CVE-2015-3982 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3982): The session.flush function in the cached_db backend in Django 1.8.x before 1.8.2 does not properly flush the session, which allows remote attackers to hijack user sessions via an empty string in the session key.
*django-1.8.2 (20 May 2015) 20 May 2015; Justin Lecher <jlec@gentoo.org> +django-1.8.2.ebuild, -django-1.8.1.ebuild, -django-1.8.ebuild: Version Bump; drop vulnerable Versions, CVE-2015-3982 Maintainers, in the future please open a security bug when you are aware of a vulnerability. Closing noglsa for ~arch only.