-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - --- english/security/2016/dsa-3443.wml 2016-01-14 02:34:34.000000000 +0500 +++ russian/security/2016/dsa-3443.wml 2016-01-17 21:54:22.984067697 +0500 @@ -1,35 +1,36 @@ - -<define-tag description>security update</define-tag> +#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov" +<define-tag description>обновление безопаÑноÑÑи</define-tag> <define-tag moreinfo> - -<p>Several vulnerabilities have been discovered in the libpng PNG library. - -The Common Vulnerabilities and Exposures project identifies the - -following problems:</p> +<p>Ð libpng, библиоÑеке, ÑеализÑÑÑей поддеÑÐ¶ÐºÑ PNG, бÑло обнаÑÑжено неÑколÑко ÑÑзвимоÑÑей. +ÐÑÐ¾ÐµÐºÑ Common Vulnerabilities and Exposures опÑеделÑÐµÑ +ÑледÑÑÑие пÑоблемÑ:</p> <ul> <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-8472">CVE-2015-8472</a> - - <p>It was discovered that the original fix for + <p>ÐÑло обнаÑÑжено, ÑÑо изнаÑалÑное иÑпÑавление Ð´Ð»Ñ <a href="https://security-tracker.debian.org/tracker/CVE-2015-8126">\ - - CVE-2015-8126</a> was - - incomplete and did not detect a potential overrun by applications - - using png_set_PLTE directly. A remote attacker can take advantage of - - this flaw to cause a denial of service (application crash).</p></li> + CVE-2015-8126</a> бÑло + неполнÑм, оно не опÑеделÑÐµÑ Ð¿Ð¾ÑенÑиалÑной пеÑегÑÑзки, вÑзÑваемой пÑиложениÑми, + напÑÑмÑÑ Ð¸ÑполÑзÑÑÑими ÑÑнкÑÐ¸Ñ png_set_PLTE. УдалÑннÑй злоÑмÑÑленник Ð¼Ð¾Ð¶ÐµÑ Ð¸ÑполÑзоваÑÑ + даннÑÑ ÑÑзвимоÑÑÑ Ð´Ð»Ñ Ð²Ñзова оÑказа в обÑлÑживании (аваÑийное завеÑÑение ÑабоÑÑ Ð¿ÑиложениÑ).</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-8540">CVE-2015-8540</a> - - <p>Xiao Qixue and Chen Yu discovered a flaw in the png_check_keyword - - function. A remote attacker can potentially take advantage of this - - flaw to cause a denial of service (application crash).</p></li> + <p>СÑо ЦиÑÑÑ Ð¸ ЧÑÐ½Ñ Ð®Ð¹ обнаÑÑжили ÑÑзвимоÑÑÑ Ð² ÑÑнкÑии + png_check_keyword. УдалÑннÑй злоÑмÑÑленник поÑенÑиалÑно Ð¼Ð¾Ð¶ÐµÑ Ð¸ÑполÑзоваÑÑ ÑÑÑ + ÑÑзвимоÑÑÑ Ð´Ð»Ñ Ð²Ñзова оÑказа в обÑлÑживании (аваÑийное завеÑÑение ÑабоÑÑ Ð¿ÑиложениÑ).</p></li> </ul> - -<p>For the oldstable distribution (wheezy), these problems have been fixed - -in version 1.2.49-1+deb7u2.</p> +<p>РпÑедÑдÑÑем ÑÑабилÑном вÑпÑÑке (wheezy) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ +в веÑÑии 1.2.49-1+deb7u2.</p> - -<p>For the stable distribution (jessie), these problems have been fixed in - -version 1.2.50-2+deb8u2.</p> +<p>Ð ÑÑабилÑном вÑпÑÑке (jessie) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 1.2.50-2+deb8u2.</p> - -<p>We recommend that you upgrade your libpng packages.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ libpng.</p> </define-tag> # do not modify the following line - --- english/security/2016/dsa-3444.wml 2016-01-14 02:55:45.000000000 +0500 +++ russian/security/2016/dsa-3444.wml 2016-01-17 21:56:32.245329954 +0500 @@ -1,19 +1,20 @@ - -<define-tag description>security update</define-tag> +#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov" +<define-tag description>обновление безопаÑноÑÑи</define-tag> <define-tag moreinfo> - -<p>Crtc4L discovered a cross-site scripting vulnerability in wordpress, a - -web blogging tool, allowing a remote authenticated administrator to - -compromise the site.</p> +<p>Crtc4L обнаÑÑжил ÑÑзвимоÑÑÑ Ð² wordpress, инÑÑÑÑменÑе Ð´Ð»Ñ Ð²ÐµÐ´ÐµÐ½Ð¸Ñ +блога, пÑиводÑÑÑÑ Ðº межÑайÑÐ¾Ð²Ð¾Ð¼Ñ ÑкÑипÑингÑ, коÑоÑÐ°Ñ Ð¿Ð¾Ð·Ð²Ð¾Ð»ÑÐµÑ ÑдалÑÐ½Ð½Ð¾Ð¼Ñ Ð°ÑÑенÑиÑиÑиÑÐ¾Ð²Ð°Ð½Ð½Ð¾Ð¼Ñ +админиÑÑÑаÑоÑÑ ÐºÐ¾Ð¼Ð¿ÑомеÑиÑоваÑÑ ÑайÑ.</p> - -<p>For the oldstable distribution (wheezy), this problem has been fixed - -in version 3.6.1+dfsg-1~deb7u9.</p> +<p>РпÑедÑдÑÑем ÑÑабилÑном вÑпÑÑке (wheezy) ÑÑа пÑоблема бÑла иÑпÑавлена +в веÑÑии 3.6.1+dfsg-1~deb7u9.</p> - -<p>For the stable distribution (jessie), this problem has been fixed in - -version 4.1+dfsg-1+deb8u7.</p> +<p>Ð ÑÑабилÑном вÑпÑÑке (jessie) ÑÑа пÑоблема бÑла иÑпÑавлена в +веÑÑии 4.1+dfsg-1+deb8u7.</p> - -<p>For the unstable distribution (sid), this problem has been fixed in - -version 4.4.1+dfsg-1.</p> +<p>РнеÑÑабилÑном вÑпÑÑке (sid) ÑÑа пÑоблема бÑла иÑпÑавлена в +веÑÑии 4.4.1+dfsg-1.</p> - -<p>We recommend that you upgrade your wordpress packages.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ wordpress.</p> </define-tag> # do not modify the following line - --- english/security/2016/dsa-3445.wml 2016-01-14 03:15:32.000000000 +0500 +++ russian/security/2016/dsa-3445.wml 2016-01-17 21:59:08.265268148 +0500 @@ -1,22 +1,23 @@ - -<define-tag description>security update</define-tag> +#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov" +<define-tag description>обновление безопаÑноÑÑи</define-tag> <define-tag moreinfo> - -<p>Javantea discovered that pygments, a generic syntax highlighter, is - -prone to a shell injection vulnerability allowing a remote attacker to - -execute arbitrary code via shell metacharacters in a font name.</p> +<p>Javantea обнаÑÑжил, ÑÑо pygments, ÐÐ Ð´Ð»Ñ Ð¿Ð¾Ð´ÑвеÑÐ¸Ð²Ð°Ð½Ð¸Ñ ÑинÑакÑиÑа обÑего назнаÑениÑ, +ÑодеÑÐ¶Ð¸Ñ ÑÑзвимоÑÑÑ, пÑоÑвлÑÑÑÑÑÑÑ Ð² инÑекÑии команд командной оболоÑки и позволÑÑÑÑÑ ÑдалÑÐ½Ð½Ð¾Ð¼Ñ +злоÑмÑÑÐ»ÐµÐ½Ð½Ð¸ÐºÑ Ð²ÑполниÑÑ Ð¿ÑоизволÑнÑй код Ñ Ð¿Ð¾Ð¼Ð¾ÑÑÑ Ð¼ÐµÑаÑимволов командной оболоÑки в имени ÑÑиÑÑа.</p> - -<p>For the oldstable distribution (wheezy), this problem has been fixed - -in version 1.5+dfsg-1+deb7u1.</p> +<p>РпÑедÑдÑÑем ÑÑабилÑном вÑпÑÑке (wheezy) ÑÑа пÑоблема бÑла иÑпÑавлена +в веÑÑии 1.5+dfsg-1+deb7u1.</p> - -<p>For the stable distribution (jessie), this problem has been fixed in - -version 2.0.1+dfsg-1.1+deb8u1.</p> +<p>Ð ÑÑабилÑном вÑпÑÑке (jessie) ÑÑа пÑоблема бÑла иÑпÑавлена в +веÑÑии 2.0.1+dfsg-1.1+deb8u1.</p> - -<p>For the testing distribution (stretch), this problem has been fixed - -in version 2.0.1+dfsg-2.</p> +<p>Ð ÑеÑÑиÑÑемом вÑпÑÑке (stretch) ÑÑа пÑоблема бÑла иÑпÑавлена +в веÑÑии 2.0.1+dfsg-2.</p> - -<p>For the unstable distribution (sid), this problem has been fixed in - -version 2.0.1+dfsg-2.</p> +<p>РнеÑÑабилÑном вÑпÑÑке (sid) ÑÑа пÑоблема бÑла иÑпÑавлена в +веÑÑии 2.0.1+dfsg-2.</p> - -<p>We recommend that you upgrade your pygments packages.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ pygments.</p> </define-tag> # do not modify the following line - --- english/security/2016/dsa-3447.wml 2016-01-17 21:14:40.000000000 +0500 +++ russian/security/2016/dsa-3447.wml 2016-01-17 22:02:29.412879871 +0500 @@ -1,25 +1,26 @@ - -<define-tag description>security update</define-tag> +#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov" +<define-tag description>обновление безопаÑноÑÑи</define-tag> <define-tag moreinfo> - -<p>It was discovered that malicious web applications could use the - -Expression Language to bypass protections of a Security Manager as - -expressions were evaluated within a privileged code section.</p> - - - -<p>For the oldstable distribution (wheezy), this problem has been fixed - -in version 7.0.28-4+deb7u3. This update also provides fixes for - -<a href="https://security-tracker.debian.org/tracker/CVE-2013-4444">CVE-2013-4444</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2014-0075">CVE-2014-0075</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2014-0099">CVE-2014-0099</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2014-0227">CVE-2014-0227</a> and - -<a href="https://security-tracker.debian.org/tracker/CVE-2014-0230">CVE-2014-0230</a>, which were all fixed for the stable distribution (jessie) - -already.</p> - - - -<p>For the stable distribution (jessie), this problem has been fixed in - -version 7.0.56-3+deb8u1.</p> +<p>ÐÑло обнаÑÑжено, ÑÑо некоÑÑекÑнÑе веб-пÑÐ¸Ð»Ð¾Ð¶ÐµÐ½Ð¸Ñ Ð¼Ð¾Ð³ÑÑ Ð¸ÑполÑзоваÑÑ +ÑзÑк вÑÑажений Ð´Ð»Ñ Ð¾Ð±Ñ Ð¾Ð´Ð° заÑиÑÑ Ð¼ÐµÐ½ÐµÐ´Ð¶ÐµÑа безопаÑноÑÑи, Ñак как +вÑÑÐ°Ð¶ÐµÐ½Ð¸Ñ Ð²ÑÑиÑлÑÑÑÑÑ Ð² пÑивилегиÑованном ÑÑаÑÑке кода.</p> + +<p>РпÑедÑдÑÑем ÑÑабилÑном вÑпÑÑке (wheezy) ÑÑа пÑоблема бÑла иÑпÑавлена +в веÑÑии 7.0.28-4+deb7u3. ÐÑоме Ñого, данное обновление ÑодеÑÐ¶Ð¸Ñ Ð¸ÑпÑÐ°Ð²Ð»ÐµÐ½Ð¸Ñ Ð´Ð»Ñ +<a href="https://security-tracker.debian.org/tracker/CVE-2013-4444">CVE-2013-4444</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2014-0075">CVE-2014-0075</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2014-0099">CVE-2014-0099</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2014-0227">CVE-2014-0227</a> и +<a href="https://security-tracker.debian.org/tracker/CVE-2014-0230">CVE-2014-0230</a>, коÑоÑÑе Ñже бÑли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² ÑÑабилÑном +вÑпÑÑке (jessie).</p> + +<p>Ð ÑÑабилÑном вÑпÑÑке (jessie) ÑÑа пÑоблема бÑла иÑпÑавлена в +веÑÑии 7.0.56-3+deb8u1.</p> - -<p>For the testing distribution (stretch), this problem has been fixed - -in version 7.0.61-1.</p> +<p>Ð ÑеÑÑиÑÑемом вÑпÑÑке (stretch) ÑÑа пÑоблема бÑла иÑпÑавлена +в веÑÑии 7.0.61-1.</p> - -<p>For the unstable distribution (sid), this problem has been fixed in - -version 7.0.61-1.</p> +<p>РнеÑÑабилÑном вÑпÑÑке (sid) ÑÑа пÑоблема бÑла иÑпÑавлена в +веÑÑии 7.0.61-1.</p> - -<p>We recommend that you upgrade your tomcat7 packages.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ tomcat7.</p> </define-tag> # do not modify the following line -----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJWm8lNAAoJEF7nbuICFtKl/7AP/1RuBpm7SAilP1oRF8sMsp9o icTm4I5pgoELcU8y2WCNdO+qOM92YKRgiUjnw7WzJ0TBwhzgYLGtI3fRcq0aLmwe NkpQjBhMepoPJq8SJtetfvthHMfu94FHBMkXACzVf9ge5nMUD59chCkivwflMZMg 2df7KZp5URxkTTy837l1iroEJCZO6oTIrU/X/cWJjyFM9/jXJ5KqN6pTi80XrgHo CMHV5btgvdMO9vqpfjk/yxhs+xuJ2ujAIVVk/GG+cLiZ2besUucz3cu5pZ5u+ed0 Dk1MRQL4Eb0M7z2DR+1gOR8ErLkmWFWyu9VlUNKV3qWmAUlJYfl/ssrWH2DC2gIK +J9UsGeFc5K5ZGSj3soq2K8ebayWgpMYhGAPjH8NnSlsZZMLklS2UO09dxhG6hbV Oyott0V8oDd6iL0pSlAsXX49OJffFvk+AVJ402wjoMtq5QwELBZFKuC20PP02ne6 2IDTc9hwggTe6Hrlq7rZzTX9bwbDsw14VDBajVwb7p7dWp2m78P33Fj154lXXZXQ 8FTVJpx9pWYFK/YCDe+U8WJAeXwxrodnylAiQOJoUgv9tlG8hbSVtLQaBVC5tuQr eLrJelpqH/9q6VB0hLUZ02OtWX8W7D6T/ajkSCF2/qzGDErXsWkruUWQU2uio0hI X+HhUzPgF4zabRVVjWHC =Si2K -----END PGP SIGNATURE-----