[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[DONE] wml://security/2011/dsa-2{234,336}.wml

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- english/security/2011/dsa-2234.wml	2014-04-30 13:16:24.000000000 +0600
+++ russian/security/2011/dsa-2234.wml	2016-10-30 18:17:01.725299861 +0500
@@ -1,43 +1,45 @@
- -<define-tag description>several vulnerabilities</define-tag>
+#use wml::debian::translation-check translation="1.3" maintainer="Lev Lamberov"
+<define-tag description>неÑ?колÑ?ко Ñ?Ñ?звимоÑ?Ñ?ей</define-tag>
 <define-tag moreinfo>
- -<p>Several remote vulnerabilities have been discovered in python-zodb, a set of
- -tools for using ZODB, that could lead to arbitrary code execution in the worst
- -case. The Common Vulnerabilities and Exposures project identifies the following
- -problems:</p>
+<p>Ð? python-zodb, набоÑ?е инÑ?Ñ?Ñ?Ñ?менÑ?ов длÑ? иÑ?полÑ?зованиÑ? ZODB, бÑ?ло обнаÑ?Ñ?жено
+неÑ?колÑ?ко Ñ?далÑ?ннÑ?Ñ? Ñ?Ñ?звимоÑ?Ñ?ей, коÑ?оÑ?Ñ?е в Ñ?амом Ñ?Ñ?дÑ?ем Ñ?лÑ?Ñ?ае могÑ?Ñ? пÑ?иводиÑ?Ñ?
+к вÑ?полнениÑ? пÑ?оизволÑ?ного кода. Ð?Ñ?оекÑ? Common Vulnerabilities and Exposures опÑ?еделÑ?еÑ?
+Ñ?ледÑ?Ñ?Ñ?ие пÑ?облемÑ?:</p>
 
 <ul>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2009-0668";>CVE-2009-0668</a>
 
- -   <p>The ZEO server doesn't restrict the callables when unpickling data
- -   received from a malicious client which can be used by an attacker to execute
- -   arbitrary Python code on the server by sending certain exception pickles. This
- -   also allows an attacker to import any importable module as ZEO is importing the
- -   module containing a callable specified in a pickle to test for a certain flag.</p></li>
+   <p>ZEO-Ñ?еÑ?веÑ? не огÑ?аниÑ?иваеÑ? вÑ?зÑ?ваемÑ?е обÑ?екÑ?Ñ? пÑ?и Ñ?еÑ?иализаÑ?ии даннÑ?Ñ?,
+   полÑ?Ñ?еннÑ?Ñ? оÑ? злоÑ?мÑ?Ñ?ленника, Ñ?Ñ?о можеÑ? иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ? поÑ?ледним длÑ? вÑ?полнениÑ?
+   пÑ?оизволÑ?ного кода на Ñ?зÑ?ке Python на Ñ?еÑ?веÑ?е пÑ?Ñ?Ñ?м оÑ?пÑ?авки опÑ?еделÑ?ннÑ?Ñ? иÑ?клÑ?Ñ?ений. Также
+   Ñ?Ñ?о позволÑ?еÑ? злоÑ?мÑ?Ñ?ленникÑ? импоÑ?Ñ?иÑ?оваÑ?Ñ? лÑ?бой модÑ?лÑ?, поÑ?колÑ?кÑ? ZEO импоÑ?Ñ?иÑ?Ñ?еÑ?
+   модÑ?лÑ?, Ñ?одеÑ?жаÑ?ий вÑ?зÑ?ваемÑ?й обÑ?екÑ?, Ñ?казаннÑ?й в Ñ?еÑ?иализаÑ?ии длÑ? пÑ?овеÑ?ки опÑ?еделÑ?нного Ñ?лага.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2009-0669";>CVE-2009-0669</a>
 
- -   <p>Due to a programming error, an authorization method in the StorageServer
- -   component of ZEO was not used as an internal method. This allows a malicious
- -   client to bypass authentication when connecting to a ZEO server by simply
- -   calling this authorization method.</p></li>
+   <p>Ð?з-за оÑ?ибки пÑ?огÑ?аммиÑ?ованиÑ? авÑ?оÑ?изованнÑ?й меÑ?од в компоненÑ?е StorageServer
+   из ZEO не иÑ?полÑ?зÑ?еÑ?Ñ?Ñ? в каÑ?еÑ?Ñ?ве внÑ?Ñ?Ñ?еннего меÑ?ода. ЭÑ?о позволÑ?еÑ? злоÑ?мÑ?Ñ?ленникÑ?
+   обÑ?одиÑ?Ñ? аÑ?Ñ?енÑ?иÑ?икаÑ?иÑ? пÑ?и подклÑ?Ñ?ении к ZEO-Ñ?еÑ?веÑ?Ñ?, пÑ?оÑ?Ñ?о вÑ?звав
+   Ñ?казаннÑ?й меÑ?од авÑ?оÑ?изаÑ?ии.</p></li>
 
 </ul>
 
- -<p>The update also limits the number of new object ids a client can request
- -to 100 as it would be possible to consume huge amounts of resources by
- -requesting a big batch of new object ids. No CVE id has been assigned to this.</p>
+<p>Ð?Ñ?оме Ñ?ого, данное обновление огÑ?аниÑ?иваеÑ? Ñ?иÑ?ло новÑ?Ñ? иденÑ?иÑ?икаÑ?оÑ?ов обÑ?екÑ?ов, коÑ?оÑ?Ñ?е
+можеÑ? запÑ?оÑ?иÑ?Ñ? клиенÑ?, 100 иденÑ?иÑ?икаÑ?оÑ?ами, поÑ?колÑ?кÑ? в пÑ?оÑ?ивном Ñ?лÑ?Ñ?ае можно вÑ?зваÑ?Ñ? поÑ?Ñ?ебление
+Ñ?Ñ?езмеÑ?ного колиÑ?еÑ?Ñ?ва Ñ?еÑ?Ñ?Ñ?Ñ?ов пÑ?Ñ?Ñ?м запÑ?оÑ?а болÑ?Ñ?ого набоÑ?а новÑ?Ñ? иденÑ?иÑ?икаÑ?оÑ?ов обÑ?екÑ?ов. ЭÑ?ой
+Ñ?Ñ?звимоÑ?Ñ?и иденÑ?иÑ?икаÑ?оÑ? CVE назнаÑ?ен не бÑ?л.</p>
 
- -<p>For the oldstable distribution (lenny), this problem has been fixed in
- -version 1:3.6.0-2+lenny3.</p>
+<p>Ð? пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (lenny) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 1:3.6.0-2+lenny3.</p>
 
- -<p>The stable distribution (squeeze) is not affected, it was fixed before
- -the initial release.</p>
+<p>СÑ?абилÑ?нÑ?й вÑ?пÑ?Ñ?к (squeeze) не подвеÑ?жен Ñ?казаннÑ?м пÑ?облемам, они бÑ?ли иÑ?пÑ?авленÑ?
+до пеÑ?вого вÑ?пÑ?Ñ?ка.</p>
 
- -<p>For the unstable distribution (sid), this problem has been fixed in
- -version 1:3.8.2-1.</p>
+<p>Ð? неÑ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (sid) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 1:3.8.2-1.</p>
 
- -<p>We recommend that you upgrade your zodb packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? zodb.</p>
 </define-tag>
 
 # do not modify the following line
- --- english/security/2011/dsa-2336.wml	2014-04-30 13:16:25.000000000 +0600
+++ russian/security/2011/dsa-2336.wml	2016-10-30 18:25:28.695282241 +0500
@@ -1,44 +1,45 @@
- -<define-tag description>several vulnerabilities</define-tag>
+#use wml::debian::translation-check translation="1.3" maintainer="Lev Lamberov"
+<define-tag description>неÑ?колÑ?ко Ñ?Ñ?звимоÑ?Ñ?ей</define-tag>
 <define-tag moreinfo>
- -<p>Multiple vulnerabilities were found in FFmpeg, a multimedia player,
- -server and encoder:</p>
+<p>Ð? FFmpeg, пÑ?оигÑ?Ñ?ваÑ?еле мÑ?лÑ?Ñ?имедиа, Ñ?еÑ?веÑ?е и кодиÑ?овÑ?ике, бÑ?ли обнаÑ?Ñ?женÑ?
+многоÑ?иÑ?леннÑ?е Ñ?Ñ?звимоÑ?Ñ?и:</p>
 
 <ul>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2011-3362";>CVE-2011-3362</a>
 
- -    <p>An integer signedness error in decode_residual_block function of 
- -    the Chinese AVS video (CAVS) decoder in libavcodec can lead to 
- -    denial of service (memory corruption and application crash) or 
- -    possible code execution via a crafted CAVS file.</p></li>
+    <p>Ð?Ñ?ибка знаковоÑ?Ñ?и Ñ?елÑ?Ñ? Ñ?иÑ?ел в Ñ?Ñ?нкÑ?ии decode_residual_block длÑ?
+    декодеÑ?а видео в Ñ?оÑ?маÑ?е Chinese AVS (CAVS) в libavcodec можеÑ? пÑ?иводиÑ?Ñ? к
+    оÑ?казÑ? в обÑ?лÑ?живании (повÑ?еждение Ñ?одеÑ?жимого памÑ?Ñ?и и аваÑ?ийнаÑ? оÑ?Ñ?ановка пÑ?иложениÑ?) или
+    к возможномÑ? вÑ?полнениÑ? пÑ?оизволÑ?ного кода Ñ? помоÑ?Ñ?Ñ? Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованного Ñ?айла в Ñ?оÑ?маÑ?е CAVS.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2011-3973";>CVE-2011-3973</a>/<a href="https://security-tracker.debian.org/tracker/CVE-2011-3974";>CVE-2011-3974</a>
 
- -    <p>Multiple errors in the Chinese AVS video (CAVS) decoder can lead to 
- -    denial of service (memory corruption and application crash) via an 
- -    invalid bitstream.</p></li>
+    <p>Ð?ногоÑ?иÑ?леннÑ?е оÑ?ибки в декодеÑ?е видео в Ñ?оÑ?маÑ?е Chinese AVS (CAVS) могÑ?Ñ? пÑ?иводиÑ?Ñ? к
+    оÑ?казÑ? в обÑ?лÑ?живании (повÑ?еждение Ñ?одеÑ?жимого памÑ?Ñ?и и аваÑ?ийнаÑ? оÑ?Ñ?ановка пÑ?иложениÑ?) из-за
+    некоÑ?Ñ?екÑ?ного Ñ?иÑ?Ñ?ового поÑ?ока.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2011-3504";>CVE-2011-3504</a>
 
- -    <p>A memory allocation problem in the Matroska format decoder can lead 
- -    to code execution via a crafted file.</p></li>
+    <p>Ð?Ñ?облема Ñ? вÑ?делением памÑ?Ñ?и в декодеÑ?е Ñ?оÑ?маÑ?а Matroska можеÑ? пÑ?иводиÑ?Ñ?
+    к вÑ?полнениÑ? пÑ?оизволÑ?ного кода пÑ?и обÑ?абоÑ?ке Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованного Ñ?айла.</p></li>
 
 </ul>
 
- -<p>For the stable distribution (squeeze), this problem has been fixed in
- -version 4:0.5.5-1.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (squeeze) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 4:0.5.5-1.</p>
 
- -<p>For the unstable distribution (sid), this problem has been fixed in
- -version 4:0.7.2-1 of the libav source package.</p>
+<p>Ð? неÑ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (sid) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 4:0.7.2-1 пакеÑ?а Ñ? иÑ?Ñ?однÑ?м кодом libav.</p>
 
