Security release for mailman (ver 2.0.6) was released by the authors July 25... when will RedHat get around to releasing the fix?
Mailman 2.0.7 is in RawHide, and seems to work all right
https://www.redhat.com/support/errata/RHSA-2001-169.html