CVE-2020-24583

Priority
Description
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and
3.1 before 3.1.1 (when Python 3.7+ is used).
FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to
intermediate-level directories created in the process of uploading files.
It was also not applied to intermediate-level collected static directories
when using the collectstatic management command.
Assigned-to
mdeslaur
Notes
mdeslaurThis issue is caused by a behavioural change in Python 3.7.
While python3.7 is available for bionic, it doesn't replace
python3.6, so bionic is not affected by this issue.
Package
Upstream:released (2.2.16)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (doesn't use python3.7)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (doesn't use python3.7)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (doesn't use python3.7)
Ubuntu 20.04 LTS (Focal Fossa):released (2:2.2.12-1ubuntu0.2)
Ubuntu 20.10 (Groovy Gorilla):released (2:2.2.16-1)
More Information

Updated: 2020-09-18 04:45:55 UTC (commit 138a3b00836060d8cce6678d1a23781391e3219f)