[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[DONE] wml://security/2009/dsa-1{765,812}.wml

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- english/security/2009/dsa-1765.wml	2014-04-30 13:16:18.000000000 +0600
+++ russian/security/2009/dsa-1765.wml	2016-10-22 13:23:38.186529318 +0500
@@ -1,45 +1,46 @@
- -<define-tag description>Multiple vulnerabilities</define-tag>
+#use wml::debian::translation-check translation="1.4" maintainer="Lev Lamberov"
+<define-tag description>многоÑ?иÑ?леннÑ?е Ñ?Ñ?звимоÑ?Ñ?и</define-tag>
 <define-tag moreinfo>
- -<p>Several vulnerabilities have been found in horde3, the horde web application
- -framework. The Common Vulnerabilities and Exposures project identifies
- -the following problems:</p>
+<p>Ð? horde3, инÑ?Ñ?аÑ?Ñ?Ñ?Ñ?кÑ?Ñ?Ñ?е веб-пÑ?иложений horde, бÑ?ло обнаÑ?Ñ?жено неÑ?колÑ?ко
+Ñ?Ñ?звимоÑ?Ñ?ей. Ð?Ñ?оекÑ? Common Vulnerabilities and Exposures опÑ?еделÑ?еÑ?
+Ñ?ледÑ?Ñ?Ñ?ие пÑ?облемÑ?:</p>
 
 <ul>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2009-0932";>CVE-2009-0932</a>
 
- -<p>Gunnar Wrobel discovered a directory traversal vulnerability, which
- -allows attackers to include and execute arbitrary local files via the
- -driver parameter in Horde_Image.</p></li>
+<p>Ð?Ñ?ннаÑ? Ð?Ñ?обелÑ? обнаÑ?Ñ?жил обÑ?од каÑ?алога, коÑ?оÑ?Ñ?й позволÑ?еÑ?
+злоÑ?мÑ?Ñ?ленникам вклÑ?Ñ?аÑ?Ñ? и вÑ?полнÑ?Ñ?Ñ? локалÑ?нÑ?е Ñ?айлÑ? Ñ? помоÑ?Ñ?Ñ?
+паÑ?амеÑ?Ñ?а движка в Horde_Image.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2008-3330";>CVE-2008-3330</a>
 
- -<p>It was discovered that an attacker could perform a cross-site scripting
- -attack via the contact name, which allows attackers to inject arbitrary
- -html code. This requires that the attacker has access to create
- -contacts.</p></li>
+<p>Ð?Ñ?ло обнаÑ?Ñ?дено, Ñ?Ñ?о злоÑ?мÑ?Ñ?ленник можеÑ? вÑ?полнÑ?Ñ?Ñ? межÑ?айÑ?овÑ?й
+Ñ?кÑ?ипÑ?инг Ñ? помоÑ?Ñ?Ñ? имени конÑ?акÑ?а, позволÑ?еÑ? злоÑ?мÑ?Ñ?ленникам вводиÑ?Ñ? пÑ?оизволÑ?нÑ?й
+код html. Ð?лÑ? Ñ?Ñ?ого Ñ?Ñ?ебÑ?еÑ?Ñ?Ñ?, Ñ?Ñ?обÑ? злоÑ?мÑ?Ñ?ленник имел доÑ?Ñ?Ñ?п к Ñ?озданиÑ?
+конÑ?акÑ?ов.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2008-5917";>CVE-2008-5917</a>
 
- -<p>It was discovered that the horde XSS filter is prone to a cross-site
- -scripting attack, which allows attackers to inject arbitrary html code.
- -This is only exploitable when Internet Explorer is used.</p></li>
+<p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о XSS-Ñ?илÑ?Ñ?Ñ? horde Ñ?Ñ?звим к межÑ?айÑ?овомÑ?
+Ñ?кÑ?ипÑ?ингÑ?, Ñ?Ñ?о позволÑ?еÑ? злоÑ?мÑ?Ñ?ленникам вводиÑ?Ñ? пÑ?оизволÑ?нÑ?й код html.
+ЭÑ?а Ñ?Ñ?звимоÑ?Ñ?Ñ? можеÑ? иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ? Ñ?олÑ?ко в Ñ?лÑ?Ñ?ае иÑ?полÑ?зованиÑ? Internet Explorer.</p></li>
 
 </ul>
 
 
- -<p>For the oldstable distribution (etch), these problems have been fixed in
- -version 3.1.3-4etch5.</p>
+<p>Ð? пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (etch) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 3.1.3-4etch5.</p>
 
