[DONE] wml://security/2014/dla-{75,58,68}.wml
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- --- english/security/2014/dla-58.wml 2016-05-22 10:07:41.910935513 +0500
+++ russian/security/2014/dla-58.wml 2016-06-27 19:39:17.905283261 +0500
@@ -1,31 +1,32 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.3" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и LTS</define-tag>
<define-tag moreinfo>
- -<p>This update fixes a regression introduced in 0.8.10.3+squeeze5 where
- -apt would send invalid HTTP requests when sending If-Range queries.</p>
+<p>Ð?анное обновление иÑ?пÑ?авлÑ?еÑ? Ñ?егÑ?еÑ?Ñ?иÑ?, поÑ?вивÑ?Ñ?Ñ?Ñ?Ñ? в веÑ?Ñ?ии 0.8.10.3+squeeze5,
+коÑ?оÑ?аÑ? Ñ?оÑ?Ñ?оиÑ? в Ñ?ом, Ñ?Ñ?о apt пÑ?и оÑ?пÑ?авке запÑ?оÑ?ов If-Range оÑ?пÑ?авлÑ?еÑ? непÑ?авилÑ?нÑ?е HTTP-запÑ?оÑ?Ñ?.</p>
- -<p>For reference, the original advisory text follows.</p>
+<p>Ð?иже пÑ?иводиÑ?Ñ?Ñ? изнаÑ?алÑ?наÑ? Ñ?екомендаÑ?иÑ?.</p>
- -<p>The Google Security Team discovered a buffer overflow vulnerability in
- -the HTTP transport code in apt-get. An attacker able to
- -man-in-the-middle a HTTP request to an apt repository can trigger the
- -buffer overflow, leading to a crash of the <q>http</q> apt method binary, or
- -potentially to arbitrary code execution.</p>
+<p>Ð?оманда безопаÑ?ноÑ?Ñ?и Google обнаÑ?Ñ?жила пеÑ?еполнение бÑ?Ñ?еÑ?а в
+коде HTTP-Ñ?Ñ?анÑ?поÑ?Ñ?а в apt-get. Ð?лоÑ?мÑ?Ñ?ленник, Ñ?поÑ?обнÑ?й пÑ?Ñ?Ñ?м аÑ?аки по
+пÑ?инÑ?ипÑ? Ñ?еловек-в-Ñ?еÑ?едине оÑ?Ñ?Ñ?еÑ?Ñ?виÑ?Ñ? HTTP-запÑ?оÑ? к Ñ?епозиÑ?оÑ?иÑ? apt, можеÑ?
+вÑ?зваÑ?Ñ? пеÑ?еполнение бÑ?Ñ?еÑ?а, пÑ?иводÑ?Ñ?ее к аваÑ?ийной оÑ?Ñ?ановке меÑ?ода <q>http</q> в apt или
+к поÑ?енÑ?иалÑ?номÑ? вÑ?полнениÑ? пÑ?оизволÑ?ного кода.</p>
- -<p>The following regression fixes were included in this update:</p>
+<p>Ð? наÑ?Ñ?оÑ?Ñ?ее обновление вклÑ?Ñ?енÑ? Ñ?ледÑ?Ñ?Ñ?ие иÑ?пÑ?авлениÑ? Ñ?егÑ?еÑ?Ñ?ий:</p>
- - <p>* Fix regression from the previous update in <a href="dla-53">DLA-53-1</a>
- - when the custom apt configuration option for Dir::state::lists is set to a
- - relative path (#762160).</p>
+ <p>* Ð?Ñ?пÑ?авление Ñ?егÑ?еÑ?Ñ?ии из пÑ?едÑ?дÑ?Ñ?его обновлениÑ? в <a href="dla-53">DLA-53-1</a>,
+ когда опÑ?иÑ? наÑ?Ñ?Ñ?ойки apt Dir::state::lists Ñ?Ñ?Ñ?анавливалаÑ?Ñ? в знаÑ?ение
+ оÑ?ноÑ?иÑ?елÑ?ного пÑ?Ñ?и (#762160).</p>
- - <p>* Fix regression in the reverificaiton handling of cdrom: sources that
- - may lead to incorrect hashsum warnings. Affected users need to run
- - "apt-cdrom add" again after the update was applied.</p>
+ <p>* Ð?Ñ?пÑ?авление Ñ?егÑ?еÑ?Ñ?ии в обÑ?абоÑ?ке повÑ?оÑ?ной пÑ?овеÑ?ки иÑ?Ñ?оÑ?ников cdrom:, Ñ?Ñ?о
+ можеÑ? пÑ?иводиÑ?Ñ? к пÑ?едÑ?пÑ?еждениÑ?м о непÑ?авилÑ?нÑ?Ñ? конÑ?Ñ?олÑ?нÑ?Ñ? Ñ?Ñ?ммаÑ?. Ð?олÑ?зоваÑ?елÑ?м, Ñ? коÑ?оÑ?Ñ?Ñ? пÑ?оÑ?влÑ?еÑ?Ñ?Ñ?
+ Ñ?Ñ?а пÑ?облема, Ñ?ледÑ?еÑ? Ñ?нова вÑ?полниÑ?Ñ? "apt-cdrom add" поÑ?ле Ñ?Ñ?Ñ?ановки данного обновлениÑ?.</p>
- - <p>* Fix regression from the previous update in <a href="dla-53">DLA-53-1</a>
- - when file:/// sources are used and those are on a different partition than
- - the apt state directory.</p>
+ <p>* Ð?Ñ?пÑ?авление Ñ?егÑ?еÑ?Ñ?ии из пÑ?едÑ?дÑ?Ñ?его обновлениÑ? в <a href="dla-53">DLA-53-1</a>,
+ когда иÑ?полÑ?зÑ?Ñ?Ñ?Ñ?Ñ? иÑ?Ñ?оÑ?ники file:///, наÑ?одÑ?Ñ?иеÑ?Ñ? на Ñ?азделе, оÑ?лиÑ?аÑ?Ñ?емÑ?Ñ? оÑ?
+ каÑ?алога Ñ?оÑ?Ñ?оÑ?ниÑ? apt.</p>
- -<p>For Debian 6 <q>Squeeze</q>, these issues have been fixed in apt version 0.8.10.3+squeeze6</p>
+<p>Ð? Debian 6 <q>Squeeze</q> Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в пакеÑ?е apt веÑ?Ñ?ии 0.8.10.3+squeeze6</p>
</define-tag>
# do not modify the following line
- --- english/security/2014/dla-68.wml 2016-04-09 01:32:21.000000000 +0500
+++ russian/security/2014/dla-68.wml 2016-06-27 19:47:37.049410367 +0500
@@ -1,30 +1,31 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.3" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и LTS</define-tag>
<define-tag moreinfo>
<ul>
<li>[<a href="https://security-tracker.debian.org/tracker/CVE-2014-3875">CVE-2014-3875</a>]
- - <p>When inserting encoded newline characters into a request to rup,
- - additional HTTP headers can be injected into the reply, as well
- - as new HTML code on the top of the website.</p></li>
+ <p>Ð?Ñ?и вÑ?Ñ?авке закодиÑ?ованнÑ?Ñ? Ñ?имволов новой Ñ?Ñ?Ñ?оки в запÑ?оÑ? к rup,
+ в оÑ?веÑ? могÑ?Ñ? бÑ?Ñ?Ñ? вÑ?Ñ?авленÑ? дополниÑ?елÑ?нÑ?е заголовки HTTP, а Ñ?акже
+ новÑ?й код HTML в веÑ?Ñ?ней Ñ?аÑ?Ñ?и веб-Ñ?айÑ?а.</p></li>
<li>[<a href="https://security-tracker.debian.org/tracker/CVE-2014-3876">CVE-2014-3876</a>]
- - <p>The parameter akey is reflected unfiltered as part of the HTML
- - page. Some characters are forbidden in the GET parameter due
- - to filtering of the URL, but this can be circumvented by using
- - a POST parameter.
- - Nevertheless, this issue is exploitable via the GET parameter
- - alone, with some user interaction.</p></li>
+ <p>Ð?аÑ?амеÑ?Ñ? akey оÑ?Ñ?ажаеÑ?Ñ?Ñ? неÑ?илÑ?Ñ?Ñ?ованнÑ?м обÑ?азом как Ñ?аÑ?Ñ?Ñ? Ñ?Ñ?Ñ?аниÑ?Ñ?
+ HTML. Ð?екоÑ?оÑ?Ñ?е Ñ?имволÑ? запÑ?еÑ?ено иÑ?полÑ?зоваÑ?Ñ? в паÑ?амеÑ?Ñ?е GET из-за
+ Ñ?илÑ?Ñ?Ñ?аÑ?ии URL, но Ñ?Ñ?о огÑ?аниÑ?ение можно обойÑ?и пÑ?Ñ?Ñ?м иÑ?полÑ?зованиÑ?
+ паÑ?амеÑ?Ñ?а POST.
+ Тем не менее, даннаÑ? пÑ?облема можеÑ? иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ? Ñ?олÑ?ко Ñ?еÑ?ез паÑ?амеÑ?Ñ?
+ GET и Ñ?Ñ?ебÑ?еÑ? взаимодейÑ?Ñ?виÑ? Ñ? полÑ?зоваÑ?елем.</p></li>
<li>[<a href="https://security-tracker.debian.org/tracker/CVE-2014-3877">CVE-2014-3877</a>]
- - <p>The parameter addto is reflected only slightly filtered back to
- - the user as part of the HTML page. Some characters are forbidden
- - in the GET parameter due to filtering of the URL, but this can
- - be circumvented by using a POST parameter. Nevertheless, this
- - issue is exploitable via the GET parameter alone, with some user
- - interaction.</p></li>
+ <p>Ð?аÑ?амеÑ?Ñ? addto оÑ?Ñ?ажаеÑ?Ñ?Ñ? полÑ?зоваÑ?елÑ? Ñ?олÑ?ко в Ñ?легка Ñ?илÑ?Ñ?Ñ?ованном
+ виде как Ñ?аÑ?Ñ?Ñ? Ñ?Ñ?Ñ?аниÑ?Ñ? HTML. Ð?екоÑ?оÑ?Ñ?е Ñ?имволÑ? запÑ?еÑ?ено иÑ?полÑ?зоваÑ?Ñ?
+ в паÑ?амеÑ?Ñ?е GET из-за Ñ?илÑ?Ñ?Ñ?аÑ?ии URL, но Ñ?Ñ?о огÑ?аниÑ?ение можно
+ обойÑ?и пÑ?Ñ?Ñ?м иÑ?полÑ?зованиÑ? паÑ?амеÑ?Ñ?а POST. Тем не менее, даннаÑ?
+ Ñ?Ñ?звимоÑ?Ñ?Ñ? можеÑ? иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ? Ñ?олÑ?ко Ñ?еÑ?ез паÑ?амеÑ?Ñ? GET и Ñ?Ñ?ебÑ?еÑ?
+ взаимодейÑ?Ñ?виÑ? Ñ? полÑ?зоваÑ?елем.</p></li>
</ul>
- -<p>For Debian 6 <q>Squeeze</q>, these issues have been fixed in fex version 20100208+debian1-1+squeeze4</p>
+<p>Ð? Debian 6 <q>Squeeze</q> Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в пакеÑ?е fex веÑ?Ñ?ии 20100208+debian1-1+squeeze4</p>
</define-tag>
# do not modify the following line
- --- english/security/2014/dla-75.wml 2016-05-22 10:07:41.958929461 +0500
+++ russian/security/2014/dla-75.wml 2016-06-27 18:56:29.905877266 +0500
@@ -1,30 +1,31 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.4" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и LTS</define-tag>
<define-tag moreinfo>
- -<p>This update fixes one important vulnerability (<a href="https://security-tracker.debian.org/tracker/CVE-2014-4274">CVE-2014-4274</a>) and batches
- -together two other minor fixes (<a href="https://security-tracker.debian.org/tracker/CVE-2013-2162">CVE-2013-2162</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2014-0001">CVE-2014-0001</a>).</p>
+<p>Ð?анное обновление иÑ?пÑ?авлÑ?еÑ? однÑ? важнÑ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? (<a href="https://security-tracker.debian.org/tracker/CVE-2014-4274">CVE-2014-4274</a>), а Ñ?акже
+Ñ?одеÑ?жиÑ? два неболÑ?Ñ?иÑ? иÑ?пÑ?авлениÑ? (<a href="https://security-tracker.debian.org/tracker/CVE-2013-2162">CVE-2013-2162</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2014-0001">CVE-2014-0001</a>).</p>
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2014-4274">CVE-2014-4274</a>
- - <p>Insecure handling of a temporary file that could lead to execution
- - of arbitrary code through the creation of a mysql configuration file
- - pointing to an attacker-controlled plugin_dir.</p></li>
+ <p>Ð?ебезопаÑ?наÑ? обÑ?абоÑ?ка вÑ?еменнÑ?Ñ? Ñ?айлов, коÑ?оÑ?аÑ? можеÑ? пÑ?иводиÑ?Ñ? к вÑ?полнениÑ?
