CVE-2013-6427 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6427): upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing (HPLIP) 3.x through 3.13.11 launches a program from an http URL, which allows man-in-the-middle attackers to execute arbitrary code by gaining control over the client-server data stream. @maintainers: okay to stable 3.11.1-r1? (We can hold off a bit to see if a fix for bug 492712 comes along)
> @maintainers: okay to stable 3.11.1-r1? (We can hold off a bit to see if a > fix for bug 492712 comes along) 3.11.1-r1 does not fix this issue, but I have committed 3.14.1 which should. Stabilization for 3.13.9 is currently in the works (bug #484474). I will close this one and open a new one for 3.14.1.
Over 2 years old and package has been stabilized for quite some time.