-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - --- english/security/2018/dsa-4109.wml 2018-02-10 10:12:30.000000000 +0500 +++ russian/security/2018/dsa-4109.wml 2018-02-10 10:20:44.339282982 +0500 @@ -1,22 +1,23 @@ - -<define-tag description>security update</define-tag> +#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov" +<define-tag description>обновление безопаÑноÑÑи</define-tag> <define-tag moreinfo> - -<p>Lalith Rallabhandi discovered that OmniAuth, a Ruby library for - -implementing multi-provider authentication in web applications, - -mishandled and leaked sensitive information. An attacker with access to - -the callback environment, such as in the case of a crafted web - -application, can request authentication services from this module and - -access to the CSRF token.</p> +<p>ÐÐ°Ð»Ð¸Ñ Ð Ð°Ð»Ð»Ð°Ð±Ñ Ð°Ð½Ð´Ð¸ обнаÑÑжил, ÑÑо OmniAuth, библиоÑека ÑзÑка Ruby Ð´Ð»Ñ +ÑеализаÑии многоÑÑовневой аÑÑенÑиÑикаÑии в веб-пÑиложениÑÑ , +непÑавилÑно обÑабаÑÑÐ²Ð°ÐµÑ Ð¸ ÑаÑкÑÑÐ²Ð°ÐµÑ ÑÑвÑÑвиÑелÑнÑÑ Ð¸Ð½ÑоÑмаÑиÑ. ÐлоÑмÑÑленник, имеÑÑий доÑÑÑп +к окÑÑÐ¶ÐµÐ½Ð¸Ñ Ð¾Ð±ÑаÑного вÑзова, напÑÐ¸Ð¼ÐµÑ Ð² ÑлÑÑае ÑпеÑиалÑно ÑÑоÑмиÑованного +веб-пÑиложениÑ, Ð¼Ð¾Ð¶ÐµÑ Ð¾ÑпÑавиÑÑ Ð·Ð°Ð¿ÑÐ¾Ñ ÑлÑжбам аÑÑенÑиÑикаÑии из ÑÑого модÑÐ»Ñ +и полÑÑиÑÑ Ð´Ð¾ÑÑÑп к CSRF-ÑокенÑ.</p> - -<p>For the oldstable distribution (jessie), this problem has been fixed - -in version 1.2.1-1+deb8u1.</p> +<p>РпÑедÑдÑÑем ÑÑабилÑном вÑпÑÑке (jessie) ÑÑа пÑоблема бÑла иÑпÑавлена +в веÑÑии 1.2.1-1+deb8u1.</p> - -<p>For the stable distribution (stretch), this problem has been fixed in - -version 1.3.1-1+deb9u1.</p> +<p>Ð ÑÑабилÑном вÑпÑÑке (stretch) ÑÑа пÑоблема бÑла иÑпÑавлена в +веÑÑии 1.3.1-1+deb9u1.</p> - -<p>We recommend that you upgrade your ruby-omniauth packages.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ ruby-omniauth.</p> - -<p>For the detailed security status of ruby-omniauth please refer to - -its security tracker page at: +<p>С подÑобнÑм ÑÑаÑÑÑом поддеÑжки безопаÑноÑÑи ruby-omniauth можно ознакомиÑÑÑÑ Ð½Ð° +ÑооÑвеÑÑÑвÑÑÑей ÑÑÑаниÑе оÑÑÐ»ÐµÐ¶Ð¸Ð²Ð°Ð½Ð¸Ñ Ð±ÐµÐ·Ð¾Ð¿Ð°ÑноÑÑи по адÑеÑÑ <a href="https://security-tracker.debian.org/tracker/ruby-omniauth">\ https://security-tracker.debian.org/tracker/ruby-omniauth</a></p> </define-tag> -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE3mumcdV9mwCc9oZQXudu4gIW0qUFAlp+gTMACgkQXudu4gIW 0qWrZA//QeZlN2HyDlytuy5+7UtyCOo8y29Aq35AWdYh07e2dAaU38uyMSdS71OA 6EbgHSlw0duPLcGVDXz0VnkrPA2qf43BwfjMG3UBLa48kMonW8lNSgoEbXBLHuM7 Rv/NFSJ4x7A4ZiCAOnaAxshjXFOaDj8ivacGnYkgzxVCH5RBYoSDPJih1TyP4kGt blKzbLMapeWiHHteHeenmV8hGEwxV26YT0+MdOIVFDlbdL2ZWjC1VSLtodUCTlHg aRG38xYApuR+S4av+YWROjuXO3NfMv/qf5xaKX72f9QViVyG1Rtvjm/BXXwP5pyk N3Qp/KcG7yrwWqKqKDURERuyhop8R5iiQIUnGXwtuNhv88W18YFPakFCK975oP/x NqlK36T4dHfBxskDDajrTYWz1Q+dIg+8sVRs1a0mQEoWlUkqYurMyG6dTcS9Sl8r 8u2vsTL2oyXEzXmy0+1/y4jDqtv67J9IYCXcEQrlTz1zxB1VfEfldqxONuwAMXa3 Trehiq84jbKCBgEx0DreoRKfmTnDYRLVaXpJ3BqyvqWYUU6ShUxntgR4gkSbIUGj hw+vtiDBZZrvcAzpQ+BCdvbt1NCHXo+s0mbAx4GQk2BiHjFzDTbCGsF0XIol4p7Y mRhCITR6rICGP3iHWI7xr2LtLkJ/2g3YxCF7enJ+pn7uKCJAFjY= =EM1h -----END PGP SIGNATURE-----