[DONE] wml://security/2015/dla-{298,301}.wml

[Lev Lamberov <dogsleg@debian.org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- english/security/2015/dla-298.wml	2016-04-08 01:24:54.000000000 +0500
+++ russian/security/2015/dla-298.wml	2016-05-04 12:06:52.691076659 +0500
@@ -1,24 +1,25 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и LTS</define-tag>
 <define-tag moreinfo>
 <ul>
    <li><a href="https://security-tracker.debian.org/tracker/CVE-2012-6130";>CVE-2012-6130</a>
- -     <p>Cross-site scripting (XSS) vulnerability in the history
- -     display in Roundup before 1.4.20 allows remote attackers
- -     to inject arbitrary web script or HTML via a username,
- -     related to generating a link.</p></li>
+     <p>Ð?ежÑ?айÑ?овÑ?й Ñ?кÑ?ипÑ?инг (XSS) в оÑ?обÑ?ажении иÑ?Ñ?оÑ?ии
+     в Roundup до веÑ?Ñ?ии 1.4.20 позволÑ?еÑ? Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленникам
+     вводиÑ?Ñ? пÑ?оизволÑ?нÑ?й веб-Ñ?Ñ?енаÑ?ий или код HTML Ñ? помоÑ?Ñ?Ñ? имени полÑ?зоваÑ?елÑ?,
+     Ñ?вÑ?занного Ñ? Ñ?оздаваемой Ñ?Ñ?Ñ?лкой.</p></li>
    <li><a href="https://security-tracker.debian.org/tracker/CVE-2012-6131";>CVE-2012-6131</a>
- -     <p>Cross-site scripting (XSS) vulnerability in cgi/client.py
- -     in Roundup before 1.4.20 allows remote attackers to inject
- -     arbitrary web script or HTML via the @action parameter to
+     <p>Ð?ежÑ?айÑ?овÑ?й Ñ?кÑ?ипÑ?инг (XSS) в cgi/client.py
+     в Roundup до веÑ?Ñ?ии 1.4.20 позволÑ?еÑ? Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленникам вводиÑ?Ñ?
+     пÑ?оизволÑ?нÑ?й веб-Ñ?Ñ?енаÑ?ий или код HTML Ñ? помоÑ?Ñ?Ñ? паÑ?амеÑ?Ñ?а @action в
      support/issue1.</p></li>
    <li><a href="https://security-tracker.debian.org/tracker/CVE-2012-6132";>CVE-2012-6132</a>
- -     <p>Cross-site scripting (XSS) vulnerability in Roundup before
- -     1.4.20 allows remote attackers to inject arbitrary web
- -     script or HTML via the otk parameter.</p></li>
+     <p>Ð?ежÑ?айÑ?овÑ?й Ñ?кÑ?ипÑ?инг (XSS) в Roundup до веÑ?Ñ?ии
+     1.4.20 позволÑ?еÑ? Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленникам вводиÑ?Ñ? пÑ?оизволÑ?нÑ?й веб-Ñ?Ñ?енаÑ?ий
+     или код HTML Ñ? помоÑ?Ñ?Ñ? паÑ?амеÑ?Ñ?а otk.</p></li>
    <li><a href="https://security-tracker.debian.org/tracker/CVE-2012-6133";>CVE-2012-6133</a>
- -     <p>XSS flaws in ok and error messages
- -     We solve this differently from the proposals in the bug-report
- -     by not allowing *any* html-tags in ok/error messages anymore.</p></li>
+     <p>УÑ?звимоÑ?Ñ?и XSS в Ñ?ообÑ?ениÑ?Ñ? ok и error.
+     УказаннÑ?е пÑ?облемÑ? иÑ?пÑ?авленÑ? дÑ?Ñ?гим Ñ?поÑ?обом, не Ñ?ем, коÑ?оÑ?Ñ?й бÑ?л пÑ?едложен в Ñ?ообÑ?ении об оÑ?ибке.
+     Ð?Ñ?ибки иÑ?пÑ?авленÑ? пÑ?Ñ?Ñ?м запÑ?еÑ?а *лÑ?бÑ?Ñ?* html-Ñ?егов в Ñ?ообÑ?ениÑ?Ñ? ok/error.</p></li>
 </ul>
 </define-tag>
 
- --- english/security/2015/dla-301.wml	2016-04-07 03:10:35.000000000 +0500
+++ russian/security/2015/dla-301.wml	2016-05-04 12:12:37.579765607 +0500
@@ -1,28 +1,29 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и LTS</define-tag>
 <define-tag moreinfo>
- -<p>Denial-of-service possibility in logout() view by filling session store</p>
+<p>Ð?озможнÑ?й оÑ?каз в обÑ?лÑ?живании в виде logout() из-за заполнениÑ? Ñ?Ñ?анилиÑ?а Ñ?еÑ?Ñ?ии.</p>
 
- -<p>Previously, a session could be created when anonymously accessing the
- -django.contrib.auth.views.logout view (provided it wasn't decorated with
- -django.contrib.auth.decorators.login_required as done in the admin). This
- -could allow an attacker to easily create many new session records by
- -sending repeated requests, potentially filling up the session store or
- -causing other users' session records to be evicted.</p>
+<p>Ранее Ñ?еÑ?Ñ?иÑ? Ñ?оздавалаÑ?Ñ? пÑ?и анонимном обÑ?аÑ?ении к
+видÑ? django.contrib.auth.views.logout (Ñ?Ñ?иÑ?Ñ?ваÑ?, Ñ?Ñ?о Ñ?Ñ?оÑ? вид не декоÑ?иÑ?овалÑ?Ñ?
+django.contrib.auth.decorators.login_required как на Ñ?Ñ?Ñ?аниÑ?е админиÑ?Ñ?Ñ?аÑ?оÑ?а). ЭÑ?о
+позволÑ?ло злоÑ?мÑ?Ñ?ленникÑ? легко Ñ?оздаваÑ?Ñ? много новÑ?Ñ? запиÑ?ей Ñ?еÑ?Ñ?ии пÑ?Ñ?Ñ?м
+оÑ?пÑ?авки повÑ?оÑ?нÑ?Ñ? запÑ?оÑ?ов, Ñ?Ñ?о поÑ?енÑ?иалÑ?но заполнÑ?еÑ? Ñ?Ñ?анилиÑ?е Ñ?еÑ?Ñ?ии или
+пÑ?иводиÑ? к Ñ?далениÑ? Ñ?еÑ?Ñ?ионнÑ?Ñ? запиÑ?ей дÑ?Ñ?гиÑ? полÑ?зоваÑ?елей.</p>
 
- -<p>The django.contrib.sessions.middleware.SessionMiddleware has been modified
- -to no longer create empty session records.</p>
+<p>django.contrib.sessions.middleware.SessionMiddleware бÑ?л изменÑ?н
+Ñ?ак, Ñ?Ñ?обÑ? пÑ?Ñ?Ñ?Ñ?е Ñ?еÑ?Ñ?ионнÑ?е запиÑ?и более не Ñ?оздавалиÑ?Ñ?.</p>
 
- -<p>This portion of the fix has been assigned <a href="https://security-tracker.debian.org/tracker/CVE-2015-5963";>CVE-2015-5963</a>.</p>
+<p>Ð?аннаÑ? Ñ?аÑ?Ñ?Ñ? иÑ?пÑ?авлениÑ? полÑ?Ñ?ила иденÑ?иÑ?икаÑ?оÑ? <a href="https://security-tracker.debian.org/tracker/CVE-2015-5963";>CVE-2015-5963</a>.</p>
 
- -<p>Additionally, the contrib.sessions.backends.base.SessionBase.flush() and
- -cache_db.SessionStore.flush() methods have been modified to avoid creating
- -a new empty session. Maintainers of third-party session backends should
- -check if the same vulnerability is present in their backend and correct it
- -if so.</p>
+<p>Ð?Ñ?оме Ñ?ого, меÑ?одÑ? contrib.sessions.backends.base.SessionBase.flush() и
+cache_db.SessionStore.flush() бÑ?ли измененÑ? Ñ?ак, Ñ?Ñ?обÑ? Ñ?оздание новой пÑ?Ñ?Ñ?ой Ñ?еÑ?Ñ?ии
+не пÑ?оиÑ?Ñ?одило. СопÑ?овождаÑ?Ñ?им Ñ?Ñ?оÑ?онниÑ? Ñ?еÑ?Ñ?ионнÑ?Ñ? движков Ñ?ледÑ?еÑ?
+пÑ?овеÑ?иÑ?Ñ? налиÑ?ие Ñ?акой же Ñ?Ñ?звимоÑ?Ñ?и в иÑ? движке, а пÑ?и еÑ? налиÑ?ии иÑ?пÑ?авиÑ?Ñ?
+пÑ?облемÑ?.</p>
 
- -<p>This portion of the fix has been assigned <a href="https://security-tracker.debian.org/tracker/CVE-2015-5964";>CVE-2015-5964</a>.</p>
+<p>Ð?аннаÑ? Ñ?аÑ?Ñ?Ñ? иÑ?пÑ?авлениÑ? полÑ?Ñ?ила иденÑ?иÑ?икаÑ?оÑ? <a href="https://security-tracker.debian.org/tracker/CVE-2015-5964";>CVE-2015-5964</a>.</p>
 
- -<p>We recommend that you upgrade your python-django packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? python-django.</p>
 </define-tag>
 
 # do not modify the following line
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXKaDoAAoJEF7nbuICFtKlXPcQAIPoGv1KBtIaRF3NIbHFS9mX
z+VIHD45fL/Tn1YnnJFp5QHEuHwJb2OZCY0sghepFMbHFFe6fYtPZWuT0tVJq2an
pscp9DK182dC6Ozmlez4rKrqISncwv0ozhwu1EEAzJWyCQ/ZuBI4Dzvp6TyIqn/3
bzTclGcj5Vnul6d0gPRHj9V29rxR5dW0z968iKs3PK1TDXJDvu0QIkyFXatTMcYE
y2FHINcJTNcGOHVT5cZ2k510ebWcgseENZcJUy3MYzgv/2G2SwSBk9U12JlSeszU
NGE19844yGYI4Dx9mH4EfJSZ907CRrI74BCejjBeOHWLXZiY2Yuvdg1ch38LMwRr
L4s55o8dTYA02zTaS6V5J2hJGHeRfQXLqrlrRgoXnqOLY7E2WW7XeBwsZtCo1Fdm
2fHNkUJqlPOKn9XS+8dD6gVvmI0zsCegdVydmSfdjpIboSXri4ZXkzgsH7mkC9Mx
KmhQlHTQxtoyf8w4nj1P6yXRFjqEKbjcRh1BZMAshGtcmRyBJogLC0k8DWHhCzrZ
3jiEThnoeblFYPTzfkDbmDoTxbup10mTFjPjIjHJ9+UhWPiqATcWvlnx0TAnJDRX
WkQA5zXESvN1u3H6bUoPKCitx5Z+K6JY/Q/qB1msH4+aJUDdPXeg8bJgTQqCobT/
99tqpFffzB6u1cNOalD7
=5rWl
-----END PGP SIGNATURE-----