Bug#913735: mergerfs: unregistered embedded copy of libfuse

[Ritesh Raj Sarraf]

Control: tag -1 +pending


Thank you for the bug report. I have created a pull request requesting
the mention of mergerfs in the embedded copy list.

https://salsa.debian.org/security-tracker-team/security-tracker/merge_requests/27

On Wed, 2018-11-14 at 14:30 +0100, Helmut Grohne wrote:
> Source: mergerfs
> Version: 2.24.2-3
> Severity: important
> 
> mergerfs contains an embedded copy of libfuse that is not registered
> with the security tracker. It does Build-Depend on libfuse-dev, but
> rather than using it, it uses its own embedded copy. Please remove
> the
> embedded copy. Failing that, please register it in the security-
> tracker:
> https://wiki.debian.org/EmbeddedCodeCopies
> 
> Helmut
-- 
Ritesh Raj Sarraf | http://people.debian.org/~rrs
Debian - The Universal Operating System


signature.asc
Description: This is a digitally signed message part

Bug#913735: mergerfs: unregistered embedded copy of libfuse

[Helmut Grohne]

Source: mergerfs
Version: 2.24.2-3
Severity: important

mergerfs contains an embedded copy of libfuse that is not registered
with the security tracker. It does Build-Depend on libfuse-dev, but
rather than using it, it uses its own embedded copy. Please remove the
embedded copy. Failing that, please register it in the security-tracker:
https://wiki.debian.org/EmbeddedCodeCopies

Helmut