Control: tag -1 +pending
Thank you for the bug report. I have created a pull request requesting
the mention of mergerfs in the embedded copy list.
https://salsa.debian.org/security-tracker-team/security-tracker/merge_requests/27
On Wed, 2018-11-14 at 14:30 +0100, Helmut Grohne wrote:
> Source: mergerfs
> Version: 2.24.2-3
> Severity: important
>
> mergerfs contains an embedded copy of libfuse that is not registered
> with the security tracker. It does Build-Depend on libfuse-dev, but
> rather than using it, it uses its own embedded copy. Please remove
> the
> embedded copy. Failing that, please register it in the security-
> tracker:
> https://wiki.debian.org/EmbeddedCodeCopies
>
> Helmut
--
Ritesh Raj Sarraf | http://people.debian.org/~rrs
Debian - The Universal Operating System
signature.asc
Description: This is a digitally signed message part