Source: mergerfs Version: 2.24.2-3 Severity: important mergerfs contains an embedded copy of libfuse that is not registered with the security tracker. It does Build-Depend on libfuse-dev, but rather than using it, it uses its own embedded copy. Please remove the embedded copy. Failing that, please register it in the security-tracker: https://wiki.debian.org/EmbeddedCodeCopies
Helmut

