[DONE] wml://security/2016/dla-{403,380,382,418}.wml

[Lev Lamberov <dogsleg@debian.org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- english/security/2016/dla-380.wml	2016-04-08 01:54:44.000000000 +0500
+++ russian/security/2016/dla-380.wml	2016-04-13 12:36:40.171136754 +0500
@@ -1,22 +1,23 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и LTS</define-tag>
 <define-tag moreinfo>
 
- -<p>An issue had been discovered and resolved by the libvncserver upstream
- -developer Karl Runge addressing thread-safety in libvncserver when
- -libvncserver is used for handling multiple VNC connections [1].</p>
+<p>РазÑ?абоÑ?Ñ?ик оÑ?новной веÑ?ки Ñ?азÑ?абоÑ?ки Ð?аÑ?л Ð Ñ?нге обнаÑ?Ñ?жил и иÑ?пÑ?авил
+пÑ?облемÑ? в libvncserver, коÑ?оÑ?аÑ? каÑ?аеÑ?Ñ?Ñ? поÑ?оковой безопаÑ?ноÑ?Ñ?и в Ñ?лÑ?Ñ?ае
+иÑ?полÑ?зованиÑ? libvncserver длÑ? обÑ?абоÑ?ки неÑ?колÑ?киÑ? VNC-Ñ?оединений [1].</p>
 
- -<p>Unfortunately, it is not trivially feasible (because of ABI breakage) to
- -backport the <a href="https://github.com/LibVNC/libvncserver/commit/804335f9d296440bb708ca844f5d89b58b50b0c6";>related patch</a> to libvncserver 0.9.7 as shipped in Debian
+<p>Ð? Ñ?ожалениÑ?, <a href="https://github.com/LibVNC/libvncserver/commit/804335f9d296440bb708ca844f5d89b58b50b0c6";>Ñ?Ñ?о иÑ?пÑ?авление</a>
+не Ñ?ак-Ñ?о легко адапÑ?иÑ?оваÑ?Ñ? (из-за поломки ABI) длÑ? libvncserver веÑ?Ñ?ии 0.9.7, поÑ?Ñ?авлÑ?емой в Ñ?оÑ?Ñ?аве Debian
 squeeze(-lts).</p>
 
- -<p>However, the thread-safety patch discussed resolved a related issue of
- -memory corruption caused by freeing global variables without nullifying
- -them when reusing them in another <q>thread</q>, especially occurring when
- -libvncserver is used for handling multiple VNC connections</p>
+<p>Тем не менее, Ñ?казаннаÑ? заплаÑ?а длÑ? поÑ?оковой безопаÑ?ноÑ?Ñ?и Ñ?акже Ñ?еÑ?аеÑ? Ñ?вÑ?заннÑ?Ñ? пÑ?облемÑ?
+Ñ? повÑ?еждением Ñ?одеÑ?жимого памÑ?Ñ?и, вÑ?зÑ?ваемÑ?Ñ? оÑ?вобождением глобалÑ?нÑ?Ñ? пеÑ?еменнÑ?Ñ? без иÑ?
+оÑ?иÑ?Ñ?ки в дÑ?Ñ?гом <q>поÑ?оке</q>, Ñ?Ñ?о в оÑ?обенноÑ?Ñ?и пÑ?оÑ?влÑ?еÑ?Ñ?Ñ? пÑ?и
+иÑ?полÑ?зовании libvncserver длÑ? обÑ?абоÑ?ки неÑ?колÑ?киÑ? VNC-Ñ?оединений.</p>
 
- -<p>The described issue has been resolved with this version of libvncserver
- -and users of VNC are recommended to upgrade to this version of the
- -package.</p>
+<p>Ð?пиÑ?аннаÑ? пÑ?облема бÑ?ла Ñ?еÑ?ена в Ñ?Ñ?ой веÑ?Ñ?ии libvncserver,
+полÑ?зоваÑ?елÑ?м VNC Ñ?екомендÑ?еÑ?Ñ?Ñ? вÑ?полниÑ?Ñ? обновление до Ñ?казанной веÑ?Ñ?ии
+пакеÑ?а.</p>
 </define-tag>
 
 # do not modify the following line
- --- english/security/2016/dla-382.wml	2016-04-08 01:54:44.000000000 +0500
+++ russian/security/2016/dla-382.wml	2016-04-13 12:42:04.295842750 +0500
@@ -1,26 +1,27 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и LTS</define-tag>
 <define-tag moreinfo>
- -<p>When sudo is configured to allow a user to edit files under a
- -directory that they can already write to without using sudo, they can
- -actually edit (read and write) arbitrary files.  Daniel Svartman
- -reported that a configuration like this might be introduced
- -unintentionally if the editable files are specified using wildcards,
- -for example:</p>
+<p>Ð?Ñ?ли Ñ?Ñ?илиÑ?а sudo наÑ?Ñ?Ñ?оена Ñ?аким обÑ?азом, Ñ?Ñ?о полÑ?зоваÑ?елÑ? можеÑ? Ñ?едакÑ?иÑ?оваÑ?Ñ? Ñ?айлÑ? в
+каÑ?алоге, в коÑ?оÑ?ом Ñ?Ñ?оÑ? полÑ?зоваÑ?елÑ? Ñ?же имееÑ? пÑ?аво на запиÑ?Ñ? без sudo, Ñ?о он
+можеÑ? Ñ?едакÑ?иÑ?оваÑ?Ñ? (вÑ?полнÑ?Ñ?Ñ? Ñ?Ñ?ение и запиÑ?Ñ?) пÑ?оизволÑ?нÑ?е Ñ?айлÑ?.  Ð?аниÑ?лÑ? СваÑ?Ñ?ман
+Ñ?ообÑ?ил, Ñ?Ñ?о подобнÑ?е наÑ?Ñ?Ñ?ойки могÑ?Ñ? бÑ?Ñ?Ñ? и ненамеÑ?еннÑ?ми в Ñ?ом Ñ?лÑ?Ñ?ае, еÑ?ли
+Ñ?едакÑ?иÑ?Ñ?емÑ?е Ñ?айлÑ? Ñ?казанÑ? Ñ? помоÑ?Ñ?Ñ? знаков подÑ?Ñ?ановки,
+напÑ?имеÑ?:</p>
 <pre>
     operator ALL=(root) sudoedit /home/*/*/test.txt
 </pre>
 
- -<p>The default behaviour of sudo has been changed so that it does not
- -allow editing of a file in a directory that the user can write to, or
- -that is reached by following a symlink in a directory that the user
- -can write to.  These restrictions can be disabled, but this is
- -strongly discouraged.</p>
+<p>Ð?аÑ?Ñ?Ñ?ойки sudo по Ñ?молÑ?аниÑ? бÑ?ли измененÑ? Ñ?аким обÑ?азом, Ñ?Ñ?о Ñ?епеÑ?Ñ?
+Ñ?едакÑ?иÑ?ование Ñ?айла в каÑ?алоге, в коÑ?оÑ?Ñ?й полÑ?зоваÑ?елÑ? Ñ?же имееÑ? пÑ?аво на запиÑ?Ñ?, либо
+Ñ?айла, коÑ?оÑ?Ñ?й можеÑ? бÑ?Ñ?Ñ? оÑ?кÑ?Ñ?Ñ? Ñ?еÑ?ез Ñ?имволÑ?нÑ?Ñ? Ñ?Ñ?Ñ?лки в Ñ?аком каÑ?алоге,
+запÑ?еÑ?ено.  ЭÑ?и огÑ?аниÑ?ениÑ? можно оÑ?клÑ?Ñ?иÑ?Ñ?, но Ñ?Ñ?о
+кÑ?айне не Ñ?екомендÑ?еÑ?Ñ?Ñ?.</p>
 
- -<p>For the oldoldstable distribution (squeeze), this has been fixed in
- -version 1.7.4p4-2.squeeze.6.</p>
+<p>Ð? пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?аÑ?ом Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (squeeze) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 1.7.4p4-2.squeeze.6.</p>
 
- -<p>For the oldstable distribution (wheezy) and the stable distribution
- -(jessie), this will be fixed soon.</p>
+<p>Ð? пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?абилÑ?ном (wheezy) и Ñ?Ñ?абилÑ?ном (jessie) вÑ?пÑ?Ñ?каÑ?
+Ñ?Ñ?а пÑ?облема бÑ?деÑ? иÑ?пÑ?авлена позже.</p>
 </define-tag>
 
 # do not modify the following line
- --- english/security/2016/dla-403.wml	2016-04-08 01:54:44.000000000 +0500
+++ russian/security/2016/dla-403.wml	2016-04-13 12:30:05.487422209 +0500
@@ -1,29 +1,30 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и LTS</define-tag>
 <define-tag moreinfo>
- -<p>Several issues have been discovered by Unrud in Radicale, a calendar
- -and addressbook server. A remote attacker could exploit these
- -vulnerabilities and call arbitrary functions by sending crafted HTTP
- -requests.</p>
+<p>Ð? Unrud длÑ? Radicale, Ñ?еÑ?веÑ?а календаÑ?Ñ? и адÑ?еÑ?нÑ?Ñ? книг, бÑ?ло
+обнаÑ?Ñ?жено неÑ?колÑ?ко пÑ?облем. УдалÑ?ннÑ?й злоÑ?мÑ?Ñ?ленник можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?и
+Ñ?Ñ?звимоÑ?Ñ?и и вÑ?зÑ?ваÑ?Ñ? пÑ?оизволÑ?нÑ?е Ñ?Ñ?нкÑ?ии пÑ?Ñ?Ñ?м оÑ?пÑ?авки Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованнÑ?Ñ?
+HTTP-запÑ?оÑ?ов.</p>
 
 <ul>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-8748";>CVE-2015-8748</a>
 
- -        <p>Prevent regex injection in rights management.
- -        Prevent crafted HTTP request from calling arbitrary functions.</p></li>
+        <p>Ð?Ñ?едоÑ?вÑ?аÑ?ение инÑ?екÑ?ии Ñ?егÑ?лÑ?Ñ?ного вÑ?Ñ?ажениÑ? в Ñ?иÑ?Ñ?еме Ñ?пÑ?авлениÑ? пÑ?авами.
+        Ð?Ñ?едоÑ?вÑ?аÑ?ение вÑ?зова пÑ?оизволÑ?нÑ?Ñ? Ñ?Ñ?нкÑ?ий Ñ? помоÑ?Ñ?Ñ? HTTP-запÑ?оÑ?а.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-8747";>CVE-2015-8747</a>
 
- -        <p>The multifilesystem backend allows access to arbitrary files
- -        on all platforms. (Squeeze is not affected because the
- -        multifilesystem backend does not exist in this version.)</p></li>
+        <p>Ð?вижок Ñ? поддеÑ?жкой множеÑ?Ñ?ва Ñ?айловÑ?Ñ? Ñ?иÑ?Ñ?ем позволÑ?еÑ? полÑ?Ñ?аÑ?Ñ? доÑ?Ñ?Ñ?п к пÑ?оизволÑ?нÑ?м Ñ?айлам
+        на вÑ?еÑ? плаÑ?Ñ?оÑ?маÑ?. (Squeeze не подвеÑ?жен Ñ?Ñ?ой пÑ?облеме, Ñ?ак как
+        Ñ?казаннÑ?й движок в Ñ?Ñ?ой веÑ?Ñ?ии оÑ?Ñ?Ñ?Ñ?Ñ?Ñ?вÑ?еÑ?.)</p></li>
 
 </ul>
 
- -<p>For Debian 6 <q>Squeeze</q>, these problems have been fixed in version
+<p>Ð? Debian 6 <q>Squeeze</q> Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в веÑ?Ñ?ии
 0.3-2+deb6u1.</p>
 
- -<p>We recommend that you upgrade your radicale packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? radicale.</p>
 </define-tag>
 
 # do not modify the following line
- --- english/security/2016/dla-418.wml	2016-04-08 01:54:44.000000000 +0500
+++ russian/security/2016/dla-418.wml	2016-04-13 12:46:09.697218932 +0500
@@ -1,30 +1,31 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и LTS</define-tag>
 <define-tag moreinfo>
- -<p>WordPress versions 4.4.1 and earlier are affected by two security
- -issues: a possible Side Request Forgery Vulnerability for certain
- -local URIs, reported by Ronni Skansing; and an open redirection
- -attack, reported by Shailesh Suthar.</p>
+<p>WordPress веÑ?Ñ?ий 4.4.1 и более Ñ?анниÑ? подвеÑ?жен двÑ?м пÑ?облемам
+безопаÑ?ноÑ?Ñ?и: возможной подделке Ñ?Ñ?оÑ?онниÑ? запÑ?оÑ?ов длÑ? некоÑ?оÑ?Ñ?Ñ?
+локалÑ?нÑ?Ñ? URI, о Ñ?Ñ?м Ñ?ообÑ?им Ронни СканÑ?инг; и аÑ?ака на оÑ?кÑ?Ñ?Ñ?ое
+пеÑ?енапÑ?авлениÑ?, о Ñ?Ñ?м Ñ?ообÑ?ил ШаилеÑ? СÑ?Ñ?аÑ?.</p>
 
 <ul>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-2221";>CVE-2016-2221</a>
 
- -   <p>Wordpress could be vulnerable for an open redirection attack
- -   which was fixed by better validation of the URL used in HTTP
- -   redirects.</p></li>
+   <p>Wordpress можеÑ? бÑ?Ñ?Ñ? Ñ?Ñ?звим длÑ? аÑ?ак на оÑ?кÑ?Ñ?Ñ?ое пеÑ?енапÑ?авление,
+   Ñ?Ñ?о бÑ?ло иÑ?пÑ?авлено пÑ?Ñ?Ñ?м Ñ?лÑ?Ñ?Ñ?ениÑ? пÑ?овеÑ?ки иÑ?полÑ?зÑ?емого в HTTP-пеÑ?енапÑ?авлениÑ?Ñ?
+   URL.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-2222";>CVE-2016-2222</a>
 
- -   <p>It was discovered that Wordpress was susceptible for a possible Side
- -   Request Forgery Vulnerability because it considered for instance
- -   0.1.2.3 as a valid IP.</p></li>
+   <p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о Wordpress можеÑ? Ñ?одеÑ?жаÑ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ?, заклÑ?Ñ?аÑ?Ñ?Ñ?Ñ?Ñ?Ñ? в
+   подделке Ñ?Ñ?оÑ?онниÑ? запÑ?оÑ?ов, поÑ?колÑ?кÑ? адÑ?еÑ? вида
+   0.1.2.3 Ñ?Ñ?иÑ?аеÑ?Ñ?Ñ? коÑ?Ñ?екÑ?нÑ?м IP адÑ?еÑ?ом.</p></li>
 
 </ul>
 
- -<p>For Debian 6 <q>Squeeze</q>, these problems have been fixed in version
+<p>Ð? Debian 6 <q>Squeeze</q> Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в веÑ?Ñ?ии
 3.6.1+dfsg-1~deb6u9.</p>
 
- -<p>We recommend that you upgrade your wordpress packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? wordpress.</p>
 </define-tag>
 
 # do not modify the following line
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXDflEAAoJEF7nbuICFtKlvBAP/11gSeIaVsaCDgoXX5rds+lj
Mpe5pc9cpPvB3mkvxzEvMOGTlIgeVYjC3Sf+g8B4dIocvrdMv6s8V54LtJ5CllvW
yd9tqelfWbi/q+EaDGvGQVbTBYIMDXSDA1S8+Rqai1gv9fupjlvrfd8w/5al03VE
3CiYihwaI/JbF7b2WIqbcw2GJhLGiCTcfkA4kmkP0uz9IeWXkpr4vsogJQXBgngd
ajUCw91KVdab02Oh4wMRBu/rXcExegFnHW6Fpadb8SbLGlya0WREFsS0O4aRkT99
BrG5tx1anvB3DZnzMLt6tpnjsHwjYSgIl5R3NPOjIQkOnbhO7G2a5zZNaFXZZg/x
jK+/nOObyoDmSakJjv2KSYfykyROS+KTJxZ97PJR9rxkJUhGACRF9oe/21/ikZ1F
X/2S6iPpOvmvMybGgosxEuMSe126D/iMmGJrj7sngYbBqzlXnqyFsLOE5c2/FQYS
+h/TClGErSw2PD9oNCEMDpkh3RpJ3Tz5H3Yw9P0/Pp0yxfInh1xIzJZN44GzWHJ7
B5bnbX3PTLzMltSq0qlhBirq/GWsoPErjzDMMt0aiAQSLpysx1aRIspWq13jE7U7
dwt5pPM21vObUSwgkR/TgWnouo+bc8ZoxrpJJBpvhxF4Y4W8ifv001jeEbIHmOS8
GVFtUqg8o+ThZt8oqd+J
=UxV/
-----END PGP SIGNATURE-----