[DONE] wml://security/2009/dsa-1{856,943,884,955,916,923,825,772,738,947,734,876,948,719,841}.wml
- To: <debian-l10n-russian@lists.debian.org>
- Subject: [DONE] wml://security/2009/dsa-1{856,943,884,955,916,923,825,772,738,947,734,876,948,719,841}.wml
- From: Lev Lamberov <dogsleg@debian.org>
- Date: Sun, 24 Jan 2016 13:22:23 +0500
- Message-id: <[🔎] E1aNFwF-0005zu-FH@rosencrantz>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- --- english/security/2009/dsa-1719.wml 2014-04-30 13:16:18.000000000 +0600
+++ russian/security/2009/dsa-1719.wml 2016-01-24 13:16:46.360007984 +0500
@@ -1,24 +1,25 @@
- -<define-tag description>design flaw</define-tag>
+#use wml::debian::translation-check translation="1.3" maintainer="Lev Lamberov"
+<define-tag description>оÑ?ибка Ñ?азÑ?абоÑ?ки</define-tag>
<define-tag moreinfo>
- -<p>Martin von Gagern discovered that GNUTLS, an implementation of the
- -TLS/SSL protocol, handles verification of X.509 certificate chains
- -incorrectly if a self-signed certificate is configured as a trusted
- -certificate. This could cause clients to accept forged server
- -certificates as genuine. (<a href="https://security-tracker.debian.org/tracker/CVE-2008-4989";>CVE-2008-4989</a>)</p>
+<p>Ð?аÑ?Ñ?ин Ñ?он Ð?агеÑ?н обнаÑ?Ñ?жил, Ñ?Ñ?о GNUTLS, Ñ?еализаÑ?иÑ? пÑ?оÑ?окола
+TLS/SSL, некоÑ?Ñ?екÑ?но вÑ?полнÑ?еÑ? пÑ?овеÑ?кÑ? Ñ?епоÑ?ек Ñ?еÑ?Ñ?иÑ?икаÑ?ов
+X.509 в Ñ?лÑ?Ñ?ае, еÑ?ли Ñ?амозавеÑ?еннÑ?й Ñ?еÑ?Ñ?иÑ?икаÑ? Ñ?казан как довеÑ?еннÑ?й
+Ñ?еÑ?Ñ?иÑ?икаÑ?. ÐÑ?о можеÑ? пÑ?иводиÑ?Ñ? к Ñ?омÑ?, Ñ?Ñ?о клиенÑ?Ñ? бÑ?дÑ?Ñ? пÑ?инимаÑ?Ñ? подделÑ?нÑ?е Ñ?еÑ?веÑ?нÑ?е
+Ñ?еÑ?Ñ?иÑ?икаÑ?Ñ? за наÑ?Ñ?оÑ?Ñ?ие. (<a href="https://security-tracker.debian.org/tracker/CVE-2008-4989";>CVE-2008-4989</a>)</p>
- -<p>In addition, this update tightens the checks for X.509v1 certificates
- -which causes GNUTLS to reject certain certificate chains it accepted
- -before. (In certificate chain processing, GNUTLS does not recognize
- -X.509v1 certificates as valid unless explicitly requested by the
- -application.)</p>
+<p>Ð?Ñ?оме Ñ?ого, данное обновление Ñ?лÑ?Ñ?Ñ?аеÑ? пÑ?овеÑ?ки Ñ?еÑ?Ñ?иÑ?икаÑ?ов X.509v1,
+Ñ?Ñ?о пÑ?иводиÑ? к Ñ?омÑ?, Ñ?Ñ?о GNUTLS оÑ?клонÑ?еÑ? опÑ?еделÑ?ннÑ?е Ñ?епоÑ?ки Ñ?еÑ?Ñ?иÑ?икаÑ?ов, пÑ?инимаемÑ?Ñ?
+Ñ?анее. (Ð? коде обÑ?абоÑ?ки Ñ?епоÑ?ек Ñ?еÑ?Ñ?иÑ?икаÑ?ов GNUTLS не Ñ?аÑ?познаÑ?Ñ? Ñ?еÑ?Ñ?иÑ?икаÑ?Ñ?
+X.509v1 как пÑ?авилÑ?нÑ?е Ñ?еÑ?Ñ?иÑ?икаÑ?Ñ? до Ñ?еÑ? поÑ?, пока об Ñ?Ñ?ом не поÑ?Ñ?Ñ?пиÑ? Ñ?внÑ?й запÑ?оÑ? оÑ?
+пÑ?иложениÑ?.)</p>
- -<p>For the stable distribution (etch), this problem has been fixed in
- -version 1.4.4-3+etch3.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (etch) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 1.4.4-3+etch3.</p>
- -<p>For the unstable distribution (sid), this problem has been fixed in
- -version 2.4.2-3 of the gnutls26 package.</p>
+<p>Ð? неÑ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (sid) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 2.4.2-3 пакеÑ?а gnutls26.</p>
- -<p>We recommend that you upgrade your gnutls13 packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? gnutls13.</p>
</define-tag>
# do not modify the following line
- --- english/security/2009/dsa-1734.wml 2009-03-06 20:04:30.000000000 +0500
+++ russian/security/2009/dsa-1734.wml 2016-01-24 12:49:36.911508456 +0500
@@ -1,25 +1,26 @@
- -<define-tag description>programming error</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>оÑ?ибка пÑ?огÑ?аммиÑ?ованиÑ?</define-tag>
<define-tag moreinfo>
- -<p>b.badrignans discovered that OpenSC, a set of smart card utilities,
- -could stores private data on a smart card without proper access
- -restrictions.</p>
- -
- -<p>Only blank cards initialised with OpenSC are affected by this problem.
- -This update only improves creating new private data objects, but cards
- -already initialised with such private data objects need to be
- -modified to repair the access control conditions on such cards.
- -Instructions for a variety of situations can be found at the OpenSC
- -web site: http://www.opensc-project.org/security.html</p>
- -
- -<p>The oldstable distribution (etch) is not affected by this problem.</p>
+<p>b.badrignans обнаÑ?Ñ?жил, Ñ?Ñ?о OpenSC, набоÑ? Ñ?Ñ?илиÑ? длÑ? Ñ?абоÑ?Ñ? Ñ?о Ñ?маÑ?Ñ?-каÑ?Ñ?ами,
+можеÑ? Ñ?Ñ?аниÑ?Ñ? лиÑ?нÑ?е даннÑ?е на Ñ?маÑ?Ñ?-каÑ?Ñ?е без должного огÑ?аниÑ?ениÑ? пÑ?ав
+доÑ?Ñ?Ñ?па.</p>
+
+<p>ÐÑ?ой пÑ?облеме подвеÑ?жен Ñ?олÑ?ко пÑ?Ñ?Ñ?Ñ?е каÑ?Ñ?Ñ?, иниÑ?иализиÑ?ованнÑ?е Ñ? помоÑ?Ñ?Ñ? OpenSC.
+Ð?анное обновление лиÑ?Ñ? Ñ?лÑ?Ñ?Ñ?аеÑ? Ñ?оздание новÑ?Ñ? обÑ?екÑ?ов Ñ? лиÑ?нÑ?ми даннÑ?ми, каÑ?Ñ?Ñ?,
+коÑ?оÑ?Ñ?е Ñ?же бÑ?ли иниÑ?иализиÑ?ованÑ?, должнÑ? бÑ?Ñ?Ñ?
+измененÑ? Ñ? Ñ?елÑ?Ñ? иÑ?пÑ?авлениÑ? Ñ?Ñ?ловий Ñ?пÑ?авлениÑ? доÑ?Ñ?Ñ?пом.
+Ð?нÑ?Ñ?Ñ?Ñ?кÑ?ии к дейÑ?Ñ?виÑ? в Ñ?азлиÑ?нÑ?Ñ? Ñ?иÑ?Ñ?аÑ?иÑ?Ñ? можно найÑ?и на веб-Ñ?айÑ?е
+OpenSC: http://www.opensc-project.org/security.html</p>
+
+<p>Ð?Ñ?едÑ?дÑ?Ñ?ий Ñ?Ñ?абилÑ?нÑ?й вÑ?пÑ?Ñ?к (etch) не подвеÑ?жен данной пÑ?облеме.</p>
- -<p>For the stable distribution (lenny), this problem has been fixed in
- -version 0.11.4-5+lenny1.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (lenny) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 0.11.4-5+lenny1.</p>
- -<p>For the unstable distribution (sid), this problem wil be fixed soon.</p>
+<p>Ð? неÑ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (sid) Ñ?Ñ?а пÑ?облема бÑ?деÑ? иÑ?пÑ?авлена позже.</p>
- -<p>We recommend that you upgrade your opensc package and recreate any
- -private data objects stored on your smart cards.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ? opensc и заново Ñ?оздаÑ?Ñ? лÑ?бÑ?е
+обÑ?екÑ?Ñ? лиÑ?нÑ?Ñ? даннÑ?Ñ?, Ñ?оÑ?Ñ?анÑ?ннÑ?е на Ñ?маÑ?Ñ?-каÑ?Ñ?аÑ?.</p>
</define-tag>
# do not modify the following line
- --- english/security/2009/dsa-1738.wml 2009-03-11 22:01:15.000000000 +0500
+++ russian/security/2009/dsa-1738.wml 2016-01-24 12:42:02.183536007 +0500
@@ -1,26 +1,27 @@
- -<define-tag description>arbitrary file access</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>доÑ?Ñ?Ñ?п к пÑ?оизволÑ?номÑ? Ñ?айлÑ?</define-tag>
<define-tag moreinfo>
- -<p>David Kierznowski discovered that libcurl, a multi-protocol file transfer
- -library, when configured to follow URL redirects automatically, does not
- -question the new target location. As libcurl also supports file:// and
- -scp:// URLs - depending on the setup - an untrusted server could use that
- -to expose local files, overwrite local files or even execute arbitrary
- -code via a malicious URL redirect.</p>
+<p>Ð?авид Ð?иÑ?жновÑ?ки обнаÑ?Ñ?жил, Ñ?Ñ?о libcurl, библиоÑ?ека пеÑ?едаÑ?и Ñ?айлов Ñ? поддеÑ?жкой
+множеÑ?Ñ?ва пÑ?оÑ?околов, пÑ?и вклÑ?Ñ?ении авÑ?омаÑ?иÑ?еÑ?кого Ñ?ледованиÑ? пеÑ?енапÑ?авлениÑ?м URL не
+Ñ?пÑ?аÑ?иваеÑ? о новом Ñ?азмеÑ?ении Ñ?ели. Ð?оÑ?колÑ?кÑ? libcurl поддеÑ?живаеÑ? доÑ?Ñ?Ñ?п к URL
+вида file:// и scp:// (в завиÑ?имоÑ?Ñ?и оÑ? наÑ?Ñ?Ñ?оек), Ñ?о недовеÑ?еннÑ?й Ñ?еÑ?веÑ? можеÑ? иÑ?полÑ?зоваÑ?Ñ?
+Ñ?Ñ?Ñ? возможноÑ?Ñ?Ñ? длÑ? Ñ?аÑ?кÑ?Ñ?Ñ?иÑ? локалÑ?нÑ?Ñ? Ñ?айлов, пеÑ?езапиÑ?и локалÑ?нÑ?Ñ? Ñ?айлов или даже вÑ?полнениÑ?
+пÑ?оизволÑ?ного кода пÑ?и помоÑ?и некоÑ?Ñ?екÑ?ного пеÑ?енапÑ?авлениÑ? URL.</p>
- -<p>This update introduces a new option called CURLOPT_REDIR_PROTOCOLS which by
- -default does not include the scp and file protocol handlers.</p>
+<p>Ð?анное обновление добавлÑ?еÑ? новÑ?Ñ? опÑ?иÑ?, CURLOPT_REDIR_PROTOCOLS, коÑ?оÑ?аÑ?
+по Ñ?молÑ?аниÑ? не вклÑ?Ñ?аеÑ? код обÑ?абоÑ?ки пÑ?оÑ?околов scp и file.</p>
- -<p>For the oldstable distribution (etch) this problem has been fixed in
- -version 7.15.5-1etch2.</p>
+<p>Ð? пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (etch) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 7.15.5-1etch2.</p>
- -<p>For the stable distribution (lenny) this problem has been fixed in
- -version 7.18.2-8lenny2.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (lenny) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 7.18.2-8lenny2.</p>
- -<p>For the unstable distribution (sid) this problem has been fixed in
- -version 7.18.2-8.1.</p>
+<p>Ð? неÑ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (sid) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 7.18.2-8.1.</p>
- -<p>We recommend that you upgrade your curl packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? curl.</p>
</define-tag>
# do not modify the following line
- --- english/security/2009/dsa-1772.wml 2014-04-30 13:16:18.000000000 +0600
+++ russian/security/2009/dsa-1772.wml 2016-01-24 12:36:50.945518214 +0500
@@ -1,31 +1,32 @@
- -<define-tag description>several vulnerabilities</define-tag>
+#use wml::debian::translation-check translation="1.3" maintainer="Lev Lamberov"
+<define-tag description>неÑ?колÑ?ко Ñ?Ñ?звимоÑ?Ñ?ей</define-tag>
<define-tag moreinfo>
- -<p>Sebastian Kramer discovered two vulnerabilities in udev, the /dev and
- -hotplug management daemon.</p>
+<p>СебаÑ?Ñ?иан Ð?Ñ?амеÑ? обнаÑ?Ñ?жил две Ñ?Ñ?звимоÑ?Ñ?и в udev, Ñ?лÑ?жбе Ñ?пÑ?авлениÑ? /dev и
+гоÑ?Ñ?Ñ?ими подклÑ?Ñ?ениÑ?ми.</p>
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2009-1185";>CVE-2009-1185</a>
- - <p>udev does not check the origin of NETLINK messages, allowing local
- - users to gain root privileges.</p></li>
+ <p>udev не вÑ?полнÑ?еÑ? пÑ?овеÑ?кÑ? иÑ?Ñ?оÑ?ника Ñ?ообÑ?ениÑ? NETLINK, Ñ?Ñ?о позволÑ?еÑ? локалÑ?нÑ?м
+ полÑ?зоваÑ?елÑ?м полÑ?Ñ?аÑ?Ñ? пÑ?ава доÑ?Ñ?Ñ?па Ñ?Ñ?овнÑ? Ñ?Ñ?пеÑ?полÑ?зоваÑ?елÑ?.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2009-1186";>CVE-2009-1186</a>
- - <p>udev suffers from a buffer overflow condition in path encoding,
- - potentially allowing arbitrary code execution.</p></li>
+ <p>udev Ñ?одеÑ?жиÑ? пеÑ?еполнение бÑ?Ñ?еÑ?а в коде кодиÑ?ованиÑ? пÑ?Ñ?и,
+ Ñ?Ñ?о поÑ?енÑ?иалÑ?но позволÑ?еÑ? вÑ?полнÑ?Ñ?Ñ? пÑ?оизволÑ?нÑ?й код.</p></li>
</ul>
- -<p>For the old stable distribution (etch), these problems have been fixed in
- -version 0.105-4etch1.</p>
+<p>Ð? пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (etch) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 0.105-4etch1.</p>
- -<p>For the stable distribution (lenny), these problems have been fixed in
- -version 0.125-7+lenny1.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (lenny) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 0.125-7+lenny1.</p>
- -<p>For the unstable distribution (sid), these problems will be fixed soon.</p>
+<p>Ð? неÑ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (sid) Ñ?Ñ?и пÑ?облемÑ? бÑ?дÑ?Ñ? иÑ?пÑ?авленÑ? позже.</p>
- -<p>We recommend that you upgrade your udev package.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ? udev.</p>
</define-tag>
# do not modify the following line
- --- english/security/2009/dsa-1825.wml 2009-07-03 21:56:14.000000000 +0600
+++ russian/security/2009/dsa-1825.wml 2016-01-24 12:34:01.221197386 +0500
@@ -1,27 +1,28 @@
- -<define-tag description>insufficient input validation</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>недоÑ?Ñ?аÑ?оÑ?наÑ? пÑ?овеÑ?ка вÑ?однÑ?Ñ? даннÑ?Ñ?</define-tag>
<define-tag moreinfo>
- -<p>It was discovered that the statuswml.cgi script of nagios, a monitoring
- -and management system for hosts, services and networks, is prone to a
- -command injection vulnerability. Input to the ping and traceroute parameters
- -of the script is not properly validated which allows an attacker to execute
- -arbitrary shell commands by passing a crafted value to these parameters.</p>
+<p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о Ñ?Ñ?енаÑ?ий statuswml.cgi из nagios, Ñ?иÑ?Ñ?емÑ? мониÑ?оÑ?инга
+и Ñ?пÑ?авлениÑ? длÑ? Ñ?злов, Ñ?лÑ?жб и Ñ?еÑ?ей, Ñ?Ñ?звима к
+инÑ?екÑ?ии команд. Ð?Ñ?однÑ?е паÑ?амеÑ?Ñ?Ñ? команд ping и traceroute
+Ñ?казанного Ñ?Ñ?енаÑ?иÑ? пÑ?овеÑ?Ñ?Ñ?Ñ?Ñ?Ñ? непÑ?авилÑ?но, Ñ?Ñ?о позволÑ?еÑ? злоÑ?мÑ?Ñ?ленникÑ? вÑ?полнÑ?Ñ?Ñ?
+пÑ?оизволÑ?нÑ?е командÑ? командной оболоÑ?ки пÑ?Ñ?Ñ?м пеÑ?едаÑ?и Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованного знаÑ?ениÑ?.</p>
- -<p>For the oldstable distribution (etch), this problem has been fixed in
- -version 2.6-2+etch3 of nagios2.</p>
+<p>Ð? пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (etch) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 2.6-2+etch3 пакеÑ?а nagios2.</p>
- -<p>For the stable distribution (lenny), this problem has been fixed in
- -version 3.0.6-4~lenny2 of nagios3.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (lenny) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 3.0.6-4~lenny2 пакеÑ?а nagios3.</p>
- -<p>For the testing distribution (squeeze), this problem has been fixed in
- -version 3.0.6-5 of nagios3.</p>
+<p>Ð? Ñ?еÑ?Ñ?иÑ?Ñ?емом вÑ?пÑ?Ñ?ке (squeeze) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 3.0.6-5 пакеÑ?а nagios3.</p>
- -<p>For the unstable distribution (sid), this problem has been fixed in
- -version 3.0.6-5 of nagios3.</p>
+<p>Ð? неÑ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (sid) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 3.0.6-5 пакеÑ?а nagios3.</p>
- -<p>We recommend that you upgrade your nagios2/nagios3 packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? nagios2/nagios3.</p>
</define-tag>
# do not modify the following line
- --- english/security/2009/dsa-1841.wml 2009-07-25 20:46:55.000000000 +0600
+++ russian/security/2009/dsa-1841.wml 2016-01-24 13:21:08.089941772 +0500
@@ -1,28 +1,29 @@
- -<define-tag description>denial of service</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>оÑ?каз в обÑ?лÑ?живании</define-tag>
<define-tag moreinfo>
- -<p>It was discovered that git-daemon which is part of git-core, a popular
- -distributed revision control system, is vulnerable to denial of service
- -attacks caused by a programming mistake in handling requests containing
- -extra unrecognized arguments which results in an infinite loop. While
- -this is no problem for the daemon itself as every request will spawn a
- -new git-daemon instance, this still results in a very high CPU consumption
- -and might lead to denial of service conditions.</p>
+<p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о Ñ?лÑ?жба git-daemon, коÑ?оÑ?аÑ? Ñ?влÑ?еÑ?Ñ?Ñ? Ñ?аÑ?Ñ?Ñ?Ñ? of git-core, попÑ?лÑ?Ñ?ной
+Ñ?аÑ?пÑ?еделÑ?нной Ñ?иÑ?Ñ?емÑ? Ñ?пÑ?авлениÑ? Ñ?евизиÑ?ми, Ñ?одеÑ?жиÑ? оÑ?каз в обÑ?лÑ?живании,
+коÑ?оÑ?Ñ?й возникаеÑ? из-за оÑ?ибки пÑ?огÑ?аммиÑ?ованиÑ? в коде обÑ?абоÑ?ки запÑ?оÑ?ов, Ñ?одеÑ?жаÑ?иÑ?
+дополниÑ?елÑ?нÑ?е неÑ?аÑ?познаваемÑ?е аÑ?гÑ?менÑ?Ñ?, Ñ?Ñ?о пÑ?иводиÑ? в конеÑ?ном Ñ?Ñ?Ñ?Ñ?е к беÑ?конеÑ?номÑ? Ñ?иклÑ?. ХоÑ?Ñ?
+Ñ?Ñ?о и не пÑ?облема Ñ?амой Ñ?лÑ?жбÑ?, поÑ?колÑ?кÑ? каждÑ?й запÑ?оÑ? запÑ?Ñ?каеÑ?
+новÑ?й обÑ?азеÑ? git-daemon, Ñ?Ñ?о вÑ?Ñ? Ñ?авно пÑ?иводиÑ? к Ñ?Ñ?езмеÑ?номÑ? поÑ?Ñ?еблениÑ? Ñ?еÑ?Ñ?Ñ?Ñ?ов ЦÐ?
+и можеÑ? пÑ?иводиÑ?Ñ? к оÑ?казÑ? в обÑ?лÑ?живании.</p>
- -<p>For the oldstable distribution (etch), this problem has been fixed in
- -version 1.4.4.4-4+etch3.</p>
+<p>Ð? пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (etch) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 1.4.4.4-4+etch3.</p>
- -<p>For the stable distribution (lenny), this problem has been fixed in
- -version 1.5.6.5-3+lenny2.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (lenny) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 1.5.6.5-3+lenny2.</p>
- -<p>For the testing distribution (squeeze), this problem has been fixed in
- -version 1:1.6.3.3-1.</p>
+<p>Ð? Ñ?еÑ?Ñ?иÑ?Ñ?емом вÑ?пÑ?Ñ?ке (squeeze) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 1:1.6.3.3-1.</p>
- -<p>For the unstable distribution (sid), this problem has been fixed in
- -version 1:1.6.3.3-1.</p>
+<p>Ð? неÑ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (sid) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 1:1.6.3.3-1.</p>
- -<p>We recommend that you upgrade your git-core packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? git-core.</p>
</define-tag>
# do not modify the following line
- --- english/security/2009/dsa-1856.wml 2009-08-09 14:19:17.000000000 +0600
+++ russian/security/2009/dsa-1856.wml 2016-01-24 12:05:39.314363847 +0500
@@ -1,25 +1,26 @@
- -<define-tag description>information leak</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>Ñ?Ñ?еÑ?ка инÑ?оÑ?маÑ?ии</define-tag>
<define-tag moreinfo>
- -<p>It was discovered that the Debian Mantis package, a web based bug
- -tracking system, installed the database credentials in a file with
- -world-readable permissions onto the local filesystem. This allows
- -local users to acquire the credentials used to control the Mantis
- -database.</p>
- -
- -<p>This updated package corrects this problem for new installations and
- -will carefully try to update existing ones. Administrators can check
- -the permissions of the file /etc/mantis/config_db.php to see if they
- -are safe for their environment.</p>
- -
- -<p>The old stable distribution (etch) does not contain a mantis package.</p>
+<p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о Debian-пакеÑ? Mantis, Ñ?иÑ?Ñ?ема оÑ?Ñ?леживаниÑ?
+оÑ?ибок на оÑ?нове веб, Ñ?Ñ?Ñ?анавливаеÑ? даннÑ?е Ñ?Ñ?Ñ?Ñ?ной запиÑ?и длÑ? Ñ?абоÑ?Ñ? Ñ? базой даннÑ?Ñ?
+в Ñ?айл на локалÑ?ной Ñ?айловой Ñ?иÑ?Ñ?еме, оÑ?кÑ?Ñ?Ñ?Ñ?й длÑ? Ñ?Ñ?ениÑ? вÑ?ем полÑ?зоваÑ?елÑ?м. ÐÑ?о позволÑ?еÑ?
+локалÑ?нÑ?м полÑ?зоваÑ?елÑ?м полÑ?Ñ?иÑ?Ñ? даннÑ?е Ñ?Ñ?Ñ?Ñ?ной запиÑ?и, иÑ?полÑ?зÑ?емой длÑ? Ñ?пÑ?авлениÑ?
+базой даннÑ?Ñ? Mantis.</p>
+
+<p>Ð?бновлÑ?ннÑ?й пакеÑ? иÑ?пÑ?авлÑ?еÑ? Ñ?Ñ?Ñ? пÑ?облемÑ? длÑ? новÑ?Ñ? Ñ?Ñ?Ñ?ановок, Ñ?акже бÑ?деÑ?
+пÑ?едпÑ?инÑ?Ñ?а оÑ?Ñ?оÑ?ожнаÑ? попÑ?Ñ?ка обновлениÑ? Ñ?Ñ?Ñ?еÑ?Ñ?вÑ?Ñ?Ñ?ей Ñ?Ñ?Ñ?ановки. Ð?дминиÑ?Ñ?Ñ?аÑ?оÑ?Ñ? могÑ?Ñ? пÑ?овеÑ?иÑ?Ñ?
+пÑ?ава доÑ?Ñ?Ñ?па к Ñ?айлÑ? /etc/mantis/config_db.php, Ñ?Ñ?обÑ? Ñ?бедиÑ?Ñ?Ñ?Ñ?, Ñ?Ñ?о
+длÑ? иÑ? окÑ?Ñ?жениÑ? пÑ?облема Ñ?еÑ?ена.</p>
+
+<p>Ð? пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (etch) пакеÑ? mantis оÑ?Ñ?Ñ?Ñ?Ñ?Ñ?вÑ?еÑ?.</p>
- -<p>For the stable distribution (lenny), this problem has been fixed in
- -version 1.1.6+dfsg-2lenny1.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (lenny) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 1.1.6+dfsg-2lenny1.</p>
- -<p>For the unstable distribution (sid), this problem has been fixed in
- -version 1.1.8+dfsg-2.</p>
+<p>Ð? неÑ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (sid) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 1.1.8+dfsg-2.</p>
- -<p>We recommend that you upgrade your mantis package.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ? mantis.</p>
</define-tag>
# do not modify the following line
- --- english/security/2009/dsa-1876.wml 2014-04-30 13:16:19.000000000 +0600
+++ russian/security/2009/dsa-1876.wml 2016-01-24 13:04:31.550169610 +0500
@@ -1,30 +1,31 @@
- -<define-tag description>buffer overflow</define-tag>
+#use wml::debian::translation-check translation="1.4" maintainer="Lev Lamberov"
+<define-tag description>пеÑ?еполнение бÑ?Ñ?еÑ?а</define-tag>
<define-tag moreinfo>
- -<p>Several remote vulnerabilities have been discovered in the TFTP
- -component of dnsmasq. The Common Vulnerabilities and Exposures
- -project identifies the following problems:</p>
+<p>Ð? компоненÑ?е TFTP длÑ? dnsmasq, бÑ?ло обнаÑ?Ñ?жено неÑ?колÑ?ко Ñ?далÑ?ннÑ?Ñ?
+Ñ?Ñ?звимоÑ?Ñ?ей. Ð?Ñ?оекÑ? Common Vulnerabilities and Exposures
+опÑ?еделÑ?еÑ? Ñ?ледÑ?Ñ?Ñ?ие пÑ?облемÑ?:</p>
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2009-2957";>CVE-2009-2957</a>
- - <p>A buffer overflow in TFTP processing may enable arbitrary code
- - execution to attackers which are permitted to use the TFTP service.</p></li>
+ <p>Ð?еÑ?еполнение бÑ?Ñ?еÑ?а в коде обÑ?абоÑ?ки TFTP можеÑ? позволиÑ?Ñ? вÑ?полниÑ?Ñ?
+ пÑ?оизволÑ?нÑ?й код злоÑ?мÑ?Ñ?ленникам, коÑ?оÑ?Ñ?е оÑ?кÑ?Ñ?Ñ? доÑ?Ñ?Ñ?п к Ñ?лÑ?жбе TFTP.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2009-2958";>CVE-2009-2958</a>
- - <p>Malicious TFTP clients may crash dnsmasq, leading to denial of
- - service.</p></li>
+ <p>Ð?екоÑ?Ñ?екÑ?нÑ?е клиенÑ?Ñ? TFTP могÑ?Ñ? вÑ?зÑ?ваÑ?Ñ? аваÑ?ийнÑ?Ñ? оÑ?Ñ?ановкÑ? dnsmasq, Ñ?Ñ?о пÑ?иводиÑ? к
+ оÑ?каз в обÑ?лÑ?живании.</p></li>
</ul>
- -<p>The old stable distribution is not affected by these problems.</p>
+<p>Ð?Ñ?едÑ?дÑ?Ñ?ий Ñ?Ñ?абилÑ?нÑ?й вÑ?пÑ?Ñ?к не подвеÑ?жен Ñ?казаннÑ?м пÑ?облемам.</p>
- -<p>For the stable distribution (lenny), these problems have been fixed in
- -version 2.45-1+lenny1.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (lenny) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 2.45-1+lenny1.</p>
- -<p>For the unstable distribution (sid), these problems have been fixed in
- -version 2.50-1.</p>
+<p>Ð? неÑ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (sid) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 2.50-1.</p>
- -<p>We recommend that you upgrade your dnsmasq packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? dnsmasq.</p>
</define-tag>
# do not modify the following line
- --- english/security/2009/dsa-1884.wml 2009-09-14 23:50:24.000000000 +0600
+++ russian/security/2009/dsa-1884.wml 2016-01-24 12:16:21.582045712 +0500
@@ -1,26 +1,27 @@
- -<define-tag description>buffer underflow</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>пеÑ?еполнение бÑ?Ñ?еÑ?а</define-tag>
<define-tag moreinfo>
- -<p>Chris Ries discovered that nginx, a high-performance HTTP server, reverse
- -proxy and IMAP/POP3 proxy server, is vulnerable to a buffer underflow when
- -processing certain HTTP requests. An attacker can use this to execute
- -arbitrary code with the rights of the worker process (www-data on Debian)
- -or possibly perform denial of service attacks by repeatedly crashing
- -worker processes via a specially crafted URL in an HTTP request.</p>
+<p>Ð?Ñ?иÑ? РиÑ? обнаÑ?Ñ?жил, Ñ?Ñ?о nginx, вÑ?Ñ?окопÑ?оизводиÑ?елÑ?нÑ?й Ñ?еÑ?веÑ? HTTP, обÑ?аÑ?нÑ?й
+пÑ?окÑ?и и пÑ?окÑ?и-Ñ?еÑ?веÑ? длÑ? IMAP/POP3, Ñ?одеÑ?жиÑ? пеÑ?еполнение бÑ?Ñ?еÑ?а, возникаÑ?Ñ?ее пÑ?и
+обÑ?абоÑ?ке опÑ?еделÑ?ннÑ?Ñ? запÑ?оÑ?ов HTTP. Ð?лоÑ?мÑ?Ñ?ленник можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? пÑ?облемÑ? длÑ?
+вÑ?полнениÑ? пÑ?оизволÑ?ного кода Ñ? пÑ?авами Ñ?абоÑ?его пÑ?оÑ?еÑ?Ñ?а (www-data в Debian)
+или вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании пÑ?Ñ?Ñ?м завеÑ?Ñ?ениÑ? Ñ?абоÑ?Ñ?
+Ñ?абоÑ?его пÑ?оÑ?еÑ?Ñ?а пÑ?и помоÑ?и Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованного URL в HTTP-запÑ?оÑ?е.</p>
- -<p>For the oldstable distribution (etch), this problem has been fixed in
- -version 0.4.13-2+etch2.</p>
+<p>Ð? пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (etch) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 0.4.13-2+etch2.</p>
- -<p>For the stable distribution (lenny), this problem has been fixed in
- -version 0.6.32-3+lenny2.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (lenny) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 0.6.32-3+lenny2.</p>
- -<p>For the testing distribution (squeeze), this problem will be fixed soon.</p>
+<p>Ð? Ñ?еÑ?Ñ?иÑ?Ñ?емом вÑ?пÑ?Ñ?ке (squeeze) Ñ?Ñ?а пÑ?облема бÑ?деÑ? иÑ?пÑ?авлена позже.</p>
- -<p>For the unstable distribution (sid), this problem has been fixed in
- -version 0.7.61-3.</p>
+<p>Ð? неÑ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (sid) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 0.7.61-3.</p>
- -<p>We recommend that you upgrade your nginx packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? nginx.</p>
</define-tag>
# do not modify the following line
- --- english/security/2009/dsa-1916.wml 2011-04-10 03:42:34.000000000 +0600
+++ russian/security/2009/dsa-1916.wml 2016-01-24 12:25:59.110473032 +0500
@@ -1,22 +1,23 @@
- -<define-tag description>insufficient input validation</define-tag>
+#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov"
+<define-tag description>недоÑ?Ñ?аÑ?оÑ?наÑ? пÑ?овеÑ?ка вÑ?однÑ?Ñ? даннÑ?Ñ?</define-tag>
<define-tag moreinfo>
- -<p>Dan Kaminsky and Moxie Marlinspike discovered that kdelibs, core libraries from
- -the official KDE release, does not properly handle a '\0' character in a domain
- -name in the Subject Alternative Name field of an X.509 certificate, which allows
- -man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted
- -certificate issued by a legitimate Certification Authority.</p>
+<p>Ð?Ñ?н Ð?аминÑ?ки и Ð?окÑ?и Ð?аÑ?линÑ?пайк обнаÑ?Ñ?жили, Ñ?Ñ?о kdelibs, базовÑ?е библиоÑ?еки из
+оÑ?иÑ?иалÑ?ного вÑ?пÑ?Ñ?ка KDE, непÑ?авилÑ?но обÑ?абаÑ?Ñ?ваÑ?Ñ? Ñ?имвол '\0' в имени домена
+в поле Subject Alternative Name Ñ?еÑ?Ñ?иÑ?икаÑ?а X.509, Ñ?Ñ?о позволÑ?еÑ? злоÑ?мÑ?Ñ?ленникам, оÑ?Ñ?Ñ?еÑ?Ñ?влÑ?Ñ?Ñ?им
+аÑ?акÑ? по пÑ?инÑ?ипÑ? Ñ?еловек-в-Ñ?еÑ?едине, подделÑ?ваÑ?Ñ? пÑ?оизволÑ?нÑ?е Ñ?еÑ?веÑ?нÑ?е пакеÑ?Ñ?
+SSL Ñ? помоÑ?Ñ?Ñ? Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованного Ñ?еÑ?Ñ?иÑ?икаÑ?а, вÑ?данного авÑ?оÑ?иÑ?еÑ?нÑ?м иÑ?Ñ?оÑ?ником.</p>
- -<p>For the oldstable distribution (etch), this problem has been fixed in
- -version 4:3.5.5a.dfsg.1-8etch3.</p>
+<p>Ð? пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (etch) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 4:3.5.5a.dfsg.1-8etch3.</p>
- -<p>Due to a bug in the archive system, the fix for the stable distribution
- -(lenny), will be released as version 4:3.5.10.dfsg.1-0lenny3 once it is
- -available.</p>
+<p>Ð?з-за оÑ?ибки в Ñ?иÑ?Ñ?еме аÑ?Ñ?ива иÑ?пÑ?авление длÑ? Ñ?Ñ?абилÑ?ного вÑ?пÑ?Ñ?ка
+(lenny) бÑ?деÑ? вÑ?пÑ?Ñ?ено в веÑ?Ñ?ии 4:3.5.10.dfsg.1-0lenny3 по меÑ?е
+доÑ?Ñ?Ñ?пноÑ?Ñ?и.</p>
- -<p>For the testing distribution (squeeze), and the unstable distribution (sid),
- -this problem has been fixed in version 4:3.5.10.dfsg.1-2.1.</p>
+<p>Ð? Ñ?еÑ?Ñ?иÑ?Ñ?емом (squeeze) и неÑ?Ñ?абилÑ?ном (sid) вÑ?пÑ?Ñ?каÑ?
+Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в веÑ?Ñ?ии 4:3.5.10.dfsg.1-2.1.</p>
- -<p>We recommend that you upgrade your kdelibs packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? kdelibs.</p>
</define-tag>
# do not modify the following line
- --- english/security/2009/dsa-1923.wml 2009-10-30 17:17:43.000000000 +0500
+++ russian/security/2009/dsa-1923.wml 2016-01-24 12:30:17.967672170 +0500
@@ -1,26 +1,27 @@
- -<define-tag description>denial of service</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>оÑ?каз в обÑ?лÑ?живании</define-tag>
<define-tag moreinfo>
- -<p>A denial of service vulnerability has been found in libhtml-parser-perl,
- -a collection of modules to parse HTML in text documents which is used by
- -several other projects like e.g. SpamAssassin.</p>
+<p>Ð? libhtml-parser-perl, набоÑ?е модÑ?лей длÑ? вÑ?полнениÑ? гÑ?аммаÑ?иÑ?еÑ?кого Ñ?азбоÑ?а кода HTML
+в Ñ?екÑ?Ñ?аÑ? докÑ?менÑ?ов, иÑ?полÑ?зÑ?емом некоÑ?оÑ?Ñ?ми дÑ?Ñ?гими пÑ?оекÑ?ами, напÑ?имеÑ?, SpamAssassin,
+бÑ?ла обнаÑ?Ñ?жена Ñ?Ñ?звимоÑ?Ñ?Ñ?, пÑ?иводÑ?Ñ?Ñ?Ñ? к оÑ?казÑ? в обÑ?лÑ?живании.</p>
- -<p>Mark Martinec discovered that the decode_entities() function will get stuck
- -in an infinite loop when parsing certain HTML entities with invalid UTF-8
- -characters. An attacker can use this to perform denial of service attacks
- -by submitting crafted HTML to an application using this functionality.</p>
+<p>Ð?аÑ?к Ð?аÑ?инек обнаÑ?Ñ?жил, Ñ?Ñ?о Ñ?Ñ?нкÑ?иÑ? decode_entities() вÑ?одиÑ? в
+беÑ?конеÑ?нÑ?й Ñ?икл пÑ?и вÑ?полнении гÑ?аммаÑ?иÑ?еÑ?кого Ñ?азбоÑ?а Ñ?Ñ?Ñ?ноÑ?Ñ?ей HTML Ñ? некоÑ?Ñ?екÑ?нÑ?ми
+Ñ?имволами в кодиÑ?овке UTF-8. Ð?лоÑ?мÑ?Ñ?ленник можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании
+пÑ?Ñ?Ñ?м оÑ?пÑ?авки Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованного кода HTML пÑ?иложениÑ?, иÑ?полÑ?зÑ?Ñ?Ñ?емÑ? Ñ?казаннÑ?Ñ? Ñ?Ñ?нкÑ?ионалÑ?ноÑ?Ñ?Ñ?.</p>
- -<p>For the oldstable distribution (etch), this problem has been fixed in
- -version 3.55-1+etch1.</p>
+<p>Ð? пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (etch) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 3.55-1+etch1.</p>
- -<p>For the stable distribution (lenny), this problem has been fixed in
- -version 3.56-1+lenny1.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (lenny) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 3.56-1+lenny1.</p>
- -<p>For the testing (squeeze) and unstable (sid) distribution, this problem
- -will be fixed soon.</p>
+<p>Ð? Ñ?еÑ?Ñ?иÑ?Ñ?емом (squeeze) и неÑ?Ñ?абилÑ?ном (sid) вÑ?пÑ?Ñ?каÑ? Ñ?Ñ?а пÑ?облема
+бÑ?деÑ? иÑ?пÑ?авлена позже.</p>
- -<p>We recommend that you upgrade your libhtml-parser-perl packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? libhtml-parser-perl.</p>
</define-tag>
# do not modify the following line
- --- english/security/2009/dsa-1943.wml 2009-12-03 03:42:25.000000000 +0500
+++ russian/security/2009/dsa-1943.wml 2016-01-24 12:12:21.034374611 +0500
@@ -1,22 +1,23 @@
- -<define-tag description>insufficient input validation</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>недоÑ?Ñ?аÑ?оÑ?наÑ? пÑ?овеÑ?ка вÑ?однÑ?Ñ? даннÑ?Ñ?</define-tag>
<define-tag moreinfo>
- -<p>It was discovered that OpenLDAP, a free implementation of the Lightweight
- -Directory Access Protocol, when OpenSSL is used, does not properly handle a '\0'
- -character in a domain name in the subject's Common Name (CN) field of an X.509
- -certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL
- -servers via a crafted certificate issued by a legitimate Certification Authority.</p>
+<p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о OpenLDAP, Ñ?вободнаÑ? Ñ?еализаÑ?иÑ? пÑ?оÑ?окола Lightweight
+Directory Access, пÑ?и иÑ?полÑ?зовании OpenSSL непÑ?авилÑ?но обÑ?абаÑ?Ñ?ваеÑ? Ñ?имвол '\0'
+в имени домена в поле Common Name (CN) Ñ?еÑ?Ñ?иÑ?икаÑ?а X.509, Ñ?Ñ?о позволÑ?еÑ? злоÑ?мÑ?Ñ?ленникам,
+оÑ?Ñ?Ñ?еÑ?Ñ?влÑ?Ñ?Ñ?им аÑ?акÑ? по пÑ?инÑ?ипÑ? Ñ?еловек-в-Ñ?еÑ?едине, подделÑ?ваÑ?Ñ? пÑ?оизволÑ?нÑ?е Ñ?еÑ?веÑ?нÑ?е пакеÑ?Ñ?
+SSL Ñ? помоÑ?Ñ?Ñ? Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованного Ñ?еÑ?Ñ?иÑ?икаÑ?а, вÑ?данного авÑ?оÑ?иÑ?еÑ?нÑ?м иÑ?Ñ?оÑ?ником.</p>
- -<p>For the oldstable distribution (etch), this problem has been fixed in version
- -2.3.30-5+etch3 for openldap2.3.</p>
+<p>Ð? пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (etch) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в веÑ?Ñ?ии
+2.3.30-5+etch3 пакеÑ?а openldap2.3.</p>
- -<p>For the stable distribution (lenny), this problem has been fixed in version
- -2.4.11-1+lenny1 for openldap.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (lenny) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в веÑ?Ñ?ии
+2.4.11-1+lenny1 пакеÑ?а openldap.</p>
- -<p>For the testing distribution (squeeze), and the unstable distribution (sid),
- -this problem has been fixed in version 2.4.17-2.1 for openldap.</p>
+<p>Ð? Ñ?еÑ?Ñ?иÑ?Ñ?емом (squeeze) и неÑ?Ñ?абилÑ?ном (sid) вÑ?пÑ?Ñ?каÑ?
+Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в веÑ?Ñ?ии 2.4.17-2.1 пакеÑ?а openldap.</p>
- -<p>We recommend that you upgrade your openldap2.3/openldap packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? openldap2.3/openldap.</p>
</define-tag>
# do not modify the following line
- --- english/security/2009/dsa-1947.wml 2009-12-08 04:58:04.000000000 +0500
+++ russian/security/2009/dsa-1947.wml 2016-01-24 12:45:12.289907713 +0500
@@ -1,22 +1,23 @@
- -<define-tag description>missing input sanitising</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>оÑ?Ñ?Ñ?Ñ?Ñ?Ñ?вие оÑ?иÑ?Ñ?ки вÑ?однÑ?Ñ? даннÑ?Ñ?</define-tag>
<define-tag moreinfo>
- -<p>Matt Elder discovered that Shibboleth, a federated web single sign-on
- -system is vulnerable to script injection through redirection URLs. More
- -details can be found in the Shibboleth advisory at
+<p>Ð?Ñ?Ñ? ÐлдеÑ? обнаÑ?Ñ?жил, Ñ?Ñ?о Shibboleth, инÑ?егÑ?иÑ?ованнаÑ? Ñ?иÑ?Ñ?ема единого
+вÑ?ода, Ñ?Ñ?звима к инÑ?екÑ?ии Ñ?Ñ?енаÑ?иев Ñ?еÑ?ез пеÑ?енапÑ?авлениÑ? URL. Ð?ополниÑ?елÑ?наÑ?
+инÑ?оÑ?маÑ?иÑ? можеÑ? бÑ?Ñ?Ñ? найдена в Ñ?екомендаÑ?ии Shibboleth по адÑ?еÑ?Ñ?
<a href="http://shibboleth.internet2.edu/secadv/secadv_20091104.txt";>http://shibboleth.internet2.edu/secadv/secadv_20091104.txt</a>.</p>
- -<p>For the old stable distribution (etch), this problem has been fixed in
- -version 1.3f.dfsg1-2+etch2 of shibboleth-sp.</p>
+<p>Ð? пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (etch) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 1.3f.dfsg1-2+etch2 пакеÑ?а shibboleth-sp.</p>
- -<p>For the stable distribution (lenny), this problem has been fixed in
- -version 1.3.1.dfsg1-3+lenny2 of shibboleth-sp, version 2.0.dfsg1-4+lenny2
- -of shibboleth-sp2 and version 2.0-2+lenny2 of opensaml2.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (lenny) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 1.3.1.dfsg1-3+lenny2 пакеÑ?а shibboleth-sp, веÑ?Ñ?ии 2.0.dfsg1-4+lenny2
+пакеÑ?а shibboleth-sp2 и веÑ?Ñ?ии 2.0-2+lenny2 пакеÑ?а opensaml2.</p>
- -<p>For the unstable distribution (sid), this problem has been fixed in
- -version 2.3+dfsg-1 of shibboleth-sp2, version 2.3-1 of opensaml2 and
- -version 1.3.1-1 of xmltooling.</p>
+<p>Ð? неÑ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (sid) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 2.3+dfsg-1 пакеÑ?а shibboleth-sp2, веÑ?Ñ?ии 2.3-1 пакеÑ?а opensaml2 и
+веÑ?Ñ?ии 1.3.1-1 пакеÑ?а xmltooling.</p>
- -<p>We recommend that you upgrade your Shibboleth packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? Shibboleth.</p>
</define-tag>
# do not modify the following line
- --- english/security/2009/dsa-1948.wml 2009-12-10 12:57:32.000000000 +0500
+++ russian/security/2009/dsa-1948.wml 2016-01-24 13:11:40.185405230 +0500
@@ -1,27 +1,28 @@
- -<define-tag description>denial of service</define-tag>
+#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov"
+<define-tag description>оÑ?каз в обÑ?лÑ?живании</define-tag>
<define-tag moreinfo>
- -<p>Robin Park and Dmitri Vinokurov discovered that the daemon component of
- -the ntp package, a reference implementation of the NTP protocol, is
- -not properly reacting to certain incoming packets.</p>
+<p>Робин Ð?аÑ?к и Ð?миÑ?Ñ?ий Ð?инокÑ?ов обнаÑ?Ñ?жили, Ñ?Ñ?о Ñ?лÑ?жба из пакеÑ?а
+ntp, Ñ?Ñ?алонной Ñ?еализаÑ?ии пÑ?оÑ?окола NTP, непÑ?авилÑ?но
+Ñ?еагиÑ?Ñ?еÑ? на опÑ?еделÑ?ннÑ?е вÑ?одÑ?Ñ?ие пакеÑ?Ñ?.</p>
- -<p>An unexpected NTP mode 7 packet (MODE_PRIVATE) with spoofed IP data can lead
- -ntpd to reply with a mode 7 response to the spoofed address. This may result
- -in the service playing packet ping-pong with other ntp servers or even itself
- -which causes CPU usage and excessive disk use due to logging. An attacker
- -can use this to conduct denial of service attacks.</p>
+<p>Ð?еожиданнÑ?й пакеÑ? NTP Ñ?ежима 7 (MODE_PRIVATE) Ñ? даннÑ?ми и подделанÑ?м IP можеÑ?
+пÑ?иводиÑ?Ñ? к Ñ?омÑ?, Ñ?Ñ?о ntpd оÑ?веÑ?иÑ? Ñ? оÑ?веÑ?ом Ñ?ежима 7 на подделÑ?нÑ?й адÑ?еÑ?. ÐÑ?о можеÑ? пÑ?иводиÑ?Ñ?
+к Ñ?омÑ?, Ñ?Ñ?о Ñ?лÑ?жба наÑ?нÑ?Ñ? игÑ?аÑ?Ñ? в пинг-понг Ñ? дÑ?Ñ?гими Ñ?еÑ?веÑ?ами ntp или даже Ñ? Ñ?обой,
+Ñ?Ñ?о пÑ?иводиÑ? к Ñ?Ñ?езмеÑ?номÑ? поÑ?Ñ?еблениÑ? Ñ?еÑ?Ñ?Ñ?Ñ?ов ЦÐ? и диÑ?кового пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?ва из-за Ñ?аздÑ?ваниÑ? жÑ?Ñ?нала. Ð?лоÑ?мÑ?Ñ?ленник
+можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании.</p>
- -<p>For the oldstable distribution (etch), this problem has been fixed in
- -version 1:4.2.2.p4+dfsg-2etch4.</p>
+<p>Ð? пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (etch) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 1:4.2.2.p4+dfsg-2etch4.</p>
- -<p>For the stable distribution (lenny), this problem has been fixed in
- -version 1:4.2.4p4+dfsg-8lenny3.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (lenny) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 1:4.2.4p4+dfsg-8lenny3.</p>
- -<p>For the testing (squeeze) and unstable (sid) distribution, this problem
- -will be fixed soon.</p>
+<p>Ð? Ñ?еÑ?Ñ?иÑ?Ñ?емом (squeeze) и неÑ?Ñ?абилÑ?ном (sid) вÑ?пÑ?Ñ?каÑ? Ñ?Ñ?а пÑ?облема
+бÑ?деÑ? иÑ?пÑ?авлена позже.</p>
- -<p>We recommend that you upgrade your ntp packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? ntp.</p>
</define-tag>
# do not modify the following line
- --- english/security/2009/dsa-1955.wml 2009-12-16 23:19:14.000000000 +0500
+++ russian/security/2009/dsa-1955.wml 2016-01-24 12:22:25.629658625 +0500
@@ -1,27 +1,28 @@
- -<define-tag description>information disclosure</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>Ñ?аÑ?кÑ?Ñ?Ñ?ие инÑ?оÑ?маÑ?ии</define-tag>
<define-tag moreinfo>
- -<p>It was discovered that network-manager-applet, a network management
- -framework, lacks some dbus restriction rules, which allows local users
- -to obtain sensitive information.</p>
+<p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о Ñ? network-manager-applet, инÑ?Ñ?аÑ?Ñ?Ñ?Ñ?кÑ?Ñ?Ñ?Ñ? Ñ?пÑ?авлениÑ?
+Ñ?еÑ?Ñ?Ñ?, оÑ?Ñ?Ñ?Ñ?Ñ?Ñ?вÑ?Ñ?Ñ? некоÑ?оÑ?Ñ?е огÑ?аниÑ?иваÑ?Ñ?ие пÑ?авила dbus, Ñ?Ñ?о позволÑ?еÑ? локалÑ?нÑ?м полÑ?зоваÑ?елÑ?м
+полÑ?Ñ?аÑ?Ñ? Ñ?Ñ?вÑ?Ñ?виÑ?елÑ?нÑ?Ñ? инÑ?оÑ?маÑ?иÑ?.</p>
- -<p>If you have locally modified the /etc/dbus-1/system.d/nm-applet.conf
- -file, then please make sure that you merge the changes from this fix
- -when asked during upgrade.</p>
+<p>Ð?Ñ?ли Ñ? ваÑ? иÑ?полÑ?зÑ?еÑ?Ñ?Ñ? локалÑ?но изменÑ?ннÑ?й Ñ?айл /etc/dbus-1/system.d/nm-applet.conf,
+Ñ?бедиÑ?еÑ?Ñ?, Ñ?Ñ?о вÑ? вклÑ?Ñ?или в него изменениÑ? данного иÑ?пÑ?авлениÑ?
+пÑ?и запÑ?оÑ?е обновлениÑ?.</p>
- -<p>For the oldstable distribution (etch), this problem has been fixed in
- -version 0.6.4-6+etch1 of network-manager.</p>
+<p>Ð? пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (etch) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 0.6.4-6+etch1 пакеÑ?а network-manager.</p>
- -<p>For the stable distribution (lenny), this problem has been fixed in
- -version 0.6.6-4+lenny1 of network-manager-applet.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (lenny) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 0.6.6-4+lenny1 пакеÑ?а network-manager-applet.</p>
- -<p>For the testing distribution (squeeze) and the unstable distribution
- -(sid), this problem has been fixed in version 0.7.0.99-1 of
+<p>Ð? Ñ?еÑ?Ñ?иÑ?Ñ?емом (squeeze) и неÑ?Ñ?абилÑ?ном (sid) вÑ?пÑ?Ñ?каÑ?
+Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в веÑ?Ñ?ии 0.7.0.99-1 пакеÑ?а
network-manager-applet.</p>
- -<p>We recommend that you upgrade your network-manager and
- -network-manager-applet packages accordingly.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? network-manager и
+network-manager-applet Ñ?ооÑ?веÑ?Ñ?Ñ?венно.</p>
</define-tag>
# do not modify the following line
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJWpIm6AAoJEF7nbuICFtKlJ8MP/jgxH1zc/qRI1HQ0XZCS5tnd
PoT3tMqmnsVdrraqoevkN8FyUIrMIztUmbJIOgC6ZP+U0nDPOMG6ZIUUWLK3QtZc
ndRvRWaVfBaic8PdEuVCj2CSOjoRgau3OneZCSkonfuE1l30+JIMqTYF1TntVjqe
Rx2HR1Z4kdaFpljnD/YjlL3wtG/QQxdRlG02bjLjKlYeqcsU0vNN/IWT3GJPsjYe
NDTArtinK9AhpsRGPDqzxqUvhkBc01izPTCI6JjVgpkpoySg/kudjIxNT8mumzVX
qQVT97tdVXic7JIS/RSYp1/u9b6xyITZTTIoMLV3+u9Uep3D4JzgyWLQK28UcY8p
Eu/uQ2kCKL5rD9jqc1sEB9J6DRJAw3nN3IgtqeBT8nKbOxYTYvDIAEaS2i80i7nv
HnCUk5Hz+GcvFEsbNg1R411niBT1uF9oUNkanCX5FdUhC8reLnzxvXCUV1cA9TCe
oJQw4VkG6ZcPUKtS43W4YIwCsFrHrldZXPrko+S/s9GzJQUltm5MS3Ixy1sCop+D
hFr6pnbNVHAYXc092hwHMMqoOPus4taVUu04gmIzfzVVLz+4JNBZeSJEbXfEPKIK
UJK1fZu1HWNSInMU4aujZfrdFOTh9Qc3ZBRMstocIc6/nnrlgr7fmXSJRHTLIBS5
ubkXG+5PFjHNzUPbgRx6
=8bda
-----END PGP SIGNATURE-----
Reply to: