Debian Security Advisory DSA 094-1 (mailman)

Summary
The remote host is missing an update to mailman announced via advisory DSA 094-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20094-1
Insight
Barry A. Warsaw reported several cross-site scripting security holes in Mailman, due to non-existent escaping of CGI variables. These have been fixed upstream in version 2.0.8, and the relevant patches have been backported to version 1.1-10 in Debian.