[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[DONE] wml://security/2009/dsa-1{895,910,881}.wml

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- english/security/2009/dsa-1881.wml	2009-09-07 21:13:55.000000000 +0600
+++ russian/security/2009/dsa-1881.wml	2016-07-10 16:16:57.309091865 +0500
@@ -1,26 +1,27 @@
- -<define-tag description>buffer overflow</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>пеÑ?еполнение бÑ?Ñ?еÑ?а</define-tag>
 <define-tag moreinfo>
- -<p>It was discovered that the SIEVE component of cyrus-imapd, a highly scalable
- -enterprise mail system, is vulnerable to a buffer overflow when processing
- -SIEVE scripts.  Due to incorrect use of the sizeof() operator an attacker is
- -able to pass a negative length to snprintf() calls resulting in large positive
- -values due to integer conversion.  This causes a buffer overflow which can be
- -used to elevate privileges to the cyrus system user.  An attacker who is able
- -to install SIEVE scripts executed by the server is therefore able to read and
- -modify arbitrary email messages on the system.</p>
+<p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о компоненÑ? SIEVE из cyrus-imapd, вÑ?Ñ?око маÑ?Ñ?Ñ?абиÑ?Ñ?емой
+поÑ?Ñ?овой Ñ?иÑ?Ñ?еме коÑ?поÑ?аÑ?ивного Ñ?Ñ?овнÑ?, Ñ?Ñ?звим к пеÑ?еполнениÑ? бÑ?Ñ?еÑ?а пÑ?и обÑ?абоÑ?ке
+Ñ?Ñ?енаÑ?иев SIEVE.  Ð?з-за некоÑ?Ñ?екÑ?ного иÑ?полÑ?зованиÑ? опеÑ?аÑ?оÑ?а sizeof() злоÑ?мÑ?Ñ?ленник
+можеÑ? пеÑ?едаÑ?Ñ? оÑ?Ñ?иÑ?аÑ?елÑ?нÑ?Ñ? длинÑ? вÑ?зовам snprintf(), Ñ?Ñ?о пÑ?иводиÑ? к болÑ?Ñ?им положиÑ?елÑ?нÑ?м
+знаÑ?ениÑ?м из-за пÑ?еобÑ?азованиÑ? в Ñ?елÑ?е Ñ?иÑ?ла.  ЭÑ?о вÑ?зÑ?ваеÑ? пеÑ?еполнение бÑ?Ñ?еÑ?а, коÑ?оÑ?ое можеÑ?
+иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ? длÑ? повÑ?Ñ?ениÑ? пÑ?ивилегий до Ñ?Ñ?овнÑ? Ñ?иÑ?Ñ?емного полÑ?зоваÑ?елÑ? cyrus.  Ð?лоÑ?мÑ?Ñ?ленник, Ñ?поÑ?обнÑ?й
+Ñ?Ñ?Ñ?анавливаÑ?Ñ? Ñ?Ñ?енаÑ?ии SIEVE, вÑ?полнÑ?емÑ?е Ñ?еÑ?веÑ?ом, можеÑ? Ñ?Ñ?иÑ?Ñ?ваÑ?Ñ? и
+изменÑ?Ñ?Ñ? пÑ?оизволÑ?нÑ?е Ñ?ообÑ?ениÑ? Ñ?лекÑ?Ñ?онной поÑ?Ñ?Ñ? в Ñ?иÑ?Ñ?еме.</p>
 
 
- -<p>For the oldstable distribution (etch), this problem has been fixed in
- -version 2.2.13-10+etch2.</p>
+<p>Ð? пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (etch) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 2.2.13-10+etch2.</p>
 
- -<p>For the stable distribution (lenny), this problem has been fixed in
- -version 2.2.13-14+lenny1.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (lenny) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 2.2.13-14+lenny1.</p>
 
- -<p>For the testing (squeeze) and unstable (sid) distribution, this problem
- -will be fixed soon.</p>
+<p>Ð? Ñ?еÑ?Ñ?иÑ?Ñ?емом (squeeze) и неÑ?Ñ?абилÑ?ном (sid) вÑ?пÑ?Ñ?каÑ? Ñ?Ñ?а пÑ?облема
+бÑ?деÑ? иÑ?пÑ?авлена позже.</p>
 
 
- -<p>We recommend that you upgrade your cyrus-imapd-2.2 packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? cyrus-imapd-2.2.</p>
 </define-tag>
 
 # do not modify the following line
- --- english/security/2009/dsa-1895.wml	2009-09-25 04:07:55.000000000 +0600
+++ russian/security/2009/dsa-1895.wml	2016-07-10 16:05:05.604780542 +0500
@@ -1,31 +1,32 @@
- -<define-tag description>several vulnerabilities</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>неÑ?колÑ?ко Ñ?Ñ?звимоÑ?Ñ?ей</define-tag>
 <define-tag moreinfo>
- -<p>Several vulnerabilities have been discovered in the xmltooling packages,
- -as used by Shibboleth:</p>
+<p>Ð? пакеÑ?аÑ? xmltooling, иÑ?полÑ?зÑ?емÑ?Ñ? Shibboleth, бÑ?ло обнаÑ?Ñ?жено
+неÑ?колÑ?ко Ñ?Ñ?звимоÑ?Ñ?ей:</p>
 
