From CVE-2006-4624 description: CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via a carriage return/line feed sequences in the URI. Reproducible: Always Steps to Reproduce:
2.1.9rc1 went stable more than a year ago. *** This bug has been marked as a duplicate of bug 139976 ***