[DONE] wml://{security/2015/dla-251.wml}

[Lev Lamberov <dogsleg@debian.org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- english/security/2015/dla-251.wml	2016-04-08 00:21:20.000000000 +0500
+++ russian/security/2015/dla-251.wml	2016-06-04 00:12:02.810580472 +0500
@@ -1,76 +1,77 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и LTS</define-tag>
 <define-tag moreinfo>
- -<p>The previous zendframework upload incorrectly fixes <a href="https://security-tracker.debian.org/tracker/CVE-2015-3154";>CVE-2015-3154</a>,
- -causing a regression. This update corrects this problem. Thanks to
- -Ð?вгений Смолин (Evgeny Smolin).</p>
+<p>Ð? пÑ?едÑ?дÑ?Ñ?ей загÑ?Ñ?зке zendframework Ñ?одеÑ?жалоÑ?Ñ? непÑ?авилÑ?ное иÑ?пÑ?авление <a href="https://security-tracker.debian.org/tracker/CVE-2015-3154";>CVE-2015-3154</a>,
+вÑ?зÑ?ваÑ?Ñ?ее Ñ?егÑ?еÑ?Ñ?. Ð?анное обновление иÑ?пÑ?авлÑ?еÑ? Ñ?Ñ?Ñ? пÑ?облемÑ?. Ð?лагодаÑ?им
+Ð?вгениÑ? Смолина.</p>
 
 <ul>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2012-6531";>CVE-2012-6531</a>
 
- -    <p>Pádraic Brady identified a weakness to handle the SimpleXMLElement
- -    zendframework class, allowing to remote attackers to read arbitrary
- -    files or create TCP connections via an XML external entity (XXE)
- -    injection attack.</p></li>
+    <p>Ð?Ñ?дÑ?Ñ?к Ð?Ñ?Ñ?йди обнаÑ?Ñ?жил Ñ?Ñ?звимоÑ?Ñ?Ñ? в обÑ?абоÑ?ке клаÑ?Ñ?а SimpleXMLElement,
+    позволÑ?Ñ?Ñ?Ñ?Ñ? Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленникам Ñ?Ñ?иÑ?Ñ?ваÑ?Ñ? пÑ?оизволÑ?нÑ?е
+    Ñ?айлÑ? или Ñ?оздаваÑ?Ñ? TCP-Ñ?оединениÑ? Ñ?еÑ?ез инÑ?екÑ?иÑ? внеÑ?ней
+    Ñ?Ñ?Ñ?ноÑ?Ñ?и XML (XXE).</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2012-6532";>CVE-2012-6532</a>
 
- -    <p>Pádraic Brady found that remote attackers could cause a denial of
- -    service by CPU consumption, via recursive or circular references
- -    through an XML entity expansion (XEE) attack.</p></li>
+    <p>Ð?Ñ?дÑ?Ñ?к Ð?Ñ?Ñ?йди обнаÑ?Ñ?жил, Ñ?Ñ?о Ñ?далÑ?ннÑ?е злоÑ?мÑ?Ñ?ленники могÑ?Ñ? вÑ?зваÑ?Ñ? оÑ?каз в
+    обÑ?лÑ?живании из-за Ñ?Ñ?езмеÑ?ного поÑ?Ñ?еблениÑ? Ñ?еÑ?Ñ?Ñ?Ñ?ов ЦÐ? Ñ? помоÑ?Ñ?Ñ? Ñ?екÑ?Ñ?Ñ?ивнÑ?Ñ? или кÑ?Ñ?говÑ?Ñ? Ñ?Ñ?Ñ?лок
+    Ñ?еÑ?ез Ñ?аÑ?кÑ?Ñ?Ñ?ие Ñ?Ñ?Ñ?ноÑ?Ñ?и XML (XEE).</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2014-2681";>CVE-2014-2681</a>
 
- -    <p>Lukas Reschke reported a lack of protection against XML External
- -    Entity injection attacks in some functions. This fix extends the
- -    incomplete one from <a href="https://security-tracker.debian.org/tracker/CVE-2012-5657";>CVE-2012-5657</a>.</p></li>
+    <p>Ð?Ñ?каÑ? РеÑ?ке Ñ?ообÑ?ил об оÑ?Ñ?Ñ?Ñ?Ñ?Ñ?вии заÑ?иÑ?Ñ? оÑ? инÑ?екÑ?ии внеÑ?ниÑ?
+    Ñ?Ñ?Ñ?ноÑ?Ñ?ей XML в некоÑ?оÑ?Ñ?Ñ? Ñ?Ñ?нкÑ?иÑ?Ñ?. Ð?анное иÑ?пÑ?авление дополнÑ?еÑ?
+    неполное иÑ?пÑ?авление <a href="https://security-tracker.debian.org/tracker/CVE-2012-5657";>CVE-2012-5657</a>.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2014-2682";>CVE-2014-2682</a>
 
- -    <p>Lukas Reschke reported a failure to consider that the
- -    libxml_disable_entity_loader setting is shared among threads in the
- -    PHP-FPM case. This fix extends the incomplete one from
+    <p>Ð?Ñ?каÑ? РеÑ?ке Ñ?ообÑ?ил об оÑ?ибке пÑ?овеÑ?ке Ñ?ого, Ñ?Ñ?о
+    опÑ?иÑ? libxml_disable_entity_loader Ñ?азделÑ?еÑ?Ñ?Ñ? неÑ?колÑ?кими поÑ?оками в
+    Ñ?лÑ?Ñ?ае иÑ?полÑ?зованиÑ? PHP-FPM. Ð?анное иÑ?пÑ?авление дополнÑ?еÑ? неполное иÑ?пÑ?авление
     <a href="https://security-tracker.debian.org/tracker/CVE-2012-5657";>CVE-2012-5657</a>.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2014-2683";>CVE-2014-2683</a>
 
- -    <p>Lukas Reschke reported a lack of protection against XML Entity
- -    Expansion attacks in some functions. This fix extends the incomplete
- -    one from <a href="https://security-tracker.debian.org/tracker/CVE-2012-6532";>CVE-2012-6532</a>.</p></li>
+    <p>Ð?Ñ?каÑ? РеÑ?ке Ñ?ообÑ?ил об оÑ?Ñ?Ñ?Ñ?Ñ?Ñ?вии заÑ?иÑ?Ñ? оÑ? Ñ?аÑ?кÑ?Ñ?Ñ?иÑ? Ñ?Ñ?Ñ?ноÑ?Ñ?ей XML
+    в некоÑ?оÑ?Ñ?Ñ? Ñ?Ñ?нкÑ?иÑ?Ñ?. Ð?анное иÑ?пÑ?авление дополнÑ?еÑ? неполное
+    иÑ?пÑ?авление <a href="https://security-tracker.debian.org/tracker/CVE-2012-6532";>CVE-2012-6532</a>.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2014-2684";>CVE-2014-2684</a>
 
- -    <p>Christian Mainka and Vladislav Mladenov from the Ruhr-University
- -    Bochum reported an error in the consumer's verify method that lead
- -    to acceptance of wrongly sourced tokens.</p></li>
+    <p>Ð?Ñ?иÑ?Ñ?иан Ð?аиника и Ð?ладиÑ?лав Ð?ладенов из Ð Ñ?Ñ?Ñ?кого Ñ?нивеÑ?Ñ?иÑ?еÑ?а
+    Ñ?ообÑ?или об оÑ?ибке в меÑ?оде пÑ?овеÑ?ки покÑ?паÑ?елÑ?, коÑ?оÑ?аÑ? пÑ?иводиÑ?
+    к пÑ?инÑ?Ñ?иÑ? Ñ?окенов оÑ? непÑ?авилÑ?нÑ?Ñ? иÑ?Ñ?оÑ?ников.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2014-2685";>CVE-2014-2685</a>
 
- -    <p>Christian Mainka and Vladislav Mladenov from the Ruhr-University
- -    Bochum reported a specification violation in which signing of a
- -    single parameter is incorrectly considered sufficient.</p></li>
+    <p>Ð?Ñ?иÑ?Ñ?иан Ð?аиника и Ð?ладиÑ?лав Ð?ладенов из Ð Ñ?Ñ?Ñ?кого Ñ?нивеÑ?Ñ?иÑ?еÑ?а
+    Ñ?ообÑ?или о наÑ?Ñ?Ñ?ении Ñ?пеÑ?иÑ?икаÑ?ии, в коÑ?оÑ?ом подпиÑ?Ñ?
+    единÑ?Ñ?венного паÑ?амеÑ?Ñ?а оÑ?ибоÑ?но Ñ?Ñ?иÑ?аеÑ?Ñ?Ñ? доÑ?Ñ?аÑ?оÑ?ной.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2014-4914";>CVE-2014-4914</a>
 
