CVE-2013-4325 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4325): The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process. Red Hat's patch: https://bugzilla.redhat.com/attachment.cgi?id=796256&action=diff&context=patch&collapsed=&headers=1&format=raw
+*hplip-3.13.9 (28 Sep 2013) + + 28 Sep 2013; Daniel Pielmeier <billie@gentoo.org> +hplip-3.13.9.ebuild: + Version bump. Includes Red Hat's patch to fix CVE-2013-4325.
Stabilized and cleaned up as part of Bug 497722. Arhes and Maintainers thank you for your work. Added to existing GLSA Draf.
This issue was resolved and addressed in GLSA 201406-27 at http://security.gentoo.org/glsa/glsa-201406-27.xml by GLSA coordinator Chris Reffett (creffett).