Debian Security Advisory DSA 094-1 (mailman)

The remote host is missing an update to mailman announced via advisory DSA 094-1.
Barry A. Warsaw reported several cross-site scripting security holes in Mailman, due to non-existent escaping of CGI variables. These have been fixed upstream in version 2.0.8, and the relevant patches have been backported to version 1.1-10 in Debian.