Bug 30566

Summary: hplip: Multiple issues (3.1)
Product: UCS Reporter: Moritz Muehlenhoff <jmm>
Component: Security updatesAssignee: Security maintainers <security-maintainers>
Status: CLOSED WONTFIX QA Contact:
Severity: normal    
Priority: P3    
Version: UCS 3.0   
Target Milestone: UCS 3.1-x-errata   
Hardware: Other   
OS: Linux   
What kind of report is it?: --- What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score:

Description Moritz Muehlenhoff univentionstaff 2013-02-22 15:19:43 CET 
+++ This bug was initially created as a clone of Bug #30565 +++

+++ This bug was initially created as a clone of Bug #30564 +++

CVE-2013-0200

hplip handles temporary files insecurely in several code paths
Comment 1 Moritz Muehlenhoff univentionstaff 2013-09-19 08:04:12 CEST 
Insecure use of DBUS interface allows the bypass of Policykit restrictions (CVE-2013-4325)
Comment 2 Moritz Muehlenhoff univentionstaff 2013-12-02 15:00:38 CET 
Insecure temporary file handling in pkit.py (CVE-2013-6402)
Comment 3 Moritz Muehlenhoff univentionstaff 2014-06-02 07:59:19 CEST 
The maintenance with bug and security fixes for UCS 3.1-x has ended on 31st of May 2014.

The maintenance of the UCS 3.x major series is continued by UCS 3.2-x that is supplied with bug and security fixes.

Customers still on UCS 3.1-x are encouraged to update to UCS 3.2. Please contact your partner or Univention for any questions.