Several vulnerabilities have been fixed in the mailman package:
The cross-site scripting vulnerabilities could allow an attacker to
perform administrative operations without authorization, by stealing a
session cookie.
For the current stable distribution (woody) these problems have been
fixed in version 2.0.11-1woody7.
For the unstable distribution (sid),
CAN-2003-0965 is fixed in version 2.1.4-1, and
CAN-2003-0038 in version 2.1.1-1.
CAN-2003-0991 will be fixed soon.
We recommend that you update your mailman package.