Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
base: 3c40c276fa38
Choose a base ref
...
head repository: NixOS/nixpkgs
compare: 9ea8fd6df1b9
Choose a head ref
  • 2 commits
  • 1 file changed
  • 2 contributors

Commits on Nov 25, 2020

  1. cassandra_3_0: 3.0.17 -> 3.0.23 

    Reason: Fixes CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability

Description:
It is possible for a local attacker without access to the Apache Cassandra
process or configuration files to manipulate the RMI registry to perform a
man-in-the-middle attack and capture user names and passwords used to access
the JMX interface. The attacker can then use these credentials to access
the JMX interface and perform unauthorised operations.

Users should also be aware of CVE-2019-2684, a JRE vulnerability that enables
this issue to be exploited remotely.

3.0.x users should upgrade to 3.0.22
    @redvers
    redvers committed Nov 25, 2020
    Copy the full SHA
    1431c3c View commit details
    Browse the repository at this point in the history

Commits on Nov 28, 2020

  1. Merge pull request #104841 from redvers/update_cassandra_3.0.17_to_3.… 

    …0.23_cve-2020-13946

cassandra_3_0: 3.0.17 -> 3.0.23
    @andir
    andir committed Nov 28, 2020
    Copy the full SHA
    9ea8fd6 View commit details
    Browse the repository at this point in the history