1
Candidate: CVE-2015-3982
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3982
6
https://www.djangoproject.com/weblog/2015/may/20/security-release/
8
The session.flush function in the cached_db backend in Django 1.8.x before
9
1.8.2 does not properly flush the session, which allows remote attackers to
10
hijack user sessions via an empty string in the session key.
13
mdeslaur> only affects 1.8.x
19
Patches_python-django:
20
upstream_python-django: released (1.8.2)
21
precise_python-django: not-affected
22
trusty_python-django: not-affected
23
utopic_python-django: not-affected
24
vivid_python-django: not-affected
25
devel_python-django: not-affected (1.7.6-1ubuntu2)