[DONE] wml://security/2002/dsa-1{63,22}.wml
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- --- english/security/2002/dsa-122.wml 2002-03-12 12:41:28.000000000 +0500
+++ russian/security/2002/dsa-122.wml 2016-09-22 23:07:11.374049467 +0500
@@ -1,18 +1,19 @@
- -<define-tag description>malloc error (double free)</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>оÑ?ибка вÑ?делениÑ? памÑ?Ñ?и (двойное оÑ?вобождение памÑ?Ñ?и)</define-tag>
<define-tag moreinfo>
- -<p>The compression library zlib has a flaw in which it attempts to free
- -memory more than once under certain conditions. This can possibly be
- -exploited to run arbitrary code in a program that includes zlib. If a
- -network application running as root is linked to zlib, this could
- -potentially lead to a remote root compromise. No exploits are known at
- -this time. This vulnerability is assigned the CVE candidate name of
+<p>Ð?иблиоÑ?ека Ñ?жаÑ?иÑ? zlib Ñ?одеÑ?жиÑ? оÑ?ибкÑ?, из-за коÑ?оÑ?ой пÑ?и опÑ?еделÑ?ннÑ?Ñ? Ñ?Ñ?ловиÑ?Ñ?
+она пÑ?Ñ?аеÑ?Ñ?Ñ? оÑ?вободиÑ?Ñ? памÑ?Ñ?Ñ? более одного Ñ?аза. ÐÑ?а оÑ?ибка поÑ?енÑ?иалÑ?но можеÑ?
+иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ? длÑ? запÑ?Ñ?ка пÑ?оизволÑ?ного кода в пÑ?огÑ?амме, вклÑ?Ñ?аÑ?Ñ?ей zlib. Ð?Ñ?ли
+Ñ?еÑ?евое пÑ?иложение, запÑ?Ñ?енное оÑ? лиÑ?а Ñ?Ñ?пеÑ?полÑ?зоваÑ?елÑ?, Ñ?компоновано Ñ? zlib, Ñ?о Ñ?Ñ?о поÑ?енÑ?иалÑ?но
+можеÑ? пÑ?иводиÑ?Ñ? к Ñ?далÑ?нной компÑ?омеÑ?аÑ?ии Ñ?Ñ?пеÑ?полÑ?зоваÑ?елÑ?. Ð? наÑ?Ñ?оÑ?Ñ?ее вÑ?емÑ? Ñ?кÑ?плоиÑ?Ñ?
+не извеÑ?Ñ?нÑ?. Ð?аннаÑ? Ñ?Ñ?звимоÑ?Ñ?Ñ? полÑ?Ñ?ила кандидаÑ?-иденÑ?иÑ?икаÑ?оÑ? CVE,
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0059";>CAN-2002-0059</a>.</p>
- -<p>The zlib vulnerability is fixed in the Debian zlib package version
- -1.1.3-5.1. A number of programs either link statically to zlib or include
- -a private copy of zlib code. These programs must also be upgraded
- -to eliminate the zlib vulnerability. The affected packages and fixed
- -versions follow:</p>
+<p>УÑ?звимоÑ?Ñ?Ñ? в zlib бÑ?ла иÑ?пÑ?авлена в пакеÑ?е zlib веÑ?Ñ?ии
+1.1.3-5.1. Ð Ñ?д пÑ?огÑ?амм Ñ?Ñ?аÑ?иÑ?еÑ?ки Ñ?компонованÑ? Ñ? zlib, либо вклÑ?Ñ?аÑ?Ñ? в Ñ?ебÑ?
+Ñ?обÑ?Ñ?веннÑ?Ñ? копиÑ? кода zlib. ÐÑ?и пÑ?огÑ?аммÑ? Ñ?оже Ñ?ледÑ?еÑ? обновиÑ?Ñ? Ñ? Ñ?елÑ?Ñ?
+Ñ?Ñ?Ñ?Ñ?анениÑ? Ñ?Ñ?звимоÑ?Ñ?и в zlib. Ð?одвеÑ?женнÑ?е Ñ?Ñ?звимоÑ?Ñ?и пакеÑ?Ñ? и иÑ? иÑ?пÑ?авленнÑ?е
+веÑ?Ñ?ии пÑ?иводÑ?Ñ?Ñ?Ñ? ниже:</p>
<ul>
<li> amaya 2.4-1potato1
@@ -25,15 +26,15 @@
<li> vrweb 1.5-5.1
</ul>
- -<p>Those using the pre-release (testing) version of Debian should upgrade
- -to zlib 1.1.3-19.1 or a later version. Note that since this version of
- -Debian has not yet been released it may not be available immediately for
- -all architectures. Debian 2.2 (potato) is the latest supported release.</p>
+<p>Те, кÑ?о иÑ?полÑ?зÑ?Ñ?Ñ? пÑ?едваÑ?иÑ?елÑ?нÑ?й (Ñ?еÑ?Ñ?иÑ?Ñ?емÑ?й) вÑ?пÑ?Ñ?к Debian, должнÑ?
+вÑ?полниÑ?Ñ? обновление до zlib веÑ?Ñ?ии 1.1.3-19.1 или более поздней. Ð?амеÑ?Ñ?Ñ?е, Ñ?Ñ?о поÑ?колÑ?кÑ? Ñ?Ñ?а веÑ?Ñ?иÑ?
+Debian пока не бÑ?ла вÑ?пÑ?Ñ?енÑ?, Ñ?о Ñ?Ñ?оÑ? пакеÑ? можеÑ? не бÑ?Ñ?Ñ? доÑ?Ñ?Ñ?пен длÑ? вÑ?еÑ? аÑ?Ñ?иÑ?екÑ?Ñ?Ñ?
+одновÑ?еменно. Debian 2.2 (potato) Ñ?влÑ?еÑ?Ñ?Ñ? наиболее Ñ?вежим поддеÑ?живаемÑ?м вÑ?пÑ?Ñ?ком.</p>
- -<p>We recommend that you upgrade your packages immediately. Note that you
- -should restart all programs that use the shared zlib library in order
- -for the fix to take effect. This is most easily done by rebooting the
- -system.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? как можно Ñ?коÑ?ее обновиÑ?Ñ? пакеÑ?Ñ?. Ð?амеÑ?Ñ?Ñ?е, Ñ?Ñ?о вам
+Ñ?ледÑ?еÑ? пеÑ?езапÑ?Ñ?Ñ?иÑ?Ñ? вÑ?е пÑ?огÑ?аммÑ?, иÑ?полÑ?зÑ?Ñ?Ñ?ие Ñ?азделÑ?емÑ?Ñ? библиоÑ?екÑ? zlib длÑ? Ñ?ого, Ñ?Ñ?обÑ?
+Ñ?Ñ?о иÑ?пÑ?авление наÑ?ало дейÑ?Ñ?воваÑ?Ñ?. Ð?Ñ?оÑ?е вÑ?его можно Ñ?делаÑ?Ñ? пÑ?Ñ?Ñ?м пеÑ?езапÑ?Ñ?ка
+вÑ?ей Ñ?иÑ?Ñ?емÑ?.</p>
</define-tag>
# do not modify the following line
- --- english/security/2002/dsa-163.wml 2002-09-16 23:38:45.000000000 +0600
+++ russian/security/2002/dsa-163.wml 2016-09-22 22:57:55.471687847 +0500
@@ -1,19 +1,20 @@
- -<define-tag description>cross site scripting</define-tag>
+#use wml::debian::translation-check translation="1.5" maintainer="Lev Lamberov"
+<define-tag description>межÑ?айÑ?овÑ?й Ñ?кÑ?ипÑ?инг</define-tag>
<define-tag moreinfo>
- -<p>Jason Molenda and Hiromitsu Takagi
- -<a href="http://online.securityfocus.com/archive/1/268455";>found</a>
- -ways to exploit cross site
- -scripting bugs in mhonarc, a mail to HTML converter. When processing
- -maliciously crafted mails of type text/html mhonarc does not
- -deactivate all scripting parts properly. This is fixed in upstream
- -version 2.5.3.</p>
- -
- -<p>If you are worried about security, it is recommended that you disable
- -support of text/html messages in your mail archives. There is no
- -guarantee that the mhtxthtml.pl library is robust enough to eliminate
- -all possible exploits that can occur with HTML data.</p>
+<p>Ð?жейÑ?он Ð?оленда и ХиÑ?омиÑ?Ñ?Ñ? Такаги
+<a href="http://online.securityfocus.com/archive/1/268455";>обнаÑ?Ñ?жили</a>
+Ñ?поÑ?обÑ? иÑ?полÑ?зованиÑ? межÑ?айÑ?ового Ñ?кÑ?ипÑ?инга
+в mhonarc, пÑ?огÑ?амме длÑ? пÑ?еобÑ?азованиÑ? Ñ?ообÑ?ений Ñ?лекÑ?Ñ?онной поÑ?Ñ?Ñ? в HTML. Ð?Ñ?и обÑ?абоÑ?ке
+Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованнÑ?Ñ? Ñ?ообÑ?ений Ñ? Ñ?ипом text/html mhonarc непÑ?авилÑ?но
+оÑ?клÑ?Ñ?аеÑ? Ñ?аÑ?Ñ?и Ñ?Ñ?енаÑ?иÑ?. ÐÑ?а пÑ?облема иÑ?пÑ?авлена в веÑ?Ñ?ии 2.5.3
+в оÑ?новной веÑ?ке Ñ?азÑ?абоÑ?ки.</p>
+
+<p>Ð?Ñ?ли ваÑ? волнÑ?еÑ? безопаÑ?ноÑ?Ñ?Ñ?, Ñ?о Ñ?екомендÑ?еÑ?Ñ?Ñ? оÑ?клÑ?Ñ?иÑ?Ñ?
+поддеÑ?жкÑ? Ñ?ообÑ?ений text/html в ваÑ?ем поÑ?Ñ?овом аÑ?Ñ?иве. Ð?еÑ? никакой
+гаÑ?анÑ?ии, Ñ?Ñ?о библиоÑ?ека mhtxthtml.pl доÑ?Ñ?аÑ?оÑ?на надÑ?жна, Ñ?Ñ?обÑ?
+Ñ?пÑ?авиÑ?Ñ?Ñ? Ñ?о вÑ?еми возможнÑ?ми Ñ?Ñ?звимоÑ?Ñ?Ñ?ми, коÑ?оÑ?Ñ?е могÑ?Ñ? возникнÑ?Ñ?Ñ? в HTML-даннÑ?Ñ?.</p>
- -<p>To exclude HTML data, you can use the MIMEEXCS resource. For example:</p>
+<p>Ð?лÑ? Ñ?ого, Ñ?Ñ?обÑ? иÑ?клÑ?Ñ?иÑ?Ñ? HTML-даннÑ?е, вÑ? можеÑ?е иÑ?полÑ?зоваÑ?Ñ? Ñ?еÑ?Ñ?Ñ?Ñ? MIMEEXCS. Ð?апÑ?имеÑ?:</p>
<pre>
<MIMEExcs>
@@ -22,11 +23,11 @@
</MIMEExcs>
</pre>
- -<p>The type "text/x-html" is probably not used any more, but is good to
- -include it, just-in-case.</p>
+<p>Ð?еÑ?оÑ?Ñ?но, Ñ?ип "text/x-html" более не иÑ?полÑ?зÑ?еÑ?Ñ?Ñ?, но лÑ?Ñ?Ñ?е
+на вÑ?Ñ?кий Ñ?лÑ?Ñ?ай добавиÑ?Ñ? и его.</p>
- -<p>If you are concerned that this could block out the entire contents of
- -some messages, then you could do the following instead:</p>
+<p>Ð?Ñ?ли вÑ? Ñ?Ñ?иÑ?аеÑ?е, Ñ?Ñ?о Ñ?Ñ?о пÑ?иведÑ?Ñ? к блокиÑ?овке вÑ?его Ñ?одеÑ?жимого
+некоÑ?оÑ?Ñ?Ñ? Ñ?ообÑ?ений, Ñ?о вÑ? можеÑ?е иÑ?полÑ?зоваÑ?Ñ? Ñ?ледÑ?Ñ?Ñ?ие наÑ?Ñ?Ñ?ойки:</p>
<pre>
<MIMEFilters>
@@ -35,14 +36,14 @@
</MIMEFilters>
</pre>
- -<p>This treats the HTML as text/plain.</p>
+<p>Ð?Ñ?и Ñ?Ñ?иÑ? наÑ?Ñ?Ñ?ойкаÑ? HTML Ñ?аÑ?Ñ?маÑ?Ñ?иваеÑ?Ñ?Ñ? в каÑ?еÑ?Ñ?ве text/plain.</p>
- -<p>The above problems have been fixed in version 2.5.2-1.1 for the
- -current stable distribution (woody), in version 2.4.4-1.1 for
- -the old stable distribution (potato) and in version 2.5.11-1 for the
- -unstable distribution (sid).</p>
+<p>УказаннÑ?е вÑ?Ñ?е пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в веÑ?Ñ?ии 2.5.2-1.1 в
+Ñ?екÑ?Ñ?ем Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (woody), в веÑ?Ñ?ии 2.4.4-1.1 в
+пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (potato) и в веÑ?Ñ?ии 2.5.11-1 в
+неÑ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (sid).</p>
- -<p>We recommend that you upgrade your mhonarc packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? mhonarc.</p>
</define-tag>
# do not modify the following line
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJX5B3TAAoJEF7nbuICFtKl3oAQAKB0HJO+yfHsa8VSECm1HdE8
aAxL/68QRjhgp6hoiwEH6GiDdzmXHncUaKOMKg7TOOmzHICgY/xYptPBzoBQlCXd
3pb8SF18Msh3M7nqYmadyNMtNF5pYYamGyg81VliH556pP7TmNRW6HOCckSxWqNK
tu7K7kpSAcrg5dUpBN92eg6XGQpxRhopfxeXasNTuzm9qtY05FHfCI5gEDJ/ILh/
0WvovhE4eTyFbEW0dJmqrw0ehgPmoaW+FJt0wjq8IGncKjE1buUdP+yXs8IM3rpH
D1TsomGip9jEPyECmMtN/wiP+5FB1ZL87VUIy+XjFfvz1BP7b3yFy4qs4+788yys
jMG8hbG9h1Aw6ZxHicPh+FLbpq8BRVMXYFGP9OgrK9wVShGcjeVSGwGa7nZHa+XI
T9lfuzZzSFGvNSlabNB1gRQe1vi0RVrJgmy2dfuWZ2xiohbAMRKnDTPYYpTw/TxS
yogRvzBPhO0rYWsyEp2z2yoWfeqPRcEOsq6ClkWxEns3y81hKCSplnH0y91DEeRS
XTZxos+vn7uy4bidzaTEwPVv+E4zdDMGzDvdCgnw3XS2G5X8+odV0C5Y6OUrjZ1e
s38Z0616btisu+G/LdQUiHACiGIYhsvj42ePsJlCriwR8AjN3LCRVoZxBbTUVgtd
MGwlTDvk5n0EgyCkAB9m
=qbLx
-----END PGP SIGNATURE-----
Reply to: