Please don't top post, it makes it harder to read and reply. Le 05/08/2018 à 13:52, Long Wind a écrit :
fuse: Installed: 2.9.7-1 Candidate: 2.9.7-1 Version table: *** 2.9.7-1 500 500 http://ftp.se.debian.org/debian stretch/main i386 Packages 100 /var/lib/dpkg/status libfuse2: Installed: 2.9.7-1 Candidate: 2.9.7-1 Version table: *** 2.9.7-1 500 500 http://ftp.se.debian.org/debian stretch/main i386 Packages 100 /var/lib/dpkg/status
As expected, you actually downgraded fuse to the version affected by the vulnerability exposed in DSA-4257-1. The reason is probably that there is no more security mirror declared in your sources.list. Otherwise apt-cache would show the versions available on this mirror. So you do not get security updates any more.
On Sunday, August 5, 2018, 7:44:31 PM GMT+8, Pascal Hambourg <pascal@plouf.fr.eu.org> wrote:Le 05/08/2018 à 12:58, Long Wind a écrit :apt-get remove libfuse2 after running command above, i can install jmtpfsWeird. fuse depends on the same version of libfuse2, so if removing libfuse2 allowed to install fuse, it means that the version of fuse that you just installed does not match the version of libfuse2 that you removed. But it was the latest stable released version, so the version you have now installed may not be the latest stable version. What is the output of apt-cache policy fuse libfuse2