[2.2.x] Added CVE-2020-24583 & CVE-2020-24584 to security archive.

Backport of d5b526b from master
django · Sep 1, 2020 · 0f6e73e · 0f6e73e
1 parent 65078cf
commit 0f6e73e
Showing 1 changed file with 28 additions and 0 deletions.
diff --git a/docs/releases/security.txt b/docs/releases/security.txt
@@ -1106,3 +1106,31 @@ Versions affected
 
 * Django 3.0 :commit:`(patch) <1f2dd37f6fcefdd10ed44cb233b2e62b520afb38>`
 * Django 2.2 :commit:`(patch) <6d61860b22875f358fac83d903dc629897934815>`
+
+September 1, 2020 - :cve:`2020-24583`
+-------------------------------------
+
+Incorrect permissions on intermediate-level directories on Python 3.7+. `Full
+description
+<https://www.djangoproject.com/weblog/2020/sep/01/security-releases/>`__
+
+Versions affected
+~~~~~~~~~~~~~~~~~
+
+* Django 3.1 :commit:`(patch) <934430d22aa5d90c2ba33495ff69a6a1d997d584>`
+* Django 3.0 :commit:`(patch) <08892bffd275c79ee1f8f67639eb170aaaf1181e>`
+* Django 2.2 :commit:`(patch) <375657a71c889c588f723469bd868bd1d40c369f>`
+
+September 1, 2020 - :cve:`2020-24584`
+-------------------------------------
+
+Permission escalation in intermediate-level directories of the file system
+cache on Python 3.7+. `Full description
+<https://www.djangoproject.com/weblog/2020/sep/01/security-releases/>`__
+
+Versions affected
+~~~~~~~~~~~~~~~~~
+
+* Django 3.1 :commit:`(patch) <2b099caa5923afa8cfb5f1e8c0d56b6e0e81915b>`
+* Django 3.0 :commit:`(patch) <cdb367c92a0ba72ddc0cbd13ff42b0e6df709554>`
+* Django 2.2 :commit:`(patch) <a3aebfdc8153dc230686b6d2454ccd32ed4c9e6f>`