dask.distributed - Debian Package Tracker

general

source: dask.distributed (main)
version: 2024.12.1+ds-2
maintainer: Debian Python Team (DMD)
uploaders: Diane Trout [DMD]
arch: all
std-ver: 4.7.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2021.01.0+ds.1-2.1+deb11u1
oldstable: 2022.12.1+ds.1-3
stable: 2024.12.1+ds-1
testing: 2024.12.1+ds-1
unstable: 2024.12.1+ds-2

versioned links

2021.01.0+ds.1-2.1+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2022.12.1+ds.1-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2024.12.1+ds-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2024.12.1+ds-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

python-distributed-doc
python3-distributed

action needed

Debci reports failed tests high

unstable: fail (log)
The tests ran in 1:56:19
Last run: 2026-05-27T03:48:56.000Z
Previous status: unknown

testing: fail (log)
The tests ran in 1:17:43
Last run: 2026-05-27T02:08:17.000Z
Previous status: unknown

stable: fail (log)
The tests ran in 1:03:09
Last run: 2025-11-09T09:14:49.000Z
Previous status: unknown

Created: 2025-11-06 Last update: 2026-05-27 21:30

A new upstream version is available: 2026.3.0 high

A new upstream version 2026.3.0 is available, you should consider packaging it.

Created: 2025-11-26 Last update: 2026-05-27 15:30

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2026-23528: Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupyter-server-proxy, and Dask distributed are all run together, it is possible to craft a URL which will result in code being executed by Jupyter due to a cross-side-scripting (XSS) bug in the Dask dashboard. It is possible for attackers to craft a phishing URL that assumes Jupyter Lab and Dask may be running on localhost and using default ports. If a user clicks on the malicious link it will open an error page in the Dask Dashboard via the Jupyter Lab proxy which will cause code to be executed by the default Jupyter Python kernel. This vulnerability is fixed in 2026.1.0.

Created: 2026-01-16 Last update: 2026-05-27 02:00

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2026-23528: Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupyter-server-proxy, and Dask distributed are all run together, it is possible to craft a URL which will result in code being executed by Jupyter due to a cross-side-scripting (XSS) bug in the Dask dashboard. It is possible for attackers to craft a phishing URL that assumes Jupyter Lab and Dask may be running on localhost and using default ports. If a user clicks on the malicious link it will open an error page in the Dask Dashboard via the Jupyter Lab proxy which will cause code to be executed by the default Jupyter Python kernel. This vulnerability is fixed in 2026.1.0.

Created: 2026-01-16 Last update: 2026-05-27 02:00

lintian reports 5 warnings normal

Lintian reports 5 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2026-05-27 Last update: 2026-05-27 21:01

Fails to build during reproducibility testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2026-03-23 Last update: 2026-05-27 20:31

debian/patches: 4 patches to forward upstream low

Among the 24 debian patches available in version 2024.12.1+ds-2 of the package, we noticed the following issues:

4 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2024-11-13 Last update: 2026-05-27 09:03

1 low-priority security issue in trixie low

There is 1 open security issue in trixie.

1 issue left for the package maintainer to handle:

CVE-2026-23528: (needs triaging) Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupyter-server-proxy, and Dask distributed are all run together, it is possible to craft a URL which will result in code being executed by Jupyter due to a cross-side-scripting (XSS) bug in the Dask dashboard. It is possible for attackers to craft a phishing URL that assumes Jupyter Lab and Dask may be running on localhost and using default ports. If a user clicks on the malicious link it will open an error page in the Dask Dashboard via the Jupyter Lab proxy which will cause code to be executed by the default Jupyter Python kernel. This vulnerability is fixed in 2026.1.0.

You can find information about how to handle this issue in the security team's documentation.

Created: 2026-01-16 Last update: 2026-05-27 02:00

1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:

CVE-2026-23528: (needs triaging) Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupyter-server-proxy, and Dask distributed are all run together, it is possible to craft a URL which will result in code being executed by Jupyter due to a cross-side-scripting (XSS) bug in the Dask dashboard. It is possible for attackers to craft a phishing URL that assumes Jupyter Lab and Dask may be running on localhost and using default ports. If a user clicks on the malicious link it will open an error page in the Dask Dashboard via the Jupyter Lab proxy which will cause code to be executed by the default Jupyter Python kernel. This vulnerability is fixed in 2026.1.0.

You can find information about how to handle this issue in the security team's documentation.

Created: 2026-01-16 Last update: 2026-05-27 02:00

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.4 instead of 4.7.0).

Created: 2025-02-21 Last update: 2026-05-27 01:32

testing migrations

excuses:
- Migrates after: sphinx
- Migration status for dask.distributed (2024.12.1+ds-1 to 2024.12.1+ds-2): Waiting for test results or another package, or too young (no action required now - check later)
- Issues preventing migration:
- ∙ ∙ Autopkgtest for dask.distributed/2024.12.1+ds-2: amd64: Pass, arm64: Pass, i386: Pass, ppc64el: Failed (not a regression) ♻ (reference ♻), riscv64: Test triggered (failure will be ignored), s390x: Failed (not a regression) ♻ (reference ♻)
- ∙ ∙ Autopkgtest for satpy/0.60.0-1: amd64: Pass, arm64: Pass, i386: Failed (not a regression) ♻ (reference ♻), ppc64el: Pass, riscv64: Test triggered, s390x: No tests, superficial or marked flaky ♻
- ∙ ∙ Autopkgtest for spyder-kernels/3.1.3-3: amd64: Pass, arm64: Pass, i386: Pass, ppc64el: Pass, riscv64: Test triggered, s390x: Pass
- ∙ ∙ Too young, only 1 of 5 days old
- ∙ ∙ Built-Using: dask.distributed sphinx (not considered)
- Additional info (not blocking):
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/d/dask.distributed.html
- ∙ ∙ Reproduced on amd64 - info
- ∙ ∙ Reproduced on arm64 - info
- ∙ ∙ Reproduced on armhf - info
- ∙ ∙ Reproduced on i386 - info
- Not considered

news

[rss feed]

[2026-05-26] Accepted dask.distributed 2024.12.1+ds-2 (source) into unstable (Bastian Germann) (signed by: bage@debian.org)
[2025-01-14] dask.distributed 2024.12.1+ds-1 MIGRATED to testing (Debian testing watch)
[2025-01-06] Accepted dask.distributed 2024.12.1+ds-1 (source) into unstable (Colin Watson)
[2024-11-18] dask.distributed 2024.5.2+ds.1-8 MIGRATED to testing (Debian testing watch)
[2024-11-12] Accepted dask.distributed 2024.5.2+ds.1-8 (source) into unstable (Santiago Vila)
[2024-09-04] dask.distributed 2024.5.2+ds.1-7 MIGRATED to testing (Debian testing watch)
[2024-08-29] Accepted dask.distributed 2024.5.2+ds.1-7 (source) into unstable (Julian Gilbey)
[2024-08-28] Accepted dask.distributed 2024.5.2+ds.1-6 (source) into unstable (Julian Gilbey)
[2024-08-27] Accepted dask.distributed 2024.5.2+ds.1-5 (source) into unstable (Julian Gilbey)
[2024-08-26] Accepted dask.distributed 2024.5.2+ds.1-4 (source) into unstable (Julian Gilbey)
[2024-07-19] Accepted dask.distributed 2024.5.2+ds.1-3 (source) into unstable (Étienne Mollier)
[2024-06-20] Accepted dask.distributed 2024.5.2+ds.1-2 (source) into unstable (Étienne Mollier)
[2024-06-16] Accepted dask.distributed 2024.5.2+ds.1-1 (source) into unstable (Étienne Mollier)
[2024-01-20] dask.distributed 2023.12.1+ds-4 MIGRATED to testing (Debian testing watch)
[2024-01-15] Accepted dask.distributed 2023.12.1+ds-4 (source) into unstable (Julian Gilbey)
[2024-01-10] dask.distributed 2023.12.1+ds-3 MIGRATED to testing (Debian testing watch)
[2024-01-05] Accepted dask.distributed 2023.12.1+ds-3 (source) into unstable (Julian Gilbey)
[2024-01-03] Accepted dask.distributed 2023.12.1+ds-2 (source) into unstable (Julian Gilbey)
[2024-01-03] Accepted dask.distributed 2023.12.1+ds-1 (source) into unstable (Julian Gilbey)
[2023-09-22] dask.distributed 2023.8.0+ds.1-1 MIGRATED to testing (Debian testing watch)
[2023-09-21] dask.distributed REMOVED from testing (Debian testing watch)
[2023-08-11] Accepted dask.distributed 2023.8.0+ds.1-1 (source) into unstable (Diane Trout)
[2023-02-13] dask.distributed 2022.12.1+ds.1-3 MIGRATED to testing (Debian testing watch)
[2023-02-10] Accepted dask.distributed 2022.12.1+ds.1-3 (source) into unstable (Diane Trout)
[2023-02-09] Accepted dask.distributed 2022.12.1+ds.1-2 (source) into unstable (Diane Trout)
[2023-01-26] dask.distributed REMOVED from testing (Debian testing watch)
[2023-01-21] Accepted dask.distributed 2022.12.1+ds.1-1 (source) into unstable (Diane Trout)
[2023-01-08] dask.distributed 2022.02.0+ds.1-3 MIGRATED to testing (Debian testing watch)
[2023-01-05] Accepted dask.distributed 2022.02.0+ds.1-3 (source) into unstable (Nilesh Patra)
[2022-08-29] dask.distributed 2022.02.0+ds.1-2 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 5
RC: 3
I&N: 2
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 5)
buildd: logs, reproducibility
popcon
browse source code
other distros
security tracker
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2024.12.1+ds-1