[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[DONE] wml://security/2015/dla-2{64,35}.wml

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- english/security/2015/dla-235.wml	2016-04-08 00:21:20.000000000 +0500
+++ russian/security/2015/dla-235.wml	2016-05-07 23:44:47.499042695 +0500
@@ -1,48 +1,49 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и LTS</define-tag>
 <define-tag moreinfo>
 
 <ul>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2011-0188";>CVE-2011-0188</a>
 
- -    <p>The VpMemAlloc function in bigdecimal.c in the BigDecimal class in
- -    Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7
- -    and other platforms, does not properly allocate memory, which allows
- -    context-dependent attackers to execute arbitrary code or cause a
- -    denial of service (application crash) via vectors involving creation
- -    of a large BigDecimal value within a 64-bit process, related to an
- -    "integer truncation issue."</p></li>
+    <p>ФÑ?нкÑ?иÑ? VpMemAlloc в bigdecimal.c в клаÑ?Ñ?е BigDecimal в
+    Ruby веÑ?Ñ?ии 1.9.2-p136 или более Ñ?анниÑ?, коÑ?оÑ?Ñ?е иÑ?полÑ?зÑ?Ñ?Ñ?Ñ?Ñ? в Apple Mac OS X до веÑ?Ñ?ии 10.6.7
+    и на дÑ?Ñ?гиÑ? плаÑ?Ñ?оÑ?маÑ?, непÑ?авилÑ?но вÑ?делÑ?Ñ?Ñ? памÑ?Ñ?и, Ñ?Ñ?о позволÑ?еÑ?
+    злоÑ?мÑ?Ñ?ленникам в завиÑ?имоÑ?Ñ?и оÑ? конÑ?екÑ?Ñ?а вÑ?полнÑ?Ñ?Ñ? пÑ?оизволÑ?нÑ?й код или вÑ?зÑ?ваÑ?Ñ?
+    оÑ?каз в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка пÑ?иложениÑ?) Ñ?еÑ?ез векÑ?оÑ?Ñ?, вклÑ?Ñ?аÑ?Ñ?ие в Ñ?ебÑ? Ñ?оздание
+    болÑ?Ñ?ого знаÑ?ениÑ? BigDecimal в 64-биÑ?ном пÑ?оÑ?еÑ?Ñ?е, Ñ?вÑ?заннÑ?е Ñ?
+    <q>пÑ?облемой обÑ?езаниÑ? Ñ?елÑ?Ñ? Ñ?иÑ?ел</q>.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2011-2705";>CVE-2011-2705</a>
 
- -    <p>use upstream SVN r32050 to modify PRNG state to prevent random number
- -    sequence repeatation at forked child process which has same pid.
- -    Reported by Eric Wong.</p></li>
+    <p>Ð?Ñ?полÑ?зование SVN-Ñ?евизии r32050 длÑ? изменениÑ? Ñ?оÑ?Ñ?оÑ?ниÑ? PRNG Ñ? Ñ?елÑ?Ñ? пÑ?едоÑ?вÑ?аÑ?ениÑ? поÑ?Ñ?Ñ?оениÑ?
+    поÑ?ледоваÑ?елÑ?ноÑ?Ñ?и Ñ?лÑ?Ñ?айнÑ?Ñ? Ñ?иÑ?ел в доÑ?еÑ?нем пÑ?оÑ?еÑ?Ñ?е Ñ? Ñ?ем же иденÑ?иÑ?икаÑ?оÑ?ом.
+    Ð? пÑ?облеме Ñ?ообÑ?ил ЭÑ?ик Ð?онг.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2012-4522";>CVE-2012-4522</a>
 
