[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[DONE] wml://security/2015/dla-2{43,09,15}.wml

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- english/security/2015/dla-209.wml	2016-04-07 03:10:34.000000000 +0500
+++ russian/security/2015/dla-209.wml	2016-04-26 20:46:53.092987207 +0500
@@ -1,11 +1,12 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и LTS</define-tag>
 <define-tag moreinfo>
- -<p>JRuby before 1.6.5.1 computes hash values without restricting the ability to
- -trigger hash collisions predictably, which allows context-dependent attackers
- -to cause a denial of service (CPU consumption) via crafted input to an
- -application that maintains a hash table. Note: This update includes
- -corrections to the original fix for later Debian releases to avoid the issues
- -identified in <a href="https://security-tracker.debian.org/tracker/CVE-2012-5370";>CVE-2012-5370</a>.</p>
+<p>JRuby до веÑ?Ñ?ии 1.6.5.1 вÑ?Ñ?иÑ?лÑ?еÑ? Ñ?еÑ?-знаÑ?ениÑ? без огÑ?аниÑ?ениÑ? возможноÑ?Ñ?и
+пÑ?едÑ?казÑ?емо вÑ?зÑ?ваÑ?Ñ? Ñ?Ñ?олкновениÑ? Ñ?еÑ?ей, Ñ?Ñ?о в завиÑ?имоÑ?Ñ?и оÑ? конÑ?екÑ?Ñ?а позволÑ?еÑ? злоÑ?мÑ?Ñ?ленникам
+вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании (Ñ?Ñ?езмеÑ?ное поÑ?Ñ?ебление Ñ?еÑ?Ñ?Ñ?Ñ?ов ЦÐ?) пÑ?и помоÑ?и Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованнÑ?Ñ?
+вÑ?однÑ?Ñ? даннÑ?Ñ? пÑ?иложениÑ?, Ñ?абоÑ?аÑ?Ñ?его Ñ? Ñ?аблиÑ?ей Ñ?еÑ?ей. Ð?нимание: данное обновление вклÑ?Ñ?аеÑ? в Ñ?ебÑ?
+иÑ?пÑ?авлениÑ? оÑ?игиналÑ?ного иÑ?пÑ?авлениÑ? длÑ? более поздниÑ? вÑ?пÑ?Ñ?ков Debian Ñ? Ñ?елÑ?Ñ? избежаÑ?Ñ? пÑ?облемÑ?,
+опÑ?еделÑ?емÑ?е в <a href="https://security-tracker.debian.org/tracker/CVE-2012-5370";>CVE-2012-5370</a>.</p>
 </define-tag>
 
 # do not modify the following line
- --- english/security/2015/dla-215.wml	2016-04-08 01:27:55.000000000 +0500
+++ russian/security/2015/dla-215.wml	2016-04-26 20:50:02.506248946 +0500
@@ -1,14 +1,15 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и LTS</define-tag>
 <define-tag moreinfo>
- -<p>The JSON gem for Ruby allowed remote attackers to cause a denial of
- -service (resource consumption) or bypass the mass assignment protection
- -mechanism via a crafted JSON document that triggers the creation of
- -arbitrary Ruby symbols or certain internal objects, as demonstrated by
- -conducting a SQL injection attack against Ruby on Rails, aka "Unsafe
- -Object Creation Vulnerability."</p>
+<p>Ð?одÑ?лÑ? JSON длÑ? Ruby позволÑ?еÑ? Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленникам вÑ?зÑ?ваÑ?Ñ? оÑ?каз
+в обÑ?лÑ?живании (Ñ?Ñ?езмеÑ?ное поÑ?Ñ?ебление Ñ?еÑ?Ñ?Ñ?Ñ?ов) или обÑ?одиÑ?Ñ? меÑ?анизм заÑ?иÑ?Ñ? оÑ? маÑ?Ñ?ового
+пÑ?иÑ?ваиваниÑ? пÑ?и помоÑ?и Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованного докÑ?менÑ?а в Ñ?оÑ?маÑ?е JSON, коÑ?оÑ?Ñ?й вÑ?зÑ?ваеÑ? Ñ?оздание
+пÑ?оизволÑ?нÑ?Ñ? Ñ?имволов Ruby или опÑ?еделÑ?ннÑ?Ñ? внÑ?Ñ?Ñ?енниÑ? обÑ?екÑ?ов, Ñ?Ñ?о демонÑ?Ñ?Ñ?иÑ?Ñ?еÑ?Ñ?Ñ?
+вÑ?полнением SQL-инÑ?екÑ?ии в Ruby on Rails и Ñ?акже извеÑ?Ñ?но как <q>Ð?ебезопаÑ?ное
+Ñ?оздание обÑ?екÑ?а</q>.</p>
 
- -<p>For Debian 6 <q>Squeeze</q>, this issue has been fixed in libjson-ruby
- -version 1.1.9-1+deb6u1.</p>
+<p>Ð? Debian 6 <q>Squeeze</q> Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в libjson-ruby
+веÑ?Ñ?ии 1.1.9-1+deb6u1.</p>
 </define-tag>
 
 # do not modify the following line
- --- english/security/2015/dla-243.wml	2016-04-08 01:24:54.000000000 +0500
+++ russian/security/2015/dla-243.wml	2016-04-26 20:41:43.131629004 +0500
@@ -1,19 +1,20 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и LTS</define-tag>
 <define-tag moreinfo>
- -<p>[This DLA supersedes my wrong announcement using DLA 241-1]</p>
+<p>[Ð?аннаÑ? Ñ?екомендаÑ?иÑ? DLA заменÑ?еÑ? оÑ?ибоÑ?нÑ?Ñ? Ñ?екомендаÑ?иÑ? DLA 241-1]</p>
 
 <ul>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-3885";>CVE-2015-3885</a>:
 
- - <p>Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier
- - allows remote attackers to cause a denial of service (crash) via a
- - crafted image, which triggers a buffer overflow, related to the len
- - variable.</p></li>
+ <p>Ð?еÑ?еполнение Ñ?елÑ?Ñ? Ñ?иÑ?ел в Ñ?Ñ?нкÑ?ии ljpeg_start function в dcraw 7.00 и более Ñ?анниÑ?
+ веÑ?Ñ?иÑ?Ñ? позволÑ?еÑ? Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленникам вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка) Ñ? помоÑ?Ñ?Ñ?
+ Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованного изобÑ?ажениÑ?, коÑ?оÑ?ое вÑ?зÑ?ваеÑ? пеÑ?еполнение бÑ?Ñ?еÑ?а, Ñ?вÑ?занное Ñ? пеÑ?еменной
+ len.</p></li>
 
 </ul>
 
- -<p>We recommend that you upgrade your libraw packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? libraw.</p>
 </define-tag>
 
 # do not modify the following line
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXH44uAAoJEF7nbuICFtKlwFEP/0rMOUJ/BEQP4eZoOvEGiZ+E
lIk9oW2eCB7U/q0ke4Bga6T82QctbGiQJsiDGx6pGqLEY56Z6lK2HoRrmCXKJzb5
MD0WRXMjs4JErirgtj2rbEKbKKFjL3Mwer/4StVZIr7TqKohgo6V98u0iS8cvrzT
dhlmW6ipCMvUagBETx8KvKN9kf+z08XJXFcaZEQ2UKjUFfqIaRWA9j+1PWibAqK2
BULvLTVpME8N+53H0/CVu1lLvZtHhuiguJ4CAGvG9sFVQvJVdC9pNXUw4mtTZqwf
deN+6sLpSKIK+wvdPlqBAcvKpZIQNZOMePYbrcGEQj7GpQJttHycU6CTtTl8KNcs
es50u32jRBoh9+5fShHgHV3jF9RsGvMzorf3hvdFAfeIMWISu3Bd5dN+PrYcdhup
OBL4jQf7SJwFpBKpSzrZlE1W3RFvU4+CZXgbdW+zNb6UmYtzOUh1WusC1LsBovW/
p+Sfr/x+Dnc0Y5QhLiuKcJLSsEZxefawrPQmbpjAkTOrmy8TVHF/5epZ8O4a8TYr
LHwns7Ut55JbPlYwbyWurE0Qv1l1dXMTUfb+JQSbImlw/1FVfcQZcEqo0H1U7SG2
KCKHfiKtiaR3TbjVZK5qnUci8wx1YVCHSuMgXIFvOIPF6INTSJgBx1T0BW0XKcRg
BpcwGw2prNKbMz3yVKvy
=11dT
-----END PGP SIGNATURE-----
Reply to: