[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[DONE] wml://{security/2011/dsa-2332.wml}

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- english/security/2011/dsa-2332.wml	2017-11-01 10:11:10.291842128 +0500
+++ russian/security/2011/dsa-2332.wml	2018-02-24 12:57:36.964318230 +0500
@@ -1,48 +1,49 @@
- -<define-tag description>several issues</define-tag>
+#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov"
+<define-tag description>неÑ?колÑ?ко пÑ?облем</define-tag>
 <define-tag moreinfo>
- -<p>Paul McMillan, Mozilla and the Django core team discovered several
- -vulnerabilities in Django, a Python web framework:</p>
+<p>Ð?ол Ð?акмиллан, Ñ?оÑ?Ñ?Ñ?дники Mozilla и Ñ?Ñ?аÑ?Ñ?ники оÑ?новной командÑ? Django обнаÑ?Ñ?жили
+неÑ?колÑ?ко Ñ?Ñ?звимоÑ?Ñ?ей в Django, веб-инÑ?Ñ?аÑ?Ñ?Ñ?Ñ?кÑ?Ñ?Ñ?е длÑ? Ñ?зÑ?ка Python:</p>
 
 <ul>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2011-4136";>CVE-2011-4136</a>
 
- -  <p>When using memory-based sessions and caching, Django sessions are
- -  stored directly in the root namespace of the cache. When user data is
- -  stored in the same cache, a remote user may take over a session.</p></li>
+  <p>Ð?Ñ?и иÑ?полÑ?зовании Ñ?еÑ?Ñ?ий и кÑ?Ñ?а на оÑ?нове памÑ?Ñ?и Ñ?еÑ?Ñ?ии Django Ñ?Ñ?анÑ?Ñ?Ñ?Ñ?
+  пÑ?Ñ?мо в коÑ?невом пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?ве имÑ?н кÑ?Ñ?а. Ð?Ñ?ли полÑ?зоваÑ?елÑ?Ñ?кие даннÑ?е
+  Ñ?Ñ?анÑ?Ñ?Ñ?Ñ? в Ñ?ом же кÑ?Ñ?е, Ñ?о Ñ?далÑ?ннÑ?й полÑ?зоваÑ?елÑ? можеÑ? пеÑ?еÑ?ваÑ?иÑ?Ñ? Ñ?еÑ?Ñ?иÑ?.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2011-4137";>CVE-2011-4137</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2011-4138";>CVE-2011-4138</a>
 
- -  <p>Django's field type URLfield by default checks supplied URL's by
- -  issuing a request to it, which doesn't time out. A Denial of Service
- -  is possible by supplying specially prepared URL's that keep the
- -  connection open indefinately or fill the Django's server memory.</p></li>
+  <p>Ð?о Ñ?молÑ?аниÑ? Ñ?ип полÑ? URLfield в Django вÑ?полнÑ?еÑ? пÑ?овеÑ?кÑ? пеÑ?еданного URL
+  пÑ?Ñ?Ñ?м оÑ?пÑ?авки запÑ?оÑ?а, длÑ? коÑ?оÑ?ого не Ñ?Ñ?Ñ?ановлен Ñ?аймеÑ?. Ð?Ñ?и пеÑ?едаÑ?е Ñ?пеÑ?иалÑ?но
+  Ñ?Ñ?оÑ?миÑ?ованного URL можно вÑ?зваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании, Ñ?оединение бÑ?деÑ? оÑ?Ñ?аваÑ?Ñ?Ñ?Ñ?
+  оÑ?кÑ?Ñ?Ñ?Ñ?м неопÑ?еделÑ?нно долго, либо бÑ?деÑ? заполнена памÑ?Ñ?Ñ? Ñ?еÑ?веÑ?а Django.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2011-4139";>CVE-2011-4139</a>
 
- -  <p>Django used X-Forwarded-Host headers to construct full URL's. This
- -  header may not contain trusted input and could be used to poison the
- -  cache.</p></li>
+  <p>Django иÑ?полÑ?зÑ?еÑ? заголовки X-Forwarded-Host длÑ? Ñ?озданиÑ? полнÑ?Ñ? URL. ЭÑ?оÑ?
+  заголовок можеÑ? не Ñ?одеÑ?жаÑ?Ñ? довеÑ?еннÑ?е вÑ?однÑ?е даннÑ?е и можеÑ? иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ?
+  длÑ? оÑ?Ñ?авлениÑ? кÑ?Ñ?а.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2011-4140";>CVE-2011-4140</a>
 
- -  <p>The CSRF protection mechanism in Django does not properly handle
- -  web-server configurations supporting arbitrary HTTP Host headers,
- -  which allows remote attackers to trigger unauthenticated forged
- -  requests.</p></li>
+  <p>Ð?еÑ?анизм заÑ?иÑ?Ñ? CSRF в Django непÑ?авилÑ?но обÑ?абаÑ?Ñ?ваеÑ? наÑ?Ñ?Ñ?ойки
+  веб-Ñ?еÑ?веÑ?а, поддеÑ?живаÑ?Ñ?ие пÑ?оизволÑ?нÑ?е HTTP-заголовки Host,
+  Ñ?Ñ?о позволÑ?еÑ? Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленникам оÑ?Ñ?Ñ?еÑ?Ñ?влÑ?Ñ?Ñ? неаÑ?Ñ?енÑ?иÑ?иÑ?иÑ?ованнÑ?е
+  Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованнÑ?е запÑ?оÑ?Ñ?.</p></li>
 
 </ul>
 
- -<p>For the oldstable distribution (lenny), this problem has been fixed in
- -version 1.0.2-1+lenny3.</p>
+<p>Ð? пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (lenny) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 1.0.2-1+lenny3.</p>
 
- -<p>For the stable distribution (squeeze), this problem has been fixed in
- -version 1.2.3-3+squeeze2.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (squeeze) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 1.2.3-3+squeeze2.</p>
 
- -<p>For the testing (wheezy) and unstable distribution (sid), this problem
- -has been fixed in version 1.3.1-1.</p>
+<p>Ð? Ñ?еÑ?Ñ?иÑ?Ñ?емом (wheezy) и неÑ?Ñ?абилÑ?ном (sid) вÑ?пÑ?Ñ?каÑ? Ñ?Ñ?а пÑ?облема
+бÑ?ла иÑ?пÑ?авлена в веÑ?Ñ?ии 1.3.1-1.</p>
 
- -<p>We recommend that you upgrade your python-django packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? python-django.</p>
 </define-tag>
 
 # do not modify the following line
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE3mumcdV9mwCc9oZQXudu4gIW0qUFAlqRGvUACgkQXudu4gIW
0qVgzBAAmof34YM9v88FrvOPEBEhUzy3Shu6e3GxKLxPTUSUULd/XGE08LkSNaSk
4W5AABE07bJOVCuSBM2rvJOEs1ugmRsCKbVykzWc9TlqluhkMxV+K9xMBMcKM31L
PshR30ex6dHMZpV/J6p9STjoLRzGhvFZZQGidGa+3Ow5dtaNMXOVkf2fsCFbzc3W
TXoblCXHFCMJMP42/GthGVsZFNjqHV/PWMgQzJgFsxFJYNs4ra746jUvUdAmLOFf
09mNlIHPy4tJkupn60aKqCa4NNfMxCJXJnViSdOrH3T4vIqqtWRwTjQo3udnpjgP
1iaOE9vJ1QqVNW6MsvsHeHnJQaJRptB/vVEHQHigjaVOfjwE3Te9NE4ihct2Z3KR
gyggIazTYAXg5AoJz+48SX2F4FY4NDgAVDYsa9i921KY97LbXk//OhTdnZ7F4tS/
YGBOao+i11PzQ4WnNTxKlhRnzwuYTjF+Ff3xmNbbblknUofc9mR+5yBDjwBdMGc6
ox67h4e7FvRrdbF7lTcT3vJAK1rMiun4xB+SdHkw6vCGv8tmKqBssIe1JWGTL7pb
CHZ9OEVBABgjqP5PELPkVASFerQvMAxN6Hjj51o97MqDTmu8Iiw6Uud2Yb0bYOBH
lENha4bHkWKU873+GEOeDXzZ150Y9AoI6Gqlr1Hl2Bz74DPxYdc=
=rqN2
-----END PGP SIGNATURE-----
Reply to: