Source: mergerfs
Version: 2.24.2-3
Severity: important

mergerfs contains an embedded copy of libfuse that is not registered
with the security tracker. It does Build-Depend on libfuse-dev, but
rather than using it, it uses its own embedded copy. Please remove the
embedded copy. Failing that, please register it in the security-tracker:
https://wiki.debian.org/EmbeddedCodeCopies

Helmut

Reply via email to