[DONE] wml://security/2017/dsa-388{2,3}.wml
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- --- english/security/2017/dsa-3882.wml 2017-06-16 00:08:38.000000000 +0500
+++ russian/security/2017/dsa-3882.wml 2017-06-16 01:03:34.684205239 +0500
@@ -1,59 +1,60 @@
- -<define-tag description>security update</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и</define-tag>
<define-tag moreinfo>
- -<p>Multiple vulnerabilities have been discovered in Request Tracker, an
- -extensible trouble-ticket tracking system. The Common Vulnerabilities
- -and Exposures project identifies the following problems:</p>
+<p>Ð? Request Tracker, Ñ?аÑ?Ñ?иÑ?Ñ?емой Ñ?иÑ?Ñ?еме оÑ?Ñ?леживаниÑ? Ñ?ведомлений о неиÑ?пÑ?авноÑ?Ñ?Ñ?Ñ?,
+бÑ?ли обнаÑ?Ñ?женÑ? многоÑ?иÑ?леннÑ?е Ñ?Ñ?звимоÑ?Ñ?и. Ð?Ñ?оекÑ? Common Vulnerabilities
+and Exposures опÑ?еделÑ?еÑ? Ñ?ледÑ?Ñ?Ñ?ие пÑ?облемÑ?:</p>
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-6127">CVE-2016-6127</a>
- - <p>It was discovered that Request Tracker is vulnerable to a cross-site
- - scripting (XSS) attack if an attacker uploads a malicious file with
- - a certain content type. Installations which use the
- - AlwaysDownloadAttachments config setting are unaffected by this
- - flaw. The applied fix addresses all existant and future uploaded
- - attachments.</p></li>
+ <p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о Request Tracker Ñ?Ñ?звим к межÑ?айÑ?овомÑ?
+ Ñ?кÑ?ипÑ?ингÑ? (XSS) в Ñ?лÑ?Ñ?ае, еÑ?ли злоÑ?мÑ?Ñ?ленник загÑ?Ñ?жаеÑ? вÑ?едоноÑ?нÑ?й Ñ?айл Ñ?
+ Ñ?одеÑ?жимÑ?м опÑ?еделÑ?нного Ñ?ипа. УÑ?Ñ?ановки, иÑ?полÑ?зÑ?Ñ?Ñ?ие опÑ?иÑ?
+ наÑ?Ñ?Ñ?ойки AlwaysDownloadAttachments, не подвеÑ?женÑ? Ñ?Ñ?ой Ñ?Ñ?звимоÑ?Ñ?и.
+ Ð?Ñ?именÑ?нное иÑ?пÑ?авление каÑ?аеÑ?Ñ?Ñ? вÑ?еÑ? Ñ?же имеÑ?Ñ?иÑ?Ñ?Ñ? и бÑ?дÑ?Ñ?иÑ? загÑ?Ñ?жаемÑ?Ñ?
+ вложений.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-5361">CVE-2017-5361</a>
- - <p>It was discovered that Request Tracker is vulnerable to timing
- - side-channel attacks for user passwords.</p></li>
+ <p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о Request Tracker Ñ?Ñ?звим к аÑ?акам на паÑ?оли полÑ?зоваÑ?елей
+ Ñ?еÑ?ез Ñ?Ñ?оÑ?онние каналÑ? по Ñ?аймингам.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-5943">CVE-2017-5943</a>
- - <p>It was discovered that Request Tracker is prone to an information
- - leak of cross-site request forgery (CSRF) verification tokens if a
- - user is tricked into visiting a specially crafted URL by an
- - attacker.</p>
+ <p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о Request Tracker Ñ?Ñ?звим к Ñ?аÑ?кÑ?Ñ?Ñ?иÑ? инÑ?оÑ?маÑ?ии
+ о Ñ?окенаÑ? пÑ?овеÑ?ки в Ñ?лÑ?Ñ?ае подделки межÑ?айÑ?ового запÑ?оÑ?а (CSRF), еÑ?ли
+ полÑ?зоваÑ?елÑ? оÑ?кÑ?Ñ?ваеÑ? Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованнÑ?й URL, пеÑ?еданнÑ?й
+ злоÑ?мÑ?Ñ?ленником.</p>
<p></p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-5944">CVE-2017-5944</a>
- - <p>It was discovered that Request Tracker is prone to a remote code
- - execution vulnerability in the dashboard subscription interface. A
- - privileged attacker can take advantage of this flaw through
- - carefully-crafted saved search names to cause unexpected code to be
- - executed. The applied fix addresses all existant and future saved
- - searches.</p>
- -
- -<p>Additionally to the above mentioned CVEs, this update workarounds
- -<a href="https://security-tracker.debian.org/tracker/CVE-2015-7686">CVE-2015-7686</a> in Email::Address which could induce a denial of service
- -of Request Tracker itself.</p></li>
+ <p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о Request Tracker Ñ?Ñ?звим к вÑ?полнениÑ? пÑ?оизволÑ?ного
+ кода в инÑ?еÑ?Ñ?ейÑ?е подпиÑ?ки Ñ?Ñ?Ñ?аниÑ?Ñ? Ñ?пÑ?авлениÑ?. Ð?Ñ?ивилегиÑ?ованнÑ?й
+ злоÑ?мÑ?Ñ?ленник можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? Ñ? помоÑ?Ñ?Ñ?
+ Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованнÑ?Ñ? Ñ?оÑ?Ñ?анÑ?ннÑ?Ñ? поиÑ?ковÑ?Ñ? имÑ?н длÑ? вÑ?зова вÑ?полнениÑ? неожиданного
+ кода. Ð?Ñ?именÑ?нное иÑ?пÑ?авление каÑ?аеÑ?Ñ?Ñ? вÑ?еÑ? Ñ?же имеÑ?Ñ?иÑ?Ñ?Ñ? и бÑ?дÑ?Ñ?иÑ? Ñ?оÑ?Ñ?анÑ?ннÑ?Ñ?
+ поиÑ?ковÑ?Ñ? имÑ?н.</p>
+
+<p>Ð?омимо Ñ?казаннÑ?Ñ? вÑ?Ñ?е CVE данное иÑ?пÑ?авление Ñ?аÑ?Ñ?иÑ?но Ñ?еÑ?аеÑ? пÑ?облемÑ?
+<a href="https://security-tracker.debian.org/tracker/CVE-2015-7686">CVE-2015-7686</a> в Email::Address, коÑ?оÑ?аÑ? можеÑ? вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании
+Ñ?амого Request Tracker.</p></li>
</ul>
- -<p>For the stable distribution (jessie), these problems have been fixed in
- -version 4.2.8-3+deb8u2.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (jessie) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 4.2.8-3+deb8u2.</p>
- -<p>For the upcoming stable distribution (stretch), these problems have been
- -fixed in version 4.4.1-3+deb9u1.</p>
+<p>Ð? гоÑ?овÑ?Ñ?емÑ?Ñ? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (stretch) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли
+иÑ?пÑ?авленÑ? в веÑ?Ñ?ии 4.4.1-3+deb9u1.</p>
- -<p>For the unstable distribution (sid), these problems have been fixed in
- -version 4.4.1-4.</p>
+<p>Ð? неÑ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (sid) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 4.4.1-4.</p>
- -<p>We recommend that you upgrade your request-tracker4 packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? request-tracker4.</p>
</define-tag>
# do not modify the following line
- --- english/security/2017/dsa-3883.wml 2017-06-16 00:09:08.000000000 +0500
+++ russian/security/2017/dsa-3883.wml 2017-06-16 01:09:39.992951042 +0500
@@ -1,14 +1,15 @@
- -<define-tag description>security update</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и</define-tag>
<define-tag moreinfo>
- -<p>It was discovered that RT::Authen::ExternalAuth, an external
- -authentication module for Request Tracker, is vulnerable to timing
- -side-channel attacks for user passwords. Only ExternalAuth in DBI
- -(database) mode is vulnerable.</p>
+<p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о RT::Authen::ExternalAuth, внеÑ?ний модÑ?лÑ?
+аÑ?Ñ?енÑ?иÑ?икаÑ?ии длÑ? Request Tracker, Ñ?Ñ?звим к аÑ?акам на паÑ?оли полÑ?зоваÑ?елей
+Ñ?еÑ?ез Ñ?Ñ?оÑ?онние каналÑ? по Ñ?аймингам. Ð?одÑ?лÑ? ExternalAuth Ñ?Ñ?звим Ñ?олÑ?ко в
+Ñ?ежиме DBI (Ñ?ежиме базÑ? даннÑ?Ñ?).</p>
- -<p>For the stable distribution (jessie), this problem has been fixed in
- -version 0.25-1+deb8u1.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (jessie) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 0.25-1+deb8u1.</p>
- -<p>We recommend that you upgrade your rt-authen-externalauth packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? rt-authen-externalauth.</p>
</define-tag>
# do not modify the following line
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE3mumcdV9mwCc9oZQXudu4gIW0qUFAllC6YcACgkQXudu4gIW
0qVPzw/+LpoYW54q6kzAHL9SrcyuXDZu1JITqYblvHSm6g0wEMdYdXCqhfzbjjyB
pnxzXHJlN0gFAPvw17HFsL78GwMJbaF/xDA5XS1bWLlyqqlJY65x0y8TnjMx2LD3
vyBvaR2Bfo+d8V57VJlq8XOYMaQrHKUssX3QEDUdkn4/NQ9f+fDJE6DDjtFJNygz
E+nRvi4Jqno3lpvFpXt3KEsIBOB6FtV/akWkoXYkFOE22dkmGR24kgeVhFxYAKg1
y9JSCYNNWY4tzY+ql1ch4fssCmPiXNnWsehG1LLloUrqkzR24YPKe+CfJoavATpR
KWVkIO2yWjjYye4C942OvOK0DxiJvXUadCu4z+yIVMx6kTiCoANC5U7rO8Gb9fq1
uKEu4YCCzR4yqyR7qT1l+0oa7Fln9H/CQiYz+4L8Eu+lTrOIym6AexlG02JwwyxB
xmDFJFf6RQoS7UvkwGK/hm+dyC9GfEFb9aTA8q1+uttLLJTvGjMD3tHpOJ6RXUFQ
wTwweDKJDelr0hcop578GJjWkl1CH1IgVOUc+4eDVIvOdQKW+0Xn0+rd9ZjcRDvA
MEYQ/ku1YAbLIuCcO3UWQ3x/IydFoIMAuiW7u7e4EcT215KEiL2A+N63eDcw7rM4
88i88WuXlEIdhrrJ91MIPhI5sWPfJj2hdZSwmv+z1YiqyHGh1ng=
=KzoF
-----END PGP SIGNATURE-----
Reply to: