-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - --- english/security/2011/dsa-2332.wml 2017-11-01 10:11:10.291842128 +0500 +++ russian/security/2011/dsa-2332.wml 2018-02-24 12:57:36.964318230 +0500 @@ -1,48 +1,49 @@ - -<define-tag description>several issues</define-tag> +#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov" +<define-tag description>неÑколÑко пÑоблем</define-tag> <define-tag moreinfo> - -<p>Paul McMillan, Mozilla and the Django core team discovered several - -vulnerabilities in Django, a Python web framework:</p> +<p>Ðол Ðакмиллан, ÑоÑÑÑдники Mozilla и ÑÑаÑÑники оÑновной ÐºÐ¾Ð¼Ð°Ð½Ð´Ñ Django обнаÑÑжили +неÑколÑко ÑÑзвимоÑÑей в Django, веб-инÑÑаÑÑÑÑкÑÑÑе Ð´Ð»Ñ ÑзÑка Python:</p> <ul> <li><a href="https://security-tracker.debian.org/tracker/CVE-2011-4136";>CVE-2011-4136</a> - - <p>When using memory-based sessions and caching, Django sessions are - - stored directly in the root namespace of the cache. When user data is - - stored in the same cache, a remote user may take over a session.</p></li> + <p>ÐÑи иÑполÑзовании ÑеÑÑий и кÑÑа на оÑнове памÑÑи ÑеÑÑии Django Ñ ÑанÑÑÑÑ + пÑÑмо в коÑневом пÑоÑÑÑанÑÑве имÑн кÑÑа. ÐÑли полÑзоваÑелÑÑкие даннÑе + Ñ ÑанÑÑÑÑ Ð² Ñом же кÑÑе, Ñо ÑдалÑннÑй полÑзоваÑÐµÐ»Ñ Ð¼Ð¾Ð¶ÐµÑ Ð¿ÐµÑÐµÑ Ð²Ð°ÑиÑÑ ÑеÑÑиÑ.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2011-4137";>CVE-2011-4137</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2011-4138";>CVE-2011-4138</a> - - <p>Django's field type URLfield by default checks supplied URL's by - - issuing a request to it, which doesn't time out. A Denial of Service - - is possible by supplying specially prepared URL's that keep the - - connection open indefinately or fill the Django's server memory.</p></li> + <p>Ðо ÑмолÑÐ°Ð½Ð¸Ñ Ñип Ð¿Ð¾Ð»Ñ URLfield в Django вÑполнÑÐµÑ Ð¿ÑовеÑÐºÑ Ð¿ÐµÑеданного URL + пÑÑÑм оÑпÑавки запÑоÑа, Ð´Ð»Ñ ÐºÐ¾ÑоÑого не ÑÑÑановлен ÑаймеÑ. ÐÑи пеÑедаÑе ÑпеÑиалÑно + ÑÑоÑмиÑованного URL можно вÑзваÑÑ Ð¾Ñказ в обÑлÑживании, Ñоединение бÑÐ´ÐµÑ Ð¾ÑÑаваÑÑÑÑ + оÑкÑÑÑÑм неопÑеделÑнно долго, либо бÑÐ´ÐµÑ Ð·Ð°Ð¿Ð¾Ð»Ð½ÐµÐ½Ð° памÑÑÑ ÑеÑвеÑа Django.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2011-4139";>CVE-2011-4139</a> - - <p>Django used X-Forwarded-Host headers to construct full URL's. This - - header may not contain trusted input and could be used to poison the - - cache.</p></li> + <p>Django иÑполÑзÑÐµÑ Ð·Ð°Ð³Ð¾Ð»Ð¾Ð²ÐºÐ¸ X-Forwarded-Host Ð´Ð»Ñ ÑÐ¾Ð·Ð´Ð°Ð½Ð¸Ñ Ð¿Ð¾Ð»Ð½ÑÑ URL. ÐÑÐ¾Ñ + заголовок Ð¼Ð¾Ð¶ÐµÑ Ð½Ðµ ÑодеÑжаÑÑ Ð´Ð¾Ð²ÐµÑеннÑе Ð²Ñ Ð¾Ð´Ð½Ñе даннÑе и Ð¼Ð¾Ð¶ÐµÑ Ð¸ÑполÑзоваÑÑÑÑ + Ð´Ð»Ñ Ð¾ÑÑÐ°Ð²Ð»ÐµÐ½Ð¸Ñ ÐºÑÑа.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2011-4140";>CVE-2011-4140</a> - - <p>The CSRF protection mechanism in Django does not properly handle - - web-server configurations supporting arbitrary HTTP Host headers, - - which allows remote attackers to trigger unauthenticated forged - - requests.</p></li> + <p>ÐÐµÑ Ð°Ð½Ð¸Ð·Ð¼ заÑиÑÑ CSRF в Django непÑавилÑно обÑабаÑÑÐ²Ð°ÐµÑ Ð½Ð°ÑÑÑойки + веб-ÑеÑвеÑа, поддеÑживаÑÑие пÑоизволÑнÑе HTTP-заголовки Host, + ÑÑо позволÑÐµÑ ÑдалÑннÑм злоÑмÑÑленникам оÑÑÑеÑÑвлÑÑÑ Ð½ÐµÐ°ÑÑенÑиÑиÑиÑованнÑе + ÑпеÑиалÑно ÑÑоÑмиÑованнÑе запÑоÑÑ.</p></li> </ul> - -<p>For the oldstable distribution (lenny), this problem has been fixed in - -version 1.0.2-1+lenny3.</p> +<p>РпÑедÑдÑÑем ÑÑабилÑном вÑпÑÑке (lenny) ÑÑа пÑоблема бÑла иÑпÑавлена в +веÑÑии 1.0.2-1+lenny3.</p> - -<p>For the stable distribution (squeeze), this problem has been fixed in - -version 1.2.3-3+squeeze2.</p> +<p>Ð ÑÑабилÑном вÑпÑÑке (squeeze) ÑÑа пÑоблема бÑла иÑпÑавлена в +веÑÑии 1.2.3-3+squeeze2.</p> - -<p>For the testing (wheezy) and unstable distribution (sid), this problem - -has been fixed in version 1.3.1-1.</p> +<p>Ð ÑеÑÑиÑÑемом (wheezy) и неÑÑабилÑном (sid) вÑпÑÑÐºÐ°Ñ ÑÑа пÑоблема +бÑла иÑпÑавлена в веÑÑии 1.3.1-1.</p> - -<p>We recommend that you upgrade your python-django packages.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ python-django.</p> </define-tag> # do not modify the following line -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE3mumcdV9mwCc9oZQXudu4gIW0qUFAlqRGvUACgkQXudu4gIW 0qVgzBAAmof34YM9v88FrvOPEBEhUzy3Shu6e3GxKLxPTUSUULd/XGE08LkSNaSk 4W5AABE07bJOVCuSBM2rvJOEs1ugmRsCKbVykzWc9TlqluhkMxV+K9xMBMcKM31L PshR30ex6dHMZpV/J6p9STjoLRzGhvFZZQGidGa+3Ow5dtaNMXOVkf2fsCFbzc3W TXoblCXHFCMJMP42/GthGVsZFNjqHV/PWMgQzJgFsxFJYNs4ra746jUvUdAmLOFf 09mNlIHPy4tJkupn60aKqCa4NNfMxCJXJnViSdOrH3T4vIqqtWRwTjQo3udnpjgP 1iaOE9vJ1QqVNW6MsvsHeHnJQaJRptB/vVEHQHigjaVOfjwE3Te9NE4ihct2Z3KR gyggIazTYAXg5AoJz+48SX2F4FY4NDgAVDYsa9i921KY97LbXk//OhTdnZ7F4tS/ YGBOao+i11PzQ4WnNTxKlhRnzwuYTjF+Ff3xmNbbblknUofc9mR+5yBDjwBdMGc6 ox67h4e7FvRrdbF7lTcT3vJAK1rMiun4xB+SdHkw6vCGv8tmKqBssIe1JWGTL7pb CHZ9OEVBABgjqP5PELPkVASFerQvMAxN6Hjj51o97MqDTmu8Iiw6Uud2Yb0bYOBH lENha4bHkWKU873+GEOeDXzZ150Y9AoI6Gqlr1Hl2Bz74DPxYdc= =rqN2 -----END PGP SIGNATURE-----
