Salut, Plusieurs annonces de sécurité sont à traduire, par avance merci au volontaire de répondre par un [ITT] sur le groupe, ou même un ITT individuel par annonce, comme vous préférez (par exemple en utilisant le sujet « [ITT] wml://security/2011/dsa-2289.wml » pour la première). Un script dans le dépôt du site web permet de traduire les morceaux habituels : french/security/dsa-translator.pl. Amicalement David
<define-tag description>various vulnerabilities</define-tag> <define-tag moreinfo> <p>Various vulnerabilities have been found in SquirrelMail, a webmail application. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:</p> <ul> <li><a href="http://security-tracker.debian.org/tracker/CVE-2010-4554">CVE-2010-4554</a> <p>SquirrelMail did not prevent page rendering inside a third-party HTML frame, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.</p></li> <li><a href="http://security-tracker.debian.org/tracker/CVE-2010-4555">CVE-2010-4555</a>, <a href="http://security-tracker.debian.org/tracker/CVE-2011-2752">CVE-2011-2752</a>, <a href="http://security-tracker.debian.org/tracker/CVE-2011-2753">CVE-2011-2753</a> <p>Multiple small bugs in SquirrelMail allowed an attacker to inject malicious script into various pages or alter the contents of user preferences.</p></li> <li><a href="http://security-tracker.debian.org/tracker/CVE-2011-2023">CVE-2011-2023</a> <p>It was possible to inject arbitrary web script or HTML via a crafted STYLE element in an HTML part of an e-mail message.</p></li> </ul> <p>For the oldstable distribution (lenny), these problems have been fixed in version 1.4.15-4+lenny5.</p> <p>For the stable distribution (squeeze), these problems have been fixed in version 1.4.21-2.</p> <p>For the testing (wheezy) and unstable distribution (sid), these problems have been fixed in version 1.4.22-1.</p> <p>We recommend that you upgrade your squirrelmail packages.</p> </define-tag> # do not modify the following line #include "$(ENGLISHDIR)/security/2011/dsa-2291.data" # $Id: dsa-2291.wml,v 1.2 2011-08-08 11:52:10 kaare Exp $
<define-tag description>cross-site scripting</define-tag> <define-tag moreinfo> <p>The Samba Web Administration Tool (SWAT) contains several cross-site request forgery (CSRF) vulnerabilities (<a href="http://security-tracker.debian.org/tracker/CVE-2011-2522">\ CVE-2011-2522</a>) and a cross-site scripting vulnerability (<a href="http://security-tracker.debian.org/tracker/CVE-2011-2694">\ CVE-2011-2694</a>).</p> <p>For the oldstable distribution (lenny), these problems have been fixed in version 2:3.2.5-4lenny15.</p> <p>For the stable distribution (squeeze), these problems have been fixed in version 2:3.5.6~dfsg-3squeeze5.</p> <p>For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 2:3.5.10~dfsg-1.</p> <p>We recommend that you upgrade your samba packages.</p> </define-tag> # do not modify the following line #include "$(ENGLISHDIR)/security/2011/dsa-2290.data" # $Id: dsa-2290.wml,v 1.1 2011-08-07 21:07:22 kaare Exp $
<define-tag description>several vulnerabilities</define-tag> <define-tag moreinfo> <p>Several remote vulnerabilities have been discovered in the TYPO3 web content management framework: cross-site scripting, information disclosure, authentication delay bypass, and arbitrary file deletion. More details can be found in the Typo3 security advisory: <a href="http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2011-001/">\ TYPO3-CORE-SA-2011-001</a>.</p> <p>For the oldstable distribution (lenny), these problems have been fixed in version 4.2.5-1+lenny8.</p> <p>For the stable distribution (squeeze), these problems have been fixed in version 4.3.9+dfsg1-1+squeeze1.</p> <p>For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 4.5.4+dfsg1-1.</p> <p>We recommend that you upgrade your typo3-src packages.</p> </define-tag> # do not modify the following line #include "$(ENGLISHDIR)/security/2011/dsa-2289.data" # $Id: dsa-2289.wml,v 1.1 2011-08-07 21:07:05 kaare Exp $
Attachment:
signature.asc
Description: OpenPGP digital signature