[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[DONE] wml://security/2002/dsa-{130,193,111,173,171,099,167,141,144}.wml

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- english/security/2002/dsa-099.wml	2011-05-26 16:05:40.000000000 +0600
+++ russian/security/2002/dsa-099.wml	2016-02-19 22:11:19.882762220 +0500
@@ -1,22 +1,23 @@
- -<define-tag description>IRC session hijacking</define-tag>
+#use wml::debian::translation-check translation="1.4" maintainer="Lev Lamberov"
+<define-tag description>поÑ?иÑ?ение Ñ?еÑ?Ñ?ии IRC</define-tag>
 <define-tag moreinfo>
- -<p>zen-parse found a <a href="http://online.securityfocus.com/archive/1/249113";>\
- -vulnerability</a> in the XChat IRC client that allows an
- -attacker to take over the users IRC session.</p>
+<p>zen-parse обнаÑ?Ñ?жил <a href="http://online.securityfocus.com/archive/1/249113";>\
+Ñ?Ñ?звимоÑ?Ñ?Ñ?</a> в IRC-клиенÑ?е XChat, коÑ?оÑ?аÑ? позволÑ?еÑ?
+злоÑ?мÑ?Ñ?ленникÑ? заÑ?ваÑ?иÑ?Ñ? IRC-Ñ?еÑ?Ñ?иÑ? полÑ?зоваÑ?елÑ?.</p>
 
- -<p>It is possible to trick XChat IRC clients into sending arbitrary
- -commands to the IRC server they are on, potentially allowing social
- -engineering attacks, channel takeovers, and denial of service.  This
- -problem exists in versions 1.4.2 and 1.4.3.  Later versions of XChat
- -are vulnerable as well, but this behaviour is controlled by the
- -configuration variable »percascii«, which defaults to 0.  If it is set
- -to 1 then the problem becomes apparent in 1.6/1.8 as well.</p>
+<p>Ð?ожно заÑ?Ñ?авиÑ?Ñ? IRC-клиенÑ?а XChat оÑ?пÑ?авиÑ?Ñ? пÑ?оизволÑ?нÑ?е
+командÑ? на Ñ?еÑ?веÑ? IRC, к коÑ?оÑ?омÑ? Ñ?Ñ?оÑ? клиенÑ? подклÑ?Ñ?ен, Ñ?Ñ?о поÑ?енÑ?иалÑ?но позволÑ?еÑ?
+вÑ?полнÑ?Ñ?Ñ? аÑ?аки в дÑ?Ñ?е Ñ?оÑ?иалÑ?ного инжиниÑ?инга, заÑ?ваÑ?а каналов и оÑ?каза в обÑ?лÑ?живании.  ЭÑ?а
+пÑ?облема пÑ?иÑ?Ñ?Ñ?Ñ?Ñ?вÑ?еÑ? в веÑ?Ñ?иÑ?Ñ? 1.4.2 и 1.4.3.  Ð?олее поздние веÑ?Ñ?ии XChat
+Ñ?акже Ñ?одеÑ?жаÑ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ?, но поведение пÑ?огÑ?аммÑ? опÑ?еделÑ?еÑ?Ñ?Ñ? пеÑ?еменной
+окÑ?Ñ?жениÑ? »percascii«, коÑ?оÑ?аÑ? по Ñ?молÑ?аниÑ? имееÑ? знаÑ?ение 0.  Ð?Ñ?ли она имееÑ?
+знаÑ?ение 1, Ñ?о Ñ?казаннаÑ? пÑ?облема Ñ?Ñ?ановиÑ?Ñ?Ñ? акÑ?Ñ?алÑ?но и в веÑ?Ñ?иÑ?Ñ? 1.6/1.8.</p>
 
- -<p>This problem has been fixed in upstream version 1.8.7 and in version
- -1.4.3-1 for the current stable Debian release (2.2) with a patch
- -provided from the upstream author Peter Zelezny.  We recommend that
- -you upgrade your XChat packages immediately, since this problem is
- -already actively being exploited.</p>
+<p>ЭÑ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в веÑ?Ñ?ии 1.8.7 из оÑ?новной веÑ?ки Ñ?азÑ?абоÑ?ки и в веÑ?Ñ?ии
+1.4.3-1 длÑ? Ñ?екÑ?Ñ?его Ñ?Ñ?абилÑ?ного вÑ?пÑ?Ñ?ка Debian (2.2) благодаÑ?Ñ? заплаÑ?е,
+пÑ?едоÑ?Ñ?авленной Ð?иÑ?еÑ?ом Ð?елезнÑ?, авÑ?оÑ?ом оÑ?новной веÑ?ки Ñ?азÑ?абоÑ?ки.  РекомендÑ?еÑ?Ñ?Ñ?
+как можно Ñ?коÑ?ее обновиÑ?Ñ? пакеÑ?Ñ? XChat, Ñ?ак как Ñ?Ñ?а пÑ?облема
+Ñ?же акÑ?ивно иÑ?полÑ?зÑ?еÑ?Ñ?Ñ? злоÑ?мÑ?Ñ?ленниками.</p>
 </define-tag>
 
 # do not modify the following line
- --- english/security/2002/dsa-111.wml	2002-06-19 20:20:24.000000000 +0600
+++ russian/security/2002/dsa-111.wml	2016-02-19 21:47:57.009812199 +0500
@@ -1,28 +1,29 @@
- -<define-tag description>remote exploit</define-tag>
+#use wml::debian::translation-check translation="1.4" maintainer="Lev Lamberov"
+<define-tag description>Ñ?далÑ?ннаÑ? Ñ?Ñ?звимоÑ?Ñ?Ñ?</define-tag>
 <define-tag moreinfo>
- -<p>The Secure Programming Group of the Oulu University did a study on
- -SNMP implementations and uncovered multiple problems which can
- -cause problems ranging from Denial of Service attacks to remote
- -exploits.</p>
+<p>Ð?Ñ?Ñ?ппа безопаÑ?ного пÑ?огÑ?аммиÑ?ованиÑ? из Ñ?нивеÑ?Ñ?иÑ?еÑ?а Ð?Ñ?лÑ? пÑ?овела иÑ?Ñ?ледованиÑ?
+Ñ?еализаÑ?ий SNMP и обнаÑ?Ñ?жила многоÑ?иÑ?леннÑ?е пÑ?облемÑ?, коÑ?оÑ?Ñ?е могÑ?Ñ?
+вÑ?зÑ?ваÑ?Ñ? Ñ?азлиÑ?нÑ?е Ñ?Ñ?звимоÑ?Ñ?и, оÑ? оÑ?каза в обÑ?лÑ?живании до Ñ?далÑ?ннÑ?Ñ?
+Ñ?Ñ?звимоÑ?Ñ?ей.</p>
 
- -<p>New UCD-SNMP packages have been prepared to fix these problems
- -as well as a few others. The complete list of fixed problems is:</p>
+<p>Ð?Ñ?ли подгоÑ?овленÑ? новÑ?е пакеÑ?Ñ? UCD-SNMP длÑ? иÑ?пÑ?авлениÑ? Ñ?Ñ?и пÑ?облем,
+а Ñ?акже неÑ?колÑ?киÑ? дÑ?Ñ?гиÑ?. Ð?олнÑ?й Ñ?пиÑ?ок иÑ?пÑ?авленнÑ?Ñ? пÑ?облем:</p>
 
 <ul>
- -<li> When running external programs snmpd used temporary files insecurely</li>
- -<li> snmpd did not properly reset supplementary groups after changing
- -  its uid and gid</li>
- -<li> Modified most code to use buffers instead of fixed-length strings to
- -  prevent buffer overflows</li>
- -<li> The ASN.1 parser did not check for negative lengths</li>
- -<li> The IFINDEX response handling in snmpnetstat did not do a sanity check
- -  on its input</li>
+<li> Ð?Ñ?и запÑ?Ñ?ке внеÑ?ниÑ? пÑ?огÑ?амм snmpd иÑ?полÑ?зÑ?еÑ? вÑ?еменнÑ?е Ñ?айлÑ? небезопаÑ?нÑ?м обÑ?азом</li>
+<li> snmpd непÑ?авилÑ?но Ñ?бÑ?аÑ?Ñ?ваеÑ? дополниÑ?елÑ?нÑ?е гÑ?Ñ?ппÑ? поÑ?ле изменениÑ?
+  иденÑ?иÑ?икаÑ?оÑ?ов полÑ?зоваÑ?елÑ? и гÑ?Ñ?ппÑ?</li>
+<li> Ð?лÑ? пÑ?едоÑ?вÑ?аÑ?ениÑ? пеÑ?еполнениÑ? бÑ?Ñ?еÑ?а бÑ?л изменÑ?н болÑ?Ñ?ой Ñ?Ñ?аÑ?Ñ?ок кода Ñ? Ñ?ем,
+  Ñ?Ñ?обÑ? иÑ?полÑ?зоваÑ?Ñ? бÑ?Ñ?еÑ?а вмеÑ?Ñ?о Ñ?Ñ?Ñ?ок Ñ?икÑ?иÑ?ованной длинÑ?</li>
+<li> Ð?од длÑ? гÑ?аммаÑ?иÑ?еÑ?кого Ñ?азбоÑ?а ASN.1 не вÑ?полнÑ?еÑ? пÑ?овеÑ?кÑ? на длинÑ? Ñ? оÑ?Ñ?иÑ?аÑ?елÑ?нÑ?м знаÑ?ением</li>
+<li> Ð?бÑ?абоÑ?ка оÑ?веÑ?а IFINDEX в snmpnetstat не вÑ?полнÑ?еÑ? пÑ?овеÑ?кÑ?
+  вÑ?однÑ?Ñ? даннÑ?Ñ?</li>
 </ul>
 
- -<p>(thanks to Caldera for most of the work on those patches)</p>
+<p>(благодаÑ?им Caldera за болÑ?Ñ?Ñ?Ñ? Ñ?аÑ?Ñ?Ñ? Ñ?абоÑ?Ñ? над Ñ?Ñ?ими заплаÑ?ами)</p>
 
- -<p>The new version is 4.1.1-2.1 and we recommend you upgrade your
- -snmp packages immediately.</p>
+<p>Ð?оваÑ? веÑ?Ñ?иÑ? &mdash; 4.1.1-2.1, Ñ?екомендÑ?ем как можно Ñ?коÑ?ее обновиÑ?Ñ?
+пакеÑ?Ñ? snmp.</p>
 </define-tag>
 
 # do not modify the following line
- --- english/security/2002/dsa-130.wml	2002-12-09 15:37:12.000000000 +0500
+++ russian/security/2002/dsa-130.wml	2016-02-19 21:36:10.376053727 +0500
@@ -1,22 +1,22 @@
- -<define-tag description>remotely triggered memory allocation error</define-tag>
+#use wml::debian::translation-check translation="1.3" maintainer="Lev Lamberov"
+<define-tag description>Ñ?далÑ?нно вÑ?зÑ?ваемаÑ? оÑ?ибка вÑ?делениÑ? памÑ?Ñ?и</define-tag>
 <define-tag moreinfo>
- -<p>Ethereal versions prior to 0.9.3 were vulnerable to an allocation error
- -in the ASN.1 parser. This can be triggered when analyzing traffic using
- -the SNMP, LDAP, COPS, or Kerberos protocols in ethereal. This
- -vulnerability was announced in the ethereal security advisory
+<p>УÑ?илиÑ?а ethereal до веÑ?Ñ?ии 0.9.3 Ñ?Ñ?звима к оÑ?ибке вÑ?делениÑ? памÑ?Ñ?и, коÑ?оÑ?аÑ? возникаеÑ?
+в коде длÑ? гÑ?аммаÑ?иÑ?еÑ?кого Ñ?азбоÑ?а ASN.1. ЭÑ?а оÑ?ибка можеÑ? бÑ?Ñ?Ñ? вÑ?звана пÑ?и анализе Ñ?Ñ?аÑ?ика, иÑ?полÑ?зÑ?Ñ?
+пÑ?оÑ?околÑ? SNMP, LDAP, COPS или Kerberos. Ð? данной
+Ñ?Ñ?звимоÑ?Ñ?и Ñ?ообÑ?аеÑ?Ñ?Ñ? в Ñ?екомендаÑ?ии по безопаÑ?ноÑ?Ñ?и ethereal
 <a href="http://www.ethereal.com/appnotes/enpa-sa-00003.html";>enpa-sa-00003</a>.
- -This issue has been corrected in ethereal version 0.8.0-3potato for
+Ð?Ñ?облема бÑ?ла иÑ?пÑ?авлена в ethereal веÑ?Ñ?ии 0.8.0-3potato длÑ?
 Debian 2.2 (potato).</p>
 
- -<p>Additionally, a number of vulnerabilities were discussed in ethereal
- -security advisory
- -<a href="http://www.ethereal.com/appnotes/enpa-sa-00004.html";>enpa-sa-00004</a>;
- -the version of ethereal in Debian 2.2
- -(potato) is not vulnerable to the issues raised in this later advisory.
- -Users of the not-yet-released woody distribution should ensure that they
- -are running ethereal 0.9.4-1 or a later version.</p>
+<p>Ð?Ñ?оме Ñ?ого, в Ñ?екомендаÑ?ии по безопаÑ?ноÑ?Ñ?и ethereal
+<a href="http://www.ethereal.com/appnotes/enpa-sa-00004.html";>enpa-sa-00004</a>
+обÑ?Ñ?ждаеÑ?Ñ?Ñ? Ñ?Ñ?д Ñ?Ñ?звимоÑ?Ñ?ей; веÑ?Ñ?иÑ? ethereal в Debian 2.2
+(potato) не подвеÑ?жена пÑ?облемам, Ñ?казаннÑ?м в более поздней Ñ?екомендаÑ?ии.
+Ð?олÑ?зоваÑ?елÑ?м еÑ?Ñ? не вÑ?пÑ?Ñ?енного диÑ?Ñ?Ñ?ибÑ?Ñ?ива woody Ñ?ледÑ?еÑ? Ñ?бедиÑ?Ñ?Ñ?Ñ?, Ñ?Ñ?о они
+иÑ?полÑ?зÑ?Ñ? ethereal 0.9.4-1 или более поздней веÑ?Ñ?ии.</p>
 
- -<p>We recommend you upgrade your ethereal package immediately.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? как можно Ñ?коÑ?ее обновиÑ?Ñ? пакеÑ? ethereal.</p>
 </define-tag>
 
 # do not modify the following line
- --- english/security/2002/dsa-141.wml	2002-08-02 16:09:55.000000000 +0600
+++ russian/security/2002/dsa-141.wml	2016-02-19 22:29:33.457009807 +0500
@@ -1,23 +1,24 @@
- -<define-tag description>buffer overflow</define-tag>
+#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov"
+<define-tag description>пеÑ?еполнение бÑ?Ñ?еÑ?а</define-tag>
 <define-tag moreinfo>
- -<p>Eckehard Berns discovered a buffer overflow in the munpack program
- -which is used for decoding (respectively) binary files in MIME
- -(Multipurpose Internet Mail Extensions) format mail messages.  If
- -munpack is run on an appropriately malformed email (or news article)
- -then it will crash, and perhaps can be made to run arbitrary code.</p>
+<p>ЭкеÑ?аÑ?д Ð?еÑ?нÑ? обнаÑ?Ñ?жил пеÑ?еполнение бÑ?Ñ?еÑ?а в пÑ?огÑ?амме munpack,
+коÑ?оÑ?аÑ? иÑ?полÑ?зÑ?еÑ?Ñ?Ñ? длÑ? декодиÑ?ованиÑ? (Ñ?ооÑ?веÑ?Ñ?Ñ?венно) двоиÑ?нÑ?Ñ? Ñ?айлов в Ñ?оÑ?маÑ?
+Ñ?ообÑ?ений MIME (многоÑ?елевÑ?е Ñ?аÑ?Ñ?иÑ?ениÑ? поÑ?Ñ?Ñ? Ð?нÑ?еÑ?неÑ?).  Ð?Ñ?ли
+munpack запÑ?Ñ?каеÑ?Ñ?Ñ? длÑ? обÑ?абоÑ?ки Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованного Ñ?ообÑ?ениÑ? Ñ?лекÑ?Ñ?онной поÑ?Ñ?Ñ? (или Ñ?Ñ?аÑ?Ñ?и новоÑ?Ñ?ей),
+Ñ?о его Ñ?абоÑ?а завеÑ?Ñ?аеÑ?Ñ?Ñ? аваÑ?ийно, возможно Ñ? помоÑ?Ñ?Ñ? Ñ?Ñ?ой Ñ?Ñ?звимоÑ?Ñ?и можно запÑ?Ñ?Ñ?иÑ?Ñ? пÑ?оизволÑ?нÑ?й код.</p>
 
- -<p>Herbert Xu reported a second vulnerability which affected malformed
- -filenames that refer to files in upper directories like "../a".  The
- -security impact is limited, though, because only a single leading
- -"../" was accepted and only new files can be created (i.e. no files
- -will be overwritten).</p>
+<p>Ð?еÑ?беÑ?Ñ? ШÑ? обнаÑ?Ñ?жил вÑ?оÑ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ?, коÑ?оÑ?аÑ? каÑ?аеÑ?Ñ?Ñ? некоÑ?Ñ?екÑ?нÑ?Ñ?
+имÑ?н Ñ?айлов, Ñ?казÑ?ваÑ?Ñ?иÑ? на Ñ?айлÑ? в каÑ?алогаÑ? веÑ?Ñ?него Ñ?Ñ?овнÑ? (напÑ?имеÑ?, "../a").  Ð?лиÑ?ние
+Ñ?Ñ?ой пÑ?облемÑ? не безопаÑ?ноÑ?Ñ?Ñ? огÑ?аниÑ?ено, поÑ?колÑ?кÑ? пÑ?инимаеÑ?Ñ?Ñ? лиÑ?Ñ? пеÑ?еÑ?од на один
+Ñ?Ñ?овенÑ? ввеÑ?Ñ?, "../", и Ñ?аким Ñ?поÑ?обом можно Ñ?оздаÑ?Ñ? Ñ?олÑ?ко новÑ?е Ñ?айлÑ? (Ñ?о еÑ?Ñ?Ñ?, нелÑ?зÑ?
+пеÑ?езапиÑ?аÑ?Ñ? Ñ?же имеÑ?Ñ?иеÑ?Ñ? Ñ?айлÑ?).</p>
 
- -<p>Both problems have been fixed in version 1.5-5potato2 for the old
- -stable distribution (potato), in version 1.5-7woody2 for the current
- -stable distribution (woody) and in version 1.5-9 for the unstable
- -distribution (sid).</p>
+<p>Ð?бе пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в веÑ?Ñ?ии 1.5-5potato2 длÑ? пÑ?едÑ?дÑ?Ñ?его Ñ?Ñ?абилÑ?ного
+вÑ?пÑ?Ñ?ка (potato), в веÑ?Ñ?ии 1.5-7woody2 длÑ? Ñ?екÑ?Ñ?его
+Ñ?Ñ?абилÑ?ного вÑ?пÑ?Ñ?ка (woody) и в веÑ?Ñ?ии 1.5-9 длÑ? неÑ?Ñ?абилÑ?ного
+вÑ?пÑ?Ñ?ка (sid).</p>
 
- -<p>We recommend that you upgrade your mpack package immediately.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? как можно Ñ?коÑ?ее обновиÑ?Ñ? пакеÑ? mpack.</p>
 </define-tag>
 
 # do not modify the following line
- --- english/security/2002/dsa-144.wml	2002-08-06 15:08:35.000000000 +0600
+++ russian/security/2002/dsa-144.wml	2016-02-19 22:45:52.506186388 +0500
@@ -1,23 +1,24 @@
- -<define-tag description>improper input handling</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>непÑ?авилÑ?наÑ? обÑ?абоÑ?ка вÑ?однÑ?Ñ? даннÑ?Ñ?</define-tag>
 <define-tag moreinfo>
- -<p>A problem with wwwoffle has been discovered.  The web proxy didn't
- -handle input data with negative Content-Length settings properly which
- -causes the processing child to crash.  It is at this time not obvious
- -how this can lead to an exploitable vulnerability; however, it's better
- -to be safe than sorry, so here's an update.</p>
+<p>Ð?Ñ?ла обнаÑ?Ñ?жен пÑ?облема Ñ? wwwoffle.  УказаннÑ?й веб-пÑ?окÑ?и непÑ?авилÑ?но
+обÑ?абаÑ?Ñ?ваеÑ? вÑ?однÑ?е даннÑ?е Ñ? оÑ?Ñ?иÑ?аÑ?елÑ?нÑ?м знаÑ?ением Content-Length, Ñ?Ñ?о
+пÑ?иводиÑ? к аваÑ?ийной оÑ?Ñ?ановке обÑ?абаÑ?Ñ?ваÑ?Ñ?его доÑ?еÑ?него пÑ?оÑ?еÑ?Ñ?а.  Ð? наÑ?Ñ?оÑ?Ñ?ее вÑ?емÑ?
+не Ñ?Ñ?но, как Ñ?Ñ?о можеÑ? иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ? злоÑ?мÑ?Ñ?ленниками; Ñ?ем не менее, лÑ?Ñ?Ñ?е
+обезопаÑ?иÑ?Ñ?Ñ?Ñ?, Ñ?ем Ñ?ожалеÑ?Ñ?, поÑ?Ñ?омÑ? ниже пÑ?иведено обновление.</p>
 
- -<p>Additionally, in the woody version empty passwords will be treated as
- -wrong when trying to authenticate.  In the woody version we also
- -replaced CanonicaliseHost() with the latest routine from 2.7d, offered
- -by upstream.  This stops bad IPv6 format IP addresses in URLs from
- -causing problems (memory overwriting, potential exploits).</p>
+<p>Ð?Ñ?оме Ñ?ого, в веÑ?Ñ?ии из woody пÑ?и попÑ?Ñ?ке аÑ?Ñ?енÑ?иÑ?икаÑ?ии пÑ?Ñ?Ñ?Ñ?е паÑ?оли
+Ñ?Ñ?акÑ?Ñ?Ñ?Ñ?Ñ?Ñ? как непÑ?авилÑ?нÑ?е.  Ð? веÑ?Ñ?ии из woody Ñ?Ñ?нкÑ?иÑ?
+CanonicaliseHost() бÑ?ла заменена на Ñ?Ñ?нкÑ?иÑ? из веÑ?Ñ?ии 2.7d, пÑ?едоÑ?Ñ?авлÑ?емой
+оÑ?новной веÑ?кой Ñ?азÑ?абоÑ?ки.  Ð?на не позволÑ?еÑ? IP адÑ?еÑ?ам IPv6 в непÑ?авилÑ?ном Ñ?оÑ?маÑ?е
+вÑ?зÑ?ваÑ?Ñ? пÑ?облемÑ? (пеÑ?езапиÑ?Ñ? Ñ?одеÑ?жимого памÑ?Ñ?и, поÑ?енÑ?иалÑ?нÑ?е Ñ?Ñ?звимоÑ?Ñ?и).</p>
 
- -<p>This problem has been fixed in version 2.5c-10.4 for the old stable
- -distribution (potato), in version 2.7a-1.2 for the current stable
- -distribution (woody) and in version 2.7d-1 for the unstable
- -distribution (sid).</p>
+<p>ЭÑ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в веÑ?Ñ?ии 2.5c-10.4 длÑ? пÑ?едÑ?дÑ?Ñ?его Ñ?Ñ?абилÑ?ного
+вÑ?пÑ?Ñ?ка (potato), в веÑ?Ñ?ии 2.7a-1.2 длÑ? Ñ?екÑ?Ñ?его Ñ?Ñ?абилÑ?ного
+вÑ?пÑ?Ñ?ка (woody) и в веÑ?Ñ?ии 2.7d-1 длÑ? неÑ?Ñ?абилÑ?ного
+вÑ?пÑ?Ñ?ка (sid).</p>
 
- -<p>We recommend that you upgrade your wwwoffle packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? wwwoffle.</p>
 </define-tag>
 
 # do not modify the following line
- --- english/security/2002/dsa-167.wml	2002-09-16 21:00:33.000000000 +0600
+++ russian/security/2002/dsa-167.wml	2016-02-19 22:17:30.605879631 +0500
@@ -1,21 +1,22 @@
- -<define-tag description>cross site scripting</define-tag>
+#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov"
+<define-tag description>межÑ?айÑ?овÑ?й Ñ?кÑ?ипÑ?инг</define-tag>
 <define-tag moreinfo>
- -<p>A cross site scripting problem has been discovered in Konqueror, a
- -famous browser for KDE and other programs using KHTML.  The KDE team
- -<a href="http://www.kde.org/info/security/advisory-20020908-2.txt";>reports</a>
- -that Konqueror's cross site scripting protection fails to
- -initialize the domains on sub-(i)frames correctly.  As a result,
- -JavaScript is able to access any foreign subframe which is defined in
- -the HTML source.  Users of Konqueror and other KDE software that uses
- -the KHTML rendering engine may become victim of a cookie stealing and
- -other cross site scripting attacks.</p>
+<p>Ð? Konqueror, знамениÑ?ом бÑ?аÑ?зеÑ?е длÑ? KDE, и дÑ?Ñ?гиÑ? пÑ?огÑ?аммаÑ?, иÑ?полÑ?зÑ?Ñ?Ñ?иÑ?
+KHTML, бÑ?л обнаÑ?Ñ?жен межÑ?айÑ?овÑ?й Ñ?кÑ?ипÑ?инг.  Ð?оманда KDE
+<a href="http://www.kde.org/info/security/advisory-20020908-2.txt";>Ñ?ообÑ?аеÑ?</a>,
+Ñ?Ñ?о заÑ?иÑ?а Konqueror оÑ? межÑ?айÑ?ового Ñ?кÑ?ипÑ?инга не можеÑ? коÑ?Ñ?екÑ?но
+иниÑ?иализиÑ?оваÑ?Ñ? доменÑ? Ñ? под-(i)Ñ?Ñ?еймами.  Ð? Ñ?езÑ?лÑ?Ñ?аÑ?е
+код на JavaScript можеÑ? полÑ?Ñ?иÑ?Ñ? доÑ?Ñ?Ñ?п к лÑ?бомÑ? внеÑ?немÑ? подÑ?Ñ?еймÑ?, коÑ?оÑ?Ñ?е опÑ?еделÑ?еÑ?Ñ?Ñ? в
+иÑ?Ñ?одном коде HTML.  Ð?олÑ?зоваÑ?ели Konqueror и дÑ?Ñ?гиÑ? пÑ?иложений KDE, иÑ?полÑ?зÑ?Ñ?Ñ?иÑ?
+движок оÑ?Ñ?иÑ?овки KHTML, могÑ?Ñ? Ñ?Ñ?аÑ?Ñ? жеÑ?Ñ?вами кÑ?аж кÑ?ки и
+дÑ?Ñ?гиÑ? аÑ?ак по пÑ?инÑ?ипам межÑ?айÑ?ового Ñ?кÑ?ипÑ?инга.</p>
 
- -<p>This problem has been fixed in version 2.2.2-13.woody.3 for the
- -current stable distribution (woody) and in version 2.2.2-14 for the
- -unstable distribution (sid).  The old stable distribution (potato) is
- -not affected since it didn't ship KDE.</p>
+<p>ЭÑ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в веÑ?Ñ?ии 2.2.2-13.woody.3 длÑ?
+Ñ?екÑ?Ñ?его Ñ?Ñ?абилÑ?ного вÑ?пÑ?Ñ?ка (woody) и в веÑ?Ñ?ии 2.2.2-14 длÑ?
+неÑ?Ñ?абилÑ?ного вÑ?пÑ?Ñ?ка (sid).  Ð?Ñ?едÑ?дÑ?Ñ?ий Ñ?Ñ?абилÑ?нÑ?й вÑ?пÑ?Ñ?к (potato)
+не подвеÑ?жен данной пÑ?облеме, поÑ?колÑ?кÑ? в нÑ?м неÑ? KDE.</p>
 
- -<p>We recommend that you upgrade your kdelibs package and restart
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ? kdelibs и пеÑ?езапÑ?Ñ?Ñ?иÑ?Ñ?
 Konqueror.</p>
 </define-tag>
 
- --- english/security/2002/dsa-171.wml	2002-10-07 21:15:33.000000000 +0600
+++ russian/security/2002/dsa-171.wml	2016-02-19 22:00:34.391769885 +0500
@@ -1,22 +1,23 @@
- -<define-tag description>buffer overflows</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>пеÑ?еполнение бÑ?Ñ?еÑ?а</define-tag>
 <define-tag moreinfo>
- -<p>Stefan Esser <a href="http://security.e-matters.de/advisories/032002.html";>\
- -discovered</a> several buffer overflows and a broken boundary
- -check within fetchmail.  If fetchmail is running in multidrop mode
- -these flaws can be used by remote attackers to crash it or to execute
- -arbitrary code under the user id of the user running fetchmail.
- -Depending on the configuration this even allows a remote root
- -compromise.</p>
+<p>ШÑ?еÑ?ан ЭÑ?Ñ?еÑ? <a href="http://security.e-matters.de/advisories/032002.html";>\
+обнаÑ?Ñ?жил</a> неÑ?колÑ?ко пеÑ?еполнений бÑ?Ñ?еÑ?а и Ñ?ломаннÑ?Ñ? пÑ?овеÑ?кÑ?
+гÑ?аниÑ? маÑ?Ñ?ива в fetchmail.  Ð?Ñ?ли fetchmail Ñ?абоÑ?аеÑ? в многоÑ?оÑ?еÑ?ном Ñ?ежиме,
+Ñ?о Ñ?Ñ?и Ñ?Ñ?звимоÑ?Ñ?и могÑ?Ñ? иÑ?полÑ?зоваÑ?Ñ? Ñ?далÑ?ннÑ?ми злоÑ?мÑ?Ñ?ленниками длÑ? аваÑ?ийной оÑ?Ñ?ановки Ñ?Ñ?илиÑ?Ñ? или
+вÑ?полнениÑ? пÑ?оизволÑ?ного кода оÑ? лиÑ?а полÑ?зоваÑ?елÑ?, запÑ?Ñ?Ñ?ивÑ?его fetchmail.
+Ð? завиÑ?имоÑ?Ñ?и оÑ? наÑ?Ñ?Ñ?оек Ñ?Ñ?а Ñ?Ñ?звимоÑ?Ñ?Ñ? можеÑ? позволиÑ?Ñ? Ñ?далÑ?нно Ñ?компÑ?омеÑ?иÑ?оваÑ?Ñ?
+Ñ?Ñ?пеÑ?полÑ?зоваÑ?елÑ?.</p>
 
- -<p>These problems have been fixed in version 5.9.11-6.1 for both
- -fetchmail and fetchmail-ssl for the current stable distribution
- -(woody), in version 5.3.3-4.2 for fetchmail for the old stable
- -distribution (potato) and in version 6.1.0-1 for both fetchmail and
- -fetchmail-ssl for the unstable distribution (sid).  There are no
- -fetchmail-ssl packages for the old stable distribution (potato) and
- -thus no updates.</p>
+<p>ЭÑ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в веÑ?Ñ?ии 5.9.11-6.1 длÑ?
+пакеÑ?ов fetchmail и fetchmail-ssl в Ñ?екÑ?Ñ?ем Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке
+(woody), в веÑ?Ñ?ии 5.3.3-4.2 длÑ? пакеÑ?а fetchmail в пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?абилÑ?ном
+вÑ?пÑ?Ñ?ке (potato) и в веÑ?Ñ?ии 6.1.0-1 длÑ? пакеÑ?ов fetchmail и
+fetchmail-ssl в неÑ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (sid).  Ð?акеÑ?Ñ?
+fetchmail-ssl в пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (potato) оÑ?Ñ?Ñ?Ñ?Ñ?Ñ?вÑ?Ñ?Ñ?, и
+поÑ?Ñ?омÑ? они не бÑ?ли обновленÑ?.</p>
 
- -<p>We recommend that you upgrade your fetchmail packages immediately.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? как можно Ñ?коÑ?ее обновиÑ?Ñ? пакеÑ?Ñ? fetchmail.</p>
 </define-tag>
 
 # do not modify the following line
- --- english/security/2002/dsa-173.wml	2002-10-09 21:15:30.000000000 +0600
+++ russian/security/2002/dsa-173.wml	2016-02-19 21:54:11.511886061 +0500
@@ -1,22 +1,23 @@
- -<define-tag description>privilege escalation</define-tag>
+#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov"
+<define-tag description>повÑ?Ñ?ение пÑ?ивилегий</define-tag>
 <define-tag moreinfo>
- -<p>The developers of Bugzilla, a web-based bug tracking system,
- -discovered a problem in the handling of more than 47 groups.  When a
- -new product is added to an installation with 47 groups or more and
- -"usebuggroups" is enabled, the new group will be assigned a groupset
- -bit using Perl math that is not exact beyond 2<sup>48</sup>.
- -This results in
- -the new group being defined with a "bit" that has several bits set.
- -As users are given access to the new group, those users will also gain
- -access to spurious lower group privileges.  Also, group bits were not
- -always reused when groups were deleted.</p>
+<p>РазÑ?абоÑ?Ñ?ики Bugzilla, Ñ?иÑ?Ñ?емÑ? оÑ?Ñ?леживаниÑ? оÑ?ибок на оÑ?нове веб,
+обнаÑ?Ñ?жили пÑ?облемÑ?, коÑ?оÑ?аÑ? пÑ?оÑ?влÑ?еÑ?Ñ?Ñ? пÑ?и обÑ?абоÑ?ке более, Ñ?ем 47 гÑ?Ñ?пп.  Ð?огда
+добавлÑ?еÑ?Ñ?Ñ? новÑ?й пÑ?одÑ?кÑ? в Ñ?Ñ?Ñ?ановкÑ? Ñ? Ñ?же имеÑ?Ñ?имиÑ?Ñ? 47 или более гÑ?Ñ?ппами, а Ñ?акже
+когда вклÑ?Ñ?ена опÑ?иÑ? "usebuggroups", Ñ?о новой гÑ?Ñ?ппе бÑ?деÑ? назнаÑ?ен гÑ?Ñ?пповой биÑ?
+Ñ? иÑ?полÑ?зованием маÑ?емаÑ?иÑ?еÑ?кого модÑ?лÑ? Perl, коÑ?оÑ?Ñ?е не пÑ?едоÑ?Ñ?авлÑ?еÑ? Ñ?оÑ?нÑ?Ñ? Ñ?иÑ?ел болÑ?Ñ?е 2<sup>48</sup>.
+ЭÑ?о пÑ?иводиÑ? к Ñ?омÑ?, Ñ?Ñ?о
+новаÑ? гÑ?Ñ?ппа опÑ?еделÑ?еÑ?Ñ?Ñ? <q>биÑ?ом</q>, коÑ?оÑ?Ñ?е имееÑ? неÑ?колÑ?ко Ñ?Ñ?Ñ?ановленнÑ?Ñ? биÑ?ов.
+Ð?оÑ?колÑ?кÑ? полÑ?зоваÑ?ели полÑ?Ñ?аÑ?Ñ? доÑ?Ñ?Ñ?п к новой гÑ?Ñ?ппе, Ñ?о Ñ?Ñ?и полÑ?зоваÑ?ели Ñ?акже оÑ?ибоÑ?но полÑ?Ñ?аÑ?Ñ?
+доÑ?Ñ?Ñ?п к более низким гÑ?Ñ?ппам.  Ð?Ñ?оме Ñ?ого, биÑ?Ñ? гÑ?Ñ?пп не вÑ?егда
+повÑ?оÑ?но иÑ?полÑ?зÑ?Ñ?Ñ?Ñ?Ñ? пÑ?и Ñ?далении гÑ?Ñ?ппÑ?.</p>
 
- -<p>This problem has been fixed in version 2.14.2-0woody2 for the current
- -stable distribution (woody) and will soon be fixed in the unstable
- -distribution (sid).  The old stable distribution (potato) doesn't
- -contain a bugzilla package.</p>
+<p>ЭÑ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в веÑ?Ñ?ии 2.14.2-0woody2 длÑ? Ñ?екÑ?Ñ?его
+Ñ?Ñ?абилÑ?ного вÑ?пÑ?Ñ?ка (woody) и Ñ?коÑ?о бÑ?деÑ? иÑ?пÑ?авлена в неÑ?Ñ?абилÑ?ном
+вÑ?пÑ?Ñ?ке (sid).  Ð? пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (potato) пакеÑ?
+bugzilla оÑ?Ñ?Ñ?Ñ?Ñ?Ñ?вÑ?еÑ?.</p>
 
- -<p>We recommend that you upgrade your bugzilla package.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ? bugzilla.</p>
 </define-tag>
 
 # do not modify the following line
- --- english/security/2002/dsa-193.wml	2002-11-18 15:45:39.000000000 +0500
+++ russian/security/2002/dsa-193.wml	2016-02-19 21:40:11.662854773 +0500
@@ -1,21 +1,22 @@
- -<define-tag description>buffer overflow</define-tag>
+#use wml::debian::translation-check translation="1.3" maintainer="Lev Lamberov"
+<define-tag description>пеÑ?еполнение бÑ?Ñ?еÑ?а</define-tag>
 <define-tag moreinfo>
 <p>iDEFENSE <a href="http://www.idefense.com/advisory/11.11.02.txt";>\
- -reports</a> a security vulnerability in the klisa package, that
- -provides a LAN information service similar to "Network Neighbourhood",
- -which was discovered by Texonet.  It is possible for a local attacker
- -to exploit a buffer overflow condition in resLISa, a restricted
- -version of KLISa.  The vulnerability exists in the parsing of the
- -LOGNAME environment variable, an overly long value will overwrite the
- -instruction pointer thereby allowing an attacker to seize control of
- -the executable.</p>
+Ñ?ообÑ?аеÑ?</a> об Ñ?Ñ?звимоÑ?Ñ?и в пакеÑ?е klisa, пÑ?едоÑ?Ñ?авлÑ?Ñ?Ñ?ем
+Ñ?лÑ?жбÑ? инÑ?оÑ?маÑ?ии локалÑ?ной Ñ?еÑ?и, Ñ?Ñ?ожÑ?Ñ? Ñ? <q>СеÑ?евÑ?м окÑ?Ñ?жением</q>,
+Ñ?Ñ?звимоÑ?Ñ?Ñ? обнаÑ?Ñ?жена Texonet.  Ð?окалÑ?нÑ?й злоÑ?мÑ?Ñ?ленник можеÑ?
+иÑ?полÑ?зоваÑ?Ñ? Ñ?оÑ?Ñ?оÑ?ние пеÑ?еполнениÑ? бÑ?Ñ?еÑ?а в resLISa, огÑ?аниÑ?енной
+веÑ?Ñ?ии KLISa.  ЭÑ?а Ñ?Ñ?звимоÑ?Ñ?Ñ? пÑ?иÑ?Ñ?Ñ?Ñ?Ñ?вÑ?еÑ? в коде длÑ? гÑ?аммаÑ?иÑ?еÑ?кого Ñ?азбоÑ?а
+пеÑ?еменной окÑ?Ñ?жениÑ? LOGNAME, Ñ?Ñ?езмеÑ?но болÑ?Ñ?ое знаÑ?ение пеÑ?езапиÑ?Ñ?ваеÑ?
+Ñ?казаÑ?елÑ? инÑ?Ñ?Ñ?Ñ?кÑ?ии, Ñ?Ñ?о позволÑ?еÑ? злоÑ?мÑ?Ñ?ленникÑ? пеÑ?еÑ?ваÑ?Ñ?ваÑ?Ñ? Ñ?пÑ?авление
+иÑ?полнÑ?емÑ?м Ñ?айлом.</p>
 
- -<p>This problem has been fixed in version 2.2.2-14.2 for the current stable
- -distribution (woody) and in version 2.2.2-14.3 for the unstable
- -distribution (sid).  The old stable distribution (potato) is not
- -affected since it doesn't contain a kdenetwork package.</p>
+<p>ЭÑ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в веÑ?Ñ?ии 2.2.2-14.2 в Ñ?екÑ?Ñ?ем Ñ?Ñ?абилÑ?ном
+вÑ?пÑ?Ñ?ке (woody) и в веÑ?Ñ?ии 2.2.2-14.3 в неÑ?Ñ?абилÑ?ном
+вÑ?пÑ?Ñ?ке (sid).  Ð?Ñ?едÑ?дÑ?Ñ?ий Ñ?Ñ?абилÑ?нÑ?й вÑ?пÑ?Ñ?к (potato) не
+подвеÑ?жен данной пÑ?облеме, Ñ?ак как в нÑ?м оÑ?Ñ?Ñ?Ñ?Ñ?Ñ?вÑ?еÑ? пакеÑ? kdenetwork.</p>
 
- -<p>We recommend that you upgrade your klisa package immediately.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? как можно Ñ?коÑ?ее обновиÑ?Ñ? пакеÑ? klisa.</p>
 </define-tag>
 
 # do not modify the following line
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJWx1UdAAoJEF7nbuICFtKl0RcP/RJp21oFkEOv3Vz+5EkaiBHy
xFT90eY4u2SD2qZGYyqhkRijo8sGPYfqdS0idJzatDZo5WeXVHUhsHr5T/r0ZYeu
HlmVqvf6tF1dxDK2cP7ZDH9IWu4EgRU+8II8TSalzv/aOOr6cRIBE3Wf5xOCHAY/
Y43OE8dvGtmzzL5aruHp9ppi4E5aRO0dVO2WcXsbvVFbcbrXdlD1SRnmY58siEKg
8qmHSe8K5ORWRuLieFsToPriscYzWbAiKvXF63QgNnECtNJalwQRbZTX6wj0EUEf
jWzUuMOxYjkH6mvvnvts8dTniKXBXp4DjsfkjjLKgSuci+K1DGxmKtYhv3wkMKaz
r9IqAxKXX9zBMS2TE3YQJkuB4zIcFfb30t3/p1fOiCtoM04kgK08IkiEXoYp4865
twEiNmRuiLiONKD/y/ygPD9GAnRiUTs9/novPgz43Un6Conr33LFTvjF1MAsj9mi
Da+BKNmdmzMBRTs0Or5bjMW6zfF3/iH8+TlvQbmAk0s/Ho7aYjaNrKNLF6UZLrmO
B1ThJYWF727ojvT92+fyj3H01fw4Yz1ilKrBnLbIKo17f4hMPl/z8rAVZDq1S81y
+MXREBJZeWJcmQYc6YxFjb79cUNDMFImGmsAEeCSYhZ7+VQ842pSSuZne7Jp5sd0
dQGlgkCPaMIC/c0qAVud
=CP8J
-----END PGP SIGNATURE-----
Reply to: