dla-{298,301}.wml

Lev Lamberov Wed, 04 May 2016 00:14:32 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- english/security/2015/dla-298.wml 2016-04-08 01:24:54.000000000 +0500
+++ russian/security/2015/dla-298.wml   2016-05-04 12:06:52.691076659 +0500
@@ -1,24 +1,25 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov"
+<define-tag description>Ð¾Ð±Ð½Ð¾Ð²Ð»ÐµÐ½Ð¸Ðµ Ð±ÐµÐ·Ð¾Ð¿Ð°ÑÐ½Ð¾ÑÑÐ¸ 
LTS</define-tag>
 <define-tag moreinfo>
 <ul>
    <li><a 
href="https://security-tracker.debian.org/tracker/CVE-2012-6130";>CVE-2012-6130</a>
- -     <p>Cross-site scripting (XSS) vulnerability in the history
- -     display in Roundup before 1.4.20 allows remote attackers
- -     to inject arbitrary web script or HTML via a username,
- -     related to generating a link.</p></li>
+     <p>ÐÐµÐ¶ÑÐ°Ð¹ÑÐ¾Ð²ÑÐ¹ ÑÐºÑÐ¸Ð¿ÑÐ¸Ð½Ð³ (XSS) Ð² 
Ð¾ÑÐ¾Ð±ÑÐ°Ð¶ÐµÐ½Ð¸Ð¸ Ð¸ÑÑÐ¾ÑÐ¸Ð¸
+     Ð² Roundup Ð´Ð¾ Ð²ÐµÑÑÐ¸Ð¸ 1.4.20 Ð¿Ð¾Ð·Ð²Ð¾Ð»ÑÐµÑ ÑÐ´Ð°Ð»ÑÐ½Ð½ÑÐ¼ 
Ð·Ð»Ð¾ÑÐ¼ÑÑÐ»ÐµÐ½Ð½Ð¸ÐºÐ°Ð¼
+     Ð²Ð²Ð¾Ð´Ð¸ÑÑ Ð¿ÑÐ¾Ð¸Ð·Ð²Ð¾Ð»ÑÐ½ÑÐ¹ Ð²ÐµÐ±-ÑÑÐµÐ½Ð°ÑÐ¸Ð¹ Ð¸Ð»Ð¸ 
ÐºÐ¾Ð´ HTML Ñ Ð¿Ð¾Ð¼Ð¾ÑÑÑ Ð¸Ð¼ÐµÐ½Ð¸ Ð¿Ð¾Ð»ÑÐ·Ð¾Ð²Ð°ÑÐµÐ»Ñ,
+     ÑÐ²ÑÐ·Ð°Ð½Ð½Ð¾Ð³Ð¾ Ñ ÑÐ¾Ð·Ð´Ð°Ð²Ð°ÐµÐ¼Ð¾Ð¹ ÑÑÑÐ»ÐºÐ¾Ð¹.</p></li>
    <li><a 
href="https://security-tracker.debian.org/tracker/CVE-2012-6131";>CVE-2012-6131</a>
- -     <p>Cross-site scripting (XSS) vulnerability in cgi/client.py
- -     in Roundup before 1.4.20 allows remote attackers to inject
- -     arbitrary web script or HTML via the @action parameter to
+     <p>ÐÐµÐ¶ÑÐ°Ð¹ÑÐ¾Ð²ÑÐ¹ ÑÐºÑÐ¸Ð¿ÑÐ¸Ð½Ð³ (XSS) Ð² cgi/client.py
+     Ð² Roundup Ð´Ð¾ Ð²ÐµÑÑÐ¸Ð¸ 1.4.20 Ð¿Ð¾Ð·Ð²Ð¾Ð»ÑÐµÑ ÑÐ´Ð°Ð»ÑÐ½Ð½ÑÐ¼ 
Ð·Ð»Ð¾ÑÐ¼ÑÑÐ»ÐµÐ½Ð½Ð¸ÐºÐ°Ð¼ Ð²Ð²Ð¾Ð´Ð¸ÑÑ
+     Ð¿ÑÐ¾Ð¸Ð·Ð²Ð¾Ð»ÑÐ½ÑÐ¹ Ð²ÐµÐ±-ÑÑÐµÐ½Ð°ÑÐ¸Ð¹ Ð¸Ð»Ð¸ ÐºÐ¾Ð´ HTML Ñ 
Ð¿Ð¾Ð¼Ð¾ÑÑÑ Ð¿Ð°ÑÐ°Ð¼ÐµÑÑÐ° @action Ð²
      support/issue1.</p></li>
    <li><a 
href="https://security-tracker.debian.org/tracker/CVE-2012-6132";>CVE-2012-6132</a>
- -     <p>Cross-site scripting (XSS) vulnerability in Roundup before
- -     1.4.20 allows remote attackers to inject arbitrary web
- -     script or HTML via the otk parameter.</p></li>
+     <p>ÐÐµÐ¶ÑÐ°Ð¹ÑÐ¾Ð²ÑÐ¹ ÑÐºÑÐ¸Ð¿ÑÐ¸Ð½Ð³ (XSS) Ð² Roundup Ð´Ð¾ 
Ð²ÐµÑÑÐ¸Ð¸
+     1.4.20 Ð¿Ð¾Ð·Ð²Ð¾Ð»ÑÐµÑ ÑÐ´Ð°Ð»ÑÐ½Ð½ÑÐ¼ 
Ð·Ð»Ð¾ÑÐ¼ÑÑÐ»ÐµÐ½Ð½Ð¸ÐºÐ°Ð¼ Ð²Ð²Ð¾Ð´Ð¸ÑÑ Ð¿ÑÐ¾Ð¸Ð·Ð²Ð¾Ð»ÑÐ½ÑÐ¹ 
Ð²ÐµÐ±-ÑÑÐµÐ½Ð°ÑÐ¸Ð¹
+     Ð¸Ð»Ð¸ ÐºÐ¾Ð´ HTML Ñ Ð¿Ð¾Ð¼Ð¾ÑÑÑ Ð¿Ð°ÑÐ°Ð¼ÐµÑÑÐ° otk.</p></li>
    <li><a 
href="https://security-tracker.debian.org/tracker/CVE-2012-6133";>CVE-2012-6133</a>
- -     <p>XSS flaws in ok and error messages
- -     We solve this differently from the proposals in the bug-report
- -     by not allowing *any* html-tags in ok/error messages anymore.</p></li>
+     <p>Ð£ÑÐ·Ð²Ð¸Ð¼Ð¾ÑÑÐ¸ XSS Ð² ÑÐ¾Ð¾Ð±ÑÐµÐ½Ð¸ÑÑ ok Ð¸ error.
+     Ð£ÐºÐ°Ð·Ð°Ð½Ð½ÑÐµ Ð¿ÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð¸ÑÐ¿ÑÐ°Ð²Ð»ÐµÐ½Ñ Ð´ÑÑÐ³Ð¸Ð¼ 
ÑÐ¿Ð¾ÑÐ¾Ð±Ð¾Ð¼, Ð½Ðµ ÑÐµÐ¼, ÐºÐ¾ÑÐ¾ÑÑÐ¹ Ð±ÑÐ» Ð¿ÑÐµÐ´Ð»Ð¾Ð¶ÐµÐ½ Ð² 
ÑÐ¾Ð¾Ð±ÑÐµÐ½Ð¸Ð¸ Ð¾Ð± Ð¾ÑÐ¸Ð±ÐºÐµ.
+     ÐÑÐ¸Ð±ÐºÐ¸ Ð¸ÑÐ¿ÑÐ°Ð²Ð»ÐµÐ½Ñ Ð¿ÑÑÑÐ¼ Ð·Ð°Ð¿ÑÐµÑÐ° *Ð»ÑÐ±ÑÑ* 
html-ÑÐµÐ³Ð¾Ð² Ð² ÑÐ¾Ð¾Ð±ÑÐµÐ½Ð¸ÑÑ ok/error.</p></li>
 </ul>
 </define-tag>
 
- --- english/security/2015/dla-301.wml 2016-04-07 03:10:35.000000000 +0500
+++ russian/security/2015/dla-301.wml   2016-05-04 12:12:37.579765607 +0500
@@ -1,28 +1,29 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>Ð¾Ð±Ð½Ð¾Ð²Ð»ÐµÐ½Ð¸Ðµ Ð±ÐµÐ·Ð¾Ð¿Ð°ÑÐ½Ð¾ÑÑÐ¸ 
LTS</define-tag>
 <define-tag moreinfo>
- -<p>Denial-of-service possibility in logout() view by filling session 
store</p>
+<p>ÐÐ¾Ð·Ð¼Ð¾Ð¶Ð½ÑÐ¹ Ð¾ÑÐºÐ°Ð· Ð² Ð¾Ð±ÑÐ»ÑÐ¶Ð¸Ð²Ð°Ð½Ð¸Ð¸ Ð² Ð²Ð¸Ð´Ðµ 
logout() Ð¸Ð·-Ð·Ð° Ð·Ð°Ð¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ ÑÑÐ°Ð½Ð¸Ð»Ð¸ÑÐ° ÑÐµÑÑÐ¸Ð¸.</p>
 
- -<p>Previously, a session could be created when anonymously accessing the
- -django.contrib.auth.views.logout view (provided it wasn't decorated with
- -django.contrib.auth.decorators.login_required as done in the admin). This
- -could allow an attacker to easily create many new session records by
- -sending repeated requests, potentially filling up the session store or
- -causing other users' session records to be evicted.</p>
+<p>Ð Ð°Ð½ÐµÐµ ÑÐµÑÑÐ¸Ñ ÑÐ¾Ð·Ð´Ð°Ð²Ð°Ð»Ð°ÑÑ Ð¿ÑÐ¸ Ð°Ð½Ð¾Ð½Ð¸Ð¼Ð½Ð¾Ð¼ 
Ð¾Ð±ÑÐ°ÑÐµÐ½Ð¸Ð¸ Ðº
+Ð²Ð¸Ð´Ñ django.contrib.auth.views.logout (ÑÑÐ¸ÑÑÐ²Ð°Ñ, ÑÑÐ¾ ÑÑÐ¾Ñ 
Ð²Ð¸Ð´ Ð½Ðµ Ð´ÐµÐºÐ¾ÑÐ¸ÑÐ¾Ð²Ð°Ð»ÑÑ
+django.contrib.auth.decorators.login_required ÐºÐ°Ðº Ð½Ð° ÑÑÑÐ°Ð½Ð¸ÑÐµ 
Ð°Ð´Ð¼Ð¸Ð½Ð¸ÑÑÑÐ°ÑÐ¾ÑÐ°). ÐÑÐ¾
+Ð¿Ð¾Ð·Ð²Ð¾Ð»ÑÐ»Ð¾ Ð·Ð»Ð¾ÑÐ¼ÑÑÐ»ÐµÐ½Ð½Ð¸ÐºÑ Ð»ÐµÐ³ÐºÐ¾ ÑÐ¾Ð·Ð´Ð°Ð²Ð°ÑÑ 
Ð¼Ð½Ð¾Ð³Ð¾ Ð½Ð¾Ð²ÑÑ Ð·Ð°Ð¿Ð¸ÑÐµÐ¹ ÑÐµÑÑÐ¸Ð¸ Ð¿ÑÑÑÐ¼
+Ð¾ÑÐ¿ÑÐ°Ð²ÐºÐ¸ Ð¿Ð¾Ð²ÑÐ¾ÑÐ½ÑÑ Ð·Ð°Ð¿ÑÐ¾ÑÐ¾Ð², ÑÑÐ¾ 
Ð¿Ð¾ÑÐµÐ½ÑÐ¸Ð°Ð»ÑÐ½Ð¾ Ð·Ð°Ð¿Ð¾Ð»Ð½ÑÐµÑ ÑÑÐ°Ð½Ð¸Ð»Ð¸ÑÐµ ÑÐµÑÑÐ¸Ð¸ 
Ð¸Ð»Ð¸
+Ð¿ÑÐ¸Ð²Ð¾Ð´Ð¸Ñ Ðº ÑÐ´Ð°Ð»ÐµÐ½Ð¸Ñ ÑÐµÑÑÐ¸Ð¾Ð½Ð½ÑÑ Ð·Ð°Ð¿Ð¸ÑÐµÐ¹ 
Ð´ÑÑÐ³Ð¸Ñ Ð¿Ð¾Ð»ÑÐ·Ð¾Ð²Ð°ÑÐµÐ»ÐµÐ¹.</p>
 
- -<p>The django.contrib.sessions.middleware.SessionMiddleware has been modified
- -to no longer create empty session records.</p>
+<p>django.contrib.sessions.middleware.SessionMiddleware Ð±ÑÐ» Ð¸Ð·Ð¼ÐµÐ½ÑÐ½
+ÑÐ°Ðº, ÑÑÐ¾Ð±Ñ Ð¿ÑÑÑÑÐµ ÑÐµÑÑÐ¸Ð¾Ð½Ð½ÑÐµ Ð·Ð°Ð¿Ð¸ÑÐ¸ Ð±Ð¾Ð»ÐµÐµ 
Ð½Ðµ ÑÐ¾Ð·Ð´Ð°Ð²Ð°Ð»Ð¸ÑÑ.</p>
 
- -<p>This portion of the fix has been assigned <a 
href="https://security-tracker.debian.org/tracker/CVE-2015-5963";>CVE-2015-5963</a>.</p>
+<p>ÐÐ°Ð½Ð½Ð°Ñ ÑÐ°ÑÑÑ Ð¸ÑÐ¿ÑÐ°Ð²Ð»ÐµÐ½Ð¸Ñ Ð¿Ð¾Ð»ÑÑÐ¸Ð»Ð° 
Ð¸Ð´ÐµÐ½ÑÐ¸ÑÐ¸ÐºÐ°ÑÐ¾Ñ <a 
href="https://security-tracker.debian.org/tracker/CVE-2015-5963";>CVE-2015-5963</a>.</p>
 
- -<p>Additionally, the contrib.sessions.backends.base.SessionBase.flush() and
- -cache_db.SessionStore.flush() methods have been modified to avoid creating
- -a new empty session. Maintainers of third-party session backends should
- -check if the same vulnerability is present in their backend and correct it
- -if so.</p>
+<p>ÐÑÐ¾Ð¼Ðµ ÑÐ¾Ð³Ð¾, Ð¼ÐµÑÐ¾Ð´Ñ 
contrib.sessions.backends.base.SessionBase.flush() Ð¸
+cache_db.SessionStore.flush() Ð±ÑÐ»Ð¸ Ð¸Ð·Ð¼ÐµÐ½ÐµÐ½Ñ ÑÐ°Ðº, ÑÑÐ¾Ð±Ñ 
ÑÐ¾Ð·Ð´Ð°Ð½Ð¸Ðµ Ð½Ð¾Ð²Ð¾Ð¹ Ð¿ÑÑÑÐ¾Ð¹ ÑÐµÑÑÐ¸Ð¸
+Ð½Ðµ Ð¿ÑÐ¾Ð¸ÑÑÐ¾Ð´Ð¸Ð»Ð¾. Ð¡Ð¾Ð¿ÑÐ¾Ð²Ð¾Ð¶Ð´Ð°ÑÑÐ¸Ð¼ ÑÑÐ¾ÑÐ¾Ð½Ð½Ð¸Ñ 
ÑÐµÑÑÐ¸Ð¾Ð½Ð½ÑÑ Ð´Ð²Ð¸Ð¶ÐºÐ¾Ð² ÑÐ»ÐµÐ´ÑÐµÑ
+Ð¿ÑÐ¾Ð²ÐµÑÐ¸ÑÑ Ð½Ð°Ð»Ð¸ÑÐ¸Ðµ ÑÐ°ÐºÐ¾Ð¹ Ð¶Ðµ ÑÑÐ·Ð²Ð¸Ð¼Ð¾ÑÑÐ¸ Ð² Ð¸Ñ 
Ð´Ð²Ð¸Ð¶ÐºÐµ, Ð° Ð¿ÑÐ¸ ÐµÑ Ð½Ð°Ð»Ð¸ÑÐ¸Ð¸ Ð¸ÑÐ¿ÑÐ°Ð²Ð¸ÑÑ
+Ð¿ÑÐ¾Ð±Ð»ÐµÐ¼Ñ.</p>
 
- -<p>This portion of the fix has been assigned <a 
href="https://security-tracker.debian.org/tracker/CVE-2015-5964";>CVE-2015-5964</a>.</p>
+<p>ÐÐ°Ð½Ð½Ð°Ñ ÑÐ°ÑÑÑ Ð¸ÑÐ¿ÑÐ°Ð²Ð»ÐµÐ½Ð¸Ñ Ð¿Ð¾Ð»ÑÑÐ¸Ð»Ð° 
Ð¸Ð´ÐµÐ½ÑÐ¸ÑÐ¸ÐºÐ°ÑÐ¾Ñ <a 
href="https://security-tracker.debian.org/tracker/CVE-2015-5964";>CVE-2015-5964</a>.</p>
 
- -<p>We recommend that you upgrade your python-django packages.</p>
+<p>Ð ÐµÐºÐ¾Ð¼ÐµÐ½Ð´ÑÐµÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ python-django.</p>
 </define-tag>
 
 # do not modify the following line
-----BEGIN PGP SIGNATURE-----


iQIcBAEBCgAGBQJXKaDoAAoJEF7nbuICFtKlXPcQAIPoGv1KBtIaRF3NIbHFS9mX
z+VIHD45fL/Tn1YnnJFp5QHEuHwJb2OZCY0sghepFMbHFFe6fYtPZWuT0tVJq2an
pscp9DK182dC6Ozmlez4rKrqISncwv0ozhwu1EEAzJWyCQ/ZuBI4Dzvp6TyIqn/3
bzTclGcj5Vnul6d0gPRHj9V29rxR5dW0z968iKs3PK1TDXJDvu0QIkyFXatTMcYE
y2FHINcJTNcGOHVT5cZ2k510ebWcgseENZcJUy3MYzgv/2G2SwSBk9U12JlSeszU
NGE19844yGYI4Dx9mH4EfJSZ907CRrI74BCejjBeOHWLXZiY2Yuvdg1ch38LMwRr
L4s55o8dTYA02zTaS6V5J2hJGHeRfQXLqrlrRgoXnqOLY7E2WW7XeBwsZtCo1Fdm
2fHNkUJqlPOKn9XS+8dD6gVvmI0zsCegdVydmSfdjpIboSXri4ZXkzgsH7mkC9Mx
KmhQlHTQxtoyf8w4nj1P6yXRFjqEKbjcRh1BZMAshGtcmRyBJogLC0k8DWHhCzrZ
3jiEThnoeblFYPTzfkDbmDoTxbup10mTFjPjIjHJ9+UhWPiqATcWvlnx0TAnJDRX
WkQA5zXESvN1u3H6bUoPKCitx5Z+K6JY/Q/qB1msH4+aJUDdPXeg8bJgTQqCobT/
99tqpFffzB6u1cNOalD7
=5rWl
-----END PGP SIGNATURE-----

[DONE] wml://security/2015/dla-{298,301}.wml

Ответить