this is scheduled to be included in the mailman-2.1.6 release, which
is currently in beta testing and should be out soon. Once upstream
releases we'll pull in that release to fix this issue.
Closing as WONTFIX, we don't consider this a security issue worthy of an update