[DONE] wml://{security/2015/dla-251.wml}
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- --- english/security/2015/dla-251.wml 2016-04-08 00:21:20.000000000 +0500
+++ russian/security/2015/dla-251.wml 2016-06-04 00:12:02.810580472 +0500
@@ -1,76 +1,77 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и LTS</define-tag>
<define-tag moreinfo>
- -<p>The previous zendframework upload incorrectly fixes <a href="https://security-tracker.debian.org/tracker/CVE-2015-3154">CVE-2015-3154</a>,
- -causing a regression. This update corrects this problem. Thanks to
- -Ð?вгений Смолин (Evgeny Smolin).</p>
+<p>Ð? пÑ?едÑ?дÑ?Ñ?ей загÑ?Ñ?зке zendframework Ñ?одеÑ?жалоÑ?Ñ? непÑ?авилÑ?ное иÑ?пÑ?авление <a href="https://security-tracker.debian.org/tracker/CVE-2015-3154">CVE-2015-3154</a>,
+вÑ?зÑ?ваÑ?Ñ?ее Ñ?егÑ?еÑ?Ñ?. Ð?анное обновление иÑ?пÑ?авлÑ?еÑ? Ñ?Ñ?Ñ? пÑ?облемÑ?. Ð?лагодаÑ?им
+Ð?вгениÑ? Смолина.</p>
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2012-6531">CVE-2012-6531</a>
- - <p>Pádraic Brady identified a weakness to handle the SimpleXMLElement
- - zendframework class, allowing to remote attackers to read arbitrary
- - files or create TCP connections via an XML external entity (XXE)
- - injection attack.</p></li>
+ <p>Ð?Ñ?дÑ?Ñ?к Ð?Ñ?Ñ?йди обнаÑ?Ñ?жил Ñ?Ñ?звимоÑ?Ñ?Ñ? в обÑ?абоÑ?ке клаÑ?Ñ?а SimpleXMLElement,
+ позволÑ?Ñ?Ñ?Ñ?Ñ? Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленникам Ñ?Ñ?иÑ?Ñ?ваÑ?Ñ? пÑ?оизволÑ?нÑ?е
+ Ñ?айлÑ? или Ñ?оздаваÑ?Ñ? TCP-Ñ?оединениÑ? Ñ?еÑ?ез инÑ?екÑ?иÑ? внеÑ?ней
+ Ñ?Ñ?Ñ?ноÑ?Ñ?и XML (XXE).</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2012-6532">CVE-2012-6532</a>
- - <p>Pádraic Brady found that remote attackers could cause a denial of
- - service by CPU consumption, via recursive or circular references
- - through an XML entity expansion (XEE) attack.</p></li>
+ <p>Ð?Ñ?дÑ?Ñ?к Ð?Ñ?Ñ?йди обнаÑ?Ñ?жил, Ñ?Ñ?о Ñ?далÑ?ннÑ?е злоÑ?мÑ?Ñ?ленники могÑ?Ñ? вÑ?зваÑ?Ñ? оÑ?каз в
+ обÑ?лÑ?живании из-за Ñ?Ñ?езмеÑ?ного поÑ?Ñ?еблениÑ? Ñ?еÑ?Ñ?Ñ?Ñ?ов ЦÐ? Ñ? помоÑ?Ñ?Ñ? Ñ?екÑ?Ñ?Ñ?ивнÑ?Ñ? или кÑ?Ñ?говÑ?Ñ? Ñ?Ñ?Ñ?лок
+ Ñ?еÑ?ез Ñ?аÑ?кÑ?Ñ?Ñ?ие Ñ?Ñ?Ñ?ноÑ?Ñ?и XML (XEE).</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2014-2681">CVE-2014-2681</a>
- - <p>Lukas Reschke reported a lack of protection against XML External
- - Entity injection attacks in some functions. This fix extends the
- - incomplete one from <a href="https://security-tracker.debian.org/tracker/CVE-2012-5657">CVE-2012-5657</a>.</p></li>
+ <p>Ð?Ñ?каÑ? РеÑ?ке Ñ?ообÑ?ил об оÑ?Ñ?Ñ?Ñ?Ñ?Ñ?вии заÑ?иÑ?Ñ? оÑ? инÑ?екÑ?ии внеÑ?ниÑ?
+ Ñ?Ñ?Ñ?ноÑ?Ñ?ей XML в некоÑ?оÑ?Ñ?Ñ? Ñ?Ñ?нкÑ?иÑ?Ñ?. Ð?анное иÑ?пÑ?авление дополнÑ?еÑ?
+ неполное иÑ?пÑ?авление <a href="https://security-tracker.debian.org/tracker/CVE-2012-5657">CVE-2012-5657</a>.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2014-2682">CVE-2014-2682</a>
- - <p>Lukas Reschke reported a failure to consider that the
- - libxml_disable_entity_loader setting is shared among threads in the
- - PHP-FPM case. This fix extends the incomplete one from
+ <p>Ð?Ñ?каÑ? РеÑ?ке Ñ?ообÑ?ил об оÑ?ибке пÑ?овеÑ?ке Ñ?ого, Ñ?Ñ?о
+ опÑ?иÑ? libxml_disable_entity_loader Ñ?азделÑ?еÑ?Ñ?Ñ? неÑ?колÑ?кими поÑ?оками в
+ Ñ?лÑ?Ñ?ае иÑ?полÑ?зованиÑ? PHP-FPM. Ð?анное иÑ?пÑ?авление дополнÑ?еÑ? неполное иÑ?пÑ?авление
<a href="https://security-tracker.debian.org/tracker/CVE-2012-5657">CVE-2012-5657</a>.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2014-2683">CVE-2014-2683</a>
- - <p>Lukas Reschke reported a lack of protection against XML Entity
- - Expansion attacks in some functions. This fix extends the incomplete
- - one from <a href="https://security-tracker.debian.org/tracker/CVE-2012-6532">CVE-2012-6532</a>.</p></li>
+ <p>Ð?Ñ?каÑ? РеÑ?ке Ñ?ообÑ?ил об оÑ?Ñ?Ñ?Ñ?Ñ?Ñ?вии заÑ?иÑ?Ñ? оÑ? Ñ?аÑ?кÑ?Ñ?Ñ?иÑ? Ñ?Ñ?Ñ?ноÑ?Ñ?ей XML
+ в некоÑ?оÑ?Ñ?Ñ? Ñ?Ñ?нкÑ?иÑ?Ñ?. Ð?анное иÑ?пÑ?авление дополнÑ?еÑ? неполное
+ иÑ?пÑ?авление <a href="https://security-tracker.debian.org/tracker/CVE-2012-6532">CVE-2012-6532</a>.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2014-2684">CVE-2014-2684</a>
- - <p>Christian Mainka and Vladislav Mladenov from the Ruhr-University
- - Bochum reported an error in the consumer's verify method that lead
- - to acceptance of wrongly sourced tokens.</p></li>
+ <p>Ð?Ñ?иÑ?Ñ?иан Ð?аиника и Ð?ладиÑ?лав Ð?ладенов из Ð Ñ?Ñ?Ñ?кого Ñ?нивеÑ?Ñ?иÑ?еÑ?а
+ Ñ?ообÑ?или об оÑ?ибке в меÑ?оде пÑ?овеÑ?ки покÑ?паÑ?елÑ?, коÑ?оÑ?аÑ? пÑ?иводиÑ?
+ к пÑ?инÑ?Ñ?иÑ? Ñ?окенов оÑ? непÑ?авилÑ?нÑ?Ñ? иÑ?Ñ?оÑ?ников.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2014-2685">CVE-2014-2685</a>
- - <p>Christian Mainka and Vladislav Mladenov from the Ruhr-University
- - Bochum reported a specification violation in which signing of a
- - single parameter is incorrectly considered sufficient.</p></li>
+ <p>Ð?Ñ?иÑ?Ñ?иан Ð?аиника и Ð?ладиÑ?лав Ð?ладенов из Ð Ñ?Ñ?Ñ?кого Ñ?нивеÑ?Ñ?иÑ?еÑ?а
+ Ñ?ообÑ?или о наÑ?Ñ?Ñ?ении Ñ?пеÑ?иÑ?икаÑ?ии, в коÑ?оÑ?ом подпиÑ?Ñ?
+ единÑ?Ñ?венного паÑ?амеÑ?Ñ?а оÑ?ибоÑ?но Ñ?Ñ?иÑ?аеÑ?Ñ?Ñ? доÑ?Ñ?аÑ?оÑ?ной.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2014-4914">CVE-2014-4914</a>
- - <p>Cassiano Dal Pizzol discovered that the implementation of the ORDER
- - BY SQL statement in Zend_Db_Select contains a potential SQL
- - injection when the query string passed contains parentheses.</p></li>
+ <p>Ð?аÑ?Ñ?иано Ð?ал Ð?иÑ?Ñ?ол обнаÑ?Ñ?жил, Ñ?Ñ?о Ñ?еализаÑ?иÑ? SQL-Ñ?Ñ?веÑ?ждениÑ? ORDER
+ BY в Zend_Db_Select Ñ?одеÑ?жиÑ? поÑ?енÑ?иалÑ?нÑ?Ñ? SQL-инÑ?екÑ?иÑ? в Ñ?лÑ?Ñ?ае
+ пеÑ?едаÑ?и Ñ?Ñ?Ñ?оки запÑ?оÑ?а, Ñ?одеÑ?жаÑ?ей Ñ?кобки.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2014-8088">CVE-2014-8088</a>
- - <p>Yury Dyachenko at Positive Research Center identified potential XML
- - eXternal Entity injection vectors due to insecure usage of PHP's DOM
- - extension.</p></li>
+ <p>ЮÑ?ий Ð?Ñ?Ñ?Ñ?енко из Positive Research Center обнаÑ?Ñ?жил поÑ?енÑ?иалÑ?нÑ?Ñ? инÑ?екÑ?иÑ?
+ внеÑ?ней Ñ?Ñ?Ñ?ноÑ?Ñ?и XML из-за небезопаÑ?ного иÑ?полÑ?зованиÑ? Ñ?аÑ?Ñ?иÑ?ениÑ? DOM
+ длÑ? PHP.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2014-8089">CVE-2014-8089</a>
- - <p>Jonas Sandström discovered an SQL injection vector when manually
- - quoting value for sqlsrv extension, using null byte.</p></li>
+ <p>Ð?онаÑ? СандÑ?Ñ?Ñ?Ñ?м обнаÑ?Ñ?жил SQL-инÑ?екÑ?иÑ? пÑ?и Ñ?Ñ?Ñ?ном закавÑ?Ñ?ивании
+ знаÑ?ениÑ? длÑ? Ñ?аÑ?Ñ?иÑ?ениÑ? sqlsrv, иÑ?полÑ?зÑ?Ñ? null-байÑ?.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-3154">CVE-2015-3154</a>
- - <p>Filippo Tessarotto and Maks3w reported potential CRLF injection
- - attacks in mail and HTTP headers.</p></li>
+ <p>Филиппо ТеÑ?Ñ?аÑ?оÑ?Ñ?о и Maks3w Ñ?ообÑ?или о поÑ?енÑ?иалÑ?но инÑ?екÑ?ии CRLF
+ в Ñ?ообÑ?ениÑ?Ñ? Ñ?лекÑ?Ñ?онной поÑ?Ñ?Ñ? и заголовкаÑ? HTTP.</p></li>
</ul>
</define-tag>
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXUdaGAAoJEF7nbuICFtKl7m4P+gJKnki7d4GsSQMRpz5tWDIb
1Ft1Cjjd0CrKih5Kwb7NTlJFT7Hp5MtijCbbE06VHRFjLozU9hPB/uCnHSbsuNw9
klWjwVrd/N124sWOvSv6omxA/fnxCTYEd6n7nlEnz3XYycEaJ7n6PK/a/GTw3Cx/
hH9GJCqrLEku6Pqz7qA8Lkx5mIc8faGSip/FBPPL2te1MFXxqhfSyQ9ORMGhYUzD
fL0f1I+VGIERmcKG7CIJkYq/ZEfnYQH+A75xPqotN/Gy0eUJBlzL2Mr+CKKqzw6j
8s2bd2/TpCubl/M0BPT29+cDgMamJsUCAnTf5p2aUOrOComjnr+6ywYBJpyLgqzz
z0H1FUyYPAcRxC1DUbCh+lqNNTlTVCmw2/sgQJixwiPCFnaFX/yzOhVMP980S5aU
PEe0PkejL7B68Ay1TiuopScQRN1Ar9bV/Z5mE7X5q07pjXjIqzxFi1ExnGuEw/WG
r5p4XkemlEVFDaCDJI9Y+dUiv1z/+pHBshOKDqxmTxhvJAz38GTNpJ5/p0rNfI1n
0FUzFSHyum41k+94qY2ZEkEumf3BpyQAAF8PZAuHfFkP0aiOO+UeHurGbXTcP0qw
j9SE1xQapx4H/31J0GlNsGSxtWneNN74oxve9CNqx9SvJmc5j3OP/c53B6Gugpke
DULzeePDEw6XmXll5Frh
=O3lf
-----END PGP SIGNATURE-----
Reply to: