[3.0.x] Added CVE-2020-24583 & CVE-2020-24584 to security archive.

Backport of d5b526bf78 from master
2020-09-01 11:32:57 +02:00 · 2020-09-01 11:32:57 +02:00 · 1734484f12
parent 26323dbcf4
commit 1734484f12
1 changed files with 28 additions and 0 deletions
--- a/docs/releases/security.txt
+++ b/docs/releases/security.txt
@ -1106,3 +1106,31 @@ Versions affected

 * Django 3.0 :commit:`(patch) <1f2dd37f6fcefdd10ed44cb233b2e62b520afb38>`
 * Django 2.2 :commit:`(patch) <6d61860b22875f358fac83d903dc629897934815>`
+
+September 1, 2020 - :cve:`2020-24583`
+-------------------------------------
+
+Incorrect permissions on intermediate-level directories on Python 3.7+. `Full
+description
+<https://www.djangoproject.com/weblog/2020/sep/01/security-releases/>`__
+
+Versions affected
+~~~~~~~~~~~~~~~~~
+
+* Django 3.1 :commit:`(patch) <934430d22aa5d90c2ba33495ff69a6a1d997d584>`
+* Django 3.0 :commit:`(patch) <08892bffd275c79ee1f8f67639eb170aaaf1181e>`
+* Django 2.2 :commit:`(patch) <375657a71c889c588f723469bd868bd1d40c369f>`
+
+September 1, 2020 - :cve:`2020-24584`
+-------------------------------------
+
+Permission escalation in intermediate-level directories of the file system
+cache on Python 3.7+. `Full description
+<https://www.djangoproject.com/weblog/2020/sep/01/security-releases/>`__
+
+Versions affected
+~~~~~~~~~~~~~~~~~
+
+* Django 3.1 :commit:`(patch) <2b099caa5923afa8cfb5f1e8c0d56b6e0e81915b>`
+* Django 3.0 :commit:`(patch) <cdb367c92a0ba72ddc0cbd13ff42b0e6df709554>`
+* Django 2.2 :commit:`(patch) <a3aebfdc8153dc230686b6d2454ccd32ed4c9e6f>`