-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - --- english/security/2011/dsa-2291.wml 2014-04-30 13:16:25.000000000 +0600 +++ russian/security/2011/dsa-2291.wml 2016-10-02 02:03:40.427639432 +0500 @@ -1,43 +1,44 @@ - -<define-tag description>various vulnerabilities</define-tag> +#use wml::debian::translation-check translation="1.3" maintainer="Lev Lamberov" +<define-tag description>ÑазлиÑнÑе ÑÑзвимоÑÑи</define-tag> <define-tag moreinfo> - -<p>Various vulnerabilities have been found in SquirrelMail, a webmail - -application. The Common Vulnerabilities and Exposures project - -identifies the following vulnerabilities:</p> +<p>Ð SquirrelMail, веб-поÑÑе, бÑли обнаÑÑÐ¶ÐµÐ½Ñ ÑазлиÑнÑе +ÑÑзвимоÑÑи. ÐÑÐ¾ÐµÐºÑ Common Vulnerabilities and Exposures +опÑеделÑÐµÑ ÑледÑÑÑие ÑÑзвимоÑÑи:</p> <ul> <li><a href="https://security-tracker.debian.org/tracker/CVE-2010-4554">CVE-2010-4554</a> - - <p>SquirrelMail did not prevent page rendering inside a third-party - - HTML frame, which makes it easier for remote attackers to conduct - - clickjacking attacks via a crafted web site.</p></li> + <p>SquirrelMail не пÑедоÑвÑаÑÐ°ÐµÑ Ð¾ÑÑиÑÐ¾Ð²ÐºÑ ÑÑÑаниÑÑ Ð²Ð¾ HTML-ÑÑейме ÑÑеÑÑей ÑÑоÑонÑ, + ÑÑо Ñ Ð¿Ð¾Ð¼Ð¾ÑÑÑ ÑпеÑиалÑно ÑÑоÑмиÑованного веб-ÑайÑа облегÑÐ°ÐµÑ ÑдалÑннÑм + злоÑмÑÑленникам вÑполнение кликджекинга.</p></li> - -<li><a href="https://security-tracker.debian.org/tracker/CVE-2010-4555">CVE-2010-4555</a>, - - <a href="https://security-tracker.debian.org/tracker/CVE-2011-2752">CVE-2011-2752</a>, +<li><a href="https://security-tracker.debian.org/tracker/CVE-2010-4555">CVE-2010-4555</a>, + <a href="https://security-tracker.debian.org/tracker/CVE-2011-2752">CVE-2011-2752</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2011-2753">CVE-2011-2753</a> - - <p>Multiple small bugs in SquirrelMail allowed an attacker to inject - - malicious script into various pages or alter the contents of user - - preferences.</p></li> + <p>ÐногоÑиÑленнÑе неболÑÑие оÑибки в SquirrelMail позволÑÑÑ Ð·Ð»Ð¾ÑмÑÑÐ»ÐµÐ½Ð½Ð¸ÐºÑ Ð²Ð²Ð¾Ð´Ð¸ÑÑ + вÑедоноÑнÑй ÑÑенаÑий в ÑазлиÑнÑе ÑÑÑаниÑÑ Ð¸Ð»Ð¸ изменÑÑÑ ÑодеÑжимое полÑзоваÑелÑÑÐºÐ¸Ñ + наÑÑÑоек.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2011-2023">CVE-2011-2023</a> - - <p>It was possible to inject arbitrary web script or HTML via a - - crafted STYLE element in an HTML part of an e-mail message.</p></li> + <p>Ðожно вводиÑÑ Ð¿ÑоизволÑнÑй веб-ÑÑенаÑий или код HTML Ñ Ð¿Ð¾Ð¼Ð¾ÑÑÑ + ÑпеÑиалÑно ÑÑоÑмиÑованного ÑлеменÑа STYLE в HTML коде ÑообÑений ÑлекÑÑонной поÑÑÑ.</p></li> </ul> - -<p>For the oldstable distribution (lenny), these problems have been fixed in - -version 1.4.15-4+lenny5.</p> +<p>РпÑедÑдÑÑем ÑÑабилÑном вÑпÑÑке (lenny) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 1.4.15-4+lenny5.</p> - -<p>For the stable distribution (squeeze), these problems have been fixed in - -version 1.4.21-2.</p> +<p>Ð ÑÑабилÑном вÑпÑÑке (squeeze) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 1.4.21-2.</p> - -<p>For the testing (wheezy) and unstable distribution (sid), these problems - -have been fixed in version 1.4.22-1.</p> +<p>Ð ÑеÑÑиÑÑемом (wheezy) и неÑÑабилÑном (sid) вÑпÑÑÐºÐ°Ñ ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ +бÑли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² веÑÑии 1.4.22-1.</p> - -<p>We recommend that you upgrade your squirrelmail packages.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ squirrelmail.</p> </define-tag> # do not modify the following line - --- english/security/2011/dsa-2333.wml 2014-04-30 13:16:25.000000000 +0600 +++ russian/security/2011/dsa-2333.wml 2016-10-02 01:58:39.642934405 +0500 @@ -1,40 +1,41 @@ - -<define-tag description>several vulnerabilities</define-tag> +#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov" +<define-tag description>неÑколÑко ÑÑзвимоÑÑей</define-tag> <define-tag moreinfo> - -<p>Two vulnerabilities have been discovered in phpLDAPadmin, a web based - -interface for administering LDAP servers. The Common Vulnerabilities and - -Exposures project identifies the following problems:</p> +<p>Ð phpLDAPadmin, веб-инÑеÑÑейÑе Ð´Ð»Ñ Ð°Ð´Ð¼Ð¸Ð½Ð¸ÑÑÑиÑÐ¾Ð²Ð°Ð½Ð¸Ñ LDAP-ÑеÑвеÑов, бÑли +обнаÑÑÐ¶ÐµÐ½Ñ Ð´Ð²Ðµ ÑÑзвимоÑÑи. ÐÑÐ¾ÐµÐºÑ Common Vulnerabilities and +Exposures опÑеделÑÐµÑ ÑледÑÑÑие пÑоблемÑ:</p> <ul> <li><a href="https://security-tracker.debian.org/tracker/CVE-2011-4074">CVE-2011-4074</a> - - <p>Input appended to the URL in cmd.php (when <q>cmd</q> is set to <q>_debug</q>) is - - not properly sanitised before being returned to the user. This can be - - exploited to execute arbitrary HTML and script code in a user's browser - - session in context of an affected site.</p></li> + <p>ÐÑ Ð¾Ð´Ð½Ñе даннÑе, добавлÑемÑе к URL в cmd.php (когда <q>cmd</q> Ð¸Ð¼ÐµÐµÑ Ð·Ð½Ð°Ñение <q>_debug</q>), + оÑиÑаÑÑÑÑ Ð½ÐµÐ¿ÑавилÑно до Ð¸Ñ Ð²Ð¾Ð·Ð²ÑаÑа полÑзоваÑелÑ. ÐÑо Ð¼Ð¾Ð¶ÐµÑ Ð¸ÑполÑзоваÑÑÑÑ + Ð´Ð»Ñ Ð²ÑÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ Ð¿ÑоизволÑного кода HTML или ÑÑенаÑÐ¸Ñ Ð² бÑаÑзеÑе полÑзоваÑÐµÐ»Ñ + в конÑекÑÑе подвеÑженного ÑÑзвимоÑÑи ÑайÑа.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2011-4075">CVE-2011-4075</a> - - <p>Input passed to the <q>orderby</q> parameter in cmd.php (when <q>cmd</q> is set to - - <q>query_engine</q>, <q>query</q> is set to <q>none</q>, and <q>search</q> is set to e.g. - - <q>1</q>) is not properly sanitised in lib/functions.php before being used in a - - <q>create_function()</q> function call. This can be exploited to inject and - - execute arbitrary PHP code.</p></li> + <p>ÐÑ Ð¾Ð´Ð½Ñе даннÑе, пеÑедаваемÑе паÑамеÑÑÑ <q>orderby</q> в cmd.php (когда <q>cmd</q> Ð¸Ð¼ÐµÐµÑ Ð·Ð½Ð°Ñение + <q>query_engine</q>, <q>query</q> Ð¸Ð¼ÐµÐµÑ Ð·Ð½Ð°Ñение <q>none</q>, а <q>search</q> Ð¸Ð¼ÐµÐµÑ Ð·Ð½Ð°Ñение, напÑимеÑ, + <q>1</q>), непÑавилÑно оÑиÑаÑÑÑÑ Ð² lib/functions.php до Ð¸Ñ Ð¸ÑполÑÐ·Ð¾Ð²Ð°Ð½Ð¸Ñ Ð² + вÑзове ÑÑнкÑии <q>create_function()</q>. ÐÑо Ð¼Ð¾Ð¶ÐµÑ Ð¸ÑполÑзоваÑÑÑÑ Ð´Ð»Ñ Ð²Ð²ÐµÐ´ÐµÐ½Ð¸Ñ Ð¸ + вÑÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ Ð¿ÑоизволÑного кода на ÑзÑке PHP.</p></li> - -</ul> +</ul> - -<p>For the oldstable distribution (lenny), these problems have been fixed in - -version 1.1.0.5-6+lenny2.</p> +<p>РпÑедÑдÑÑем ÑÑабилÑном вÑпÑÑке (lenny) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 1.1.0.5-6+lenny2.</p> - -<p>For the stable distribution (squeeze), these problems have been fixed in - -version 1.2.0.5-2+squeeze1.</p> +<p>Ð ÑÑабилÑном вÑпÑÑке (squeeze) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 1.2.0.5-2+squeeze1.</p> - -<p>For the testing distribution (wheezy), these problems will be fixed soon.</p> +<p>Ð ÑеÑÑиÑÑемом вÑпÑÑке (wheezy) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±ÑдÑÑ Ð¸ÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð¿Ð¾Ð·Ð¶Ðµ.</p> - -<p>For the unstable distribution (sid), these problems have been fixed in - -version 1.2.0.5-2.1.</p> +<p>РнеÑÑабилÑном вÑпÑÑке (sid) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 1.2.0.5-2.1.</p> - -<p>We recommend that you upgrade your phpldapadmin packages.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ phpldapadmin.</p> </define-tag> # do not modify the following line -----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJX8CSwAAoJEF7nbuICFtKldUcQAJgFMEC7Jez30M6993SKfveT zjBg0jlXy2aY/puN2ykxutsq8uUhjanMcc/f6FqPgIoP0reEO1ZUps3isav6RPkP ciBHNApAnRKexSjGzxp+DO0HhG2cgsHtcy/6//tsrP3EwPPLd78xohfeiHmHhyeh 9suyCjLJG6WQZmUVf4Unx7X9iB6Xrj6J0euEq40602f7pyvzdyKBBYVLLxXyMs0+ oQtHRB1gkXFg2Ivqn2lqc2S0ftBuzrea422RDuObWUILBkbogm0olOo7AdoNPl+D iSzS7YXP5hsBnwySeReP/WymBaVJVAJxgjNVS8FJ3wJ7k2CmMl5E8f27q1LCzDEj 7WZ/CDyCx3yOnw6Ny7aKmAmF2o7oVSJUV2VWnvEmLM8r795ja6nBorisW46RNlr1 YlTUaz0Uuiq+e7O2khSWXbS4ciytxgLIBzKbNHsD3pZg5Uin939osoak02GaK12n GJjuGZnBqPpuC3hSkEB+XFCXrJGZ2BqWMGE2WArDDYe3Fy2n0bsoWqjdJaUCPr5H IUBVmfA38TAl/U8GJoybQoaPDXPNYyx7NCNSZC9PWreOH8RI4oTiNKvomZcfkQsg jAWCmPE+fcp16JOmJgxLyYat/jzaFb22IgZH6EqJKQHzWyfIuoenEIf+I4asDGQK IlHikF9+9SaA2o84w9oy =49NK -----END PGP SIGNATURE-----