Updated Mailman packages are now available for Red Hat Linux 7.2. These updates fix cross-site scripting bugs which might allow another server to be used to gain a user's private information from a server running Mailman. This revision adds updated packages for the ia64 architecture.
A server running Mailmain versions prior to 2.0.8 will send certain user-modifiable data to clients without escaping embedded tags. This data may contain scripts which will then be executed by an unwary client, possibly transmitting private information to a third party. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2001-0884 to this issue.