[DONE] wml://security/2011/dsa-23{1,6}8.wml

[Lev Lamberov <dogsleg@debian.org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- english/security/2011/dsa-2318.wml	2014-04-30 13:16:25.000000000 +0600
+++ russian/security/2011/dsa-2318.wml	2016-10-30 17:41:48.946235201 +0500
@@ -1,40 +1,41 @@
- -<define-tag description>multiple vulnerabilities</define-tag>
+#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov"
+<define-tag description>многоÑ?иÑ?леннÑ?е Ñ?Ñ?звимоÑ?Ñ?и</define-tag>
 <define-tag moreinfo>
- -<p>Multiple security issues have been discovered in cyrus-imapd, a highly scalable
- -mail system designed for use in enterprise environments.  The Common
- -Vulnerabilities and Exposures project identifies the following problems:</p>
+<p>Ð? cyrus-imapd, вÑ?Ñ?око маÑ?Ñ?Ñ?абиÑ?Ñ?емой поÑ?Ñ?овой Ñ?иÑ?Ñ?еме, Ñ?азÑ?абоÑ?анной длÑ?
+коÑ?поÑ?аÑ?ивнÑ?Ñ? окÑ?Ñ?жений, бÑ?ли обнаÑ?Ñ?женÑ? многоÑ?иÑ?леннÑ?е пÑ?облемÑ? безопаÑ?ноÑ?Ñ?и.  Ð?Ñ?оекÑ?
+Common Vulnerabilities and Exposures опÑ?еделÑ?еÑ? Ñ?ледÑ?Ñ?Ñ?ие пÑ?облемÑ?:</p>
 
 <ul>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2011-3208";>CVE-2011-3208</a>
 
- -    <p>Coverity discovered a stack-based buffer overflow in the NNTP server
- -    implementation (nttpd) of cyrus-imapd.  An attacker can exploit this
- -    flaw via several crafted NNTP commands to execute arbitrary code.</p></li>
+    <p>СоÑ?Ñ?Ñ?дники Coverity обнаÑ?Ñ?жили пеÑ?еполнение бÑ?Ñ?еÑ?а в Ñ?еализаÑ?ии
+    NNTP-Ñ?еÑ?веÑ?а (nttpd) в cyrus-imapd.  Ð?лоÑ?мÑ?Ñ?ленник можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ?
+    Ñ?Ñ?звимоÑ?Ñ?Ñ? Ñ? помоÑ?Ñ?Ñ? Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованнÑ?Ñ? NNTP-команд длÑ? вÑ?полнениÑ? пÑ?оизволÑ?ного кода.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2011-3372";>CVE-2011-3372</a>
 
- -    <p>Stefan Cornelius of Secunia Research discovered that the command processing
- -    of the NNTP server implementation (nttpd) of cyrus-imapd is not properly
- -    implementing access restrictions for certain commands and is not checking
- -    for a complete, successful authentication.  An attacker can use this flaw
- -    to bypass access restrictions for some commands and, e.g. exploit
- -    <a href="https://security-tracker.debian.org/tracker/CVE-2011-3208";>CVE-2011-3208</a> without proper authentication.</p></li>
+    <p>ШÑ?еÑ?ан Ð?оÑ?нелиÑ?Ñ? из Secunia Research обнаÑ?Ñ?жил, Ñ?Ñ?о в обÑ?абоÑ?ке команд
+    Ñ?еализаÑ?ии NNTP-Ñ?еÑ?веÑ?а (nttpd) в cyrus-imapd непÑ?авилÑ?но Ñ?еализованÑ?
+    огÑ?аниÑ?ениÑ? доÑ?Ñ?Ñ?па длÑ? опÑ?еделÑ?ннÑ?Ñ? команд, а пÑ?овеÑ?ка на завеÑ?Ñ?ение и Ñ?Ñ?пеÑ?ноÑ?Ñ?Ñ?
+    аÑ?Ñ?енÑ?иÑ?икаÑ?ии не вÑ?полнÑ?еÑ?Ñ?Ñ?.  Ð?лоÑ?мÑ?Ñ?ленник можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ?
+    длÑ? обÑ?ода огÑ?аниÑ?ений доÑ?Ñ?Ñ?па длÑ? некоÑ?оÑ?Ñ?Ñ? команд. Ð?апÑ?имеÑ?, иÑ?полÑ?зоваÑ?Ñ? иÑ?
+    (<a href="https://security-tracker.debian.org/tracker/CVE-2011-3208";>CVE-2011-3208</a>) без Ñ?ооÑ?веÑ?Ñ?Ñ?вÑ?Ñ?Ñ?ей аÑ?Ñ?енÑ?иÑ?икаии.</p></li>
 
 </ul>
 
- -<p>For the oldstable distribution (lenny), this problem has been fixed in
- -version 2.2_2.2.13-14+lenny5.</p>
+<p>Ð? пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (lenny) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 2.2_2.2.13-14+lenny5.</p>
 
