[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[TAF] wml://security/2011/dsa-22{89,90,91}.wml



Salut,

Plusieurs annonces de sécurité sont à traduire, par avance merci au
volontaire de répondre par un [ITT] sur le groupe, ou même un ITT
individuel par annonce, comme vous préférez (par exemple en utilisant le
sujet « [ITT] wml://security/2011/dsa-2289.wml » pour la première).

Un script dans le dépôt du site web permet de traduire les morceaux
habituels : french/security/dsa-translator.pl.

Amicalement

David


<define-tag description>various vulnerabilities</define-tag>
<define-tag moreinfo>

<p>Various vulnerabilities have been found in SquirrelMail, a webmail
application. The Common Vulnerabilities and Exposures project
identifies the following vulnerabilities:</p>

<ul>

<li><a href="http://security-tracker.debian.org/tracker/CVE-2010-4554";>CVE-2010-4554</a>

  <p>SquirrelMail did not prevent page rendering inside a third-party
  HTML frame, which makes it easier for remote attackers to conduct
  clickjacking attacks via a crafted web site.</p></li>

<li><a href="http://security-tracker.debian.org/tracker/CVE-2010-4555";>CVE-2010-4555</a>, 
    <a href="http://security-tracker.debian.org/tracker/CVE-2011-2752";>CVE-2011-2752</a>, 
    <a href="http://security-tracker.debian.org/tracker/CVE-2011-2753";>CVE-2011-2753</a>

  <p>Multiple small bugs in SquirrelMail allowed an attacker to inject
  malicious script into various pages or alter the contents of user
  preferences.</p></li>

<li><a href="http://security-tracker.debian.org/tracker/CVE-2011-2023";>CVE-2011-2023</a>

  <p>It was possible to inject arbitrary web script or HTML via a
  crafted STYLE element in an HTML part of an e-mail message.</p></li>

</ul>

<p>For the oldstable distribution (lenny), these problems have been fixed in
version 1.4.15-4+lenny5.</p>

<p>For the stable distribution (squeeze), these problems have been fixed in
version 1.4.21-2.</p>

<p>For the testing (wheezy) and unstable distribution (sid), these problems
have been fixed in version 1.4.22-1.</p>

<p>We recommend that you upgrade your squirrelmail packages.</p>
</define-tag>

# do not modify the following line
#include "$(ENGLISHDIR)/security/2011/dsa-2291.data"
# $Id: dsa-2291.wml,v 1.2 2011-08-08 11:52:10 kaare Exp $
<define-tag description>cross-site scripting</define-tag>
<define-tag moreinfo>
<p>The Samba Web Administration Tool (SWAT) contains several cross-site request 
forgery (CSRF) vulnerabilities 
(<a href="http://security-tracker.debian.org/tracker/CVE-2011-2522";>\
CVE-2011-2522</a>) and a cross-site scripting vulnerability 
(<a href="http://security-tracker.debian.org/tracker/CVE-2011-2694";>\
CVE-2011-2694</a>).</p>

<p>For the oldstable distribution (lenny), these problems have been fixed in
version 2:3.2.5-4lenny15.</p>

<p>For the stable distribution (squeeze), these problems have been fixed
in version 2:3.5.6~dfsg-3squeeze5.</p>

<p>For the testing distribution (wheezy) and the unstable distribution
(sid), these problems have been fixed in version 2:3.5.10~dfsg-1.</p>

<p>We recommend that you upgrade your samba packages.</p>
</define-tag>

# do not modify the following line
#include "$(ENGLISHDIR)/security/2011/dsa-2290.data"
# $Id: dsa-2290.wml,v 1.1 2011-08-07 21:07:22 kaare Exp $
<define-tag description>several vulnerabilities</define-tag>
<define-tag moreinfo>
<p>Several remote vulnerabilities have been discovered in the TYPO3 web
content management framework: cross-site scripting, information
disclosure, authentication delay bypass, and arbitrary file deletion.
More details can be found in the Typo3 security advisory:
<a href="http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2011-001/";>\
TYPO3-CORE-SA-2011-001</a>.</p>

<p>For the oldstable distribution (lenny), these problems have been fixed in
version 4.2.5-1+lenny8.</p>

<p>For the stable distribution (squeeze), these problems have been fixed in
version 4.3.9+dfsg1-1+squeeze1.</p>

<p>For the testing distribution (wheezy) and the unstable distribution
(sid), these problems have been fixed in version 4.5.4+dfsg1-1.</p>

<p>We recommend that you upgrade your typo3-src packages.</p>
</define-tag>

# do not modify the following line
#include "$(ENGLISHDIR)/security/2011/dsa-2289.data"
# $Id: dsa-2289.wml,v 1.1 2011-08-07 21:07:05 kaare Exp $

Attachment: signature.asc
Description: OpenPGP digital signature


Reply to: