Overview

File _patchinfo of Package patchinfo.2490

<patchinfo>
  <issue id="852368" tracker="bnc">CVE-2013-6402: hplip: arbitrary file creation/overwrite (via hardcoded file name /tmp/hp-pkservice.log)</issue>
  <issue id="853405" tracker="bnc">hplip: insecure auto update feature</issue>
  <issue id="CVE-2013-6402" tracker="cve" />
  <issue id="CVE-2013-6427" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>jsmeix</packager>
  <description>
- fix-CVE-2013-6402.dif fixes hardcoded file name
  /tmp/hp-pkservice.log in pkit.py (bnc#852368).
- disable_hp-upgrade.patch disables hp-upgrade/upgrade.py for
  security reasons (bnc#853405). To upgrade HPLIP an openSUSE
  software package manager like YaST or zypper should be used.
  (CVE-2013-6427)

</description>
  <summary>update for hplip</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places