- -    <p>Cassiano Dal Pizzol discovered that the implementation of the ORDER
- -    BY SQL statement in Zend_Db_Select contains a potential SQL
- -    injection when the query string passed contains parentheses.</p></li>
+    <p>Ð?аÑ?Ñ?иано Ð?ал Ð?иÑ?Ñ?ол обнаÑ?Ñ?жил, Ñ?Ñ?о Ñ?еализаÑ?иÑ? SQL-Ñ?Ñ?веÑ?ждениÑ? ORDER
+    BY в Zend_Db_Select Ñ?одеÑ?жиÑ? поÑ?енÑ?иалÑ?нÑ?Ñ? SQL-инÑ?екÑ?иÑ? в Ñ?лÑ?Ñ?ае
+    пеÑ?едаÑ?и Ñ?Ñ?Ñ?оки запÑ?оÑ?а, Ñ?одеÑ?жаÑ?ей Ñ?кобки.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2014-8088";>CVE-2014-8088</a>
 
- -    <p>Yury Dyachenko at Positive Research Center identified potential XML
- -    eXternal Entity injection vectors due to insecure usage of PHP's DOM
- -    extension.</p></li>
+    <p>ЮÑ?ий Ð?Ñ?Ñ?Ñ?енко из Positive Research Center обнаÑ?Ñ?жил поÑ?енÑ?иалÑ?нÑ?Ñ? инÑ?екÑ?иÑ?
+    внеÑ?ней Ñ?Ñ?Ñ?ноÑ?Ñ?и XML из-за небезопаÑ?ного иÑ?полÑ?зованиÑ? Ñ?аÑ?Ñ?иÑ?ениÑ? DOM
+    длÑ? PHP.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2014-8089";>CVE-2014-8089</a>
 
- -    <p>Jonas Sandström discovered an SQL injection vector when manually
- -    quoting value for sqlsrv extension, using null byte.</p></li>
+    <p>Ð?онаÑ? СандÑ?Ñ?Ñ?Ñ?м обнаÑ?Ñ?жил SQL-инÑ?екÑ?иÑ? пÑ?и Ñ?Ñ?Ñ?ном закавÑ?Ñ?ивании
+    знаÑ?ениÑ? длÑ? Ñ?аÑ?Ñ?иÑ?ениÑ? sqlsrv, иÑ?полÑ?зÑ?Ñ? null-байÑ?.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-3154";>CVE-2015-3154</a>
 
- -    <p>Filippo Tessarotto and Maks3w reported potential CRLF injection
- -    attacks in mail and HTTP headers.</p></li>
+    <p>Филиппо ТеÑ?Ñ?аÑ?оÑ?Ñ?о и Maks3w Ñ?ообÑ?или о поÑ?енÑ?иалÑ?но инÑ?екÑ?ии CRLF
+    в Ñ?ообÑ?ениÑ?Ñ? Ñ?лекÑ?Ñ?онной поÑ?Ñ?Ñ? и заголовкаÑ? HTTP.</p></li>
 
 </ul>
 </define-tag>
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXUdaGAAoJEF7nbuICFtKl7m4P+gJKnki7d4GsSQMRpz5tWDIb
1Ft1Cjjd0CrKih5Kwb7NTlJFT7Hp5MtijCbbE06VHRFjLozU9hPB/uCnHSbsuNw9
klWjwVrd/N124sWOvSv6omxA/fnxCTYEd6n7nlEnz3XYycEaJ7n6PK/a/GTw3Cx/
hH9GJCqrLEku6Pqz7qA8Lkx5mIc8faGSip/FBPPL2te1MFXxqhfSyQ9ORMGhYUzD
fL0f1I+VGIERmcKG7CIJkYq/ZEfnYQH+A75xPqotN/Gy0eUJBlzL2Mr+CKKqzw6j
8s2bd2/TpCubl/M0BPT29+cDgMamJsUCAnTf5p2aUOrOComjnr+6ywYBJpyLgqzz
z0H1FUyYPAcRxC1DUbCh+lqNNTlTVCmw2/sgQJixwiPCFnaFX/yzOhVMP980S5aU
PEe0PkejL7B68Ay1TiuopScQRN1Ar9bV/Z5mE7X5q07pjXjIqzxFi1ExnGuEw/WG
r5p4XkemlEVFDaCDJI9Y+dUiv1z/+pHBshOKDqxmTxhvJAz38GTNpJ5/p0rNfI1n
0FUzFSHyum41k+94qY2ZEkEumf3BpyQAAF8PZAuHfFkP0aiOO+UeHurGbXTcP0qw
j9SE1xQapx4H/31J0GlNsGSxtWneNN74oxve9CNqx9SvJmc5j3OP/c53B6Gugpke
DULzeePDEw6XmXll5Frh
=O3lf
-----END PGP SIGNATURE-----