- -    <p>The rb_get_path_check function in file.c in Ruby 1.9.3 before
- -    patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent
- -    attackers to create files in unexpected locations or with unexpected
- -    names via a NUL byte in a file path.</p></li>
+    <p>ФÑ?нкÑ?иÑ? rb_get_path_check в file.c в Ruby 1.9.3 до
+    обновлениÑ? 286 и Ruby 2.0.0 до r37163 позволÑ?еÑ? злоÑ?мÑ?Ñ?ленникам в завиÑ?имоÑ?Ñ?и
+    оÑ? конÑ?екÑ?Ñ?а Ñ?оздаваÑ?Ñ? Ñ?айлÑ? в неожиданнÑ?Ñ? меÑ?Ñ?аÑ? или Ñ? неожиданнÑ?ми
+    именами пÑ?и помоÑ?и NUL-байÑ?а в пÑ?Ñ?и к Ñ?айлÑ?.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2013-0256";>CVE-2013-0256</a>
 
- -    <p>darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before
- -    4.0.0.preview2.1, as used in Ruby, does not properly generate
- -    documents, which allows remote attackers to conduct cross-site
- -    scripting (XSS) attacks via a crafted URL.</p></li>
+    <p>darkfish.js в RDoc веÑ?Ñ?иÑ?Ñ? Ñ? 2.3.0 до 3.12 и веÑ?ке 4.x до
+    веÑ?Ñ?ии 4.0.0.preview2.1, иÑ?полÑ?зÑ?емÑ?Ñ? в Ruby, непÑ?авилÑ?но Ñ?оздаÑ?Ñ?
+    докÑ?менÑ?Ñ?, Ñ?Ñ?о позволÑ?еÑ? Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленникам вÑ?полнÑ?Ñ?Ñ? аÑ?аки по пÑ?инÑ?ипÑ? межÑ?айÑ?ового
+    Ñ?кÑ?ипÑ?инга (XSS) Ñ? помоÑ?Ñ?Ñ? Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованнÑ?Ñ? URL.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2013-2065";>CVE-2013-2065</a>
 
- -    <p>(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426,
- -    and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for
- -    native functions, which allows context-dependent attackers to bypass
- -    intended $SAFE level restrictions.</p></li>
+    <p>(1) DL и (2) Fiddle в Ruby в 1.9 до веÑ?Ñ?ии 1.9.3 Ñ?Ñ?овнÑ? обновлениÑ? 426,
+    и 2.0 до веÑ?Ñ?ии 2.0.0 Ñ?Ñ?овнÑ? обновлениÑ? 195 не вÑ?полнÑ?Ñ?Ñ? пÑ?овеÑ?кÑ? заÑ?ажениÑ? длÑ?
+    Ñ?однÑ?Ñ? Ñ?Ñ?нкÑ?ий, Ñ?Ñ?о позволÑ?еÑ? злоÑ?мÑ?Ñ?ленникам в завиÑ?имоÑ?Ñ?и оÑ? конÑ?екÑ?Ñ?а обÑ?одиÑ?Ñ?
+    Ñ?пеÑ?иалÑ?нÑ?е огÑ?аниÑ?ениÑ? Ñ?Ñ?овней $SAFE.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-1855";>CVE-2015-1855</a>
 
- -    <p>OpenSSL extension hostname matching implementation violates RFC 6125</p></li>
+    <p>РеализаÑ?иÑ? пÑ?овеÑ?ки Ñ?овпадениÑ? имÑ?н Ñ?злов в Ñ?аÑ?Ñ?иÑ?ении OpenSSL наÑ?Ñ?Ñ?аеÑ? RFC 6125</p></li>
 
 </ul>
 </define-tag>
- --- english/security/2015/dla-264.wml	2016-04-08 01:24:54.000000000 +0500
+++ russian/security/2015/dla-264.wml	2016-05-07 23:19:47.897909901 +0500
@@ -1,46 +1,47 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и LTS</define-tag>
 <define-tag moreinfo>
- -<p>John Lightsey discovered multiple vulnerabilities in Module::Signature,
- -a Perl module to manipulate CPAN SIGNATURE files. The Common
- -Vulnerabilities and Exposures project identifies the following problems:</p>
+<p>Ð?жон Ð?айÑ?Ñ?и обнаÑ?Ñ?жил многоÑ?иÑ?леннÑ?е Ñ?Ñ?звимоÑ?Ñ?и в Module::Signature,
+модÑ?ле Perl длÑ? Ñ?абоÑ?Ñ? Ñ? Ñ?айлами CPAN SIGNATURE. Ð?Ñ?оекÑ? Common
+Vulnerabilities and Exposures опÑ?еделÑ?еÑ? Ñ?ледÑ?Ñ?Ñ?ие пÑ?облемÑ?:</p>
 
 <ul>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-3406";>CVE-2015-3406</a>
 
- -    <p>Module::Signature could parse the unsigned portion of the SIGNATURE
- -    file as the signed portion due to incorrect handling of PGP signature
- -    boundaries.</p></li>
+    <p>Module::Signature можеÑ? вÑ?полнÑ?Ñ?Ñ? гÑ?аммаÑ?иÑ?еÑ?кий Ñ?азбоÑ? неподпиÑ?анной Ñ?аÑ?Ñ?и Ñ?айла
+    SIGNATURE как подпиÑ?анной Ñ?аÑ?Ñ?и из-за непÑ?авилÑ?ной обÑ?абоÑ?ки гÑ?аниÑ?
+    PGP-подпиÑ?и.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-3407";>CVE-2015-3407</a>
 
- -    <p>Module::Signature incorrectly handled files that are not listed in
- -    the SIGNATURE file. This includes some files in the t/ directory
- -    that would execute when tests are run.</p></li>
+    <p>Module::Signature непÑ?авилÑ?но обÑ?абаÑ?Ñ?ваеÑ? Ñ?айлÑ?, коÑ?оÑ?Ñ?е не Ñ?казанÑ? в
+    Ñ?айле SIGNATURE. ЭÑ?о вклÑ?Ñ?аеÑ? в Ñ?ебÑ? некоÑ?оÑ?Ñ?е Ñ?айлÑ? в каÑ?алоге t/,
+    коÑ?оÑ?Ñ?е бÑ?дÑ?Ñ? вÑ?полненÑ? пÑ?и запÑ?Ñ?ке Ñ?еÑ?Ñ?ов.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-3408";>CVE-2015-3408</a>
 
- -    <p>Module::Signature used two argument open() calls to read the files
- -    when generating checksums from the signed manifest. This allowed to
- -    embed arbitrary shell commands into the SIGNATURE file that would be
- -    executed during the signature verification process.</p></li>
+    <p>Module::Signature иÑ?полÑ?зÑ?еÑ? вÑ?зовÑ? open() Ñ? двÑ?мÑ? аÑ?гÑ?менÑ?ами длÑ? Ñ?Ñ?ениÑ? Ñ?айлов
+    пÑ?и Ñ?оздании конÑ?Ñ?олÑ?нÑ?Ñ? Ñ?Ñ?мм из подпиÑ?аннÑ?Ñ? деклаÑ?аÑ?ий. ЭÑ?о позволÑ?еÑ?
+    вÑ?Ñ?Ñ?аиваÑ?Ñ? пÑ?оизволÑ?нÑ?е командÑ? командной оболоÑ?ки в Ñ?айл SIGNATURE, коÑ?оÑ?Ñ?е бÑ?дÑ?Ñ?
+    вÑ?полненÑ? в пÑ?оÑ?еÑ?Ñ?е пÑ?овеÑ?ки подпиÑ?и.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-3409";>CVE-2015-3409</a>
 
- -    <p>Module::Signature incorrectly handled module loading, allowing to
- -    load modules from relative paths in @INC. A remote attacker
- -    providing a malicious module could use this issue to execute
- -    arbitrary code during signature verification.</p></li>
+    <p>Module::Signature непÑ?авилÑ?но обÑ?абаÑ?Ñ?ваеÑ? загÑ?Ñ?зкÑ? модÑ?лей, позволÑ?Ñ?
+    загÑ?Ñ?жаÑ?Ñ? модÑ?ли по оÑ?ноÑ?иÑ?елÑ?нÑ?м пÑ?Ñ?Ñ?м в @INC. УдалÑ?ннÑ?й злоÑ?мÑ?Ñ?ленник,
+    пÑ?едоÑ?Ñ?авивÑ?ий Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованнÑ?й модÑ?лÑ?, можеÑ? иÑ?полÑ?зоваÑ?Ñ? даннÑ?Ñ? пÑ?облемÑ?
+    длÑ? вÑ?полнениÑ? пÑ?оизволÑ?ного кода в пÑ?оÑ?еÑ?Ñ?е пÑ?овеÑ?ки подпиÑ?и.</p></li>
 
 </ul>
 
- -<p>For the squeeze distribution, these issues have been fixed in version
- -0.63-1+squeeze2 of libmodule-signature-perl. Please note that the
- -libtest-signature-perl package was also updated for compatibility with
- -the <a href="https://security-tracker.debian.org/tracker/CVE-2015-3407";>CVE-2015-3407</a> fix.</p>
+<p>Ð? вÑ?пÑ?Ñ?ке squeeze Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в веÑ?Ñ?ии
+0.63-1+squeeze2 пакеÑ? libmodule-signature-perl. Ð?амеÑ?Ñ?Ñ?е, Ñ?Ñ?о
+пакеÑ? libtest-signature-perl Ñ?оже бÑ?л обновлÑ?н Ñ? Ñ?елÑ?Ñ? обеÑ?пеÑ?ениÑ? Ñ?овмеÑ?Ñ?имоÑ?Ñ?и Ñ?
+иÑ?пÑ?авлением <a href="https://security-tracker.debian.org/tracker/CVE-2015-3407";>CVE-2015-3407</a>.</p>
 
- -<p>We recommend that you upgrade your libmodule-signature-perl and
- -libtest-signature-perl packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? libmodule-signature-perl и
+libtest-signature-perl.</p>
 </define-tag>
 
 # do not modify the following line
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXLjeiAAoJEF7nbuICFtKluoAP/1WDaUWoJRPdezFSOOucIrx4
JFIYrKagIPLjkrhRX3/JODfOSd79YSnoxo9BmQuh2MCABnEGKEMT9XPca2swH/gK
b9zaE1z7W6kxV/PNHUVvtTBNr2c7pcaqf1aM5Edu8T7GSCQVOlzPt35IdUUJ+pkW
iB3eyTxSv7GSG4akn7JPYHNp4347Yqmx95r4+Ph+XTcI09Ug4y1hg7viLe6rVHFR
LU3p5b3LRw4bceUhXfsWTfVe9WvK4DNElFxayFnJfkDri0gYbaPtbgznhVqehAaS
iNuP8Bg9l5ZTAuiued4lEDz9kHh5wH2x7D3lGpCPhf8ctQvIO1GVOdzMWz3HdO2J
jJhe4kHrBAoH7JJVNVObXsvxx4fdJtOOwe2rNskL5Bt7vFYLTXKF7ku27nMr40pS
xzqMhOaMzYY/dRiwqdrMhwqlyy6qhy1UFh/LEj24OTGT3uSbOyRm2bZ8Cwamn9+3
Axg0EPPTo7ql+2rwh8QFnEdRSwkXXm3PvNMnh96xNxDjxH+7cisVTl8oVXF72j68
5ghwyJzv4SSJl1tjQ0y5m3+oP5D/XIOd5UYK+lZlz4g31yBPtYeDCTIT78e/nZLe
+BZXGQMeRTQavyl67WPpoNO99h2kbHHkF+QqV3b0eXnyBjkfnCkCKRyxpIf2N+09
oBgvGvMyoh/ZY6JzpwhF
=ukfm
-----END PGP SIGNATURE-----
Reply to: