update for hplip
- fix-CVE-2013-6402.dif fixes hardcoded file name
/tmp/hp-pkservice.log in pkit.py (bnc#852368).
- disable_hp-upgrade.patch disables hp-upgrade/upgrade.py for
security reasons (bnc#853405). To upgrade HPLIP an openSUSE
software package manager like YaST or zypper should be used.
(CVE-2013-6427)
-
Submitted by
Johannes Meixner (jsmeix)
Fixed bugs
bnc#852368
CVE-2013-6402: hplip: arbitrary file creation/overwrite (via hardcoded file name /tmp/hp-pkservice.log)
bnc#853405
hplip: insecure auto update feature
