Debian Linux Security Advisory 3678-1 - Sergey Bobrov discovered that cookie parsing in Django and Google Analytics interacted such a way that an attacker could set arbitrary cookies. This allows other malicious web sites to bypass the Cross-Site Request Forgery (CSRF) protections built into Django.
ca95b0a735b7833fab215c8cd225e9f45f2155853007fe8f4abf34c989e7cc84