Debian lacks the infrastructure to compile "virtualbox-guest-additions-iso", so while the upstream source code is free, the result is not. This is due to dependency on non-free software such as Microsoft DDK, required to compile "virtualbox-guest-additions-iso".
Therefore: "virtualbox-guest-additions-iso" is part of the Debian's "non-free" repository, and therefore unlikely to be fixed. AFAIK Debian's Policy is not to issue security updates for it's "contrib" and "non-free" sections. Only support for the "main" section is covered. Recommended action: CLOSE, WONTFIX (for "virtualbox-guest-additions-iso" package) What might get fixed, is "virtualbox-ose-guest-*" packages, which are part of the "main" section. Do you want to open a separate bug or change the package of this bug ? One more note: v4.1.8 is fixed, according to Oracle. (so potentially only Squeeze is affected, Wheezy is not) -- -Alexey Eromenko "Technologov" -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
