It looks like this is fixed in 3.2.6-1 : https://metadata.ftp-master.debian.org/changelogs/main/f/fuse3/fuse3_3.2.6-1_copyright but missed closing this bug?
fuse3 (3.2.6-1) unstable; urgency=medium * New upstream release: - fix CVE-2018-10906, restriction bypass of the allow_other option when SELinux is active (closes: #911343). * Honor nocheck in DEB_BUILD_OPTIONS (closes: #910029). * Don't force xz compression for source and binaries (closes: #910030). * Update copyright file. -- Laszlo Boszormenyi (GCS) <g...@debian.org> Thu, 18 Oct 2018 21:36:00 +0000