+ пÑ?оизволÑ?ного кода из-за Ñ?озданиÑ? Ñ?айла наÑ?Ñ?Ñ?ойки mysql,
+ Ñ?казÑ?ваÑ?Ñ?его на каÑ?алог plugin_dir, коÑ?оÑ?Ñ?м можеÑ? Ñ?пÑ?авлÑ?Ñ?Ñ? злоÑ?мÑ?Ñ?ленник.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2013-2162">CVE-2013-2162</a>
- - <p>Insecure creation of the debian.cnf credential file. Credentials could
- - be stolen by a local user monitoring that file while the package gets
- - installed.</p></li>
+ <p>Ð?ебезопаÑ?ное Ñ?оздание Ñ?айла даннÑ?Ñ? Ñ?Ñ?Ñ?Ñ?нÑ?Ñ? запиÑ?ей debian.cnf. Ð?аннÑ?е Ñ?Ñ?Ñ?Ñ?нÑ?Ñ? запиÑ?ей
+ могÑ?Ñ? бÑ?Ñ?Ñ? поÑ?иÑ?енÑ? локалÑ?нÑ?м полÑ?зоваÑ?елем, оÑ?Ñ?леживаÑ?Ñ?им Ñ?Ñ?оÑ? Ñ?айл во вÑ?емÑ?
+ Ñ?Ñ?Ñ?ановки пакеÑ?а.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2014-0001">CVE-2014-0001</a>
- - <p>Buffer overrun in the MySQL client when the server sends a version
- - string that is too big for the allocated buffer.</p></li>
+ <p>Ð?еÑ?еполнение бÑ?Ñ?еÑ?а в клиенÑ?е MySQL, коÑ?оÑ?ое возникаеÑ? когда Ñ?еÑ?веÑ? оÑ?пÑ?авлÑ?еÑ? Ñ?Ñ?Ñ?окÑ?
+ Ñ? Ñ?казанием веÑ?Ñ?ии, коÑ?оÑ?аÑ? оказÑ?ваеÑ?Ñ?Ñ? Ñ?лиÑ?ком болÑ?Ñ?ой длÑ? вÑ?деленного бÑ?Ñ?еÑ?а.</p></li>
</ul>
- -<p>For Debian 6 <q>Squeeze</q>, these issues have been fixed in mysql-5.1 version 5.1.73-1+deb6u1</p>
+<p>Ð? Debian 6 <q>Squeeze</q> Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в пакеÑ?е mysql-5.1 веÑ?Ñ?ии 5.1.73-1+deb6u1</p>
</define-tag>
# do not modify the following line
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXcTyMAAoJEF7nbuICFtKlyQYQAIDP4kWRsUGjVu6wTbSmokyu
p5rSj9wPSfQGAQLPISZlq6GOgzCCRwVahhRk6Eh0TYnzv8wH1ssl9/jdDnF8PKW3
+3a4prXZaII/6bW3YqPvNskGxNsHLlqRLF3EV09GeVHtfgbB9LCEaemHlTWjtMij
ZhNPXA9l0S7mMp6ozIWdPdJWNwLI9VaEe9eepBx38bG0Mmi2vs6J/oU+OMUTYv6z
rW5hnNjPntHt6JdovZCjdpRyoniziGEEo2nVXNtFLGWR3O2Xc6M/R4S4gBF0T0gA
1LCRBNIz6ssB393iTl/Z4QLxUvY1yHpJ1U1PXGrSFLMzx2MZ2x5s7EJKSlH3g+fY
JMX9rWHoTbQ54EkRM0soyQr6z0SdwcNBLRvmzs8NMxOeVPSqYxresdfYcl84yqr9
lLoWpdk8nomJoXolfFLVZ91WqwdEt27wXLf+w0xcWu5i/qbpVIPJfnz/zRd5pgij
2mEmF7xwM5u59Guke4vvib9l4dxboNLm5ix0u5WWCidDO0jhF+uRdqQ8EJtKrcld
7FkW3yijN9GQBqRuUSHKrm2vfCNEENnjLf8yZ36HR6qSnDm5EgOqLGqT7bWjX9zA
0fQrpCydxU28nfzzxealGHy1uD8uccDSLTt7n8bdFF+036WqaMBIwS9RUIrmHb6A
e9hoqjlIez/543Upge/E
=MtH/
-----END PGP SIGNATURE-----
Reply to: