[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[DONE] wml://security/2014/dla-{75,58,68}.wml

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- english/security/2014/dla-58.wml	2016-05-22 10:07:41.910935513 +0500
+++ russian/security/2014/dla-58.wml	2016-06-27 19:39:17.905283261 +0500
@@ -1,31 +1,32 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.3" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и LTS</define-tag>
 <define-tag moreinfo>
- -<p>This update fixes a regression introduced in 0.8.10.3+squeeze5 where
- -apt would send invalid HTTP requests when sending If-Range queries.</p>
+<p>Ð?анное обновление иÑ?пÑ?авлÑ?еÑ? Ñ?егÑ?еÑ?Ñ?иÑ?, поÑ?вивÑ?Ñ?Ñ?Ñ?Ñ? в веÑ?Ñ?ии 0.8.10.3+squeeze5,
+коÑ?оÑ?аÑ? Ñ?оÑ?Ñ?оиÑ? в Ñ?ом, Ñ?Ñ?о apt пÑ?и оÑ?пÑ?авке запÑ?оÑ?ов If-Range оÑ?пÑ?авлÑ?еÑ? непÑ?авилÑ?нÑ?е HTTP-запÑ?оÑ?Ñ?.</p>
 
- -<p>For reference, the original advisory text follows.</p>
+<p>Ð?иже пÑ?иводиÑ?Ñ?Ñ? изнаÑ?алÑ?наÑ? Ñ?екомендаÑ?иÑ?.</p>
 
- -<p>The Google Security Team discovered a buffer overflow vulnerability in
- -the HTTP transport code in apt-get. An attacker able to
- -man-in-the-middle a HTTP request to an apt repository can trigger the
- -buffer overflow, leading to a crash of the <q>http</q> apt method binary, or
- -potentially to arbitrary code execution.</p>
+<p>Ð?оманда безопаÑ?ноÑ?Ñ?и Google обнаÑ?Ñ?жила пеÑ?еполнение бÑ?Ñ?еÑ?а в
+коде HTTP-Ñ?Ñ?анÑ?поÑ?Ñ?а в apt-get. Ð?лоÑ?мÑ?Ñ?ленник, Ñ?поÑ?обнÑ?й пÑ?Ñ?Ñ?м аÑ?аки по
+пÑ?инÑ?ипÑ? Ñ?еловек-в-Ñ?еÑ?едине оÑ?Ñ?Ñ?еÑ?Ñ?виÑ?Ñ? HTTP-запÑ?оÑ? к Ñ?епозиÑ?оÑ?иÑ? apt, можеÑ?
+вÑ?зваÑ?Ñ? пеÑ?еполнение бÑ?Ñ?еÑ?а, пÑ?иводÑ?Ñ?ее к аваÑ?ийной оÑ?Ñ?ановке меÑ?ода <q>http</q> в apt или
+к поÑ?енÑ?иалÑ?номÑ? вÑ?полнениÑ? пÑ?оизволÑ?ного кода.</p>
 
- -<p>The following regression fixes were included in this update:</p>
+<p>Ð? наÑ?Ñ?оÑ?Ñ?ее обновление вклÑ?Ñ?енÑ? Ñ?ледÑ?Ñ?Ñ?ие иÑ?пÑ?авлениÑ? Ñ?егÑ?еÑ?Ñ?ий:</p>
 
- - <p>* Fix regression from the previous update in <a href="dla-53">DLA-53-1</a>
- -   when the custom apt configuration option for Dir::state::lists is set to a
- -   relative path (#762160).</p>
+ <p>* Ð?Ñ?пÑ?авление Ñ?егÑ?еÑ?Ñ?ии из пÑ?едÑ?дÑ?Ñ?его обновлениÑ? в <a href="dla-53">DLA-53-1</a>,
+   когда опÑ?иÑ? наÑ?Ñ?Ñ?ойки apt Dir::state::lists Ñ?Ñ?Ñ?анавливалаÑ?Ñ? в знаÑ?ение
+   оÑ?ноÑ?иÑ?елÑ?ного пÑ?Ñ?и (#762160).</p>
 
- - <p>* Fix regression in the reverificaiton handling of cdrom: sources that
- -   may lead to incorrect hashsum warnings. Affected users need to run
- -   "apt-cdrom add" again after the update was applied.</p>
+ <p>* Ð?Ñ?пÑ?авление Ñ?егÑ?еÑ?Ñ?ии в обÑ?абоÑ?ке повÑ?оÑ?ной пÑ?овеÑ?ки иÑ?Ñ?оÑ?ников cdrom:, Ñ?Ñ?о
+   можеÑ? пÑ?иводиÑ?Ñ? к пÑ?едÑ?пÑ?еждениÑ?м о непÑ?авилÑ?нÑ?Ñ? конÑ?Ñ?олÑ?нÑ?Ñ? Ñ?Ñ?ммаÑ?. Ð?олÑ?зоваÑ?елÑ?м, Ñ? коÑ?оÑ?Ñ?Ñ? пÑ?оÑ?влÑ?еÑ?Ñ?Ñ?
+   Ñ?Ñ?а пÑ?облема, Ñ?ледÑ?еÑ? Ñ?нова вÑ?полниÑ?Ñ? "apt-cdrom add" поÑ?ле Ñ?Ñ?Ñ?ановки данного обновлениÑ?.</p>
 
- - <p>* Fix regression from the previous update in <a href="dla-53">DLA-53-1</a>
- -   when file:/// sources are used and those are on a different partition than
- -   the apt state directory.</p>
+ <p>* Ð?Ñ?пÑ?авление Ñ?егÑ?еÑ?Ñ?ии из пÑ?едÑ?дÑ?Ñ?его обновлениÑ? в <a href="dla-53">DLA-53-1</a>,
+   когда иÑ?полÑ?зÑ?Ñ?Ñ?Ñ?Ñ? иÑ?Ñ?оÑ?ники file:///, наÑ?одÑ?Ñ?иеÑ?Ñ? на Ñ?азделе, оÑ?лиÑ?аÑ?Ñ?емÑ?Ñ? оÑ?
+   каÑ?алога Ñ?оÑ?Ñ?оÑ?ниÑ? apt.</p>
 
- -<p>For Debian 6 <q>Squeeze</q>, these issues have been fixed in apt version 0.8.10.3+squeeze6</p>
+<p>Ð? Debian 6 <q>Squeeze</q> Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в пакеÑ?е apt веÑ?Ñ?ии 0.8.10.3+squeeze6</p>
 </define-tag>
 
 # do not modify the following line
- --- english/security/2014/dla-68.wml	2016-04-09 01:32:21.000000000 +0500
+++ russian/security/2014/dla-68.wml	2016-06-27 19:47:37.049410367 +0500
@@ -1,30 +1,31 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.3" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и LTS</define-tag>
 <define-tag moreinfo>
 <ul>
 <li>[<a href="https://security-tracker.debian.org/tracker/CVE-2014-3875";>CVE-2014-3875</a>]
 
- -     <p>When inserting encoded newline characters into a request to rup,
- -     additional HTTP headers can be injected into the reply, as well
- -     as new HTML code on the top of the website.</p></li>
+     <p>Ð?Ñ?и вÑ?Ñ?авке закодиÑ?ованнÑ?Ñ? Ñ?имволов новой Ñ?Ñ?Ñ?оки в запÑ?оÑ? к rup,
+     в оÑ?веÑ? могÑ?Ñ? бÑ?Ñ?Ñ? вÑ?Ñ?авленÑ? дополниÑ?елÑ?нÑ?е заголовки HTTP, а Ñ?акже
+     новÑ?й код HTML в веÑ?Ñ?ней Ñ?аÑ?Ñ?и веб-Ñ?айÑ?а.</p></li>
 
 <li>[<a href="https://security-tracker.debian.org/tracker/CVE-2014-3876";>CVE-2014-3876</a>]
- -     <p>The parameter akey is reflected unfiltered as part of the HTML
- -     page.  Some characters are forbidden in the GET parameter due
- -     to filtering of the URL, but this can be circumvented by using
- -     a POST parameter.
- -     Nevertheless, this issue is exploitable via the GET parameter
- -     alone, with some user interaction.</p></li>
+     <p>Ð?аÑ?амеÑ?Ñ? akey оÑ?Ñ?ажаеÑ?Ñ?Ñ? неÑ?илÑ?Ñ?Ñ?ованнÑ?м обÑ?азом как Ñ?аÑ?Ñ?Ñ? Ñ?Ñ?Ñ?аниÑ?Ñ?
+     HTML.  Ð?екоÑ?оÑ?Ñ?е Ñ?имволÑ? запÑ?еÑ?ено иÑ?полÑ?зоваÑ?Ñ? в паÑ?амеÑ?Ñ?е GET из-за
+     Ñ?илÑ?Ñ?Ñ?аÑ?ии URL, но Ñ?Ñ?о огÑ?аниÑ?ение можно обойÑ?и пÑ?Ñ?Ñ?м иÑ?полÑ?зованиÑ?
+     паÑ?амеÑ?Ñ?а POST.
+     Тем не менее, даннаÑ? пÑ?облема можеÑ? иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ? Ñ?олÑ?ко Ñ?еÑ?ез паÑ?амеÑ?Ñ?
+     GET и Ñ?Ñ?ебÑ?еÑ? взаимодейÑ?Ñ?виÑ? Ñ? полÑ?зоваÑ?елем.</p></li>
 
 <li>[<a href="https://security-tracker.debian.org/tracker/CVE-2014-3877";>CVE-2014-3877</a>]
- -     <p>The parameter addto is reflected only slightly filtered back to
- -     the user as part of the HTML page. Some characters are forbidden
- -     in the GET parameter due to filtering of the URL, but this can
- -     be circumvented by using a POST parameter. Nevertheless, this
- -     issue is exploitable via the GET parameter alone, with some user
- -     interaction.</p></li>
+     <p>Ð?аÑ?амеÑ?Ñ? addto оÑ?Ñ?ажаеÑ?Ñ?Ñ? полÑ?зоваÑ?елÑ? Ñ?олÑ?ко в Ñ?легка Ñ?илÑ?Ñ?Ñ?ованном
+     виде как Ñ?аÑ?Ñ?Ñ? Ñ?Ñ?Ñ?аниÑ?Ñ? HTML. Ð?екоÑ?оÑ?Ñ?е Ñ?имволÑ? запÑ?еÑ?ено иÑ?полÑ?зоваÑ?Ñ?
+     в паÑ?амеÑ?Ñ?е GET из-за Ñ?илÑ?Ñ?Ñ?аÑ?ии URL, но Ñ?Ñ?о огÑ?аниÑ?ение можно
+     обойÑ?и пÑ?Ñ?Ñ?м иÑ?полÑ?зованиÑ? паÑ?амеÑ?Ñ?а POST. Тем не менее, даннаÑ?
+     Ñ?Ñ?звимоÑ?Ñ?Ñ? можеÑ? иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ? Ñ?олÑ?ко Ñ?еÑ?ез паÑ?амеÑ?Ñ? GET и Ñ?Ñ?ебÑ?еÑ?
+     взаимодейÑ?Ñ?виÑ? Ñ? полÑ?зоваÑ?елем.</p></li>
 
 </ul>
- -<p>For Debian 6 <q>Squeeze</q>, these issues have been fixed in fex version 20100208+debian1-1+squeeze4</p>
+<p>Ð? Debian 6 <q>Squeeze</q> Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в пакеÑ?е fex веÑ?Ñ?ии 20100208+debian1-1+squeeze4</p>
 </define-tag>
 
 # do not modify the following line
- --- english/security/2014/dla-75.wml	2016-05-22 10:07:41.958929461 +0500
+++ russian/security/2014/dla-75.wml	2016-06-27 18:56:29.905877266 +0500
@@ -1,30 +1,31 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.4" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и LTS</define-tag>
 <define-tag moreinfo>
- -<p>This update fixes one important vulnerability (<a href="https://security-tracker.debian.org/tracker/CVE-2014-4274";>CVE-2014-4274</a>) and batches
- -together two other minor fixes (<a href="https://security-tracker.debian.org/tracker/CVE-2013-2162";>CVE-2013-2162</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2014-0001";>CVE-2014-0001</a>).</p>
+<p>Ð?анное обновление иÑ?пÑ?авлÑ?еÑ? однÑ? важнÑ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? (<a href="https://security-tracker.debian.org/tracker/CVE-2014-4274";>CVE-2014-4274</a>), а Ñ?акже
+Ñ?одеÑ?жиÑ? два неболÑ?Ñ?иÑ? иÑ?пÑ?авлениÑ? (<a href="https://security-tracker.debian.org/tracker/CVE-2013-2162";>CVE-2013-2162</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2014-0001";>CVE-2014-0001</a>).</p>
 
 <ul>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2014-4274";>CVE-2014-4274</a>
 
- -    <p>Insecure handling of a temporary file that could lead to execution
- -    of arbitrary code through the creation of a mysql configuration file
- -    pointing to an attacker-controlled plugin_dir.</p></li>
+    <p>Ð?ебезопаÑ?наÑ? обÑ?абоÑ?ка вÑ?еменнÑ?Ñ? Ñ?айлов, коÑ?оÑ?аÑ? можеÑ? пÑ?иводиÑ?Ñ? к вÑ?полнениÑ?
+    пÑ?оизволÑ?ного кода из-за Ñ?озданиÑ? Ñ?айла наÑ?Ñ?Ñ?ойки mysql,
+    Ñ?казÑ?ваÑ?Ñ?его на каÑ?алог plugin_dir, коÑ?оÑ?Ñ?м можеÑ? Ñ?пÑ?авлÑ?Ñ?Ñ? злоÑ?мÑ?Ñ?ленник.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2013-2162";>CVE-2013-2162</a>
 
- -    <p>Insecure creation of the debian.cnf credential file. Credentials could
- -    be stolen by a local user monitoring that file while the package gets
- -    installed.</p></li>
+    <p>Ð?ебезопаÑ?ное Ñ?оздание Ñ?айла даннÑ?Ñ? Ñ?Ñ?Ñ?Ñ?нÑ?Ñ? запиÑ?ей debian.cnf. Ð?аннÑ?е Ñ?Ñ?Ñ?Ñ?нÑ?Ñ? запиÑ?ей
+    могÑ?Ñ? бÑ?Ñ?Ñ? поÑ?иÑ?енÑ? локалÑ?нÑ?м полÑ?зоваÑ?елем, оÑ?Ñ?леживаÑ?Ñ?им Ñ?Ñ?оÑ? Ñ?айл во вÑ?емÑ?
+    Ñ?Ñ?Ñ?ановки пакеÑ?а.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2014-0001";>CVE-2014-0001</a>
 
- -    <p>Buffer overrun in the MySQL client when the server sends a version
- -    string that is too big for the allocated buffer.</p></li>
+    <p>Ð?еÑ?еполнение бÑ?Ñ?еÑ?а в клиенÑ?е MySQL, коÑ?оÑ?ое возникаеÑ? когда Ñ?еÑ?веÑ? оÑ?пÑ?авлÑ?еÑ? Ñ?Ñ?Ñ?окÑ?
+    Ñ? Ñ?казанием веÑ?Ñ?ии, коÑ?оÑ?аÑ? оказÑ?ваеÑ?Ñ?Ñ? Ñ?лиÑ?ком болÑ?Ñ?ой длÑ? вÑ?деленного бÑ?Ñ?еÑ?а.</p></li>
 
 </ul>
 
- -<p>For Debian 6 <q>Squeeze</q>, these issues have been fixed in mysql-5.1 version 5.1.73-1+deb6u1</p>
+<p>Ð? Debian 6 <q>Squeeze</q> Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в пакеÑ?е mysql-5.1 веÑ?Ñ?ии 5.1.73-1+deb6u1</p>
 </define-tag>
 
 # do not modify the following line
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXcTyMAAoJEF7nbuICFtKlyQYQAIDP4kWRsUGjVu6wTbSmokyu
p5rSj9wPSfQGAQLPISZlq6GOgzCCRwVahhRk6Eh0TYnzv8wH1ssl9/jdDnF8PKW3
+3a4prXZaII/6bW3YqPvNskGxNsHLlqRLF3EV09GeVHtfgbB9LCEaemHlTWjtMij
ZhNPXA9l0S7mMp6ozIWdPdJWNwLI9VaEe9eepBx38bG0Mmi2vs6J/oU+OMUTYv6z
rW5hnNjPntHt6JdovZCjdpRyoniziGEEo2nVXNtFLGWR3O2Xc6M/R4S4gBF0T0gA
1LCRBNIz6ssB393iTl/Z4QLxUvY1yHpJ1U1PXGrSFLMzx2MZ2x5s7EJKSlH3g+fY
JMX9rWHoTbQ54EkRM0soyQr6z0SdwcNBLRvmzs8NMxOeVPSqYxresdfYcl84yqr9
lLoWpdk8nomJoXolfFLVZ91WqwdEt27wXLf+w0xcWu5i/qbpVIPJfnz/zRd5pgij
2mEmF7xwM5u59Guke4vvib9l4dxboNLm5ix0u5WWCidDO0jhF+uRdqQ8EJtKrcld
7FkW3yijN9GQBqRuUSHKrm2vfCNEENnjLf8yZ36HR6qSnDm5EgOqLGqT7bWjX9zA
0fQrpCydxU28nfzzxealGHy1uD8uccDSLTt7n8bdFF+036WqaMBIwS9RUIrmHb6A
e9hoqjlIez/543Upge/E
=MtH/
-----END PGP SIGNATURE-----
Reply to: