Mandriva Linux Security Advisory 2013-069 - cups-pk-helper, a PolicyKit helper to configure CUPS with fine-grained privileges, wraps CUPS function calls in an insecure way. This could lead to uploading sensitive data to a CUPS resource, or overwriting specific files with the content of a CUPS resource. The user would have to explicitly approve the action.
ff5002b343b18cedb8e0512238d466a0a6f6cc46e50c1366199112fa122abc7a