CVE-2014-8583 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8583): mod_wsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors. Maintainers, please call for stabilization on the version you would prefer to be the candidate.
Bug 533312 was already open, so let's do 4.3.0?
This issue was resolved and addressed in GLSA 201612-49 at https://security.gentoo.org/glsa/201612-49 by GLSA coordinator Thomas Deutschmann (whissi).