dsa-2301.wml}

Lev Lamberov Wed, 21 Feb 2018 04:14:22 -0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- english/security/2011/dsa-2301.wml        2017-11-01 10:11:10.275841084 
+0500
+++ russian/security/2011/dsa-2301.wml  2018-02-21 17:13:28.443654698 +0500
@@ -1,50 +1,51 @@
- -<define-tag description>several vulnerabilities</define-tag>
+#use wml::debian::translation-check translation="1.3" maintainer="Lev Lamberov"
+<define-tag description>Ð½ÐµÑÐºÐ¾Ð»ÑÐºÐ¾ ÑÑÐ·Ð²Ð¸Ð¼Ð¾ÑÑÐµÐ¹</define-tag>
 <define-tag moreinfo>
- -<p>Several vulnerabilities have been discovered in Rails, the Ruby web
- -application framework. The Common Vulnerabilities and Exposures project
- -identifies the following problems:</p>
+<p>Ð Rails, Ð¸Ð½ÑÑÐ°ÑÑÑÑÐºÑÑÑÐµ Ð²ÐµÐ±-Ð¿ÑÐ¸Ð»Ð¾Ð¶ÐµÐ½Ð¸Ð¹ Ð½Ð° 
ÑÐ·ÑÐºÐµ Ruby, Ð±ÑÐ»Ð¾ Ð¾Ð±Ð½Ð°ÑÑÐ¶ÐµÐ½Ð¾
+Ð½ÐµÑÐºÐ¾Ð»ÑÐºÐ¾ ÑÑÐ·Ð²Ð¸Ð¼Ð¾ÑÑÐµÐ¹. ÐÑÐ¾ÐµÐºÑ Common Vulnerabilities 
and Exposures
+Ð¾Ð¿ÑÐµÐ´ÐµÐ»ÑÐµÑ ÑÐ»ÐµÐ´ÑÑÑÐ¸Ðµ Ð¿ÑÐ¾Ð±Ð»ÐµÐ¼Ñ:</p>
 
 <ul>
 
 <li><a 
href="https://security-tracker.debian.org/tracker/CVE-2009-4214";>CVE-2009-4214</a>
 
- -    <p>A cross-site scripting (XSS) vulnerability had been found in the
- -    strip_tags function. An attacker may inject non-printable characters
- -    that certain browsers will then evaluate. This vulnerability only
- -    affects the oldstable distribution (lenny).</p></li>
+    <p>ÐÐ±Ð½Ð°ÑÑÐ¶ÐµÐ½ Ð¼ÐµÐ¶ÑÐ°Ð¹ÑÐ¾Ð²ÑÐ¹ ÑÐºÑÐ¸Ð¿ÑÐ¸Ð½Ð³ (XSS) Ð² 
ÑÑÐ½ÐºÑÐ¸Ð¸
+    strip_tags. ÐÐ»Ð¾ÑÐ¼ÑÑÐ»ÐµÐ½Ð½Ð¸Ðº Ð¼Ð¾Ð¶ÐµÑ Ð²Ð²ÐµÑÑÐ¸ 
Ð½ÐµÐ¿ÐµÑÐ°ÑÐ½ÑÐµ ÑÐ¸Ð¼Ð²Ð¾Ð»Ñ,
+    ÐºÐ¾ÑÐ¾ÑÑÐµ Ð±ÑÐ´ÑÑ Ð¾Ð±ÑÐ°Ð±Ð°ÑÑÐ²Ð°ÑÑÑÑ 
Ð½ÐµÐºÐ¾ÑÐ¾ÑÑÐ¼Ð¸ Ð±ÑÐ°ÑÐ·ÐµÑÐ°Ð¼Ð¸. ÐÑÐ° ÑÑÐ·Ð²Ð¸Ð¼Ð¾ÑÑÑ 
ÐºÐ°ÑÐ°ÐµÑÑÑ
+    ÑÐ¾Ð»ÑÐºÐ¾ Ð¿ÑÐµÐ´ÑÐ´ÑÑÐµÐ³Ð¾ ÑÑÐ°Ð±Ð¸Ð»ÑÐ½Ð¾Ð³Ð¾ Ð²ÑÐ¿ÑÑÐºÐ° 
(lenny).</p></li>
 
 <li><a 
href="https://security-tracker.debian.org/tracker/CVE-2011-2930";>CVE-2011-2930</a>
 
- -    <p>A SQL injection vulnerability had been found in the quote_table_name
- -    method that could allow malicious users to inject arbitrary SQL into a
- -    query.</p></li>
+    <p>ÐÑÐ»Ð° Ð¾Ð±Ð½Ð°ÑÑÐ¶ÐµÐ½Ð° SQL-Ð¸Ð½ÑÐµÐºÑÐ¸Ñ Ð² Ð¼ÐµÑÐ¾Ð´Ðµ 
quote_table_name,
+    Ð¿Ð¾Ð·Ð²Ð¾Ð»ÑÑÑÐ°Ñ Ð·Ð»Ð¾ÑÐ¼ÑÑÐ»ÐµÐ½Ð½Ð¸ÐºÐ°Ð¼ Ð²Ð²Ð¾Ð´Ð¸ÑÑ 
Ð¿ÑÐ¾Ð¸Ð·Ð²Ð¾Ð»ÑÐ½ÑÐµ ÐºÐ¾Ð¼Ð°Ð½Ð´Ñ SQL Ð²
+    Ð·Ð°Ð¿ÑÐ¾Ñ.</p></li>
 
 <li><a 
href="https://security-tracker.debian.org/tracker/CVE-2011-2931";>CVE-2011-2931</a>
 
- -    <p>A cross-site scripting (XSS) vulnerability had been found in the
- -    strip_tags  helper. An parsing error can be exploited by an attacker,
- -    who can confuse the parser and may inject HTML tags into the output
- -    document.</p></li>
+    <p>ÐÑÐ» Ð¾Ð±Ð½Ð°ÑÑÐ¶ÐµÐ½ Ð¼ÐµÐ¶ÑÐ°Ð¹ÑÐ¾Ð²ÑÐ¹ ÑÐºÑÐ¸Ð¿ÑÐ¸Ð½Ð³ 
(XSS) Ð²Ð¾ Ð²ÑÐ¿Ð¾Ð¼Ð¾Ð³Ð°ÑÐµÐ»ÑÐ½Ð¾Ð¹ ÑÑÐ½ÐºÑÐ¸Ð¸
+    strip_tags. ÐÑÐ¸Ð±ÐºÐ° Ð³ÑÐ°Ð¼Ð¼Ð°ÑÐ¸ÑÐµÑÐºÐ¾Ð³Ð¾ ÑÐ°Ð·Ð±Ð¾ÑÐ° 
Ð¼Ð¾Ð¶ÐµÑ Ð¸ÑÐ¿Ð¾Ð»ÑÐ·Ð¾Ð²Ð°ÑÑÑÑ Ð·Ð»Ð¾ÑÐ¼ÑÑÐ»ÐµÐ½Ð½Ð¸ÐºÐ¾Ð¼,
+    ÐºÐ¾ÑÐ¾ÑÑÐ¹ Ð¼Ð¾Ð¶ÐµÑ Ð²ÑÐ·Ð²Ð°ÑÑ Ð½ÐµÐ¿ÑÐ°Ð²Ð¸Ð»ÑÐ½ÑÑ 
ÑÐ°Ð±Ð¾ÑÑ ÑÐ¸Ð½ÑÐ°ÐºÑÐ¸ÑÐµÑÐºÐ¾Ð³Ð¾ Ð°Ð½Ð°Ð»Ð¸Ð·Ð°ÑÐ¾ÑÐ° Ð¸ 
Ð²Ð²ÐµÑÑÐ¸
+    ÑÐµÐ³Ð¸ HTML Ð² ÑÐµÐ·ÑÐ»ÑÑÐ¸ÑÑÑÑÐ¸Ð¹ Ð´Ð¾ÐºÑÐ¼ÐµÐ½Ñ.</p></li>
 
 <li><a 
href="https://security-tracker.debian.org/tracker/CVE-2011-3186";>CVE-2011-3186</a>
 
- -    <p>A newline (CRLF) injection vulnerability had been found in
- -    response.rb. This vulnerability allows an attacker to inject arbitrary
- -    HTTP headers and conduct HTTP response splitting attacks via the
- -    Content-Type header.</p></li>
+    <p>ÐÑÐ»Ð¾ Ð¾Ð±Ð½Ð°ÑÑÐ¶ÐµÐ½Ð¾ Ð²Ð²ÐµÐ´ÐµÐ½Ð¸Ðµ Ð½Ð¾Ð²Ð¾Ð¹ ÑÑÑÐ¾ÐºÐ¸ 
(CRLF) Ð²
+    response.rb. ÐÑÐ° ÑÑÐ·Ð²Ð¸Ð¼Ð¾ÑÑÑ Ð¿Ð¾Ð·Ð²Ð¾Ð»ÑÐµÑ 
Ð·Ð»Ð¾ÑÐ¼ÑÑÐ»ÐµÐ½Ð½Ð¸ÐºÑ Ð²Ð²Ð¾Ð´Ð¸ÑÑ Ð¿ÑÐ¾Ð¸Ð·Ð²Ð¾Ð»ÑÐ½ÑÐµ
+    Ð·Ð°Ð³Ð¾Ð»Ð¾Ð²ÐºÐ¸ HTTP Ð¸ Ð²ÑÐ¿Ð¾Ð»Ð½ÑÑÑ Ð°ÑÐ°ÐºÐ¸ Ð¿Ð¾ 
ÑÐ°Ð·Ð´ÐµÐ»ÐµÐ½Ð¸Ñ HTTP-Ð¾ÑÐ²ÐµÑÐ¾Ð² Ñ Ð¿Ð¾Ð¼Ð¾ÑÑÑ
+    Ð·Ð°Ð³Ð¾Ð»Ð¾Ð²ÐºÐ° Content-Type.</p></li>
 
 </ul>
 
- -<p>For the oldstable distribution (lenny), this problem has been fixed in
- -version 2.1.0-7+lenny2.</p>
+<p>Ð Ð¿ÑÐµÐ´ÑÐ´ÑÑÐµÐ¼ ÑÑÐ°Ð±Ð¸Ð»ÑÐ½Ð¾Ð¼ Ð²ÑÐ¿ÑÑÐºÐµ (lenny) ÑÑÐ° 
Ð¿ÑÐ¾Ð±Ð»ÐµÐ¼Ð° Ð±ÑÐ»Ð° Ð¸ÑÐ¿ÑÐ°Ð²Ð»ÐµÐ½Ð° Ð²
+Ð²ÐµÑÑÐ¸Ð¸ 2.1.0-7+lenny2.</p>
 
- -<p>For the stable distribution (squeeze), this problem has been fixed in
- -version 2.3.5-1.2+squeeze2.</p>
+<p>Ð ÑÑÐ°Ð±Ð¸Ð»ÑÐ½Ð¾Ð¼ Ð²ÑÐ¿ÑÑÐºÐµ (squeeze) ÑÑÐ° Ð¿ÑÐ¾Ð±Ð»ÐµÐ¼Ð° 
Ð±ÑÐ»Ð° Ð¸ÑÐ¿ÑÐ°Ð²Ð»ÐµÐ½Ð° Ð²
+Ð²ÐµÑÑÐ¸Ð¸ 2.3.5-1.2+squeeze2.</p>
 
- -<p>For the unstable distribution (sid), this problem has been fixed in
- -version 2.3.14.</p>
+<p>Ð Ð½ÐµÑÑÐ°Ð±Ð¸Ð»ÑÐ½Ð¾Ð¼ Ð²ÑÐ¿ÑÑÐºÐµ (sid) ÑÑÐ° Ð¿ÑÐ¾Ð±Ð»ÐµÐ¼Ð° 
Ð±ÑÐ»Ð° Ð¸ÑÐ¿ÑÐ°Ð²Ð»ÐµÐ½Ð° Ð²
+Ð²ÐµÑÑÐ¸Ð¸ 2.3.14.</p>
 
- -<p>We recommend that you upgrade your rails packages.</p>
+<p>Ð ÐµÐºÐ¾Ð¼ÐµÐ½Ð´ÑÐµÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ rails.</p>
 </define-tag>
 
 # do not modify the following line
-----BEGIN PGP SIGNATURE-----


iQIzBAEBCgAdFiEE3mumcdV9mwCc9oZQXudu4gIW0qUFAlqNYm0ACgkQXudu4gIW
0qXqMw/+JkRWCrQqnAfrQZoQikKZZYcFrB0Vd6EV7FC4d1QNxT9LsWX019yyc4Qg
xMj8W8nY1tKILN7pTT3My1iowagfIuqO3tE3PznIeOXsLC+UlZZwjezwbiYgFf7J
5DPVvN5hbiIaDTjmvKv0uD9pn+CfqiWEqcjfJ4bUzZFLOO8uTxW8u8bPYy7GgRpw
iUuRGuncAWtwf51d+5vIwBWGyuNS3ztf42Y7GVtlaBzBvM9/2zXu/hnfO1aQeyRp
ztfeHvpMTLYJk7R0o4nlP/8FGwB3fzDNjcW9Chg+tdTWshRxB8GnZfJzks1k7Yhe
zvX/lN3cipUrauOmV7wivXxeUSCV5BWhovNjNdheY6PIV24/klLqfzpHIQIP54e3
y9oGKyvLidS5tNd7AhzZp7zU+rV2JAHGXBeHXQiiXGPSV5iorN1aGvZuBXtek3Wr
rs8mOCDzn6XpX6BVrz5+IdPN9RsdixPClRPeSqEVc1N0BXh7N6GZ+ZTRQhbv3yMb
BtkEOkUPzMrKR1ZGgb5ydPHskIV/oAlAYviQNKdbhgBSh+TawPIe+em5Yt8ocRn3
ZPBTpDjb1ItrgYm6oEX3Qyy9dBIYgZHCVDexwo3geFukwFzUS3V2TJk5mO7SH6Qp
T2tFzYy9yKgB6RjJCSvTB7RKkLzXaLf494E7hCL2lHN99PLWAWU=
=rkov
-----END PGP SIGNATURE-----

[DONE] wml://{security/2011/dsa-2301.wml}

Ответить