Re: SEC Consult SA-20191125-0 :: FortiGuard XOR Encryption in Multiple Fortinet Products

Hi, we received incorrect version information during the coordination phase thus our initial advisory stated that FortiOS v6.0.7 fixes the issue. Fortinet has just now confirmed that only v6.2.0 includes the patch. See their advisory: https://fortiguard.com/psirt/FG-IR-18-100 SEC Consult

Anhui Huami Mi Fit Android Application - Unencrypted Update Check

Anhui Huami Mi Fit Android Application - Unencrypted Update Check -- https://www.info-sec.ca/advisories/Huami-Mi-Fit.html Overview "Mi Fit tracks your activity, analyzes sleep, and evaluates your workouts." (https://play.google.com/store/apps/details?id=com.xiaomi.hm.health) Issue The Anhui

pari/gp on debian stable allow arbitrary file write

pari/gp on debian stable allow arbitrary file write pari/gp is CAS (computer algebra system). pari/gp version 2.9.1 on debian stretch and 2.11 on debian buster allow arbitrary file write and hence arbitrary code execution. poc: \\ a.gp \\ to run: \r a.gp

[SECURITY] [DSA 4576-1] php-imagick security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4576-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso November 25, 2019