[Pkg-virtualbox-devel] Bug#659951: CVE-2012-0105
Alexey Eromenko
al4321 at gmail.com
Wed Feb 15 09:21:33 UTC 2012
Debian lacks the infrastructure to compile
"virtualbox-guest-additions-iso", so while the upstream source code is
free, the result is not.
This is due to dependency on non-free software such as Microsoft DDK,
required to compile "virtualbox-guest-additions-iso".
Therefore: "virtualbox-guest-additions-iso" is part of the Debian's
"non-free" repository, and therefore unlikely to be fixed.
AFAIK Debian's Policy is not to issue security updates for it's
"contrib" and "non-free" sections. Only support for the "main" section
is covered.
Recommended action: CLOSE, WONTFIX (for
"virtualbox-guest-additions-iso" package)
What might get fixed, is "virtualbox-ose-guest-*" packages, which are
part of the "main" section.
Do you want to open a separate bug or change the package of this bug ?
One more note:
v4.1.8 is fixed, according to Oracle. (so potentially only Squeeze is
affected, Wheezy is not)
--
-Alexey Eromenko "Technologov"
More information about the Pkg-virtualbox-devel
mailing list