[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[DONE] wml://security/2017/dsa-388{2,3}.wml

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- english/security/2017/dsa-3882.wml	2017-06-16 00:08:38.000000000 +0500
+++ russian/security/2017/dsa-3882.wml	2017-06-16 01:03:34.684205239 +0500
@@ -1,59 +1,60 @@
- -<define-tag description>security update</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и</define-tag>
 <define-tag moreinfo>
- -<p>Multiple vulnerabilities have been discovered in Request Tracker, an
- -extensible trouble-ticket tracking system. The Common Vulnerabilities
- -and Exposures project identifies the following problems:</p>
+<p>Ð? Request Tracker, Ñ?аÑ?Ñ?иÑ?Ñ?емой Ñ?иÑ?Ñ?еме оÑ?Ñ?леживаниÑ? Ñ?ведомлений о неиÑ?пÑ?авноÑ?Ñ?Ñ?Ñ?,
+бÑ?ли обнаÑ?Ñ?женÑ? многоÑ?иÑ?леннÑ?е Ñ?Ñ?звимоÑ?Ñ?и. Ð?Ñ?оекÑ? Common Vulnerabilities
+and Exposures опÑ?еделÑ?еÑ? Ñ?ледÑ?Ñ?Ñ?ие пÑ?облемÑ?:</p>
 
 <ul>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-6127";>CVE-2016-6127</a>
 
- -    <p>It was discovered that Request Tracker is vulnerable to a cross-site
- -    scripting (XSS) attack if an attacker uploads a malicious file with
- -    a certain content type. Installations which use the
- -    AlwaysDownloadAttachments config setting are unaffected by this
- -    flaw. The applied fix addresses all existant and future uploaded
- -    attachments.</p></li>
+    <p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о Request Tracker Ñ?Ñ?звим к межÑ?айÑ?овомÑ?
+    Ñ?кÑ?ипÑ?ингÑ? (XSS) в Ñ?лÑ?Ñ?ае, еÑ?ли злоÑ?мÑ?Ñ?ленник загÑ?Ñ?жаеÑ? вÑ?едоноÑ?нÑ?й Ñ?айл Ñ?
+    Ñ?одеÑ?жимÑ?м опÑ?еделÑ?нного Ñ?ипа. УÑ?Ñ?ановки, иÑ?полÑ?зÑ?Ñ?Ñ?ие опÑ?иÑ?
+    наÑ?Ñ?Ñ?ойки AlwaysDownloadAttachments, не подвеÑ?женÑ? Ñ?Ñ?ой Ñ?Ñ?звимоÑ?Ñ?и.
+    Ð?Ñ?именÑ?нное иÑ?пÑ?авление каÑ?аеÑ?Ñ?Ñ? вÑ?еÑ? Ñ?же имеÑ?Ñ?иÑ?Ñ?Ñ? и бÑ?дÑ?Ñ?иÑ? загÑ?Ñ?жаемÑ?Ñ?
+    вложений.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-5361";>CVE-2017-5361</a>
 
- -    <p>It was discovered that Request Tracker is vulnerable to timing
- -    side-channel attacks for user passwords.</p></li>
+    <p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о Request Tracker Ñ?Ñ?звим к аÑ?акам на паÑ?оли полÑ?зоваÑ?елей
+    Ñ?еÑ?ез Ñ?Ñ?оÑ?онние каналÑ? по Ñ?аймингам.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-5943";>CVE-2017-5943</a>
 
- -    <p>It was discovered that Request Tracker is prone to an information
- -    leak of cross-site request forgery (CSRF) verification tokens if a
- -    user is tricked into visiting a specially crafted URL by an
- -    attacker.</p>
+    <p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о Request Tracker Ñ?Ñ?звим к Ñ?аÑ?кÑ?Ñ?Ñ?иÑ? инÑ?оÑ?маÑ?ии
+    о Ñ?окенаÑ? пÑ?овеÑ?ки в Ñ?лÑ?Ñ?ае подделки межÑ?айÑ?ового запÑ?оÑ?а (CSRF), еÑ?ли
+    полÑ?зоваÑ?елÑ? оÑ?кÑ?Ñ?ваеÑ? Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованнÑ?й URL, пеÑ?еданнÑ?й
+    злоÑ?мÑ?Ñ?ленником.</p>
 
 <p></p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-5944";>CVE-2017-5944</a>
 
- -    <p>It was discovered that Request Tracker is prone to a remote code
- -    execution vulnerability in the dashboard subscription interface. A
- -    privileged attacker can take advantage of this flaw through
- -    carefully-crafted saved search names to cause unexpected code to be
- -    executed. The applied fix addresses all existant and future saved
- -    searches.</p>
- -
- -<p>Additionally to the above mentioned CVEs, this update workarounds
- -<a href="https://security-tracker.debian.org/tracker/CVE-2015-7686";>CVE-2015-7686</a> in Email::Address which could induce a denial of service
- -of Request Tracker itself.</p></li>
+    <p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о Request Tracker Ñ?Ñ?звим к вÑ?полнениÑ? пÑ?оизволÑ?ного
+    кода в инÑ?еÑ?Ñ?ейÑ?е подпиÑ?ки Ñ?Ñ?Ñ?аниÑ?Ñ? Ñ?пÑ?авлениÑ?. Ð?Ñ?ивилегиÑ?ованнÑ?й
+    злоÑ?мÑ?Ñ?ленник можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? Ñ? помоÑ?Ñ?Ñ?
+    Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованнÑ?Ñ? Ñ?оÑ?Ñ?анÑ?ннÑ?Ñ? поиÑ?ковÑ?Ñ? имÑ?н длÑ? вÑ?зова вÑ?полнениÑ? неожиданного
+    кода. Ð?Ñ?именÑ?нное иÑ?пÑ?авление каÑ?аеÑ?Ñ?Ñ? вÑ?еÑ? Ñ?же имеÑ?Ñ?иÑ?Ñ?Ñ? и бÑ?дÑ?Ñ?иÑ? Ñ?оÑ?Ñ?анÑ?ннÑ?Ñ?
+    поиÑ?ковÑ?Ñ? имÑ?н.</p>
+
+<p>Ð?омимо Ñ?казаннÑ?Ñ? вÑ?Ñ?е CVE данное иÑ?пÑ?авление Ñ?аÑ?Ñ?иÑ?но Ñ?еÑ?аеÑ? пÑ?облемÑ?
+<a href="https://security-tracker.debian.org/tracker/CVE-2015-7686";>CVE-2015-7686</a> в Email::Address, коÑ?оÑ?аÑ? можеÑ? вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании
+Ñ?амого Request Tracker.</p></li>
 
 </ul>
 
- -<p>For the stable distribution (jessie), these problems have been fixed in
- -version 4.2.8-3+deb8u2.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (jessie) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 4.2.8-3+deb8u2.</p>
 
- -<p>For the upcoming stable distribution (stretch), these problems have been
- -fixed in version 4.4.1-3+deb9u1.</p>
+<p>Ð? гоÑ?овÑ?Ñ?емÑ?Ñ? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (stretch) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли
+иÑ?пÑ?авленÑ? в веÑ?Ñ?ии 4.4.1-3+deb9u1.</p>
 
- -<p>For the unstable distribution (sid), these problems have been fixed in
- -version 4.4.1-4.</p>
+<p>Ð? неÑ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (sid) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 4.4.1-4.</p>
 
- -<p>We recommend that you upgrade your request-tracker4 packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? request-tracker4.</p>
 </define-tag>
 
 # do not modify the following line
- --- english/security/2017/dsa-3883.wml	2017-06-16 00:09:08.000000000 +0500
+++ russian/security/2017/dsa-3883.wml	2017-06-16 01:09:39.992951042 +0500
@@ -1,14 +1,15 @@
- -<define-tag description>security update</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и</define-tag>
 <define-tag moreinfo>
- -<p>It was discovered that RT::Authen::ExternalAuth, an external
- -authentication module for Request Tracker, is vulnerable to timing
- -side-channel attacks for user passwords. Only ExternalAuth in DBI
- -(database) mode is vulnerable.</p>
+<p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о RT::Authen::ExternalAuth, внеÑ?ний модÑ?лÑ?
+аÑ?Ñ?енÑ?иÑ?икаÑ?ии длÑ? Request Tracker, Ñ?Ñ?звим к аÑ?акам на паÑ?оли полÑ?зоваÑ?елей
+Ñ?еÑ?ез Ñ?Ñ?оÑ?онние каналÑ? по Ñ?аймингам. Ð?одÑ?лÑ? ExternalAuth Ñ?Ñ?звим Ñ?олÑ?ко в
+Ñ?ежиме DBI (Ñ?ежиме базÑ? даннÑ?Ñ?).</p>
 
- -<p>For the stable distribution (jessie), this problem has been fixed in
- -version 0.25-1+deb8u1.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (jessie) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 0.25-1+deb8u1.</p>
 
- -<p>We recommend that you upgrade your rt-authen-externalauth packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? rt-authen-externalauth.</p>
 </define-tag>
 
 # do not modify the following line
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE3mumcdV9mwCc9oZQXudu4gIW0qUFAllC6YcACgkQXudu4gIW
0qVPzw/+LpoYW54q6kzAHL9SrcyuXDZu1JITqYblvHSm6g0wEMdYdXCqhfzbjjyB
pnxzXHJlN0gFAPvw17HFsL78GwMJbaF/xDA5XS1bWLlyqqlJY65x0y8TnjMx2LD3
vyBvaR2Bfo+d8V57VJlq8XOYMaQrHKUssX3QEDUdkn4/NQ9f+fDJE6DDjtFJNygz
E+nRvi4Jqno3lpvFpXt3KEsIBOB6FtV/akWkoXYkFOE22dkmGR24kgeVhFxYAKg1
y9JSCYNNWY4tzY+ql1ch4fssCmPiXNnWsehG1LLloUrqkzR24YPKe+CfJoavATpR
KWVkIO2yWjjYye4C942OvOK0DxiJvXUadCu4z+yIVMx6kTiCoANC5U7rO8Gb9fq1
uKEu4YCCzR4yqyR7qT1l+0oa7Fln9H/CQiYz+4L8Eu+lTrOIym6AexlG02JwwyxB
xmDFJFf6RQoS7UvkwGK/hm+dyC9GfEFb9aTA8q1+uttLLJTvGjMD3tHpOJ6RXUFQ
wTwweDKJDelr0hcop578GJjWkl1CH1IgVOUc+4eDVIvOdQKW+0Xn0+rd9ZjcRDvA
MEYQ/ku1YAbLIuCcO3UWQ3x/IydFoIMAuiW7u7e4EcT215KEiL2A+N63eDcw7rM4
88i88WuXlEIdhrrJ91MIPhI5sWPfJj2hdZSwmv+z1YiqyHGh1ng=
=KzoF
-----END PGP SIGNATURE-----
Reply to: