The cross-site scripting bug in Mailman 2.1.0 that was reported on Bugtraq has been fixed. My thanks to all who reported this (except unfortunately the person who posted it to bugtraq before contacting me first. :/ ). Special thanks to Tokio Kikuchi who worked out the essential fix.
The patch is at:
(see the file xss-2.1.0-patch.txt)
And the original Bugtraq announcement is here:
This patch will be part of Mailman 2.1.1 which is nearing release.