A CSRF vulnerability was found in mailman's user options page. This could conceivably allow an attacker to obtain a user's password. References: https://mail.python.org/pipermail/mailman-announce/2016-August/000225.html
Created mailman tracking bugs for this issue: Affects: fedora-all [bug 1370156]
Upstream patch: https://mail.python.org/pipermail/mailman-announce/2016-August/000226.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:4913 https://access.redhat.com/errata/RHSA-2021:4913