this is scheduled to be included in the mailman-2.1.6 release, which is currently in beta testing and should be out soon. Once upstream releases we'll pull in that release to fix this issue.
Closing as WONTFIX, we don't consider this a security issue worthy of an update to RHEL4.