- -<p>Security support for ffmpeg has been discontinued for the oldstable
- -distribution (lenny) before in <a href="dsa-2306">DSA 2306</a>.
- -The current version in oldstable is not supported by upstream anymore
- -and is affected by several security issues. Backporting fixes for these
- -and any future issues has become unfeasible and therefore we needed to
- -drop our security support for the version in oldstable.</p>
+<p>Ð?оддеÑ?жка безопаÑ?ноÑ?Ñ?и ffmpeg в пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (lenny)
+бÑ?ла пÑ?екÑ?аÑ?ена Ñ?анее в <a href="dsa-2306">DSA 2306</a>.
+ТекÑ?Ñ?аÑ? веÑ?Ñ?иÑ? в пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке более не поддеÑ?живаеÑ?Ñ?Ñ? Ñ?азÑ?абоÑ?Ñ?иками оÑ?новной
+веÑ?ки Ñ?азÑ?абоÑ?ки и Ñ?одеÑ?жиÑ? неÑ?колÑ?ко пÑ?облем безопаÑ?ноÑ?Ñ?и. Ð?бÑ?аÑ?нÑ?й пеÑ?еноÑ? иÑ?пÑ?авлений
+длÑ? Ñ?Ñ?иÑ? и лÑ?бÑ?Ñ? бÑ?дÑ?Ñ?иÑ? пÑ?облем неÑ?елеÑ?ообÑ?азно, поÑ?Ñ?омÑ? мÑ? вÑ?нÑ?жденÑ?
+пÑ?екÑ?аÑ?иÑ?Ñ? поддеÑ?жкÑ? безопаÑ?ноÑ?Ñ?и длÑ? веÑ?Ñ?ии Ñ?Ñ?ого пакеÑ?а из пÑ?едÑ?дÑ?Ñ?его Ñ?Ñ?абилÑ?ного вÑ?пÑ?Ñ?ка.</p>
 
- -<p>We recommend that you upgrade your ffmpeg packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? ffmpeg.</p>
 </define-tag>
 
 # do not modify the following line
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJYFfTMAAoJEF7nbuICFtKlDXsQAKjUE9LVDRLcNnbhUYUG+bXK
t/p+dxYpQP2u1Zc/EGSYPgwwWVZfbcaBDJBAzF+4zyQgnS7wXamfWDJSPJEZqhWW
SzfU1BmusF+LKQ6nXI9naSFIpMGXQAUpdFKEVAkVldWH5AnjUDbVGXk71sZyWt3r
hKJ8e6v5jwls59T69o29EvQkPQUmPb/rByWaI5GQgRxcSgV06nWJCVmGhdtlWAkL
QrTYlqkrOa9knooNZ3xFJuJA1k0zFuiW8SkSPFE286TTQSzof40x3DgBDR9CBmsa
lWh92+141hmaU54wsIWdp6giP6bf7fhU1Jm+oV/UYgM1H6t91aBq6FMO24b3ksdo
WpNdjsObKmJ2Hz7DR2U8F/PM09RRrlpIpeV6oDej+IzJr09a0D4hX9rAE5K/CQrP
ePzUvXeJ3wOXsel+mkE3+097BN4CnUWp7gglKY4AyDJie5D/tVFSs/F1l2CzSrBR
QXgCFBjxVrK9ckc2ev8C9NO2T8/ehoQ3g68sQm8xmBlGvrO1z+tmsEGx/iNjDeFT
N7kJkwN2JiOexEdg9CYeE/FJYaH4+k4c+AdS7QDUJBF2ORNDfBGWZvs8uHZGxmMB
/RG2BQ/1kIly5PTpY9UmJctZisWbHJQZzYdSCLsb+lRdWyjBDOhr5MtCj1jqR/An
jaoq3r94FQ99FAfqM1MX
=kuvb
-----END PGP SIGNATURE-----
Reply to: