[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[DONE] wml://security/2015/dla-26{6,3}.wml

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- english/security/2015/dla-263.wml	2016-04-08 01:24:54.000000000 +0500
+++ russian/security/2015/dla-263.wml	2016-05-04 12:02:27.804238970 +0500
@@ -1,31 +1,32 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и LTS</define-tag>
 <define-tag moreinfo>
- -<p>Two vulnerabilities were identified in the Ruby language interpreter,
- -version 1.9.1.</p>
+<p>Ð? инÑ?еÑ?пÑ?еÑ?аÑ?оÑ?е Ñ?зÑ?ка Ruby веÑ?Ñ?ии 1.9.1 бÑ?ло обнаÑ?Ñ?жено
+две Ñ?Ñ?звимоÑ?Ñ?и.</p>
 
 <ul>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2012-5371";>CVE-2012-5371</a>
 
- -    <p>Jean-Philippe Aumasson identified that Ruby computed hash values
- -    without properly restricting the ability to trigger hash collisions
- -    predictably, allowing context-dependent attackers to cause a denial
- -    of service (CPU consumption). This is a different vulnerability than
+    <p>Ð?ан=Филипп Ð?маÑ?Ñ?он опÑ?еделил, Ñ?Ñ?о Ruby вÑ?Ñ?иÑ?лÑ?еÑ? Ñ?еÑ?-знаÑ?ениÑ? без
+    Ñ?ооÑ?веÑ?Ñ?Ñ?вÑ?Ñ?Ñ?его огÑ?аниÑ?ениÑ? возможноÑ?Ñ?и пÑ?едÑ?казаÑ?Ñ? Ñ?Ñ?олкновениÑ?
+    Ñ?еÑ?ей, Ñ?Ñ?о позволÑ?еÑ? злоÑ?мÑ?Ñ?ленникам в завиÑ?имоÑ?Ñ?и оÑ? конÑ?екÑ?Ñ?а вÑ?зÑ?ваÑ?Ñ? оÑ?каз
+    в обÑ?лÑ?живании (Ñ?Ñ?езмеÑ?ное поÑ?Ñ?ебление Ñ?еÑ?Ñ?Ñ?Ñ?ов ЦÐ?). ЭÑ?о Ñ?Ñ?звимоÑ?Ñ?Ñ? оÑ?лиÑ?аеÑ?Ñ?Ñ? оÑ?
     <a href="https://security-tracker.debian.org/tracker/CVE-2011-4815";>CVE-2011-4815</a>.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2013-0269";>CVE-2013-0269</a>
 
- -    <p>Thomas Hollstegge and Ben Murphy found that the JSON gem for Ruby
- -    allowed remote attackers to cause a denial of service (resource
- -    consumption) or bypass the mass assignment protection mechanism via
- -    a crafted JSON document that triggers the creation of arbitrary Ruby
- -    symbols or certain internal objects.</p>/li>
+    <p>ТомаÑ? ХоллÑ?Ñ?еге и Ð?ен Ð?Ñ?Ñ?Ñ?и обнаÑ?Ñ?жили, Ñ?Ñ?о модÑ?лÑ? JSON длÑ? Ruby
+    позволÑ?еÑ? Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленникам вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании (Ñ?Ñ?езмеÑ?ное поÑ?Ñ?ебление
+    Ñ?еÑ?Ñ?Ñ?Ñ?ов) или обÑ?одиÑ?Ñ? меÑ?анизм заÑ?иÑ?Ñ? маÑ?Ñ?овÑ?Ñ? назнаÑ?ений Ñ? помоÑ?Ñ?Ñ?
+    Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованного докÑ?менÑ?а JSON, пÑ?иводÑ?Ñ?его к Ñ?озданиÑ? пÑ?оизволÑ?нÑ?Ñ? Ñ?имволов
+    Ruby или опÑ?еделÑ?ннÑ?Ñ? внÑ?Ñ?Ñ?енниÑ? обÑ?екÑ?ов.</p>/li>
 
 </ul>
 
- -<p>For the squeeze distribution, theses vulnerabilities have been fixed in
- -version 1.9.2.0-2+deb6u5 of ruby1.9.1. We recommend that you upgrade
- -your ruby1.9.1 package.</p>
+<p>Ð? вÑ?пÑ?Ñ?ке squeeze Ñ?Ñ?и Ñ?Ñ?звимоÑ?Ñ?и бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 1.9.2.0-2+deb6u5 пакеÑ?а ruby1.9.1. РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ?
+пакеÑ? ruby1.9.1.</p>
 </define-tag>
 
 # do not modify the following line
- --- english/security/2015/dla-266.wml	2016-04-07 03:10:35.000000000 +0500
+++ russian/security/2015/dla-266.wml	2016-05-04 11:57:51.832786253 +0500
@@ -1,31 +1,32 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и LTS</define-tag>
 <define-tag moreinfo>
- -<p>This upload to Debian squeeze-lts fixes three issues found in the libxml2
- -package.</p>
+<p>Ð?аннаÑ? загÑ?Ñ?зка в Debian squeeze-lts иÑ?пÑ?авлÑ?еÑ? Ñ?Ñ?и пÑ?облемÑ?, обнаÑ?Ñ?женнÑ?е в пакеÑ?е
+libxml2.</p>
 
 <p>(1) <a href="https://security-tracker.debian.org/tracker/CVE-2015-1819";>CVE-2015-1819</a> / #782782</p>
 
- -<p>Florian Weimer from Red Hat reported an issue against libxml2, where a
- -parser which uses libxml2 chokes on a crafted XML document, allocating
- -gigabytes of data. This is a fine line issue between API misuse and a bug
- -in libxml2. This issue got addressed in libxml2 upstream and the patch
- -has been backported to libxml2 in squeeze-lts.</p>
+<p>ФлоÑ?иан Ð?аймеÑ? из Red Hat Ñ?ообÑ?ил о пÑ?облеме в libxml2, пÑ?и коÑ?оÑ?ой код
+длÑ? вÑ?полнениÑ? гÑ?аммаÑ?иÑ?еÑ?кого Ñ?азбоÑ?а, иÑ?полÑ?зÑ?Ñ?Ñ?ий Ñ?илÑ?Ñ?Ñ?Ñ? libxml2 длÑ? Ñ?абоÑ?Ñ? Ñ?о Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованнÑ?м докÑ?менÑ?ом XML, вÑ?делÑ?еÑ?
+неÑ?колÑ?ко гигобайÑ? даннÑ?Ñ?. ЭÑ?а пÑ?облема пÑ?едÑ?Ñ?авлÑ?еÑ? Ñ?обой Ñ?онкÑ?Ñ? гÑ?анÑ? междÑ? непÑ?авилÑ?нÑ?м иÑ?полÑ?зованием API и оÑ?ибкой
+в libxml2. Ð?Ñ?облема Ñ?еÑ?ена в оÑ?новной веÑ?ке Ñ?азÑ?абоÑ?ки libxml2, заплаÑ?а
+бÑ?ла адапÑ?иÑ?ована длÑ? libxml2 в squeeze-lts.</p>
 
 <p>(2) #782985</p>
 
- -<p>Jun Kokatsu reported an out-of-bounds memory access in libxml2. By
- -entering an unclosed html comment the libxml2 parser didn't stop parsing
- -at the end of the buffer, causing random memory to be included in the
- -parsed comment that was returned to the evoking application.</p>
- -
- -<p>In the Shopify application (where this issue was originally discovered),
- -this caused ruby objects from previous http requests to be disclosed in
- -the rendered page.</p>
+<p>Ð?жÑ?н Ð?окаÑ?Ñ?Ñ? Ñ?ообÑ?ил о доÑ?Ñ?Ñ?пе за пÑ?еделами вÑ?деленного бÑ?Ñ?еÑ?а памÑ?Ñ?и в libxml2. Ð?олÑ?Ñ?аÑ?
+незакÑ?Ñ?Ñ?Ñ?й комменÑ?аÑ?ий html, код гÑ?аммаÑ?иÑ?еÑ?кого Ñ?азбоÑ?а libxml2 не оÑ?Ñ?анавливаеÑ?Ñ?Ñ?
+в конÑ?е бÑ?Ñ?еÑ?а, Ñ?Ñ?о пÑ?иводиÑ? к доÑ?Ñ?Ñ?пÑ? к Ñ?лÑ?Ñ?айномÑ? Ñ?егионÑ? памÑ?Ñ?и, Ñ?одеÑ?жимое коÑ?оÑ?ого
+вклÑ?Ñ?аеÑ?Ñ?Ñ? в комменÑ?аÑ?ий, пеÑ?едаваемÑ?й пÑ?иложениÑ?.</p>
+
+<p>Ð? пÑ?иложении Shopify (в коÑ?оÑ?ом Ñ?Ñ?а пÑ?облема бÑ?ла изнаÑ?алÑ?но обнаÑ?Ñ?жена)
+Ñ?Ñ?о пÑ?иводиÑ? к Ñ?омÑ?, Ñ?Ñ?о обÑ?екÑ?Ñ? ruby из пÑ?едÑ?дÑ?Ñ?иÑ? запÑ?оÑ?ов http Ñ?аÑ?кÑ?Ñ?ваÑ?Ñ?Ñ?Ñ? в
+оÑ?Ñ?иÑ?овÑ?ваемой Ñ?Ñ?Ñ?аниÑ?е.</p>
 
 <p>(3) #783010</p>
 
- -<p>Michal Zalewski reported another out-of-bound reads issue in libxml2 that
- -did not cause any crashes but could be detected under ASAN and Valgrind.</p>
+<p>Ð?иÑ?ал Ð?алевÑ?ки Ñ?ообÑ?ил о Ñ?Ñ?ении за пÑ?еделами вÑ?деленного бÑ?Ñ?еÑ?а памÑ?Ñ?и в libxml2, коÑ?оÑ?Ñ?е
+не пÑ?иводиÑ? к аваÑ?ийнÑ?м оÑ?Ñ?ановкам, но можеÑ? бÑ?Ñ?Ñ? опÑ?еделÑ?н ASAN и Valgrind.</p>
 </define-tag>
 
 # do not modify the following line
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXKZ6GAAoJEF7nbuICFtKlDIcP/RmwS9Olr9gXkiEOef4B+9Ss
d5dOQMUbW1xUmQJ4kdTClUgBjy1ndqYaYyBFHMgMHIH4G2S05MwoY0OcRRZBI+Cp
thCAOIdALNN+HDWMFzroTEPOphgVUIjTrk0p1n241nNSWHE+nae0Mu8AJzU93GSp
LKh50vmdkK2uFHQnDnfYltGWztbx+2bRT9R1Ymzym9sEEWJLq1Y2p5PFH2cRUWU2
qcDcLT1H0gz+nSom2UHgT1GngzSE2NRarenaVn5P29Pd4KcLhW9gfAFoegcfZBwT
jc2j4BxZW9t77h3dazf4U/+F6h75s5KJG/SD3j78ZJ5HG0i0TZQ3ZHOeW5wg3Hai
60oL+DpxS/haiZHrzZwvZa/BjXnCob2lpiyXEmoQu7edm6NeI0tZX2N7zTieXJ63
Xi2rfoo6QtCyF76QXkKheuFA7N2Q4uLFARMcNNl9s4hf/NpDAHev10UeeNX93ytv
LxGUr3lXL1nb/kyCX7B6dQ1mNHuRCh+NzFmKlGUmVUp924+8g6DwhLEETfYWqIUQ
lEFfOaA/kvknFq3TSVEtc29uZMaSg/9k4vKO3DJR0R+MyefR49W17/ebVwGRObUo
bD5HUEkGGaeETkDMCYYTwAO2deLkN6qAep5QgCKKROZZIfrG+0ZedqgWmCnDJj9p
fJ3pE4WyqM/KZz2gpNQz
=HYPJ
-----END PGP SIGNATURE-----
Reply to: