Sorry, it seems that default behavior of yahoo mail is top post yes, i've comment out all sources in sources.list except http://ftp.se.debian.org/debian stretch main
On Sunday, August 5, 2018, 8:05:45 PM GMT+8, Pascal Hambourg <pas...@plouf.fr.eu.org> wrote: Please don't top post, it makes it harder to read and reply. Le 05/08/2018 à 13:52, Long Wind a écrit : > fuse: > Installed: 2.9.7-1 > Candidate: 2.9.7-1 > Version table: > *** 2.9.7-1 500 > 500 http://ftp.se.debian.org/debian stretch/main i386 Packages > 100 /var/lib/dpkg/status > libfuse2: > Installed: 2.9.7-1 > Candidate: 2.9.7-1 > Version table: > *** 2.9.7-1 500 > 500 http://ftp.se.debian.org/debian stretch/main i386 Packages > 100 /var/lib/dpkg/status As expected, you actually downgraded fuse to the version affected by the vulnerability exposed in DSA-4257-1. The reason is probably that there is no more security mirror declared in your sources.list. Otherwise apt-cache would show the versions available on this mirror. So you do not get security updates any more. > On Sunday, August 5, 2018, 7:44:31 PM GMT+8, Pascal Hambourg ><pas...@plouf.fr.eu.org> wrote: > > Le 0 5/08/2018 à 12:58, Long Wind a écrit :>> apt-get remove libfuse2 >> >> after running command above, i can install jmtpfs > > Weird. fuse depends on the same version of libfuse2, so if removing > libfuse2 allowed to install fuse, it means that the version of fuse that > you just installed does not match the version of libfuse2 that you > removed. But it was the latest stable released version, so the version > you have now installed may not be the latest stable version. > > What is the output of > > apt