CVE-2020-24584

Priority
Description
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and
3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level
directories of the filesystem cache had the system's standard umask rather
than 0o077.
Assigned-to
mdeslaur
Notes
mdeslaurThis issue is caused by a behavioural change in Python 3.7.
While python3.7 is available for bionic, it doesn't replace
python3.6, so bionic is not affected by this issue.
Package
Upstream:released (2.2.16)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (doesn't use python3.7)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (doesn't use python3.7)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (doesn't use python3.7)
Ubuntu 20.04 LTS (Focal Fossa):released (2:2.2.12-1ubuntu0.2)
Ubuntu 20.10 (Groovy Gorilla):released (2:2.2.16-1)
More Information

Updated: 2020-09-18 04:45:56 UTC (commit 138a3b00836060d8cce6678d1a23781391e3219f)