Candidate: CVE-2015-3982
CRD: 2015-05-20
PublicDate: 2015-06-02 14:59:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3982
 https://www.djangoproject.com/weblog/2015/may/20/security-release/
Description:
 The session.flush function in the cached_db backend in Django 1.8.x before
 1.8.2 does not properly flush the session, which allows remote attackers to
 hijack user sessions via an empty string in the session key.
Ubuntu-Description: 
Notes: 
 mdeslaur> only affects 1.8.x
Bugs: 
Priority: medium
Discovered-by:
Assigned-to: 
CVSS: 

Patches_python-django:
upstream_python-django: released (1.8.2)
precise_python-django: not-affected
trusty_python-django: not-affected
trusty/esm_python-django: not-affected
utopic_python-django: not-affected
vivid_python-django: not-affected
devel_python-django: not-affected (1.7.6-1ubuntu2)