* CVE-2020-24583 Description: "An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command." * CVE-2020-24584 Description: "An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077."
Please bump to 2.2.16, 3.0.10, 3.1.1.
Already started doing that, Sir, before I read the mail!
(In reply to Michał Górny from comment #2) > Already started doing that, Sir, before I read the mail! Whatever you say ;). Thank you!
x86 stable
amd64 stable
Resetting sanity check; keywords are not fully specified and arches are not CC-ed.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=468ced3f2059b2c230993b58dc1b221e0b74355d commit 468ced3f2059b2c230993b58dc1b221e0b74355d Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2020-09-03 19:57:37 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2020-09-03 19:57:37 +0000 dev-python/django: Remove old Bug: https://bugs.gentoo.org/739952 Signed-off-by: Michał Górny <mgorny@gentoo.org> dev-python/django/Manifest | 5 --- dev-python/django/django-2.2.13.ebuild | 78 --------------------------------- dev-python/django/django-2.2.15.ebuild | 78 --------------------------------- dev-python/django/django-3.0.8.ebuild | 79 ---------------------------------- dev-python/django/django-3.0.9.ebuild | 79 ---------------------------------- dev-python/django/django-3.1.ebuild | 79 ---------------------------------- 6 files changed, 398 deletions(-)
Unable to check for sanity: > no match for package: dev-python/django-3.0.10
Unable to check for sanity: > no match for package: dev-python/django-2.2.16-r1