[DONE] wml://security/2009/dsa-1{783,768,870}.wml

[Lev Lamberov <dogsleg@debian.org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- english/security/2009/dsa-1768.wml	2014-04-30 13:16:18.000000000 +0600
+++ russian/security/2009/dsa-1768.wml	2016-09-12 18:09:27.075798496 +0500
@@ -1,39 +1,40 @@
- -<define-tag description>several vulnerabilities</define-tag>
+#use wml::debian::translation-check translation="1.3" maintainer="Lev Lamberov"
+<define-tag description>неÑ?колÑ?ко Ñ?Ñ?звимоÑ?Ñ?ей</define-tag>
 <define-tag moreinfo>
- -<p>Two vulnerabilities were discovered in the client part of OpenAFS, a
- -distributed file system.</p>
+<p>Ð? клиенÑ?Ñ?кой Ñ?аÑ?Ñ?и OpenAFS, Ñ?аÑ?пÑ?еделÑ?нной Ñ?айловой Ñ?иÑ?Ñ?емÑ?, бÑ?ли обнаÑ?Ñ?женÑ?
+две Ñ?Ñ?звимоÑ?Ñ?и.</p>
 
 <ul>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2009-1251";>CVE-2009-1251</a>
- -<p>An attacker with control of a file server or the ability to forge RX
- -packets may be able to execute arbitrary code in kernel mode on an
- -OpenAFS client, due to a vulnerability in XDR array decoding.</p></li>
+<p>Ð?лоÑ?мÑ?Ñ?ленник, имеÑ?Ñ?ий конÑ?Ñ?олÑ? над Ñ?айловÑ?м Ñ?еÑ?веÑ?ом или возможноÑ?Ñ?Ñ? подделаÑ?Ñ?
+RX-пакеÑ?Ñ?, можеÑ? вÑ?полниÑ?Ñ? пÑ?оизволÑ?нÑ?й код в Ñ?ежиме Ñ?дÑ?а на
+клиенÑ?е OpenAFS из-за Ñ?Ñ?звимоÑ?Ñ?и в коде декодиÑ?ованиÑ? XDR-маÑ?Ñ?ива.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2009-1250";>CVE-2009-1250</a>
- -<p>An attacker with control of a file server or the ability to forge RX
- -packets may crash OpenAFS clients because of wrongly handled error
- -return codes in the kernel module.</p></li>
+<p>Ð?лоÑ?мÑ?Ñ?ленник, имеÑ?Ñ?ий конÑ?Ñ?олÑ? над Ñ?айловÑ?м Ñ?еÑ?веÑ?ом или возможноÑ?Ñ?Ñ? подделаÑ?Ñ?
+RX-пакеÑ?Ñ?, можеÑ? аваÑ?ийно завеÑ?Ñ?иÑ?Ñ? Ñ?абоÑ?Ñ? клиенÑ?ов OpenAFS из-за непÑ?авилÑ?ной обÑ?абоÑ?ки
+возвÑ?аÑ?аемÑ?Ñ? кодов оÑ?ибки в модÑ?ле Ñ?дÑ?а.</p></li>
 
 </ul>
 
- -<p>Note that in order to apply this security update, you must rebuild the
- -OpenAFS kernel module.  Be sure to also upgrade openafs-modules-source,
- -build a new kernel module for your system following the instructions in
- -/usr/share/doc/openafs-client/README.modules.gz, and then either stop
- -and restart openafs-client or reboot the system to reload the kernel
- -module.</p>
- -
- -<p>For the old stable distribution (etch), these problems have been fixed
- -in version 1.4.2-6etch2.</p>
+<p>Ð?амеÑ?Ñ?Ñ?е, Ñ?Ñ?о длÑ? Ñ?ого, Ñ?Ñ?обÑ? пÑ?имениÑ?Ñ? Ñ?Ñ?о обновление безопаÑ?ноÑ?Ñ?и вам Ñ?ледÑ?еÑ? заново
+Ñ?обÑ?аÑ?Ñ? модÑ?лÑ? Ñ?дÑ?а OpenAFS.  Ð?бÑ?заÑ?елÑ?но обновиÑ?е openafs-modules-source,
+Ñ?обеÑ?иÑ?е новÑ?й модÑ?лÑ? Ñ?дÑ?а длÑ? ваÑ?ей Ñ?иÑ?Ñ?емÑ?, Ñ?ледÑ?Ñ? инÑ?Ñ?Ñ?Ñ?кÑ?иÑ?м в
+Ñ?айле /usr/share/doc/openafs-client/README.modules.gz, а заÑ?ем либо оÑ?Ñ?ановиÑ?е
+и пеÑ?езапÑ?Ñ?Ñ?иÑ?е openafs-client, либо пеÑ?езапÑ?Ñ?Ñ?иÑ? Ñ?иÑ?Ñ?емÑ?, Ñ?Ñ?обÑ? пеÑ?езагÑ?Ñ?зиÑ?Ñ?
+модÑ?лÑ? Ñ?дÑ?а.</p>
+
+<p>Ð? пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (etch) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ?
+в веÑ?Ñ?ии 1.4.2-6etch2.</p>
 
- -<p>For the stable distribution (lenny), these problems have been fixed in
- -version 1.4.7.dfsg1-6+lenny1.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (lenny) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 1.4.7.dfsg1-6+lenny1.</p>
 
- -<p>For the unstable distribution (sid), these problems have been fixed in
- -version 1.4.10+dfsg1-1.</p>
+<p>Ð? неÑ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (sid) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 1.4.10+dfsg1-1.</p>
 
- -<p>We recommend that you upgrade your openafs packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? openafs.</p>
 </define-tag>
 
 # do not modify the following line
- --- english/security/2009/dsa-1783.wml	2014-04-30 13:16:18.000000000 +0600
+++ russian/security/2009/dsa-1783.wml	2016-09-12 18:02:56.978692850 +0500
@@ -1,38 +1,39 @@
- -<define-tag description>multiple vulnerabilities</define-tag>
+#use wml::debian::translation-check translation="1.3" maintainer="Lev Lamberov"
+<define-tag description>многоÑ?иÑ?леннÑ?е Ñ?Ñ?звимоÑ?Ñ?и</define-tag>
 <define-tag moreinfo>
- -<p>Multiple vulnerabilities have been identified affecting MySQL, a
- -relational database server, and its associated interactive client
- -application.  The Common Vulnerabilities and Exposures project
- -identifies the following two problems:</p>
+<p>Ð? MySQL, Ñ?еÑ?веÑ?е Ñ?елÑ?Ñ?ионнÑ?Ñ? баз даннÑ?Ñ?, а Ñ?акже в Ñ?вÑ?занном Ñ? ним
+инÑ?еÑ?акÑ?ивном клиенÑ?Ñ?ком пÑ?иложении, бÑ?ли обнаÑ?Ñ?женÑ? многоÑ?иÑ?леннÑ?е
+Ñ?Ñ?звимоÑ?Ñ?и.  Ð?Ñ?оекÑ? Common Vulnerabilities and Exposures
+опÑ?еделÑ?еÑ? Ñ?ледÑ?Ñ?Ñ?ие две пÑ?облемÑ?:</p>
 
 <ul>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2008-3963";>CVE-2008-3963</a>
 
- -    <p>Kay Roepke reported that the MySQL server would not properly handle
- -    an empty bit-string literal in an SQL statement, allowing an
- -    authenticated remote attacker to cause a denial of service (a crash)
- -    in mysqld.  This issue affects the oldstable distribution (etch), but
- -    not the stable distribution (lenny).</p></li>
+    <p>Ð?Ñ?й Ð Ñ?пке Ñ?ообÑ?ил, Ñ?Ñ?о Ñ?еÑ?веÑ? MySQL непÑ?авилÑ?но обÑ?абаÑ?Ñ?ваеÑ?
+    пÑ?Ñ?Ñ?ой биÑ?ово-Ñ?Ñ?Ñ?оковой лиÑ?еÑ?ал в Ñ?Ñ?веÑ?ждении SQL, позволÑ?Ñ?
+    аÑ?Ñ?енÑ?иÑ?иÑ?иÑ?ованномÑ? Ñ?далÑ?нномÑ? злоÑ?мÑ?Ñ?ленникÑ? вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка)
+    в mysqld.  ЭÑ?а пÑ?облема каÑ?аеÑ?Ñ?Ñ? пÑ?едÑ?дÑ?Ñ?его Ñ?Ñ?абилÑ?ного вÑ?пÑ?Ñ?ка (etch), но
+    не Ñ?Ñ?абилÑ?ного вÑ?пÑ?Ñ?ка (lenny).</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2008-4456";>CVE-2008-4456</a>
 
- -    <p>Thomas Henlich reported that the MySQL commandline client application
- -    did not encode HTML special characters when run in HTML output mode
- -    (that is, "mysql --html ...").  This could potentially lead to
- -    cross-site scripting or unintended script privilege escalation if
- -    the resulting output is viewed in a browser or incorporated into
- -    a web site.</p></li>
+    <p>ТомаÑ? ХенлиÑ? Ñ?ообÑ?ил, Ñ?Ñ?о клиенÑ?Ñ?кое пÑ?иложениÑ? длÑ? командной Ñ?Ñ?Ñ?оки длÑ?
+    MySQL не кодиÑ?Ñ?еÑ? Ñ?пеÑ?иалÑ?нÑ?й Ñ?иволÑ? HTML пÑ?и запÑ?Ñ?ке в Ñ?ежиме вÑ?вода HTML
+    (Ñ?о еÑ?Ñ?Ñ?, "mysql --html ...").  ЭÑ?о можеÑ? поÑ?енÑ?иалÑ?но пÑ?иводиÑ?Ñ? к
+    межÑ?айÑ?овомÑ? Ñ?кÑ?ипÑ?ингÑ? или непÑ?еднамеÑ?енномÑ? повÑ?Ñ?ениÑ? пÑ?ивилегий Ñ?Ñ?енаÑ?иÑ? в Ñ?лÑ?Ñ?ае,
+    еÑ?ли полÑ?Ñ?аÑ?Ñ?ийÑ?Ñ? вÑ?вод пÑ?оÑ?маÑ?Ñ?иваеÑ?Ñ?Ñ? в бÑ?аÑ?зеÑ?е или вÑ?Ñ?Ñ?аиваеÑ?Ñ?Ñ? в
+    веб-Ñ?айÑ?.</p></li>
 
 </ul>
 
- -<p>For the old stable distribution (etch), these problems have been fixed in
- -version 5.0.32-7etch10.</p>
+<p>Ð? пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (etch) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 5.0.32-7etch10.</p>
 
- -<p>For the stable distribution (lenny),  these problems have been fixed in
- -version 5.0.51a-24+lenny1.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (lenny) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 5.0.51a-24+lenny1.</p>
 
- -<p>We recommend that you upgrade your mysql-dfsg-5.0 packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? mysql-dfsg-5.0.</p>
 </define-tag>
 
 # do not modify the following line
- --- english/security/2009/dsa-1870.wml	2014-04-30 13:16:19.000000000 +0600
+++ russian/security/2009/dsa-1870.wml	2016-09-12 18:18:59.678010555 +0500
@@ -1,30 +1,31 @@
- -<define-tag description>insufficient input validation</define-tag>
+#use wml::debian::translation-check translation="1.3" maintainer="Lev Lamberov"
+<define-tag description>недоÑ?Ñ?аÑ?оÑ?наÑ? пÑ?овеÑ?ка вÑ?однÑ?Ñ? даннÑ?Ñ?</define-tag>
 <define-tag moreinfo>
- -<p>Federico Muttis discovered that libpurple, the shared library that adds
- -support for various instant messaging networks to the pidgin IM client, is
- -vulnerable to a heap-based buffer overflow.  This issue exists because of
- -an incomplete fix for <a href="https://security-tracker.debian.org/tracker/CVE-2008-2927";>CVE-2008-2927</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2009-1376";>CVE-2009-1376</a>.  An attacker can
- -exploit this by sending two consecutive SLP packets to a victim via MSN.</p>
+<p>ФедеÑ?ико Ð?Ñ?Ñ?Ñ?иÑ? обнаÑ?Ñ?жил, Ñ?Ñ?о libpurple, Ñ?азделÑ?емаÑ? библиоÑ?ека, добавлÑ?Ñ?Ñ?аÑ?
+клиенÑ?Ñ? pidgin поддеÑ?жкÑ? Ñ?азлиÑ?нÑ?Ñ? Ñ?еÑ?ей длÑ? мгновенного обмена Ñ?ообÑ?ениÑ?ми, Ñ?одеÑ?жиÑ?
+пеÑ?еполнение динамиÑ?еÑ?кой памÑ?Ñ?и.  ЭÑ?а пÑ?облема имееÑ? меÑ?Ñ?о из-за
+неполного иÑ?пÑ?авлениÑ? <a href="https://security-tracker.debian.org/tracker/CVE-2008-2927";>CVE-2008-2927</a> и <a href="https://security-tracker.debian.org/tracker/CVE-2009-1376";>CVE-2009-1376</a>.  Ð?лоÑ?мÑ?Ñ?ленник можеÑ?
+иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ?, оÑ?пÑ?авив жеÑ?Ñ?ве два поÑ?ледоваÑ?елÑ?нÑ?Ñ? SLP-пакеÑ?а Ñ?еÑ?ез MSN.</p>
 
- -<p>The first packet is used to create an SLP message object with an offset of
- -zero, the second packet then contains a crafted offset which hits the
- -vulnerable code originally fixed in <a href="https://security-tracker.debian.org/tracker/CVE-2008-2927";>CVE-2008-2927</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2009-1376";>CVE-2009-1376</a> and
- -allows an attacker to execute arbitrary code.</p>
+<p>Ð?еÑ?вÑ?й пакеÑ? иÑ?полÑ?зÑ?еÑ?Ñ?Ñ? длÑ? Ñ?озданиÑ? обÑ?екÑ?а-Ñ?ообÑ?ениÑ? SLP Ñ? оÑ?Ñ?Ñ?Ñ?пом, Ñ?авнÑ?м
+нÑ?лÑ?, вÑ?оÑ?ой пакеÑ? Ñ?одеÑ?жиÑ? Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованнÑ?й оÑ?Ñ?Ñ?Ñ?п, коÑ?оÑ?Ñ?й вÑ?зÑ?ваеÑ? Ñ?Ñ?звимоÑ?Ñ?Ñ?,
+изнаÑ?алÑ?но иÑ?пÑ?авленнÑ?Ñ? в <a href="https://security-tracker.debian.org/tracker/CVE-2008-2927";>CVE-2008-2927</a> и <a href="https://security-tracker.debian.org/tracker/CVE-2009-1376";>CVE-2009-1376</a> и
+позволÑ?еÑ? злоÑ?мÑ?Ñ?ленникÑ? вÑ?полниÑ?Ñ? пÑ?оизволÑ?нÑ?й код.</p>
 
- -<p>Note: Users with the "Allow only the users below" setting are not vulnerable
- -to this attack. If you can't install the below updates you may want to
- -set this via Tools->Privacy.</p>
+<p>Ð?нимание: полÑ?зоваÑ?ели, иÑ?полÑ?зÑ?Ñ?Ñ?ие опÑ?иÑ? "Allow only the users below" не подвеÑ?женÑ?
+Ñ?Ñ?ой Ñ?Ñ?звимоÑ?Ñ?и. Ð?Ñ?ли вÑ? не можеÑ?е Ñ?Ñ?Ñ?ановиÑ?Ñ? пÑ?иведÑ?ннÑ?е ниже обновлениÑ?,
+Ñ?Ñ?Ñ?ановиÑ?е Ñ?Ñ?Ñ? опÑ?иÑ? в Tools->Privacy.</p>
 
 
- -<p>For the stable distribution (lenny), this problem has been fixed in
- -version 2.4.3-4lenny3.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (lenny) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 2.4.3-4lenny3.</p>
 
- -<p>For the testing distribution (squeeze), this problem will be fixed soon.</p>
+<p>Ð? Ñ?еÑ?Ñ?иÑ?Ñ?емом вÑ?пÑ?Ñ?ке (squeeze) Ñ?Ñ?а пÑ?облема бÑ?деÑ? иÑ?пÑ?авлена позже.</p>
 
- -<p>For the unstable distribution (sid), this problem has been fixed in
- -version 2.5.9-1.</p>
+<p>Ð? неÑ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (sid) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 2.5.9-1.</p>
 
- -<p>We recommend that you upgrade your pidgin packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? pidgin.</p>
 </define-tag>
 
 # do not modify the following line
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJX1qtGAAoJEF7nbuICFtKlObAP/jYzQDUMeX+OOi467ZZPBzHb
xmvnslhwKYJGVwpWfmBHIHiv8xB5ClHWuMxoMeOznQgbV0VxZhtm0QFkwkelsLvz
wQIe62wtnKB59+FKFhnhweUk0meSJsit3VNlbEkxoV1YUVAC2SiZRKJPDE4cqAD+
VVM60TwXO+hRdg5ZUrLXm7hZSApv3Bj3jb8NaW/LPr1JCjA9PglqUpvGf1mwzak0
TcBX1XLExkUg7o3/C/JNWKFZDaAd1IkIsJN5l6ZzHAP/Iv2czzojVWHCtWtTcwep
6rAXbK+jzxhfD5Fl+76CGSJhnEHd1ifQcW447c26DQT/jUrP/lRu1XiP5d8jaQ+A
fVQ4A6SbKGIudmfJ9GJowR7F6QgbR2jzR7BlWCZGcEtHi55t00R14rfhKM1nskms
a6QwnDpapODwl1Kpq0LsyjvCOpzITR3nliIzCNHx2+nvwnZiY1OF094KUj7w8Qh6
i6nnMOLFt0f/mDF5o3rZ1qoKHuB9vtwMYSeJRP2PvICeqiDzqqEcZ8rf/zX/d6Xb
GR3icYIMKGHG30hZeiHNEIv2ZkQKMzA/bmckV9f98y56rzeZf/XKv0q+Iyc0Bjkv
N/YIy1DWWPNMaDQLHWJ/68WhwF5EanYhZ/vfMUKctkbyr9vzQIeeI722kjmC6CLt
YUmuN7MOr9AYEbO6J0Ji
=KDzs
-----END PGP SIGNATURE-----