black - Debian Package Tracker

general

source: black (main)
version: 26.1.0-1
maintainer: Debian Python Team (DMD)
uploaders: Chris Lamb [DMD]
arch: all any
std-ver: 4.7.3
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 20.8b1-4
oldstable: 23.1.0-1
stable: 25.1.0-3
testing: 25.12.0-2
unstable: 26.1.0-1

versioned links

20.8b1-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
23.1.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
25.1.0-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
25.12.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
26.1.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

black
python-black-doc

action needed

A new upstream version is available: 26.3.1 high

A new upstream version 26.3.1 is available, you should consider packaging it.

Created: 2025-12-08 Last update: 2026-03-19 00:01

1 security issue in trixie high

There is 1 open security issue in trixie.

1 important issue:

CVE-2026-32274: Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker who controls the value of this argument to write cache files to arbitrary file system locations. Fixed in Black 26.3.1.

Created: 2026-03-13 Last update: 2026-03-14 00:16

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2026-32274: Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker who controls the value of this argument to write cache files to arbitrary file system locations. Fixed in Black 26.3.1.

Created: 2026-03-13 Last update: 2026-03-14 00:16

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2026-32274: Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker who controls the value of this argument to write cache files to arbitrary file system locations. Fixed in Black 26.3.1.

Created: 2026-03-13 Last update: 2026-03-14 00:16

2 security issues in bullseye high

There are 2 open security issues in bullseye.

1 important issue:

CVE-2026-32274: Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker who controls the value of this argument to write cache files to arbitrary file system locations. Fixed in Black 26.3.1.

1 issue postponed or untriaged:

CVE-2024-21503: (needs triaging) Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the lines_with_leading_tabs_expanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service. Exploiting this vulnerability is possible when running Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings.

Created: 2026-03-13 Last update: 2026-03-14 00:16

2 security issues in bookworm high

There are 2 open security issues in bookworm.

1 important issue:

CVE-2026-32274: Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker who controls the value of this argument to write cache files to arbitrary file system locations. Fixed in Black 26.3.1.

1 ignored issue:

CVE-2024-21503: Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the lines_with_leading_tabs_expanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service. Exploiting this vulnerability is possible when running Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings.

Created: 2024-03-19 Last update: 2026-03-14 00:16

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 2-day delay is over. Check why.

Created: 2026-03-12 Last update: 2026-03-19 00:32

Does not build reproducibly during testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2026-03-18 Last update: 2026-03-19 00:01

testing migrations

excuses:
- Migration status: Blocked. Can't migrate due to a non-migratable dependency. Check status below.
- Blocked by: python-pathspec
- Migration status for black (25.12.0-2 to 26.1.0-1): BLOCKED: Cannot migrate due to another item, which is blocked (please check which dependencies are stuck)
- Issues preventing migration:
- ∙ ∙ Build-Depends(-Arch): black python-pathspec (not considered)
- ∙ ∙ Depends: black python-pathspec (not considered)
- ∙ ∙ Invalidated by build-dependency
- ∙ ∙ Invalidated by dependency
- Additional info (not blocking):
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/b/black.html
- ∙ ∙ Autopkgtest for black/26.1.0-1: amd64: Pass, arm64: Pass, i386: Pass, ppc64el: Pass, riscv64: Pass, s390x: Pass
- ∙ ∙ Autopkgtest for python-datamodel-code-generator/0.54.1-1: ppc64el: Pass ♻ (reference ♻), s390x: Pass ♻ (reference ♻)
- ∙ ∙ Autopkgtest for python-hypothesis/6.151.5-1: ppc64el: Pass ♻
- ∙ ∙ Autopkgtest for python-hypothesis/6.151.9-1: amd64: Pass, arm64: Pass, i386: Pass, riscv64: Test triggered (failure will be ignored), s390x: Pass
- ∙ ∙ Autopkgtest for python-inline-snapshot/0.31.1-1: ppc64el: Pass ♻, s390x: Pass ♻
- ∙ ∙ Not reproduced on amd64 (not a regression): black
- ∙ ∙ Not reproduced on arm64 (not a regression): black
- ∙ ∙ Not reproduced on armhf (not a regression): black
- ∙ ∙ Not reproduced on i386 (not a regression): black
- ∙ ∙ Not reproduced on ppc64el (not a regression): black
- ∙ ∙ Required age reduced by 3 days because of autopkgtest
- ∙ ∙ 12 days old (needed 2 days)
- Not considered

news

[rss feed]

[2026-03-07] Accepted black 26.1.0-1 (source) into unstable (Michael R. Crusoe)
[2026-02-27] black 25.12.0-2 MIGRATED to testing (Debian testing watch)
[2026-02-24] Accepted black 25.12.0-2 (source) into unstable (Michael R. Crusoe)
[2025-12-12] black 25.12.0-1 MIGRATED to testing (Debian testing watch)
[2025-12-08] Accepted black 25.12.0-1 (source) into unstable (Michael R. Crusoe)
[2025-11-14] black 25.11.0-1 MIGRATED to testing (Debian testing watch)
[2025-11-10] Accepted black 25.11.0-1 (source) into unstable (Colin Watson)
[2025-11-01] black 25.9.0-1 MIGRATED to testing (Debian testing watch)
[2025-10-30] Accepted black 25.9.0-1 (source) into unstable (Colin Watson)
[2025-06-04] black 25.1.0-3 MIGRATED to testing (Debian testing watch)
[2025-05-27] Accepted black 25.1.0-3 (source) into unstable (Bastian Germann) (signed by: bage@debian.org)
[2025-03-02] black 25.1.0-2 MIGRATED to testing (Debian testing watch)
[2025-02-27] Accepted black 25.1.0-2 (source) into unstable (Michael R. Crusoe)
[2025-02-07] black 25.1.0-1 MIGRATED to testing (Debian testing watch)
[2025-02-05] Accepted black 25.1.0-1 (source) into unstable (Michael R. Crusoe)
[2025-01-29] Accepted black 25.1.0-0exp (source) into experimental (Michael R. Crusoe)
[2025-01-16] black 24.10.0-3 MIGRATED to testing (Debian testing watch)
[2025-01-13] Accepted black 24.10.0-3 (source) into unstable (Alexandre Detiste)
[2025-01-01] black 24.10.0-2 MIGRATED to testing (Debian testing watch)
[2024-12-30] Accepted black 24.10.0-2 (source) into unstable (Colin Watson)
[2024-10-16] black 24.10.0-1 MIGRATED to testing (Debian testing watch)
[2024-10-13] Accepted black 24.10.0-1 (source) into unstable (Sylvestre Ledru)
[2024-08-07] black 24.8.0-1 MIGRATED to testing (Debian testing watch)
[2024-08-07] black 24.8.0-1 MIGRATED to testing (Debian testing watch)
[2024-08-04] Accepted black 24.8.0-1 (source) into unstable (Michael R. Crusoe)
[2024-05-12] black 24.4.2-2 MIGRATED to testing (Debian testing watch)
[2024-05-09] Accepted black 24.4.2-2 (source) into unstable (Michael R. Crusoe)
[2024-05-06] black 24.4.2-1 MIGRATED to testing (Debian testing watch)
[2024-05-03] Accepted black 24.4.2-2~0exp0 (source) into experimental (Michael R. Crusoe)
[2024-05-03] Accepted black 24.4.2-1 (source) into unstable (Sylvestre Ledru)

bugs [bug history graph]

all: 1
RC: 0
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 25.12.0-1
3 bugs