mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-31 09:41:08 +00:00
Code Issues 32 Releases Wiki Activity

Fixed CVE-2020-24584 -- Fixed permission escalation in intermediate-level directories of the file system cache on Python 3.7+.

Browse Source
This commit is contained in:
Mariusz Felisiak
2020-08-21 12:43:45 +02:00
committed by Carlton Gibson
parent 8d7271578d
commit 1853724aca
5 changed files with 55 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
docs/releases/2.2.16.txt
View File

@@ -4,7 +4,7 @@ Django 2.2.16 release notes
*Expected September 1, 2020*
Django 2.2.16 fixes a security issue and two data loss bugs in 2.2.15.
Django 2.2.16 fixes two security issues and two data loss bugs in 2.2.15.
CVE-2020-24583: Incorrect permissions on intermediate-level directories on Python 3.7+
======================================================================================
@@ -17,6 +17,13 @@ files and to intermediate-level collected static directories when using the
You should review and manually fix permissions on existing intermediate-level
directories.
CVE-2020-24584: Permission escalation in intermediate-level directories of the file system cache on Python 3.7+
===============================================================================================================
On Python 3.7+, the intermediate-level directories of the file system cache had
the system's standard umask rather than ``0o077`` (no group or others
permissions).
Bugfixes
========