[DONE] wml://security/2011/dsa-2{233,345}.wml
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- --- english/security/2011/dsa-2233.wml 2014-04-30 13:16:24.000000000 +0600
+++ russian/security/2011/dsa-2233.wml 2016-10-02 01:42:06.649989971 +0500
@@ -1,39 +1,40 @@
- -<define-tag description>several vulnerabilities</define-tag>
+#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov"
+<define-tag description>неÑ?колÑ?ко Ñ?Ñ?звимоÑ?Ñ?ей</define-tag>
<define-tag moreinfo>
- -<p>Several vulnerabilities were discovered in Postfix, a mail transfer
- -agent. The Common Vulnerabilities and Exposures project identifies
- -the following problems:</p>
+<p>Ð? Postfix, агенÑ?е пеÑ?едаÑ?и Ñ?лекÑ?Ñ?онной поÑ?Ñ?Ñ?, бÑ?ло обнаÑ?Ñ?жено неÑ?колÑ?ко
+Ñ?Ñ?звимоÑ?Ñ?ей. Ð?Ñ?оекÑ? Common Vulnerabilities and Exposures опÑ?еделÑ?еÑ?
+Ñ?ледÑ?Ñ?Ñ?ие пÑ?облемÑ?:</p>
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2009-2939";>CVE-2009-2939</a>
- - <p>The postinst script grants the postfix user write access to
- - /var/spool/postfix/pid, which might allow local users to
- - conduct symlink attacks that overwrite arbitrary files.</p></li>
+ <p>СÑ?енаÑ?ий, запÑ?Ñ?каемÑ?й поÑ?ле Ñ?Ñ?Ñ?ановки пакеÑ?а, даÑ?Ñ? полÑ?зоваÑ?елÑ? postfix доÑ?Ñ?Ñ?п к
+ /var/spool/postfix/pid Ñ? пÑ?авом на запиÑ?Ñ?, Ñ?Ñ?о можеÑ? позволиÑ?Ñ? локалÑ?нÑ?м полÑ?зоваÑ?елÑ?м
+ вÑ?полнÑ?Ñ?Ñ? аÑ?аки Ñ?еÑ?ез Ñ?имволÑ?нÑ?е Ñ?Ñ?Ñ?лки Ñ? Ñ?елÑ?Ñ? пеÑ?езапиÑ?и пÑ?оизволÑ?нÑ?Ñ? Ñ?айлов.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2011-0411";>CVE-2011-0411</a>
- - <p>The STARTTLS implementation does not properly restrict I/O
- - buffering, which allows man-in-the-middle attackers to insert
- - commands into encrypted SMTP sessions by sending a cleartext
- - command that is processed after TLS is in place.</p></li>
+ <p>РеализаÑ?иÑ? STARTTLS непÑ?авилÑ?но огÑ?аниÑ?иваеÑ? бÑ?Ñ?еÑ?изаÑ?иÑ? ввода/вÑ?вода,
+ Ñ?Ñ?о позволÑ?еÑ? злоÑ?мÑ?Ñ?ленникам, вÑ?полнÑ?Ñ?Ñ?им аÑ?аки по пÑ?инÑ?ипÑ? Ñ?еловек-в-Ñ?еÑ?едине, вÑ?Ñ?авлÑ?Ñ?Ñ?
+ командÑ? в заÑ?иÑ?Ñ?ованнÑ?е SMTP-Ñ?еÑ?Ñ?ии пÑ?Ñ?Ñ?м оÑ?пÑ?авки командÑ? в виде обÑ?Ñ?ного
+ Ñ?екÑ?Ñ?а, коÑ?оÑ?аÑ? обÑ?абаÑ?Ñ?ваеÑ?Ñ?Ñ? поÑ?ле наÑ?Ñ?Ñ?ойки TLS.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2011-1720";>CVE-2011-1720</a>
- - <p>A heap-based read-only buffer overflow allows malicious
- - clients to crash the smtpd server process using a crafted SASL
- - authentication request.</p></li>
+ <p>Ð?еÑ?еполнение динамиÑ?еÑ?кой памÑ?Ñ?и, оÑ?кÑ?Ñ?Ñ?ой Ñ?олÑ?ко длÑ? Ñ?Ñ?ениÑ?, позволÑ?еÑ? злоÑ?мÑ?Ñ?ленникам
+ аваÑ?ийно оÑ?Ñ?анавливаÑ?Ñ? Ñ?еÑ?веÑ?нÑ?й пÑ?оÑ?еÑ?Ñ?, иÑ?полÑ?зÑ?Ñ? Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованнÑ?й запÑ?оÑ?
+ SASL-аÑ?Ñ?енÑ?иÑ?икаÑ?ии.</p></li>
</ul>
- -<p>For the oldstable distribution (lenny), this problem has been fixed in
- -version 2.5.5-1.1+lenny1.</p>
+<p>Ð? пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (lenny) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 2.5.5-1.1+lenny1.</p>
- -<p>For the stable distribution (squeeze), this problem has been fixed in
- -version 2.7.1-1+squeeze1.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (squeeze) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 2.7.1-1+squeeze1.</p>
- -<p>For the unstable distribution (sid), this problem has been fixed in
- -version 2.8.0-1.</p>
+<p>Ð? неÑ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (sid) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 2.8.0-1.</p>
- -<p>We recommend that you upgrade your postfix packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? postfix.</p>
</define-tag>
# do not modify the following line
- --- english/security/2011/dsa-2345.wml 2014-04-30 13:16:25.000000000 +0600
+++ russian/security/2011/dsa-2345.wml 2016-10-02 01:52:42.918248567 +0500
@@ -1,39 +1,40 @@
- -<define-tag description>several vulnerabilities</define-tag>
+#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov"
+<define-tag description>неÑ?колÑ?ко Ñ?Ñ?звимоÑ?Ñ?ей</define-tag>
<define-tag moreinfo>
- -<p>Several vulnerabilities have been discovered in Icedove, a mail client
- -based on Thunderbird.</p>
+<p>Ð? Icedove, поÑ?Ñ?овом клиенÑ?е на оÑ?нове Thunderbird, бÑ?ло обнаÑ?Ñ?жено
+неÑ?колÑ?ко Ñ?Ñ?звимоÑ?Ñ?ей.</p>
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2011-3647";>CVE-2011-3647</a>
- - <p>The JSSubScriptLoader does not properly handle
- - XPCNativeWrappers during calls to the loadSubScript method in
- - an add-on, which makes it easier for remote attackers to gain
- - privileges via a crafted web site that leverages certain
- - unwrapping behavior.</p></li>
+ <p>JSSubScriptLoader непÑ?авилÑ?но обÑ?абаÑ?Ñ?ваеÑ?
+ XPCNativeWrappers во вÑ?емÑ? вÑ?зовов меÑ?ода loadSubScript в
+ дополнении, Ñ?Ñ?о облегÑ?аеÑ? Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленникам задаÑ?Ñ? по полÑ?Ñ?ениÑ?
+ пÑ?ивилегий Ñ? помоÑ?Ñ?Ñ? Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованного веб-Ñ?айÑ?а, оÑ?Ñ?Ñ?еÑ?Ñ?влÑ?Ñ?Ñ?его опÑ?еделÑ?ннÑ?е
+ дейÑ?Ñ?виÑ?.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2011-3648";>CVE-2011-3648</a>
- - <p>A cross-site scripting (XSS) vulnerability allows remote
- - attackers to inject arbitrary web script or HTML via crafted
- - text with Shift JIS encoding.</p></li>
- -
- -<li><a href="https://security-tracker.debian.org/tracker/CVE-2011-3650";>CVE-2011-3650</a>
- - <p>Iceweasel does not properly handle JavaScript files that
- - contain many functions, which allows user-assisted remote
- - attackers to cause a denial of service (memory corruption and
- - application crash) or possibly have unspecified other impact
- - via a crafted file that is accessed by debugging APIs, as
- - demonstrated by Firebug.</p></li>
+ <p>Ð?ежÑ?айÑ?овÑ?й Ñ?кÑ?ипÑ?инг (XSS) позволÑ?еÑ? Ñ?далÑ?ннÑ?м
+ злоÑ?мÑ?Ñ?ленникам вводиÑ?Ñ? пÑ?оизволÑ?нÑ?й веб-Ñ?Ñ?енаÑ?ий или код HTML Ñ? помоÑ?Ñ?Ñ? Ñ?пеÑ?иалÑ?но
+ Ñ?Ñ?оÑ?миÑ?ованного Ñ?екÑ?Ñ?а в кодиÑ?овке Shift JIS.</p></li>
+
+<li><a href="https://security-tracker.debian.org/tracker/CVE-2011-3650";>CVE-2011-3650</a>
+ <p>Iceweasel непÑ?авилÑ?но обÑ?абаÑ?Ñ?ваеÑ? Ñ?айлÑ? JavaScript, Ñ?одеÑ?жаÑ?ие
+ много Ñ?Ñ?нкÑ?ий, Ñ?Ñ?о позволÑ?еÑ? Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленникам
+ вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании (повÑ?еждение Ñ?одеÑ?жимого памÑ?Ñ?и и
+ аваÑ?ийнаÑ? оÑ?Ñ?ановка пÑ?иложениÑ?) или оказÑ?ваÑ?Ñ? дÑ?Ñ?гое неопÑ?еделÑ?нное влиÑ?ние
+ на Ñ?иÑ?Ñ?емÑ? Ñ? помоÑ?Ñ?Ñ? Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованного Ñ?айла, к коÑ?оÑ?омÑ? обÑ?аÑ?аÑ?Ñ?Ñ?Ñ? Ñ?Ñ?нкÑ?ии API
+ оÑ?ладки, напÑ?имеÑ?, Ñ?Ñ?нкÑ?ии Firebug.</p></li>
</ul>
- -<p>For the stable distribution (squeeze), these problems have been fixed
- -in version 3.0.11-1+squeeze6.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (squeeze) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ?
+в веÑ?Ñ?ии 3.0.11-1+squeeze6.</p>
- -<p>For the testing distribution (wheezy) and the unstable distribution
- -(sid), these problems have been fixed in version 3.1.15-1.</p>
+<p>Ð? Ñ?еÑ?Ñ?иÑ?Ñ?емом (wheezy) и неÑ?Ñ?абилÑ?ном (sid) вÑ?пÑ?Ñ?каÑ?
+Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в веÑ?Ñ?ии 3.1.15-1.</p>
- -<p>We recommend that you upgrade your icedove packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? icedove.</p>
</define-tag>
# do not modify the following line
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJX8CIeAAoJEF7nbuICFtKlfeYQAJjrNIz/ZTXyHnkThQ/M/KNv
LqSN2uY0qta0lm9Or2y8dIlE0FZd94CPPRGqVVgVjDq6dTC9k4mOfIJLcMPZWdcr
8LKGtwuBxnGQmZXOyvbkCkyWSOCcTBT01uWk/xofjb7wCxD2ubCyKHBVViIPmLO4
qO50xvUm12jT5CjWg3UJvDV0qR0uoBuRVXxqq0tfDeEm6l4QElowVAp+oRhfVfq5
15yZtbtiCKBcK1aye7PZ0KnmAvx1PGVXCp7uP1RfgydhbJbZHsfqYGCtKqAoC9Yw
S5zal/r1ZKhwizno7Ui87bo21PXA7m/6jzkJ0WK9NjPyn26GsO01mkKraZXz1hk8
/JLVsB4QA99YPRRCKc7WYbIfmTsEz4zwEVw30gUmoUVZfcMklvw4b8H+P4BRmTsb
ShCmlDbZFukDjGZu6F0TlRKkg6ClAm28kz9ivqibKpANFfdksqIFimmujf9Yy47a
coDXWx48DnySMoZyUpQmmEOhWyvOUtHO9tuHPa68YIbmYJoNctK3kc06R7d9F0MQ
89c9lMMEIqWCPcx/qV20gFp8g7EaFGagu+ZZkWZzdWcbuPQ3ANZ93Htjq/6l9t31
zEmxcsBNe6GJjykNjNyWWKX9YE5rNQn31Cv0lKXx4jxl6RvlT7k85PWxiYvb1oof
0/YoexoYQIo3cxXYgMvf
=EFx2
-----END PGP SIGNATURE-----
Reply to: