-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - --- english/security/2015/dla-298.wml 2016-04-08 01:24:54.000000000 +0500 +++ russian/security/2015/dla-298.wml 2016-05-04 12:06:52.691076659 +0500 @@ -1,24 +1,25 @@ - -<define-tag description>LTS security update</define-tag> +#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov" +<define-tag description>обновление безопаÑноÑÑи LTS</define-tag> <define-tag moreinfo> <ul> <li><a href="https://security-tracker.debian.org/tracker/CVE-2012-6130">CVE-2012-6130</a> - - <p>Cross-site scripting (XSS) vulnerability in the history - - display in Roundup before 1.4.20 allows remote attackers - - to inject arbitrary web script or HTML via a username, - - related to generating a link.</p></li> + <p>ÐежÑайÑовÑй ÑкÑипÑинг (XSS) в оÑобÑажении иÑÑоÑии + в Roundup до веÑÑии 1.4.20 позволÑÐµÑ ÑдалÑннÑм злоÑмÑÑленникам + вводиÑÑ Ð¿ÑоизволÑнÑй веб-ÑÑенаÑий или код HTML Ñ Ð¿Ð¾Ð¼Ð¾ÑÑÑ Ð¸Ð¼ÐµÐ½Ð¸ полÑзоваÑелÑ, + ÑвÑзанного Ñ Ñоздаваемой ÑÑÑлкой.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2012-6131">CVE-2012-6131</a> - - <p>Cross-site scripting (XSS) vulnerability in cgi/client.py - - in Roundup before 1.4.20 allows remote attackers to inject - - arbitrary web script or HTML via the @action parameter to + <p>ÐежÑайÑовÑй ÑкÑипÑинг (XSS) в cgi/client.py + в Roundup до веÑÑии 1.4.20 позволÑÐµÑ ÑдалÑннÑм злоÑмÑÑленникам вводиÑÑ + пÑоизволÑнÑй веб-ÑÑенаÑий или код HTML Ñ Ð¿Ð¾Ð¼Ð¾ÑÑÑ Ð¿Ð°ÑамеÑÑа @action в support/issue1.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2012-6132">CVE-2012-6132</a> - - <p>Cross-site scripting (XSS) vulnerability in Roundup before - - 1.4.20 allows remote attackers to inject arbitrary web - - script or HTML via the otk parameter.</p></li> + <p>ÐежÑайÑовÑй ÑкÑипÑинг (XSS) в Roundup до веÑÑии + 1.4.20 позволÑÐµÑ ÑдалÑннÑм злоÑмÑÑленникам вводиÑÑ Ð¿ÑоизволÑнÑй веб-ÑÑенаÑий + или код HTML Ñ Ð¿Ð¾Ð¼Ð¾ÑÑÑ Ð¿Ð°ÑамеÑÑа otk.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2012-6133">CVE-2012-6133</a> - - <p>XSS flaws in ok and error messages - - We solve this differently from the proposals in the bug-report - - by not allowing *any* html-tags in ok/error messages anymore.</p></li> + <p>УÑзвимоÑÑи XSS в ÑообÑениÑÑ ok и error. + УказаннÑе пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð¸ÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð´ÑÑгим ÑпоÑобом, не Ñем, коÑоÑÑй бÑл пÑедложен в ÑообÑении об оÑибке. + ÐÑибки иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð¿ÑÑÑм запÑеÑа *лÑбÑÑ * html-Ñегов в ÑообÑениÑÑ ok/error.</p></li> </ul> </define-tag> - --- english/security/2015/dla-301.wml 2016-04-07 03:10:35.000000000 +0500 +++ russian/security/2015/dla-301.wml 2016-05-04 12:12:37.579765607 +0500 @@ -1,28 +1,29 @@ - -<define-tag description>LTS security update</define-tag> +#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov" +<define-tag description>обновление безопаÑноÑÑи LTS</define-tag> <define-tag moreinfo> - -<p>Denial-of-service possibility in logout() view by filling session store</p> +<p>ÐозможнÑй оÑказ в обÑлÑживании в виде logout() из-за Ð·Ð°Ð¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ Ñ ÑанилиÑа ÑеÑÑии.</p> - -<p>Previously, a session could be created when anonymously accessing the - -django.contrib.auth.views.logout view (provided it wasn't decorated with - -django.contrib.auth.decorators.login_required as done in the admin). This - -could allow an attacker to easily create many new session records by - -sending repeated requests, potentially filling up the session store or - -causing other users' session records to be evicted.</p> +<p>Ранее ÑеÑÑÐ¸Ñ ÑоздавалаÑÑ Ð¿Ñи анонимном обÑаÑении к +Ð²Ð¸Ð´Ñ django.contrib.auth.views.logout (ÑÑиÑÑваÑ, ÑÑо ÑÑÐ¾Ñ Ð²Ð¸Ð´ не декоÑиÑовалÑÑ +django.contrib.auth.decorators.login_required как на ÑÑÑаниÑе админиÑÑÑаÑоÑа). ÐÑо +позволÑло злоÑмÑÑÐ»ÐµÐ½Ð½Ð¸ÐºÑ Ð»ÐµÐ³ÐºÐ¾ ÑоздаваÑÑ Ð¼Ð½Ð¾Ð³Ð¾ новÑÑ Ð·Ð°Ð¿Ð¸Ñей ÑеÑÑии пÑÑÑм +оÑпÑавки повÑоÑнÑÑ Ð·Ð°Ð¿ÑоÑов, ÑÑо поÑенÑиалÑно заполнÑÐµÑ Ñ ÑанилиÑе ÑеÑÑии или +пÑÐ¸Ð²Ð¾Ð´Ð¸Ñ Ðº ÑÐ´Ð°Ð»ÐµÐ½Ð¸Ñ ÑеÑÑионнÑÑ Ð·Ð°Ð¿Ð¸Ñей дÑÑÐ³Ð¸Ñ Ð¿Ð¾Ð»ÑзоваÑелей.</p> - -<p>The django.contrib.sessions.middleware.SessionMiddleware has been modified - -to no longer create empty session records.</p> +<p>django.contrib.sessions.middleware.SessionMiddleware бÑл изменÑн +Ñак, ÑÑÐ¾Ð±Ñ Ð¿ÑÑÑÑе ÑеÑÑионнÑе запиÑи более не ÑоздавалиÑÑ.</p> - -<p>This portion of the fix has been assigned <a href="https://security-tracker.debian.org/tracker/CVE-2015-5963">CVE-2015-5963</a>.</p> +<p>ÐÐ°Ð½Ð½Ð°Ñ ÑаÑÑÑ Ð¸ÑпÑÐ°Ð²Ð»ÐµÐ½Ð¸Ñ Ð¿Ð¾Ð»ÑÑила иденÑиÑикаÑÐ¾Ñ <a href="https://security-tracker.debian.org/tracker/CVE-2015-5963">CVE-2015-5963</a>.</p> - -<p>Additionally, the contrib.sessions.backends.base.SessionBase.flush() and - -cache_db.SessionStore.flush() methods have been modified to avoid creating - -a new empty session. Maintainers of third-party session backends should - -check if the same vulnerability is present in their backend and correct it - -if so.</p> +<p>ÐÑоме Ñого, меÑÐ¾Ð´Ñ contrib.sessions.backends.base.SessionBase.flush() и +cache_db.SessionStore.flush() бÑли Ð¸Ð·Ð¼ÐµÐ½ÐµÐ½Ñ Ñак, ÑÑÐ¾Ð±Ñ Ñоздание новой пÑÑÑой ÑеÑÑии +не пÑоиÑÑ Ð¾Ð´Ð¸Ð»Ð¾. СопÑовождаÑÑим ÑÑоÑÐ¾Ð½Ð½Ð¸Ñ ÑеÑÑионнÑÑ Ð´Ð²Ð¸Ð¶ÐºÐ¾Ð² ÑледÑÐµÑ +пÑовеÑиÑÑ Ð½Ð°Ð»Ð¸Ñие Ñакой же ÑÑзвимоÑÑи в Ð¸Ñ Ð´Ð²Ð¸Ð¶ÐºÐµ, а пÑи ÐµÑ Ð½Ð°Ð»Ð¸Ñии иÑпÑавиÑÑ +пÑоблемÑ.</p> - -<p>This portion of the fix has been assigned <a href="https://security-tracker.debian.org/tracker/CVE-2015-5964">CVE-2015-5964</a>.</p> +<p>ÐÐ°Ð½Ð½Ð°Ñ ÑаÑÑÑ Ð¸ÑпÑÐ°Ð²Ð»ÐµÐ½Ð¸Ñ Ð¿Ð¾Ð»ÑÑила иденÑиÑикаÑÐ¾Ñ <a href="https://security-tracker.debian.org/tracker/CVE-2015-5964">CVE-2015-5964</a>.</p> - -<p>We recommend that you upgrade your python-django packages.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ python-django.</p> </define-tag> # do not modify the following line -----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXKaDoAAoJEF7nbuICFtKlXPcQAIPoGv1KBtIaRF3NIbHFS9mX z+VIHD45fL/Tn1YnnJFp5QHEuHwJb2OZCY0sghepFMbHFFe6fYtPZWuT0tVJq2an pscp9DK182dC6Ozmlez4rKrqISncwv0ozhwu1EEAzJWyCQ/ZuBI4Dzvp6TyIqn/3 bzTclGcj5Vnul6d0gPRHj9V29rxR5dW0z968iKs3PK1TDXJDvu0QIkyFXatTMcYE y2FHINcJTNcGOHVT5cZ2k510ebWcgseENZcJUy3MYzgv/2G2SwSBk9U12JlSeszU NGE19844yGYI4Dx9mH4EfJSZ907CRrI74BCejjBeOHWLXZiY2Yuvdg1ch38LMwRr L4s55o8dTYA02zTaS6V5J2hJGHeRfQXLqrlrRgoXnqOLY7E2WW7XeBwsZtCo1Fdm 2fHNkUJqlPOKn9XS+8dD6gVvmI0zsCegdVydmSfdjpIboSXri4ZXkzgsH7mkC9Mx KmhQlHTQxtoyf8w4nj1P6yXRFjqEKbjcRh1BZMAshGtcmRyBJogLC0k8DWHhCzrZ 3jiEThnoeblFYPTzfkDbmDoTxbup10mTFjPjIjHJ9+UhWPiqATcWvlnx0TAnJDRX WkQA5zXESvN1u3H6bUoPKCitx5Z+K6JY/Q/qB1msH4+aJUDdPXeg8bJgTQqCobT/ 99tqpFffzB6u1cNOalD7 =5rWl -----END PGP SIGNATURE-----