Mailman is a program used to help manage email discussion lists.Multiple input sanitization flaws were found in the way Mailman displayedusernames of subscribed users on certain pages. If a user who is subscribedto a mailing list were able to trick a victim into visiting one of thosepages, they could perform a cross-site scripting (XSS) attack against thevictim. (CVE-2011-0707)Multiple input sanitization flaws were found in the way Mailman displayedmailing list information. A mailing list administrator could use this flawto conduct a cross-site scripting (XSS) attack against victims viewing alist's "listinfo" page. (CVE-2008-0564, CVE-2010-3089)Red Hat would like to thank Mark Sapiro for reporting the CVE-2011-0707 andCVE-2010-3089 issues.Users of mailman should upgrade to this updated package, which containsbackported patches to correct these issues.