I'm announcing the release of Mailman 2.0.11 which fixes two cross-site scripting exploits, one reported by "office" in the admin login page, and another reported by Tristan Roddis in the Pipermail index summaries.
It is recommended that all sites upgrade their 2.0.x systems to this version.
As usual, I've made both full source tarballs and patches available. See
for links to download all the patches and the source tarball. If you decide to install the patches, please do read the release notes first:
http://www.gnu.org/software/mailman http://www.list.org http://mailman.sf.net