Debian Linux Security Advisory 3338-1 – Lin Hua Cheng discovered that a session could be created when anonymously accessing the django.contrib.auth.views.logout view. This could allow remote attackers to saturate the session store or cause other users’ session records to be evicted.