- -<p>For the stable distribution (lenny), these problems have been fixed in
- -version 3.2.2+debian0-2, which was already included in the lenny
- -release.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (lenny) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 3.2.2+debian0-2, коÑ?оÑ?аÑ? Ñ?же добавлена в вÑ?пÑ?Ñ?к
+lenny.</p>
 
- -<p>For the testing distribution (squeeze) and the unstable distribution
- -(sid), these problems have been fixed in version 3.2.2+debian0-2.</p>
+<p>Ð? Ñ?еÑ?Ñ?иÑ?Ñ?емом (squeeze) и неÑ?Ñ?абилÑ?ном (sid) вÑ?пÑ?Ñ?каÑ?
+Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в веÑ?Ñ?ии 3.2.2+debian0-2.</p>
 
 
- -<p>We recommend that you upgrade your horde3 packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? horde3.</p>
 </define-tag>
 
 # do not modify the following line
- --- english/security/2009/dsa-1812.wml	2014-04-30 13:16:19.000000000 +0600
+++ russian/security/2009/dsa-1812.wml	2016-10-22 13:56:07.973507681 +0500
@@ -1,42 +1,43 @@
- -<define-tag description>denial of service</define-tag>
+#use wml::debian::translation-check translation="1.5" maintainer="Lev Lamberov"
+<define-tag description>оÑ?каз в обÑ?лÑ?живании</define-tag>
 <define-tag moreinfo>
- -<p>Apr-util, the Apache Portable Runtime Utility library, is used by
- -Apache 2.x, Subversion, and other applications. Two denial of service
- -vulnerabilities have been found in apr-util:</p>
+<p>Apr-util, пеÑ?еноÑ?имаÑ? обÑ?лÑ?живаÑ?Ñ?аÑ? библиоÑ?ека вÑ?емени иÑ?полнениÑ? Apache, иÑ?полÑ?зÑ?еÑ?Ñ?Ñ?
+Apache 2.x, Subversion и дÑ?Ñ?гими пÑ?иложениÑ?ми. Ð? apr-util бÑ?ли обнаÑ?Ñ?женÑ?
+два оÑ?каза в обÑ?лÑ?живании:</p>
 
 <ul>
 
- -<li><p>"kcope" discovered a flaw in the handling of internal XML entities in
- -the apr_xml_* interface that can be exploited to use all available
- -memory. This denial of service can be triggered remotely in the Apache
- -mod_dav and mod_dav_svn modules. (No CVE id yet)</p></li>
+<li><p>"kcope" обнаÑ?Ñ?жил Ñ?Ñ?звимоÑ?Ñ?Ñ? в коде обÑ?абоÑ?ки внÑ?Ñ?Ñ?енниÑ? Ñ?Ñ?Ñ?ноÑ?Ñ?ей XML в
+инÑ?еÑ?Ñ?ейÑ?е apr_xml_*, коÑ?оÑ?аÑ? можеÑ? иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ? длÑ? поÑ?Ñ?еблениÑ? вÑ?ей
+доÑ?Ñ?Ñ?пной памÑ?Ñ?и. ЭÑ?оÑ? оÑ?каз в обÑ?лÑ?живании можеÑ? иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ? Ñ?далÑ?нно в модÑ?лÑ?Ñ? Apache
+mod_dav и mod_dav_svn. (Ð?денÑ?иÑ?икаÑ?оÑ? CVE пока недоÑ?Ñ?Ñ?пен)</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2009-0023";>CVE-2009-0023</a>
- -<p>Matthew Palmer discovered an underflow flaw in the
- -apr_strmatch_precompile function that can be exploited to cause a
- -daemon crash. The vulnerability can be triggered (1) remotely in
- -mod_dav_svn for Apache if the "SVNMasterURI" directive is in use, (2)
- -remotely in mod_apreq2 for Apache or other applications using
- -libapreq2, or (3) locally in Apache by a crafted ".htaccess" file.
+<p>Ð?Ñ?Ñ?Ñ?Ñ? Ð?алмеÑ? обнаÑ?Ñ?жил Ñ?Ñ?звимоÑ?Ñ?Ñ? в Ñ?Ñ?нкÑ?ии
+apr_strmatch_precompile, коÑ?оÑ?Ñ?й можеÑ? иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ? длÑ? вÑ?зова аваÑ?ийной
+оÑ?Ñ?ановки Ñ?лÑ?жбÑ?. ЭÑ?а Ñ?Ñ?звимоÑ?Ñ?Ñ? можеÑ? иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ? (1) Ñ?далÑ?нно в модÑ?ле
+mod_dav_svn длÑ? Apache, еÑ?ли иÑ?полÑ?зÑ?еÑ?Ñ?Ñ? диÑ?екÑ?ива "SVNMasterURI", (2)
+Ñ?далÑ?нно в модÑ?ле mod_apreq2 длÑ? Apache или дÑ?Ñ?гиÑ? пÑ?иложениÑ?Ñ?, иÑ?полÑ?зÑ?Ñ?Ñ?иÑ?
+libapreq2, или (3) локалÑ?но в Apache Ñ? помоÑ?Ñ?Ñ? Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованного Ñ?айла ".htaccess".
 </p></li>
 
 </ul>
 
- -<p>Other exploit paths in other applications using apr-util may exist.</p>
+<p>Ð?огÑ?Ñ? Ñ?Ñ?Ñ?еÑ?Ñ?воваÑ?Ñ? Ñ?поÑ?обÑ? иÑ?полÑ?зованиÑ? Ñ?Ñ?иÑ? Ñ?Ñ?звимоÑ?Ñ?ей в дÑ?Ñ?гиÑ? пÑ?иложениÑ?Ñ?, иÑ?полÑ?зÑ?Ñ?Ñ?иÑ? apr-util.</p>
 
- -<p>If you use Apache, or if you use svnserve in standalone mode, you need
- -to restart the services after you upgraded the libaprutil1 package.</p>
+<p>Ð?Ñ?ли вÑ? иÑ?полÑ?зÑ?еÑ?е Apache или еÑ?ли вÑ? иÑ?полÑ?зÑ?еÑ?е svnserve в авÑ?ономном Ñ?ежиме, вам Ñ?Ñ?ебÑ?еÑ?Ñ?Ñ?
+пеÑ?езапÑ?Ñ?Ñ?иÑ?Ñ? Ñ?Ñ?и Ñ?лÑ?жбÑ? поÑ?ле обновлениÑ? пакеÑ?а libaprutil1.</p>
 
- -<p>The oldstable distribution (etch), these problems have been fixed in
- -version 1.2.7+dfsg-2+etch2.</p>
+<p>Ð? пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (etch) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 1.2.7+dfsg-2+etch2.</p>
 
- -<p>For the stable distribution (lenny), these problems have been fixed in
- -version 1.2.12+dfsg-8+lenny2.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (lenny) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 1.2.12+dfsg-8+lenny2.</p>
 
- -<p>For the testing distribution (squeeze) and the unstable distribution
- -(sid), these problems will be fixed soon.</p>
+<p>Ð? Ñ?еÑ?Ñ?иÑ?Ñ?емом (squeeze) и неÑ?Ñ?абилÑ?ном (sid) вÑ?пÑ?Ñ?каÑ?
+Ñ?Ñ?и пÑ?облемÑ? бÑ?дÑ?Ñ? иÑ?пÑ?авленÑ? позже.</p>
 
- -<p>We recommend that you upgrade your apr-util packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? apr-util.</p>
 </define-tag>
 
 # do not modify the following line
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJYCymrAAoJEF7nbuICFtKlCkYP/2my1npWxrwaUzwInobuwl8V
P6Ypk7dFzMEe0N9W/rZtMbEA9LpzhMbCu5pJy3YRprqykxDPoGc9Q6O5X+jiX4In
+WLuDw6fhWoTTH9uRU8MSHJO7ld1s5TO5vjHfw2SZMtzGMr5w+G832Kam+DzGO6I
CV4x35Yw0O7dRmhuYVPRD2zJ3Ghs0Xce57OUFi/wzFVsQxDQXOo0mG5NuukkCzuw
JEWuzkwaqxdRzOe+zGLHODsLY6wGYs148ERnemzHIILe5e3LZ9NJBATJ77Qy49wj
dkeaIJ38bqtJd4nwXH9mXWOIgGXe65SK2wDpzPqkrrNGcQHJfiD2o4h0SN8F6WR7
Z/iiDM6VSbvu2BTLW1SmJin2VSYs1IlVcuR4rDfXVQ6GtU5GTCqz8BvXe7nFbVb0
2cjkRkTH58Yxgr20OTMoI+OJHErMecMdi/ArlQsL31yfBTsBQGgeDfe7OpG6uO6a
hoR5t/wn/BpS32IqjMFgzqQayBceup9CQ5YhhTCNPKEBMbre4ECmZIZ0SBuVbNy+
U0x/poBdYuNH8VtW9CwjAGWmmOCv9Ot1aA5mo5qd/RicrmR9zl9FP6Kjf7djn4jA
kt1N7oqI54b/sChvgUPHVfGBwfYRP8ACyKRGZPHBWKNntQPsOz4VK/+UbapoSWMe
9BvnrnwLYSmCa/sxQquX
=9ys/
-----END PGP SIGNATURE-----
Reply to: