5.1-4 (source) into unstable (Emmanuel Arias)
[2026-02-16] Accepted beets 2.5.1-3 (source) into unstable (Pieter Lenaerts) (signed by: Emmanuel Arias)
[2026-01-17] beets 2.5.1-2 MIGRATED to testing (Debian testing watch)
[2026-01-15] Accepted beets 2.5.1-2 (source) into unstable (Alexandre Detiste)
[2026-01-02] beets 2.5.1-1 MIGRATED to testing (Debian testing watch)
[2025-12-30] Accepted beets 2.5.1-1 (source) into unstable (Pieter Lenaerts) (signed by: Tobias Frost)
[2025-04-24] beets 2.2.0-3 MIGRATED to testing (Debian testing watch)
[2025-04-13] Accepted beets 2.2.0-3 (source) into unstable (Stefano Rivera)
[2025-01-01] beets 2.2.0-2 MIGRATED to testing (Debian testing watch)
[2024-12-29] Accepted beets 2.2.0-2 (source) into unstable (Stefano Rivera)
[2024-12-06] beets 2.2.0-1 MIGRATED to testing (Debian testing watch)
[2024-12-03] Accepted beets 2.2.0-1 (source) into unstable (Stefano Rivera)
[2024-11-28] beets 2.1.0-1 MIGRATED to testing (Debian testing watch)
[2024-11-25] Accepted beets 2.1.0-1 (source) into unstable (Stefano Rivera)
[2024-06-08] beets 2.0.0-1 MIGRATED to testing (Debian testing watch)
[2024-06-06] Accepted beets 2.0.0-1 (source) into unstable (Stefano Rivera)
[2024-04-01] beets 1.6.0-9 MIGRATED to testing (Debian testing watch)
[2024-03-28] Accepted beets 1.6.0-9 (source) into unstable (Alexandre Detiste)
[2024-01-15] beets 1.6.0-8 MIGRATED to testing (Debian testing watch)
[2024-01-13] Accepted beets 1.6.0-8 (source) into unstable (Carsten Schoenert)
[2023-11-15] beets 1.6.0-7 MIGRATED to testing (Debian testing watch)
[2023-11-13] Accepted beets 1.6.0-7 (source) into unstable (Stefano Rivera)

1
2

bugs [bug history graph]

all: 3
RC: 0
I&N: 3
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, reproducibility
popcon
browse source code
other distros
security tracker
screenshots
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.5.1-4

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing