Hi,
we received incorrect version information during the coordination phase thus
our initial advisory stated that FortiOS
v6.0.7 fixes the issue. Fortinet has just now confirmed that only v6.2.0
includes the patch. See their advisory:
https://fortiguard.com/psirt/FG-IR-18-100
SEC Consult
Anhui Huami Mi Fit Android Application - Unencrypted Update Check
--
https://www.info-sec.ca/advisories/Huami-Mi-Fit.html
Overview
"Mi Fit tracks your activity, analyzes sleep, and evaluates your workouts."
(https://play.google.com/store/apps/details?id=com.xiaomi.hm.health)
Issue
The Anhui
pari/gp on debian stable allow arbitrary file write
pari/gp is CAS (computer algebra system).
pari/gp version 2.9.1 on debian stretch and 2.11 on debian buster
allow arbitrary file write and hence arbitrary code execution.
poc:
\\ a.gp
\\ to run: \r a.gp
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4576-1 secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
November 25, 2019