[DONE] wml://{security/2015/dla-236.wml}
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- --- english/security/2015/dla-236.wml 2016-04-08 01:24:53.000000000 +0500
+++ russian/security/2015/dla-236.wml 2016-06-03 23:58:30.874968080 +0500
@@ -1,83 +1,84 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и LTS</define-tag>
<define-tag moreinfo>
- -<p>In the Debian squeeze-lts version of Wordpress, multiple security issues
- -have been fixed:</p>
+<p>Ð? веÑ?Ñ?ии Wordpress в Debian squeeze-lts бÑ?ли иÑ?пÑ?авленÑ? многоÑ?иÑ?леннÑ?е пÑ?облемÑ?
+безопаÑ?ноÑ?Ñ?и:</p>
- - <p>Remote attackers could...</p>
+ <p>УдалÑ?ннÑ?е злоÑ?мÑ?Ñ?ленники могÑ?Ñ?...</p>
<ul>
- - <li> ... upload files with invalid or unsafe names</li>
- - <li> ... mount social engineering attacks</li>
- - <li> ... compromise a site via cross-site scripting</li>
- - <li> ... inject SQL commands</li>
- - <li> ... cause denial of service or information disclosure</li>
+ <li> ... загÑ?Ñ?жаÑ?Ñ? Ñ?айлÑ? Ñ? некоÑ?Ñ?екÑ?нÑ?ми или небезопаÑ?нÑ?ми именами</li>
+ <li> ... вÑ?полнÑ?Ñ?Ñ? аÑ?аки по пÑ?инÑ?ипÑ? Ñ?оÑ?иалÑ?ной инжинеÑ?ии</li>
+ <li> ... компÑ?омеÑ?иÑ?оваÑ?Ñ? Ñ?айÑ? Ñ?еÑ?ез межÑ?айÑ?овÑ?й Ñ?кÑ?ипÑ?инг</li>
+ <li> ... вводиÑ?Ñ? командÑ? SQL</li>
+ <li> ... вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании или Ñ?аÑ?кÑ?Ñ?Ñ?ие инÑ?оÑ?маÑ?ии</li>
</ul>
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2014-9031";>CVE-2014-9031</a>
- - <p>Jouko Pynnonen discovered an unauthenticated cross site scripting
- - vulnerability (XSS) in wptexturize(), exploitable via comments or
- - posts.</p></li>
+ <p>Ð?оÑ?ко Ð?Ñ?ннÑ?нен обнаÑ?Ñ?жил неавÑ?оÑ?изованнÑ?й межÑ?айÑ?овÑ?й Ñ?кÑ?ипÑ?инг
+ (XSS) в wptexturize(), коÑ?оÑ?Ñ?й можно иÑ?полÑ?зоваÑ?Ñ? Ñ?еÑ?ез комменÑ?аÑ?ии или
+ Ñ?ообÑ?ениÑ?.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2014-9033";>CVE-2014-9033</a>
- - <p>Cross site request forgery (CSRF) vulnerability in the password
- - changing process, which could be used by an attacker to trick an user
- - into changing her password.</p></li>
+ <p>Ð?одделка межÑ?айÑ?овÑ?Ñ? запÑ?оÑ?ов (CSRF) в пÑ?оÑ?еÑ?Ñ?е Ñ?менÑ?
+ паÑ?олÑ?, коÑ?оÑ?аÑ? можеÑ? иÑ?полÑ?зоваÑ?Ñ? злоÑ?мÑ?Ñ?ленником длÑ? Ñ?ого, Ñ?Ñ?обÑ? обманнÑ?м обÑ?азом заÑ?Ñ?авиÑ?Ñ? полÑ?зоваÑ?елÑ?
+ Ñ?мениÑ?Ñ? паÑ?олÑ?.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2014-9034";>CVE-2014-9034</a>
- - <p>Javier Nieto Arevalo and Andres Rojas Guerrero reported a potential
- - denial of service in the way the phpass library is used to handle
- - passwords, since no maximum password length was set.</p></li>
+ <p>ХавÑ?еÑ? Ð?иеÑ?о Ð?Ñ?евало и Ð?ндÑ?еÑ? РоÑ?аÑ? Ð?Ñ?еÑ?Ñ?еÑ?о Ñ?ообÑ?или о поÑ?енÑ?иалÑ?ном
+ оÑ?казе в обÑ?лÑ?живании в Ñ?поÑ?обе, иÑ?полÑ?зÑ?емом библиоÑ?екой phpass длÑ? обÑ?абоÑ?ки
+ паÑ?олей, поÑ?колÑ?кÑ? не Ñ?Ñ?Ñ?ановлена макÑ?ималÑ?наÑ? длина паÑ?олÑ?.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2014-9035";>CVE-2014-9035</a>
- - <p>John Blackbourn reported an XSS in the <q>Press This</q> function (used
- - for quick publishing using a browser <q>bookmarklet</q>).</p></li>
+ <p>Ð?жон Ð?лÑ?кбеÑ?н Ñ?ообÑ?ил об XSS в Ñ?Ñ?нкÑ?ии <q>Ð?ажмиÑ?е здеÑ?Ñ?</q> (иÑ?полÑ?зÑ?еÑ?Ñ?Ñ?
+ длÑ? бÑ?Ñ?Ñ?Ñ?ой пÑ?бликаÑ?ии, иÑ?полÑ?зÑ?Ñ? бÑ?аÑ?зеÑ? <q>bookmarklet</q>).</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2014-9036";>CVE-2014-9036</a>
- - <p>Robert Chapin reported an XSS in the HTML filtering of CSS in posts.</p></li>
+ <p>РобеÑ?Ñ? Чаплин Ñ?ообÑ?ил об XSS в Ñ?илÑ?Ñ?Ñ?аÑ?ии CSS в Ñ?ообÑ?ениÑ?Ñ?.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2014-9037";>CVE-2014-9037</a>
- - <p>David Anderson reported a hash comparison vulnerability for passwords
- - stored using the old-style MD5 scheme. While unlikely, this could be
- - exploited to compromise an account, if the user had not logged in
- - after a Wordpress 2.5 update (uploaded to Debian on 2 Apr, 2008) and
- - the password MD5 hash could be collided with due to PHP dynamic
- - comparison.</p></li>
+ <p>Ð?Ñ?вид Ð?ндеÑ?Ñ?он Ñ?ообÑ?ил об Ñ?Ñ?звимоÑ?Ñ?и Ñ?Ñ?авнениÑ? Ñ?еÑ?ей длÑ? паÑ?олей,
+ Ñ?оÑ?Ñ?анÑ?ннÑ?Ñ? по Ñ?Ñ?аÑ?ой Ñ?Ñ?еме MD5. ХоÑ?Ñ? Ñ?Ñ?о и маловеÑ?оÑ?Ñ?но, Ñ?Ñ?о можеÑ?
+ иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ? длÑ? компÑ?омеÑ?аÑ?ии Ñ?Ñ?Ñ?Ñ?ной запиÑ?и в Ñ?ом Ñ?лÑ?Ñ?ае, еÑ?ли полÑ?зоваÑ?елÑ? не вÑ?полнÑ?л вÑ?од
+ поÑ?ле обновлениÑ? Wordpress 2.5 (обновление в Debian пÑ?оизведено 2 апÑ?елÑ? 2008 года),
+ Ñ?Ñ?олкновение MD5-Ñ?еÑ?ей паÑ?олей можеÑ? пÑ?оизойÑ?и из-за динамиÑ?еÑ?кого Ñ?Ñ?авнениÑ?
+ в PHP.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2014-9038";>CVE-2014-9038</a>
- - <p>Ben Bidner reported a server side request forgery (SSRF) in the core
- - HTTP layer which unsufficiently blocked the loopback IP address
- - space.</p></li>
+ <p>Ð?ен Ð?иднеÑ? Ñ?ообÑ?ил о подделке запÑ?оÑ?ов на Ñ?Ñ?оÑ?оне Ñ?еÑ?веÑ?а (SSRF) в базовой
+ пÑ?оÑ?лойке HTTP, коÑ?оÑ?аÑ? недоÑ?Ñ?аÑ?оÑ?ной блокиÑ?Ñ?еÑ? пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?во IP адÑ?еÑ?а
+ пеÑ?левого инÑ?еÑ?Ñ?ейÑ?а.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2014-9039";>CVE-2014-9039</a>
- - <p>Momen Bassel, Tanoy Bose, and Bojan Slavkovic reported a
- - vulnerability in the password reset process: an email address change
- - would not invalidate a previous password reset email.</p></li>
+ <p>Ð?оменÑ? Ð?аÑ?Ñ?елÑ?, Таной Ð?оÑ?е и Ð?ойан СлавковиÑ? Ñ?ообÑ?или об
+ Ñ?Ñ?звимоÑ?Ñ?и в пÑ?оÑ?еÑ?Ñ?е Ñ?бÑ?оÑ?а паÑ?олÑ?: изменение адÑ?еÑ?а Ñ?лекÑ?Ñ?онной поÑ?Ñ?Ñ?
+ не пÑ?иводиÑ? к оÑ?мене Ñ?абоÑ?оÑ?поÑ?обноÑ?Ñ?и пÑ?едÑ?дÑ?Ñ?его Ñ?ообÑ?ениÑ? о Ñ?бÑ?оÑ?е паÑ?олÑ?.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-3438";>CVE-2015-3438</a>
- - <p>Cedric Van Bockhaven reported and Gary Pendergast, Mike Adams, and Andrew Nacin of the
- - WordPress security team fixed a cross-site-scripting vulnerabilitity, which could enable anonymous users
- - to compromise a site.</p></li>
+ <p>СедÑ?ик Ð?ан Ð?окÑ?Ñ?йвен Ñ?ообÑ?ил, а Ð?Ñ?Ñ?и Ð?ендеÑ?гаÑ?Ñ?, Ð?айк Ð?дамÑ? и ÐндÑ?Ñ? Ð?акин из
+ командÑ? безопаÑ?ноÑ?Ñ?и WordPress иÑ?пÑ?авили межÑ?айÑ?овÑ?й Ñ?кÑ?ипÑ?инг, коÑ?оÑ?Ñ?й позволÑ?еÑ? анонимнÑ?м полÑ?зоваÑ?елÑ?м
+ компÑ?омеÑ?иÑ?оваÑ?Ñ? Ñ?айÑ?.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-3439";>CVE-2015-3439</a>
- - <p>Jakub Zoczek discovered a very limited cross-site scripting
- - vulnerability, that could be used as part of a social engineering
- - attack.</p></li>
+ <p>ЯкÑ?б Ð?ожек обнаÑ?Ñ?жил оÑ?енÑ? огÑ?аниÑ?еннÑ?й межÑ?айÑ?овÑ?й Ñ?кÑ?ипÑ?инг,
+ коÑ?оÑ?Ñ?е можеÑ? иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ? в каÑ?еÑ?Ñ?ве Ñ?аÑ?Ñ?и аÑ?аки по пÑ?инÑ?ипÑ?
+ Ñ?оÑ?иалÑ?ной инжинеÑ?ии.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-3440";>CVE-2015-3440</a>
- - <p>Jouko Pynnönen discovered a cross-site scripting vulnerability,
- - which could enable commenters to compromise a site.</p></li>
+ <p>Ð?оÑ?ко Ð?Ñ?ннÑ?нен обнаÑ?Ñ?жил межÑ?айÑ?овÑ?й Ñ?кÑ?ипÑ?инг,
+ коÑ?оÑ?Ñ?й можеÑ? позволиÑ?Ñ? комменÑ?аÑ?оÑ?ам компÑ?омеÑ?иÑ?оваÑ?Ñ? Ñ?айÑ?.</p></li>
</ul>
</define-tag>
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXUdNbAAoJEF7nbuICFtKlHSwP/iOcDzWXoSjpIYdlqk9zfLOE
SdPjP2Puli4M719G9g1AxW+Pp4U55S3Icyu89YRWuP63/b83kPQIzJCp6KJF0oir
3SP2WxfadgrEN5PpWIU327EcIb0UshIgn7GsW5e0TTltciaIS5IusRADv/HBt1Qr
JhyP0Ioaqun7mnKtzKTOePVOYGvA52i9pR3ozU3MTwFtAOypsmcK4/X5xCzDxlIJ
7zeeFgWyL/BuYJA9eZITjQykyo9QiKkmSh+ThJ0pQT4+UwtKBFA/Mo0UseO+FBMk
ZHBubCXwRMoV/wgTt56YeoME7c7e1IpL7rZX6/fog/8nopIwK40OdZKkJBUttmT2
s2lCZyQFVBGuYxR8hO0oQzPGon1X923jbGvRBJWK4OJwjw2F9WzhHbXkdSZg6eif
nTYplyab/N4v7IuDPJ2U/aY29AQQixihiQjlwD0mS1AIsI4wmgzE2vMZsQYZSmVx
Jri3g+DbMtiwkIZ0kP6GpV7YNPShsNrtl5TantbGluLU3imE5jbRnf6VyPbecD+5
ArpUVXm3CJ86tcmLfzVIjyobipf5fj64fVr7F9H5A8bda7upz3w28hxg7z+5SXEx
1rvHcLAFTpVvI7ZWo7SeHxltBepAcvqpx7IUe7sTjiDsD4VMDADZhxsLr9yQpqAU
bOahbXGOxg77YzXAXqvk
=12wc
-----END PGP SIGNATURE-----
Reply to: