-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - --- english/security/2017/dsa-3882.wml 2017-06-16 00:08:38.000000000 +0500 +++ russian/security/2017/dsa-3882.wml 2017-06-16 01:03:34.684205239 +0500 @@ -1,59 +1,60 @@ - -<define-tag description>security update</define-tag> +#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov" +<define-tag description>обновление безопаÑноÑÑи</define-tag> <define-tag moreinfo> - -<p>Multiple vulnerabilities have been discovered in Request Tracker, an - -extensible trouble-ticket tracking system. The Common Vulnerabilities - -and Exposures project identifies the following problems:</p> +<p>Ð Request Tracker, ÑаÑÑиÑÑемой ÑиÑÑеме оÑÑÐ»ÐµÐ¶Ð¸Ð²Ð°Ð½Ð¸Ñ Ñведомлений о неиÑпÑавноÑÑÑÑ , +бÑли обнаÑÑÐ¶ÐµÐ½Ñ Ð¼Ð½Ð¾Ð³Ð¾ÑиÑленнÑе ÑÑзвимоÑÑи. ÐÑÐ¾ÐµÐºÑ Common Vulnerabilities +and Exposures опÑеделÑÐµÑ ÑледÑÑÑие пÑоблемÑ:</p> <ul> <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-6127">CVE-2016-6127</a> - - <p>It was discovered that Request Tracker is vulnerable to a cross-site - - scripting (XSS) attack if an attacker uploads a malicious file with - - a certain content type. Installations which use the - - AlwaysDownloadAttachments config setting are unaffected by this - - flaw. The applied fix addresses all existant and future uploaded - - attachments.</p></li> + <p>ÐÑло обнаÑÑжено, ÑÑо Request Tracker ÑÑзвим к межÑайÑÐ¾Ð²Ð¾Ð¼Ñ + ÑкÑипÑÐ¸Ð½Ð³Ñ (XSS) в ÑлÑÑае, еÑли злоÑмÑÑленник загÑÑÐ¶Ð°ÐµÑ Ð²ÑедоноÑнÑй Ñайл Ñ + ÑодеÑжимÑм опÑеделÑнного Ñипа. УÑÑановки, иÑполÑзÑÑÑие опÑÐ¸Ñ + наÑÑÑойки AlwaysDownloadAttachments, не подвеÑÐ¶ÐµÐ½Ñ ÑÑой ÑÑзвимоÑÑи. + ÐÑименÑнное иÑпÑавление каÑаеÑÑÑ Ð²ÑÐµÑ Ñже имеÑÑÐ¸Ñ ÑÑ Ð¸ бÑдÑÑÐ¸Ñ Ð·Ð°Ð³ÑÑжаемÑÑ + вложений.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-5361">CVE-2017-5361</a> - - <p>It was discovered that Request Tracker is vulnerable to timing - - side-channel attacks for user passwords.</p></li> + <p>ÐÑло обнаÑÑжено, ÑÑо Request Tracker ÑÑзвим к аÑакам на паÑоли полÑзоваÑелей + ÑеÑез ÑÑоÑонние ÐºÐ°Ð½Ð°Ð»Ñ Ð¿Ð¾ Ñаймингам.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-5943">CVE-2017-5943</a> - - <p>It was discovered that Request Tracker is prone to an information - - leak of cross-site request forgery (CSRF) verification tokens if a - - user is tricked into visiting a specially crafted URL by an - - attacker.</p> + <p>ÐÑло обнаÑÑжено, ÑÑо Request Tracker ÑÑзвим к ÑаÑкÑÑÑÐ¸Ñ Ð¸Ð½ÑоÑмаÑии + о ÑÐ¾ÐºÐµÐ½Ð°Ñ Ð¿ÑовеÑки в ÑлÑÑае подделки межÑайÑового запÑоÑа (CSRF), еÑли + полÑзоваÑÐµÐ»Ñ Ð¾ÑкÑÑÐ²Ð°ÐµÑ ÑпеÑиалÑно ÑÑоÑмиÑованнÑй URL, пеÑеданнÑй + злоÑмÑÑленником.</p> <p></p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-5944">CVE-2017-5944</a> - - <p>It was discovered that Request Tracker is prone to a remote code - - execution vulnerability in the dashboard subscription interface. A - - privileged attacker can take advantage of this flaw through - - carefully-crafted saved search names to cause unexpected code to be - - executed. The applied fix addresses all existant and future saved - - searches.</p> - - - -<p>Additionally to the above mentioned CVEs, this update workarounds - -<a href="https://security-tracker.debian.org/tracker/CVE-2015-7686">CVE-2015-7686</a> in Email::Address which could induce a denial of service - -of Request Tracker itself.</p></li> + <p>ÐÑло обнаÑÑжено, ÑÑо Request Tracker ÑÑзвим к вÑÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ Ð¿ÑоизволÑного + кода в инÑеÑÑейÑе подпиÑки ÑÑÑаниÑÑ ÑпÑавлениÑ. ÐÑивилегиÑованнÑй + злоÑмÑÑленник Ð¼Ð¾Ð¶ÐµÑ Ð¸ÑполÑзоваÑÑ ÑÑÑ ÑÑзвимоÑÑÑ Ñ Ð¿Ð¾Ð¼Ð¾ÑÑÑ + ÑпеÑиалÑно ÑÑоÑмиÑованнÑÑ ÑÐ¾Ñ ÑанÑннÑÑ Ð¿Ð¾Ð¸ÑковÑÑ Ð¸Ð¼Ñн Ð´Ð»Ñ Ð²Ñзова вÑÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ Ð½ÐµÐ¾Ð¶Ð¸Ð´Ð°Ð½Ð½Ð¾Ð³Ð¾ + кода. ÐÑименÑнное иÑпÑавление каÑаеÑÑÑ Ð²ÑÐµÑ Ñже имеÑÑÐ¸Ñ ÑÑ Ð¸ бÑдÑÑÐ¸Ñ ÑÐ¾Ñ ÑанÑннÑÑ + поиÑковÑÑ Ð¸Ð¼Ñн.</p> + +<p>Ðомимо ÑказаннÑÑ Ð²ÑÑе CVE данное иÑпÑавление ÑаÑÑиÑно ÑеÑÐ°ÐµÑ Ð¿ÑÐ¾Ð±Ð»ÐµÐ¼Ñ +<a href="https://security-tracker.debian.org/tracker/CVE-2015-7686">CVE-2015-7686</a> в Email::Address, коÑоÑÐ°Ñ Ð¼Ð¾Ð¶ÐµÑ Ð²ÑзÑваÑÑ Ð¾Ñказ в обÑлÑживании +Ñамого Request Tracker.</p></li> </ul> - -<p>For the stable distribution (jessie), these problems have been fixed in - -version 4.2.8-3+deb8u2.</p> +<p>Ð ÑÑабилÑном вÑпÑÑке (jessie) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 4.2.8-3+deb8u2.</p> - -<p>For the upcoming stable distribution (stretch), these problems have been - -fixed in version 4.4.1-3+deb9u1.</p> +<p>РгоÑовÑÑемÑÑ ÑÑабилÑном вÑпÑÑке (stretch) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли +иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² веÑÑии 4.4.1-3+deb9u1.</p> - -<p>For the unstable distribution (sid), these problems have been fixed in - -version 4.4.1-4.</p> +<p>РнеÑÑабилÑном вÑпÑÑке (sid) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 4.4.1-4.</p> - -<p>We recommend that you upgrade your request-tracker4 packages.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ request-tracker4.</p> </define-tag> # do not modify the following line - --- english/security/2017/dsa-3883.wml 2017-06-16 00:09:08.000000000 +0500 +++ russian/security/2017/dsa-3883.wml 2017-06-16 01:09:39.992951042 +0500 @@ -1,14 +1,15 @@ - -<define-tag description>security update</define-tag> +#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov" +<define-tag description>обновление безопаÑноÑÑи</define-tag> <define-tag moreinfo> - -<p>It was discovered that RT::Authen::ExternalAuth, an external - -authentication module for Request Tracker, is vulnerable to timing - -side-channel attacks for user passwords. Only ExternalAuth in DBI - -(database) mode is vulnerable.</p> +<p>ÐÑло обнаÑÑжено, ÑÑо RT::Authen::ExternalAuth, внеÑний модÑÐ»Ñ +аÑÑенÑиÑикаÑии Ð´Ð»Ñ Request Tracker, ÑÑзвим к аÑакам на паÑоли полÑзоваÑелей +ÑеÑез ÑÑоÑонние ÐºÐ°Ð½Ð°Ð»Ñ Ð¿Ð¾ Ñаймингам. ÐодÑÐ»Ñ ExternalAuth ÑÑзвим ÑолÑко в +Ñежиме DBI (Ñежиме Ð±Ð°Ð·Ñ Ð´Ð°Ð½Ð½ÑÑ ).</p> - -<p>For the stable distribution (jessie), this problem has been fixed in - -version 0.25-1+deb8u1.</p> +<p>Ð ÑÑабилÑном вÑпÑÑке (jessie) ÑÑа пÑоблема бÑла иÑпÑавлена в +веÑÑии 0.25-1+deb8u1.</p> - -<p>We recommend that you upgrade your rt-authen-externalauth packages.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ rt-authen-externalauth.</p> </define-tag> # do not modify the following line -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE3mumcdV9mwCc9oZQXudu4gIW0qUFAllC6YcACgkQXudu4gIW 0qVPzw/+LpoYW54q6kzAHL9SrcyuXDZu1JITqYblvHSm6g0wEMdYdXCqhfzbjjyB pnxzXHJlN0gFAPvw17HFsL78GwMJbaF/xDA5XS1bWLlyqqlJY65x0y8TnjMx2LD3 vyBvaR2Bfo+d8V57VJlq8XOYMaQrHKUssX3QEDUdkn4/NQ9f+fDJE6DDjtFJNygz E+nRvi4Jqno3lpvFpXt3KEsIBOB6FtV/akWkoXYkFOE22dkmGR24kgeVhFxYAKg1 y9JSCYNNWY4tzY+ql1ch4fssCmPiXNnWsehG1LLloUrqkzR24YPKe+CfJoavATpR KWVkIO2yWjjYye4C942OvOK0DxiJvXUadCu4z+yIVMx6kTiCoANC5U7rO8Gb9fq1 uKEu4YCCzR4yqyR7qT1l+0oa7Fln9H/CQiYz+4L8Eu+lTrOIym6AexlG02JwwyxB xmDFJFf6RQoS7UvkwGK/hm+dyC9GfEFb9aTA8q1+uttLLJTvGjMD3tHpOJ6RXUFQ wTwweDKJDelr0hcop578GJjWkl1CH1IgVOUc+4eDVIvOdQKW+0Xn0+rd9ZjcRDvA MEYQ/ku1YAbLIuCcO3UWQ3x/IydFoIMAuiW7u7e4EcT215KEiL2A+N63eDcw7rM4 88i88WuXlEIdhrrJ91MIPhI5sWPfJj2hdZSwmv+z1YiqyHGh1ng= =KzoF -----END PGP SIGNATURE-----