diff -Nru apport-2.20.11/data/apport apport-2.20.11/data/apport
--- apport-2.20.11/data/apport	2020-01-06 23:58:40.000000000 +1030
+++ apport-2.20.11/data/apport	2020-02-11 15:50:22.000000000 +1030
@@ -15,7 +15,7 @@
 
 import sys, os, os.path, subprocess, time, traceback, pwd, io
 import signal, inspect, grp, fcntl, socket, atexit, array, struct
-import errno, argparse
+import errno, argparse, shutil, stat
 
 import apport, apport.fileutils
 
@@ -34,13 +34,27 @@
 
     # create lock file directory
     try:
-        os.mkdir("/var/lock/apport", mode=0o744)
+        os.mkdir("/var/lock/apport", mode=0o755)
     except FileExistsError as e:
-        pass
+        # check mode and owner of directory
+        try:
+            st = os.stat("/var/lock/apport", follow_symlinks=False)
+            if not stat.S_ISDIR(st.st_mode):
+                error_log('/var/lock/apport exists but is not a directory... recreating it.')
+                os.unlink('/var/lock/apport')
+                os.mkdir("/var/lock/apport", mode=0o755)
+            elif st.st_uid != 0 or stat.S_IMODE(st.st_mode) != 0o755:
+                error_log('/var/lock/apport already exists but is not owned by root with correct mode... recreating it.')
+                shutil.rmtree('/var/lock/apport')
+                os.mkdir("/var/lock/apport", mode=0o755)
+        except OSError as e:
+            error_log('could not recreate /var/lock/apport with correct owner / mode: %s' % str(e))
+            sys.exit(1)
 
     # create a lock file
     try:
-        fd = os.open("/var/lock/apport/lock", os.O_WRONLY | os.O_CREAT | os.O_NOFOLLOW)
+        fd = os.open("/var/lock/apport/lock", os.O_WRONLY | os.O_CREAT | os.O_NOFOLLOW,
+                     mode=0o400)
     except OSError as e:
         error_log('cannot create lock file (uid %i): %s' % (os.getuid(), str(e)))
         sys.exit(1)
diff -Nru apport-2.20.11/debian/changelog apport-2.20.11/debian/changelog
--- apport-2.20.11/debian/changelog	2020-01-06 23:58:40.000000000 +1030
+++ apport-2.20.11/debian/changelog	2020-02-11 15:50:22.000000000 +1030
@@ -1,3 +1,13 @@
+apport (2.20.11-0ubuntu17) focal; urgency=medium
+
+  * SECURITY UPDATE: World writable lock file created in word writable
+    location (LP: #1862348)
+    - data/apport: Removing any existing /var/lock/apport which does not belong
+      there and ensure the lock file itself is created with a restricted
+      permission mask so that unprivileged users cannot write to it.
+    - CVE-2020-8831  
+ -- Alex Murray <alex.murray@canonical.com>  Tue, 11 Feb 2020 15:50:22 +1030
+
 apport (2.20.11-0ubuntu16) focal; urgency=medium
 
   * SECURITY REGRESSION: 'module' object has no attribute 'O_PATH'