It looks like this is fixed in 3.2.6-1 :
https://metadata.ftp-master.debian.org/changelogs/main/f/fuse3/fuse3_3.2.6-1_copyright
but missed closing this bug?
fuse3 (3.2.6-1) unstable; urgency=medium
* New upstream release:
- fix CVE-2018-10906, restriction bypass of the allow_other option when
SELinux is active (closes: #911343).
* Honor nocheck in DEB_BUILD_OPTIONS (closes: #910029).
* Don't force xz compression for source and binaries (closes: #910030).
* Update copyright file.
-- Laszlo Boszormenyi (GCS) <[email protected]> Thu, 18 Oct 2018 21:36:00 +0000