CVE-2011-0707 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0707): Multiple cross-site scripting (XSS) vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) full name or (2) username field in a confirmation message.
I've committed mailman 2.1.15, which fixes this, but I'd like to wait some days for possible issues to pop up before stabilization.
I think we can go on with stabilizing. Archs, please go ahead, stabilization target: KEYWORDS="amd64 ppc sparc x86"
amd64 stable
ppc stable
x86 stable
sparc keywords dropped
Thanks, folks. Closing noglsa for XSS.