 <ul>
 
- -<li><p>Chris Ries discovered that decoding a crafted URL leads to a crash (and
- -potentially, arbitrary code execution).</p></li>
+<li><p>Ð?Ñ?иÑ? РиÑ? обнаÑ?Ñ?жил, Ñ?Ñ?о декодиÑ?ование Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованного адÑ?еÑ?а URL пÑ?иводиÑ? к аваÑ?ийной оÑ?Ñ?ановке (и
+возможномÑ? вÑ?полнениÑ? пÑ?оизволÑ?ного кода).</p></li>
 
- -<li><p>Ian Young discovered that embedded NUL characters in certificate names
- -were not correctly handled, exposing configurations using PKIX trust
- -validation to impersonation attacks.</p></li>
- -
- -<li><p>Incorrect processing of SAML metadata ignores key usage constraints.
- -This minor issue also needs a correction in the opensaml2 packages,
- -which will be provided in an upcoming stable point release (and,
- -before that, via stable-proposed-updates).</p></li>
+<li><p>Ð?ен Янг обнаÑ?Ñ?жил, Ñ?Ñ?о вÑ?Ñ?Ñ?оеннÑ?е NUL-Ñ?имволÑ? в именаÑ? Ñ?еÑ?Ñ?иÑ?икаÑ?ов
+обÑ?абаÑ?Ñ?ваÑ?Ñ?Ñ?Ñ? непÑ?авилÑ?но, Ñ?Ñ?о делаеÑ? Ñ?иÑ?Ñ?емÑ?, иÑ?полÑ?зÑ?Ñ?Ñ?ие пÑ?овеÑ?кÑ? довеÑ?иÑ?
+PKIX, оÑ?кÑ?Ñ?Ñ?Ñ?ми к аÑ?ака по вÑ?даÑ?е злоÑ?мÑ?Ñ?ленника за дÑ?Ñ?гое лиÑ?о.</p></li>
+
+<li><p>Ð?екоÑ?Ñ?екÑ?наÑ? пÑ?овеÑ?ка меÑ?аданнÑ?Ñ? SAML игноÑ?иÑ?Ñ?еÑ? огÑ?аниÑ?ениÑ? иÑ?полÑ?зованиÑ? клÑ?Ñ?ей.
+Ð?Ñ?оме Ñ?ого, Ñ?Ñ?Ñ? неболÑ?Ñ?Ñ?Ñ? оÑ?ибкÑ? Ñ?ледÑ?еÑ? иÑ?пÑ?авиÑ?Ñ? и в пакеÑ?аÑ? opensaml2,
+Ñ?Ñ?о бÑ?деÑ? Ñ?делано в гоÑ?овÑ?Ñ?ейÑ?Ñ? Ñ?едакÑ?ии Ñ?Ñ?абилÑ?ного вÑ?пÑ?Ñ?ка (а до Ñ?Ñ?ого
+в stable-proposed-updates).</p></li>
 
 </ul>
 
- -<p>For the stable distribution (lenny), these problems have been fixed in
- -version 1.0-2+lenny1.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (lenny) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 1.0-2+lenny1.</p>
 
- -<p>For the unstable distribution (sid), these problems have been fixed in
- -version 1.2.2-1.</p>
+<p>Ð? неÑ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (sid) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 1.2.2-1.</p>
 
- -<p>We recommend that you upgrade your xmltooling packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? xmltooling.</p>
 </define-tag>
 
 # do not modify the following line
- --- english/security/2009/dsa-1910.wml	2009-10-15 14:37:59.000000000 +0600
+++ russian/security/2009/dsa-1910.wml	2016-07-10 16:11:27.556796786 +0500
@@ -1,28 +1,29 @@
- -<define-tag description>missing escape function</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>оÑ?Ñ?Ñ?Ñ?Ñ?Ñ?вие Ñ?Ñ?нкÑ?ии Ñ?кÑ?аниÑ?ованиÑ?</define-tag>
 <define-tag moreinfo>
 
- -<p>It was discovered that mysql-ocaml, OCaml bindings for MySql, was
- -missing a function to call mysql_real_escape_string(). This is needed,
- -because mysql_real_escape_string() honours the charset of the connection
- -and prevents insufficient escaping, when certain multibyte character
- -encodings are used. The added function is called real_escape() and
- -takes the established database connection as a first argument. The old
- -escape_string() was kept for backwards compatibility.</p>
+<p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о в mysql-ocaml, OCaml-пÑ?ивÑ?зкаÑ? длÑ? MySql,
+оÑ?Ñ?Ñ?Ñ?Ñ?Ñ?вÑ?еÑ? Ñ?Ñ?нкÑ?иÑ?, вÑ?зÑ?ваÑ?Ñ?аÑ? mysql_real_escape_string(). Ð?на необÑ?одима,
+поÑ?колÑ?кÑ? mysql_real_escape_string() Ñ?облÑ?даеÑ? кодиÑ?овкÑ? Ñ?оединениÑ?
+и пÑ?едоÑ?вÑ?аÑ?аеÑ? недоÑ?Ñ?аÑ?оÑ?ное Ñ?кÑ?аниÑ?ование пÑ?и иÑ?полÑ?зовании Ñ?Ñ?да многобайÑ?овÑ?Ñ?
+кодиÑ?овок. Ð?обавленнаÑ? Ñ?Ñ?нкÑ?иÑ? назÑ?ваеÑ?Ñ?Ñ? real_escape(), она
+пÑ?инимаеÑ? Ñ?Ñ?Ñ?ановленное Ñ?оединение к базе даннÑ?Ñ? в каÑ?еÑ?Ñ?ве пеÑ?вого аÑ?гÑ?менÑ?а. СÑ?аÑ?аÑ?
+Ñ?Ñ?нкÑ?иÑ? escape_string() бÑ?ла Ñ?оÑ?Ñ?анена Ñ? Ñ?елÑ?Ñ? обеÑ?пеÑ?ениÑ? обÑ?аÑ?ной Ñ?овмеÑ?Ñ?имоÑ?Ñ?и.</p>
 
- -<p>Developers using these bindings are encouraged to adjust their code to
- -use the new function.</p>
+<p>РазÑ?абоÑ?Ñ?икам, иÑ?полÑ?зÑ?Ñ?Ñ?им Ñ?Ñ?и пÑ?ивÑ?зки, наÑ?Ñ?оÑ?Ñ?елÑ?но Ñ?екомендÑ?еÑ?Ñ?Ñ? измениÑ?Ñ? Ñ?вой код
+Ñ?ак, Ñ?Ñ?обÑ? в нÑ?м иÑ?полÑ?зовалаÑ?Ñ? Ñ?Ñ?а новаÑ? Ñ?Ñ?нкÑ?иÑ?.</p>
 
- -<p>For the oldstable distribution (etch), this problem has been fixed in
- -version 1.0.4-2+etch1.</p>
+<p>Ð? пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (etch) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 1.0.4-2+etch1.</p>
 
- -<p>For the stable distribution (lenny), this problem has been fixed in
- -version 1.0.4-4+lenny1.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (lenny) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 1.0.4-4+lenny1.</p>
 
- -<p>For the testing distribution (squeeze) and the unstable distribution
- -(sid), this problem will be fixed soon.</p>
+<p>Ð? Ñ?еÑ?Ñ?иÑ?Ñ?емом (squeeze) и неÑ?Ñ?абилÑ?ном (sid) вÑ?пÑ?Ñ?каÑ?
+Ñ?Ñ?а пÑ?облема бÑ?деÑ? иÑ?пÑ?авлена позже.</p>
 
 
- -<p>We recommend that you upgrade your mysql-ocaml packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? mysql-ocaml.</p>
 </define-tag>
 
 # do not modify the following line
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXgi6sAAoJEF7nbuICFtKlZQAP/0oTsvVpgE1ppL9P/4gtHN8b
5b2p0Ez0vJ740GZ46kN0KjUMEr6zzS8pmrKN0+iBXpmyQMdLAjmGbwFZp2BXFjXf
c+CDxR0AsSGgLQP8qhYAHmSfiM4ySdode4AJfcmzHFqzR4dA70eeK4S2bkOx/L2J
oq0ZnpD9x6bJLzXAeIcDLBb0KbzSUSYVo2jgQFJjTiqqZS2MrsDK6qcgE59K8ukB
jO2W5Cbzb2k7lmFO/QLVicT8VqJjuHpY6egxFTk/ZInICjSSVNL3+kdyHaAIT7Mh
7I7T+JLuPgT+GLtuSAktp8G4eQRxRTBt2g2Xm4RTMEM49UDi7UNTIC1IROPK7vfu
nWM7jVerPy/P2a6hD3HQRAP3MRRMWksbd1H0OpVn1DoTt2r9VhyHfeMySyuvvrD4
fYT43nfE7s2UxtAFUl9IoChRI9BKO/q0iW9ibHSYOu1MlSyeEcu/hW091aiP3iqg
wvModtsLaF7UJPY95ikQWRB4jqxI1Y77fnLlMeaAJXGsEKAFF8jp8xNMFb42Uy1Y
jRVRi2UCI+bhJHtddJF8GwSOxp7ijZfkpjC2HLw+5kb0ORGWfK9iO5BpWji1N+9q
Wwe1xzF8uSeS30tj5ANakfaEtQMCk3eXAYNPQbV+3wDq6NLlUSLOicuwwHXgeNC5
dWvwFmPMPgQgrd2Vqry4
=hoaR
-----END PGP SIGNATURE-----
Reply to: