/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection. Reference: http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00036.html
Created mailman tracking bugs for this issue: Affects: fedora-31 [bug 1848859]
Patch: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1844
External References: https://bugs.launchpad.net/mailman/+bug/1873722
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-12108
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1751 https://access.redhat.com/errata/RHSA-2021:1751