[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[DONE] wml://{security/2017/dsa-3835.wml}

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- english/security/2017/dsa-3835.wml	2017-04-27 01:06:57.000000000 +0500
+++ russian/security/2017/dsa-3835.wml	2017-04-27 11:54:22.311604794 +0500
@@ -1,42 +1,43 @@
- -<define-tag description>security update</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и</define-tag>
 <define-tag moreinfo>
- -<p>Several vulnerabilities were discovered in Django, a high-level Python
- -web development framework. The Common Vulnerabilities and Exposures
- -project identifies the following problems:</p>
+<p>Ð? Django, инÑ?Ñ?аÑ?Ñ?Ñ?Ñ?кÑ?Ñ?Ñ?е веб-Ñ?азÑ?абоÑ?ки на Python вÑ?Ñ?окого Ñ?Ñ?овнÑ?,
+бÑ?ло обнаÑ?Ñ?жено неÑ?колÑ?ко Ñ?Ñ?звимоÑ?Ñ?ей. Ð?Ñ?оекÑ? Common Vulnerabilities and Exposures
+опÑ?еделÑ?еÑ? Ñ?ледÑ?Ñ?Ñ?ие пÑ?облемÑ?:</p>
 
 <ul>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-9013";>CVE-2016-9013</a>
 
- -    <p>Marti Raudsepp reported that a user with a hardcoded password is
- -    created when running tests with an Oracle database.</p></li>
+    <p>Ð?аÑ?Ñ?и РаÑ?дÑ?еп Ñ?ообÑ?ил, Ñ?Ñ?о пÑ?и запÑ?Ñ?ке Ñ?еÑ?Ñ?ов Ñ? базой даннÑ?Ñ? Oracle
+    Ñ?оздаÑ?Ñ?Ñ?Ñ? полÑ?зоваÑ?елÑ? Ñ? пÑ?едÑ?Ñ?Ñ?ановленнÑ?м паÑ?олем.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-9014";>CVE-2016-9014</a>
 
- -    <p>Aymeric Augustin discovered that Django does not properly validate
- -    the Host header against settings.ALLOWED_HOSTS when the debug
- -    setting is enabled. A remote attacker can take advantage of this
- -    flaw to perform DNS rebinding attacks.</p></li>
+    <p>Ð?ймеÑ?ик Ð?гаÑ?Ñ?ин обнаÑ?Ñ?жил, Ñ?Ñ?о Django непÑ?авилÑ?но вÑ?полнÑ?еÑ? пÑ?овеÑ?кÑ?
+    заголовка Host на Ñ?ооÑ?веÑ?Ñ?Ñ?вие settings.ALLOWED_HOSTS в Ñ?лÑ?Ñ?ае, еÑ?ли
+    вклÑ?Ñ?ена оÑ?ладка. УдалÑ?ннÑ?й злоÑ?мÑ?Ñ?ленник можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ?
+    длÑ? вÑ?полнениÑ? аÑ?ак по изменениÑ? пÑ?ивÑ?зки DNS.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-7233";>CVE-2017-7233</a>
 
- -    <p>It was discovered that is_safe_url() does not properly handle
- -    certain numeric URLs as safe. A remote attacker can take advantage
- -    of this flaw to perform XSS attacks or to use a Django server as an
- -    open redirect.</p></li>
+    <p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о is_safe_url() непÑ?авилÑ?но обÑ?абаÑ?Ñ?ваеÑ?
+    опÑ?еделÑ?ннÑ?е Ñ?иÑ?Ñ?овÑ?е URL как безопаÑ?нÑ?е. УдалÑ?ннÑ?й злоÑ?мÑ?Ñ?ленник можеÑ? иÑ?полÑ?зоваÑ?Ñ?
+    Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?полнениÑ? XSS-аÑ?ак или иÑ?полÑ?зованиÑ? Ñ?еÑ?веÑ?а Django
+    в каÑ?еÑ?Ñ?ве оÑ?кÑ?Ñ?Ñ?ого пеÑ?енапÑ?авлениÑ?.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-7234";>CVE-2017-7234</a>
 
- -    <p>Phithon from Chaitin Tech discovered an open redirect vulnerability
- -    in the django.views.static.serve() view. Note that this view is not
- -    intended for production use.</p></li>
+    <p>Phithon из Chaitin Tech обнаÑ?Ñ?жил Ñ?Ñ?звимоÑ?Ñ?Ñ? оÑ?кÑ?Ñ?Ñ?ого пеÑ?енапÑ?авлениÑ?
+    в виде django.views.static.serve(). Ð?амеÑ?Ñ?Ñ?е, Ñ?Ñ?о Ñ?Ñ?оÑ? вид не пÑ?едназнаÑ?ен
+    длÑ? пÑ?омÑ?Ñ?ленного иÑ?полÑ?зованиÑ?.</p></li>
 
 </ul>
 
- -<p>For the stable distribution (jessie), these problems have been fixed in
- -version 1.7.11-1+deb8u2.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (jessie) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 1.7.11-1+deb8u2.</p>
 
- -<p>We recommend that you upgrade your python-django packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? python-django.</p>
 </define-tag>
 
 # do not modify the following line
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE3mumcdV9mwCc9oZQXudu4gIW0qUFAlkBlaQACgkQXudu4gIW
0qWvshAArqqrZIpbdX7MOzeTUjilpUbpkoAmzoT+uRst2p5FdzTA+oEZXfAO+Vkl
yXEv0wxITOmd12lrTEySKFxZOnKYcEMh3BNurgeySMuAQQktBrC+vwC+HMR8qjrO
n412Hsp+MeejXi7/9Yvw4SYZYGf9NhrqeTohoEqyV1LUeqTypSAVmJ24uLIELVnz
nJK5yid611PxvFLAghlEArPwhQJmwMMd6QHtY7nkXtULYqUpnAMF2IS9S/Fb4GoY
SVbkW9Jhr29gc0EqNspOciIH0SSj6FMkb7ml8J9MllUoK0v6hTtwyPxDU+zKLbpK
nvmaQTKBKFTecvnTOuuLgi1cwlviGsefjFFvrcDEJFhPvIBKUuAOi57dZz2oQKOV
Mo8GaRd30iUyqizis39FZavnz3pao93BUPKTN8IhbJE9RnXTQlD9/G+DrPs9RtRf
MJLRfnqiH+Nzj9yuqLG6v+s98YZGHu27PReAXtib7w1zoQmEj++rre9opyHwz16u
5bZU00uph87czlLBEzx+eT5xduvs3Nd4ZEbUsXA9VqH1RJLPuCpyuZkB6wH6ARnF
rZD2Bk6n0+Da1XwSbMwnA3mzymE0YfDYqPb6hJlt4g+f/zKE3HidSs8YKGXXnR5y
CX9zpaPTagIwnCGyE4rGhlpkkKCblinODutXn2GyE5Il2g6l/QE=
=HbOB
-----END PGP SIGNATURE-----
Reply to: