This update for mailman fixes the following issues: - Fixed a XSS vulnerability and information leak in user options CGI, which could be used to execute arbitrary scripts in the user"s browser via specially encoded URLs - Fixed a directory traversal vulnerability in MTA transports when using the recommended Mailman Transport for Exim - Fixed a XSS vulnerability, which allowed malicious listowners to inject scripts into the listinfo pages - Fixed arbitrary text injection vulnerability in several mailman CGIs - Fixed a CSRF vulnerability on the user options page