- -<p>For the stable distribution (squeeze), this problem has been fixed in
- -version 2.2_2.2.13-19+squeeze2.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (squeeze) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 2.2_2.2.13-19+squeeze2.</p>
 
- -<p>For the testing distribution (wheezy), this problem will be fixed soon.</p>
+<p>Ð? Ñ?еÑ?Ñ?иÑ?Ñ?емом вÑ?пÑ?Ñ?ке (wheezy) Ñ?Ñ?а пÑ?облема бÑ?деÑ? иÑ?пÑ?авлена позже.</p>
 
- -<p>For the unstable distribution (sid), this problem has been fixed in
- -cyrus-imapd-2.4 version 2.4.12-1.</p>
+<p>Ð? неÑ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (sid) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+пакеÑ?е cyrus-imapd-2.4 веÑ?Ñ?ии 2.4.12-1.</p>
 
- -<p>We recommend that you upgrade your cyrus-imapd-2.2 packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? cyrus-imapd-2.2.</p>
 </define-tag>
 
 # do not modify the following line
- --- english/security/2011/dsa-2368.wml	2014-04-30 13:16:26.000000000 +0600
+++ russian/security/2011/dsa-2368.wml	2016-10-30 17:50:58.149039444 +0500
@@ -1,47 +1,48 @@
- -<define-tag description>multiple vulnerabilities</define-tag>
+#use wml::debian::translation-check translation="1.5" maintainer="Lev Lamberov"
+<define-tag description>многоÑ?иÑ?леннÑ?е Ñ?Ñ?звимоÑ?Ñ?и</define-tag>
 <define-tag moreinfo>
- -<p>Several vulnerabilities have been discovered in lighttpd, a small and fast
- -webserver with minimal memory footprint.</p>
+<p>Ð? lighttpd, неболÑ?Ñ?ом и бÑ?Ñ?Ñ?Ñ?ом веб-Ñ?еÑ?веÑ?е Ñ? минималÑ?нÑ?м поÑ?Ñ?еблением
+памÑ?Ñ?и, бÑ?ло обнаÑ?Ñ?жено неÑ?колÑ?ко Ñ?Ñ?звимоÑ?Ñ?ей.</p>
 
 <ul>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2011-4362";>CVE-2011-4362</a>
 
- -  <p>Xi Wang discovered that the base64 decoding routine which is used to
- -  decode user input during an HTTP authentication, suffers of a signedness
- -  issue when processing user input.  As a result it is possible to force
- -  lighttpd to perform an out-of-bounds read which results in Denial of
- -  Service conditions.</p></li>
+  <p>Си Ð?ан обнаÑ?Ñ?жил, Ñ?Ñ?о Ñ?Ñ?нкÑ?иÑ? декодиÑ?ованиÑ? base64, иÑ?полÑ?зÑ?емаÑ? длÑ?
+  декодиÑ?ованиÑ? пеÑ?едаваемÑ?Ñ? полÑ?зоваÑ?елем вÑ?однÑ?Ñ? даннÑ?Ñ? во вÑ?емÑ? HTTP-аÑ?Ñ?енÑ?иÑ?икаÑ?ии, Ñ?одеÑ?жиÑ?
+  пÑ?облемÑ? знаковоÑ?Ñ?и, пÑ?оÑ?влÑ?Ñ?Ñ?Ñ?Ñ?Ñ?Ñ? пÑ?и обÑ?абоÑ?ке вÑ?однÑ?Ñ? даннÑ?Ñ?.  Ð? Ñ?езÑ?лÑ?Ñ?аÑ?е Ñ?лÑ?жба
+  lighttpd можеÑ? вÑ?полниÑ?Ñ? Ñ?Ñ?ение за пÑ?еделами вÑ?деленного бÑ?Ñ?еÑ?а, Ñ?Ñ?о пÑ?иводиÑ? к оÑ?казÑ? в
+  обÑ?лÑ?живании.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2011-3389";>CVE-2011-3389</a>
 
- -  <p>When using CBC ciphers on an SSL enabled virtual host to communicate with
- -  certain client, a so called <q>BEAST</q> attack allows man-in-the-middle
- -  attackers to obtain plaintext HTTP traffic via a blockwise
- -  chosen-boundary attack (BCBA) on an HTTPS session.  Technically this is
- -  no lighttpd vulnerability.  However, lighttpd offers a workaround to
- -  mitigate this problem by providing a possibility to disable CBC ciphers.</p>
- -
- -  <p>This updates includes this option by default. System administrators
- -  are advised to read the NEWS file of this update (as this may break older
- -  clients).</p></li>
+  <p>Ð?Ñ?и иÑ?полÑ?зовании CBC-Ñ?иÑ?Ñ?ов на виÑ?Ñ?Ñ?алÑ?ном Ñ?зле Ñ? вклÑ?Ñ?Ñ?нной поддеÑ?жкой SSL длÑ? взаимодейÑ?Ñ?виÑ?
+  Ñ? опÑ?еделÑ?ннÑ?м клиенÑ?ом Ñ?ак назÑ?ваемаÑ? аÑ?ака <q>BEAST</q> позволÑ?еÑ? MITM-злоÑ?мÑ?Ñ?ленникам
+  полÑ?Ñ?аÑ?Ñ? HTTP-Ñ?Ñ?аÑ?ик в виде пÑ?оÑ?Ñ?ого Ñ?екÑ?Ñ?а Ñ? помоÑ?Ñ?Ñ? вÑ?полнениÑ? BCBA-аÑ?аки
+  на HTTPS-Ñ?еÑ?Ñ?иÑ?.  ТеÑ?ниÑ?еÑ?ки Ñ?Ñ?о не Ñ?влÑ?еÑ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ?Ñ?
+  lighttpd.  Тем не менее, lighttpd пÑ?едлагаеÑ? вÑ?еменное Ñ?еÑ?ение, позволÑ?Ñ?Ñ?ее
+  Ñ?низиÑ?Ñ? вÑ?ед данной пÑ?облемÑ? пÑ?Ñ?Ñ?м пÑ?едоÑ?Ñ?авлениÑ? возможноÑ?Ñ?и оÑ?клÑ?Ñ?ениÑ? CBC-Ñ?иÑ?Ñ?ов.</p>
+
+  <p>Ð?анное обновление по Ñ?молÑ?аниÑ? вклÑ?Ñ?аеÑ? Ñ?Ñ?Ñ? опÑ?иÑ?. СиÑ?Ñ?емнÑ?м админиÑ?Ñ?Ñ?аÑ?оÑ?ам
+  Ñ?екомендÑ?еÑ?Ñ?Ñ? ознакомиÑ?Ñ?Ñ? Ñ? Ñ?айлом NEWS в данном обновлении (поÑ?колÑ?кÑ? Ñ?Ñ?о изменение
+  можеÑ? пÑ?ивеÑ?Ñ?и к поломке более Ñ?Ñ?аÑ?Ñ?Ñ? клиенÑ?ов).</p></li>
 
 </ul>
 
 
- -<p>For the oldstable distribution (lenny), this problem has been fixed in
- -version 1.4.19-5+lenny3.</p>
+<p>Ð? пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (lenny) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 1.4.19-5+lenny3.</p>
 
- -<p>For the stable distribution (squeeze), this problem has been fixed in
- -version 1.4.28-2+squeeze1.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (squeeze) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 1.4.28-2+squeeze1.</p>
 
- -<p>For the testing distribution (wheezy), this problem will be fixed soon.</p>
+<p>Ð? Ñ?еÑ?Ñ?иÑ?Ñ?емом вÑ?пÑ?Ñ?ке (wheezy) Ñ?Ñ?а пÑ?облема бÑ?деÑ? иÑ?пÑ?авлена позже.</p>
 
- -<p>For the unstable distribution (sid), this problem has been fixed in
- -version 1.4.30-1.</p>
+<p>Ð? неÑ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (sid) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 1.4.30-1.</p>
 
 
- -<p>We recommend that you upgrade your lighttpd packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? lighttpd.</p>
 </define-tag>
 
 # do not modify the following line
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJYFey2AAoJEF7nbuICFtKlYwIP/jGQglDeUqWVN0oRs5QDSExD
fDB5w4Ne4AsdV/Vr3eB3N6JPraVqJdGpbjcrr0cPgERXv3gd5tCICtsMoTH6/5lW
C1zRJvxXDU1aZ1GSwUTsQsBitKmrPFfBN3p/nS/im561OPgmiX1Brn9mfnbC6dkC
/GfaX3+CgHg+s4/vjQ4YHA7xiRDaLjts04DGYm+SnqjJOQhl2vdN9Gp9SVGRwJG5
BzU+J2EGfPS+cqp9N4HXKVfHHWPBt2b3EN9Ih7rkAn+g2UapiEMs6cCCzPIU3sGl
UQ/7n24vP4HbOLs4LEkLi2zrrIPvslJifQpD57sBQYJhjuv9xad870HRtdFkKSc/
qc1pJHVIjmJGHVxIzdymKCO204gj3IWQMSV6ryqTT1fuGO/8f1htGEFa5inIFAlZ
kpsEHfUTQNxgBkbc1emNbjXfDERYsvrMmkT8ruWHtnRkTwwRxh04ZWIyEIcqIETm
DWRseb+0PFwxkaX5N24XMF28N82YXMCgw9JBdb+jgav1Ce8SM+l5mf2b81SwR45L
etIWqJEd/A9Z2qiRXe96owuGtlF2UCXUnHkKvtcn8jkoSt9bfjk4vGASrCmvUks5
Pr13uScdLlKguj1lO2cEyOUm4eAvj9m4sWdOybfNbU5k84oUsa2q7Pf7Q68AoPKD
AeN0MPlZ3q4jUAIZCMRw
=VCjQ
-----END PGP SIGNATURE-----