-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - --- english/security/2009/dsa-1695.wml 2014-04-30 13:16:18.000000000 +0600 +++ russian/security/2009/dsa-1695.wml 2016-01-16 15:54:35.425944622 +0500 @@ -1,22 +1,23 @@ - -<define-tag description>memory leak</define-tag> +#use wml::debian::translation-check translation="1.3" maintainer="Lev Lamberov" +<define-tag description>ÑÑеÑка памÑÑи</define-tag> <define-tag moreinfo> - -<p>The regular expression engine of Ruby, a scripting language, contains a - -memory leak which can be triggered remotely under certain circumstances, - -leading to a denial of service condition (<a href="https://security-tracker.debian.org/tracker/CVE-2008-3443">CVE-2008-3443</a>).</p> +<p>Ðвижок ÑегÑлÑÑнÑÑ Ð²ÑÑажений Ð´Ð»Ñ ÑзÑка ÑÑенаÑиев Ruby ÑодеÑÐ¶Ð¸Ñ +ÑÑеÑÐºÑ ÑодеÑжимого памÑÑи, коÑоÑÑÑ Ð¿Ñи опÑеделÑннÑÑ ÑÑловиÑÑ Ð¼Ð¾Ð¶Ð½Ð¾ вÑзваÑÑ ÑдалÑнно, +ÑÑо пÑÐ¸Ð²Ð¾Ð´Ð¸Ñ Ðº оÑÐºÐ°Ð·Ñ Ð² обÑлÑживании (<a href="https://security-tracker.debian.org/tracker/CVE-2008-3443">CVE-2008-3443</a>).</p> - -<p>In addition, this security update addresses a regression in the REXML - -XML parser of the ruby1.8 package; the regression was introduced in +<p>ÐÑоме Ñого, данное обновление безопаÑноÑÑи ÑеÑÐ°ÐµÑ ÑегÑеÑÑ Ð² коде гÑаммаÑиÑеÑкого ÑазбоÑа XML +REXML в пакеÑе ruby1.8; ÑегÑеÑÑ Ð±Ñл добавлен в DSA-1651-1.</p> - -<p>For the stable distribution (etch), this problem has been fixed in version - -1.8.5-4etch4 of the ruby1.8 package, and version 1.9.0+20060609-1etch4 - -of the ruby1.9 package.</p> +<p>Ð ÑÑабилÑном вÑпÑÑке (etch) ÑÑа пÑоблема бÑла иÑпÑавлена в веÑÑии +1.8.5-4etch4 пакеÑа ruby1.8 и в веÑÑии 1.9.0+20060609-1etch4 +пакеÑа ruby1.9.</p> - -<p>For the unstable distribution (sid), this problem has been fixed in - -version 1.8.7.72-1 of the ruby1.8 package. The ruby1.9 package will be - -fixed soon.</p> +<p>РнеÑÑабилÑном вÑпÑÑке (sid) ÑÑа пÑоблема бÑла иÑпÑавлена в +веÑÑии 1.8.7.72-1 пакеÑа ruby1.8. ÐÐ°ÐºÐµÑ ruby1.9 бÑÐ´ÐµÑ +иÑпÑавлен позже.</p> - -<p>We recommend that you upgrade your Ruby packages.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ Ruby.</p> </define-tag> # do not modify the following line - --- english/security/2009/dsa-1890.wml 2009-09-19 16:12:51.000000000 +0600 +++ russian/security/2009/dsa-1890.wml 2016-01-16 15:50:48.092013343 +0500 @@ -1,26 +1,27 @@ - -<define-tag description>integer overflow</define-tag> +#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov" +<define-tag description>пеÑеполнение ÑелÑÑ ÑиÑел</define-tag> <define-tag moreinfo> - -<p>Tielei Wang has discovered an integer overflow in wxWidgets, the wxWidgets - -Cross-platform C++ GUI toolkit, which allows the execution of arbitrary - -code via a crafted JPEG file.</p> +<p>ТилÑй Ðанг обнаÑÑжил пеÑеполнение ÑелÑÑ ÑиÑел в wxWidgets, межплаÑÑоÑменном +набоÑе инÑÑÑÑменÑов wxWidgets Ð´Ð»Ñ C++ Ð´Ð»Ñ ÑеализаÑии гÑаÑиÑеÑкого инÑеÑÑейÑа, коÑоÑое +позволÑÐµÑ Ð²ÑполнÑÑÑ Ð¿ÑоизволÑнÑй код пÑи помоÑи ÑпеÑиалÑно ÑÑоÑмиÑованного Ñайла в ÑоÑмаÑе JPEG.</p> - -<p>For the oldstable distribution (etch), this problem has been fixed in version - -2.4.5.1.1+etch1 for wxwindows2.4 and version 2.6.3.2.1.5+etch1 for - -wxwidgets2.6.</p> +<p>РпÑедÑдÑÑем ÑÑабилÑном вÑпÑÑке (etch) ÑÑа пÑоблема бÑла иÑпÑавлена в веÑÑии +2.4.5.1.1+etch1 Ð´Ð»Ñ Ð¿Ð°ÐºÐµÑа wxwindows2.4 и в веÑÑии 2.6.3.2.1.5+etch1 Ð´Ð»Ñ +пакеÑа wxwidgets2.6.</p> - -<p>For the stable distribution (lenny), this problem has been fixed in version - -2.6.3.2.2-3+lenny1 for wxwidgets2.6 and version 2.8.7.1-1.1+lenny1 for - -wxwidgets2.8.</p> +<p>Ð ÑÑабилÑном вÑпÑÑке (lenny) ÑÑа пÑоблема бÑла иÑпÑавлена в веÑÑии +2.6.3.2.2-3+lenny1 Ð´Ð»Ñ Ð¿Ð°ÐºÐµÑа wxwidgets2.6 и в веÑÑии 2.8.7.1-1.1+lenny1 Ð´Ð»Ñ +пакеÑа wxwidgets2.8.</p> - -<p>For the testing distribution (squeeze), this problem will be fixed soon.</p> +<p>Ð ÑеÑÑиÑÑемом вÑпÑÑке (squeeze) ÑÑа пÑоблема бÑÐ´ÐµÑ Ð¸ÑпÑавлена позже.</p> - -<p>For the unstable distribution (sid), this problem has been fixed in - -version 2.8.7.1-2 for wxwidgets2.8 and will be fixed soon for - -wxwidgets2.6.</p> +<p>РнеÑÑабилÑном вÑпÑÑке (sid) ÑÑа пÑоблема бÑла иÑпÑавлена в +веÑÑии 2.8.7.1-2 Ð´Ð»Ñ Ð¿Ð°ÐºÐµÑа wxwidgets2.8 и бÑÐ´ÐµÑ Ð¸ÑпÑавлена позже Ð´Ð»Ñ +пакеÑа wxwidgets2.6.</p> - -<p>We recommend that you upgrade your wxwidgets packages.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ wxwidgets.</p> </define-tag> # do not modify the following line - --- english/security/2009/dsa-1904.wml 2009-10-09 17:53:00.000000000 +0600 +++ russian/security/2009/dsa-1904.wml 2016-01-16 16:12:27.790896530 +0500 @@ -1,26 +1,27 @@ - -<define-tag description>insufficient input validation</define-tag> +#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov" +<define-tag description>недоÑÑаÑоÑÐ½Ð°Ñ Ð¿ÑовеÑка Ð²Ñ Ð¾Ð´Ð½ÑÑ Ð´Ð°Ð½Ð½ÑÑ </define-tag> <define-tag moreinfo> - -<p>Daniel Stenberg discovered that wget, a network utility to retrieve files from - -the Web using HTTP(S) and FTP, is vulnerable to the "Null Prefix Attacks Against - -SSL/TLS Certificates" published at the Blackhat conference some time ago. This - -allows an attacker to perform undetected man-in-the-middle attacks via a crafted - -ITU-T X.509 certificate with an injected null byte in the Common Name field.</p> +<p>ÐÑÐ½Ð¸ÐµÐ»Ñ Ð¡ÑенбеÑг обнаÑÑжил, ÑÑо wget, ÑеÑÐµÐ²Ð°Ñ ÑÑилиÑа Ð´Ð»Ñ Ð·Ð°Ð³ÑÑзки Ñайлов из +Ðеб Ñ Ð¿Ð¾Ð¼Ð¾ÑÑÑ Ð¿ÑоÑоколов HTTP(S) и FTP, ÑÑзвима к аÑаке, опиÑанной в ÑÑаÑÑе "Null Prefix Attacks Against +SSL/TLS Certificates", коÑоÑÐ°Ñ Ð±Ñла опÑбликована некоÑоÑое вÑÐµÐ¼Ñ Ð½Ð°Ð·Ð°Ð´ в ÑбоÑнике конÑеÑенÑии Blackhat. ÐÑа +ÑÑзвимоÑÑÑ Ð¿Ð¾Ð·Ð²Ð¾Ð»ÑÐµÑ Ð·Ð»Ð¾ÑмÑÑÐ»ÐµÐ½Ð½Ð¸ÐºÑ Ð²ÑполнÑÑÑ Ð½ÐµÐ¾Ð¿ÑеделимÑе аÑаки по пÑинÑÐ¸Ð¿Ñ Ñеловек-в-ÑеÑедине Ñ Ð¿Ð¾Ð¼Ð¾ÑÑÑ +ÑпеÑиалÑно ÑÑоÑмиÑованного ÑеÑÑиÑикаÑа ITU-T X.509 Ñ Ð²Ð²ÐµÐ´ÑннÑм в него null-байÑом в поле Common Name.</p> - -<p>For the oldstable distribution (etch), this problem has been fixed in - -version 1.10.2-2+etch1.</p> +<p>РпÑедÑдÑÑем ÑÑабилÑном вÑпÑÑке (etch) ÑÑа пÑоблема бÑла иÑпÑавлена в +веÑÑии 1.10.2-2+etch1.</p> - -<p>For the stable distribution (lenny), this problem has been fixed in - -version 1.11.4-2+lenny1.</p> +<p>Ð ÑÑабилÑном вÑпÑÑке (lenny) ÑÑа пÑоблема бÑла иÑпÑавлена в +веÑÑии 1.11.4-2+lenny1.</p> - -<p>For the testing distribution (squeeze), this problem will be fixed soon.</p> +<p>Ð ÑеÑÑиÑÑемом вÑпÑÑке (squeeze) ÑÑа пÑоблема бÑÐ´ÐµÑ Ð¸ÑпÑавлена позже.</p> - -<p>For the unstable distribution (sid), this problem has been fixed in - -version 1.12-1.</p> +<p>РнеÑÑабилÑном вÑпÑÑке (sid) ÑÑа пÑоблема бÑла иÑпÑавлена в +веÑÑии 1.12-1.</p> - -<p>We recommend that you upgrade your wget packages.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ wget.</p> </define-tag> # do not modify the following line - --- english/security/2009/dsa-1905.wml 2009-10-11 17:47:04.000000000 +0600 +++ russian/security/2009/dsa-1905.wml 2016-01-16 15:59:10.221635645 +0500 @@ -1,26 +1,27 @@ - -<define-tag description>insufficient input validation</define-tag> +#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov" +<define-tag description>недоÑÑаÑоÑÐ½Ð°Ñ Ð¿ÑовеÑка Ð²Ñ Ð¾Ð´Ð½ÑÑ Ð´Ð°Ð½Ð½ÑÑ </define-tag> <define-tag moreinfo> - -<p>The forms library of python-django, a high-level Python web development - -framework, is using a badly chosen regular expression when validating - -email addresses and URLs. An attacker can use this to perform denial - -of service attacks (100% CPU consumption) due to bad backtracking - -via a specially crafted email address or URL which is validated by the - -django forms library.</p> +<p>ÐиблиоÑека ÑоÑм из пакеÑа python-django, вÑÑокоÑÑовневой инÑÑаÑÑÑÑкÑÑÑÑ Ð´Ð»Ñ +веб-ÑазÑабоÑки на ÑзÑке Python, иÑполÑзÑÐµÑ Ð½ÐµÐºÐ¾ÑÑекÑное ÑегÑлÑÑное вÑÑажение пÑи вÑполнении пÑовеÑки +адÑеÑов ÑлекÑÑонной поÑÑÑ Ð¸ URL. ÐлоÑмÑÑленник Ð¼Ð¾Ð¶ÐµÑ Ð¸ÑполÑзоваÑÑ ÑÑÑ ÑÑзвимоÑÑÑ Ð´Ð»Ñ Ð²Ñзова +оÑказа в обÑлÑживании (поÑÑебление 100% ÑеÑÑÑÑов ЦÐ) из-за непÑавилÑного вÑÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ +обÑаÑного поиÑка пÑи помоÑи ÑпеÑиалÑно ÑÑоÑмиÑованного адÑеÑа ÑлекÑÑонной поÑÑÑ Ð¸Ð»Ð¸ URL, пÑовеÑÑемÑÑ +библиоÑекой ÑоÑм django.</p> - -<p>python-django in the oldstable distribution (etch), is not affected by - -this problem.</p> +<p>python-django в пÑедÑдÑÑем ÑÑабилÑном вÑпÑÑке (etch) не подвеÑжен ÑÑой +пÑоблеме.</p> - -<p>For the stable distribution (lenny), this problem has been fixed in - -version 1.0.2-1+lenny2.</p> +<p>Ð ÑÑабилÑном вÑпÑÑке (lenny) ÑÑа пÑоблема бÑла иÑпÑавлена в +веÑÑии 1.0.2-1+lenny2.</p> - -<p>For the testing distribution (squeeze), this problem will be fixed soon.</p> +<p>Ð ÑеÑÑиÑÑемом вÑпÑÑке (squeeze) ÑÑа пÑоблема бÑÐ´ÐµÑ Ð¸ÑпÑавлена позже.</p> - -<p>For the unstable distribution (sid), this problem has been fixed in - -version 1.1.1-1.</p> +<p>РнеÑÑабилÑном вÑпÑÑке (sid) ÑÑа пÑоблема бÑла иÑпÑавлена в +веÑÑии 1.1.1-1.</p> - -<p>We recommend that you upgrade your python-django packages.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ python-django.</p> </define-tag> # do not modify the following line - --- english/security/2009/dsa-1912.wml 2014-04-30 13:16:19.000000000 +0600 +++ russian/security/2009/dsa-1912.wml 2016-01-16 16:08:25.244700942 +0500 @@ -1,24 +1,25 @@ - -<define-tag description>integer overflow</define-tag> +#use wml::debian::translation-check translation="1.3" maintainer="Lev Lamberov" +<define-tag description>пеÑеполнение ÑелÑÑ ÑиÑел</define-tag> <define-tag moreinfo> - -<p>It was discovered that CamlImages, an open source image processing - -library, suffers from several integer overflows, which may lead to a - -potentially exploitable heap overflow and result in arbitrary code - -execution. This advisory addresses issues with the reading of TIFF - -files. It also expands the patch for <a href="https://security-tracker.debian.org/tracker/CVE-2009-2660">CVE-2009-2660</a> to cover another - -potential overflow in the processing of JPEG images.</p> +<p>ÐÑло обнаÑÑжено, ÑÑо CamlImages, библиоÑека Ð´Ð»Ñ Ð¾Ð±ÑабоÑки изобÑÐ°Ð¶ÐµÐ½Ð¸Ñ Ñ Ð¾ÑкÑÑÑÑм +иÑÑ Ð¾Ð´Ð½Ñм кодом, ÑодеÑÐ¶Ð¸Ñ Ð½ÐµÑколÑко пеÑеполнений ÑелÑÑ ÑиÑел, коÑоÑÑе могÑÑ Ð¿ÑиводиÑÑ Ðº +поÑенÑиалÑно иÑполÑзÑемÑм злоÑмÑÑленниками пеÑеполнениÑм динамиÑеÑкой памÑÑи и вÑÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ +пÑоизволÑного кода. ÐÐ°Ð½Ð½Ð°Ñ ÑекомендаÑÐ¸Ñ ÑеÑÐ°ÐµÑ Ð¿ÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ñ ÑÑением Ñайлов в ÑоÑмаÑе +TIFF. ÐÑоме Ñого, она дополнÑÐµÑ Ð·Ð°Ð¿Ð»Ð°ÑÑ Ð´Ð»Ñ <a href="https://security-tracker.debian.org/tracker/CVE-2009-2660">CVE-2009-2660</a> Ð´Ð»Ñ ÑеÑÐµÐ½Ð¸Ñ +дÑÑгого поÑенÑиалÑного пеÑÐµÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ Ð² коде обÑабоÑки изобÑажений в ÑоÑмаÑе JPEG.</p> - -<p>For the oldstable distribution (etch), this problem has been fixed in - -version 2.20-8+etch3.</p> +<p>РпÑедÑдÑÑем ÑÑабилÑном вÑпÑÑке (etch) ÑÑа пÑоблема бÑла иÑпÑавлена в +веÑÑии 2.20-8+etch3.</p> - -<p>For the stable distribution (lenny), this problem has been fixed in - -version 1:2.2.0-4+lenny3.</p> +<p>Ð ÑÑабилÑном вÑпÑÑке (lenny) ÑÑа пÑоблема бÑла иÑпÑавлена в +веÑÑии 1:2.2.0-4+lenny3.</p> - -<p>For the testing distribution (squeeze) and the unstable distribution - -(sid), this problem will be fixed soon.</p> +<p>Ð ÑеÑÑиÑÑемом (squeeze) и неÑÑабилÑном (sid) вÑпÑÑÐºÐ°Ñ +ÑÑа пÑоблема бÑÐ´ÐµÑ Ð¸ÑпÑавлена позже.</p> - -<p>We recommend that you upgrade your camlimages package.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑ camlimages.</p> </define-tag> # do not modify the following line -----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJWmiXOAAoJEF7nbuICFtKlnpUP/12q6UCZQVfEuBfH1it5avbQ wfLqyfuG1EqC8ESIfWB2LFI5S8yHEOONHLhK+Kn3xI/9UhC8eiS2+5fMLa7fUR7n RKIbRtzDUvoVFv0M5yntiD4+fPA7PivJ5GV4xTT1MOuQ/YXk5jcKmnKiuX/me1Q0 3wQ2B0gBChX15xUv1lm4BntlgLYbOAhJm4ZkUkNdz2uzJfXL1ttHeIkCdM6stHtv 9GPDTQfyOYff1FH63fu8pjRx4bj+Qhbjnv5LEIHM4V45pGYjQMURJ7UtmfaEWUVN oGSX3DtupAIPpjIv3I2zIkEiOqBy6sLHa+EjbW8S4GAPvOiGBWcZyAuIfgyHVydC cVL320Y3a6Z/2jajjx/dCugR2jFYty2lBs8BKP8aVfVG2dR0GNUiukXY96gt8g5e lKEhHLzjYeuGD1hKXcqq+i8VatKy5kYlq61QorGNwrmi5mzYfQq+myARC4vWCTG+ WS5lRCyNp4qznFzCH5vi0R6CT/hkmuDdKaoRC7gJ85Tn7q5NgUG5NH2LRBbPkVZk obmqU9q7OSN292TikMubEtoUGWnfo6tQ/BmQJEgqgO6qMkCfs0wI+FPuBSy0ckLi k/1nAlsd52L7M6oOXHjjac2sZWJGlvyA4gYOG0fRPZy43KVMPq2CUCweiN0NdVXs fphVCzK+YKK9t9jj9cfQ =PQ2Y -----END PGP SIGNATURE-----

