Mailman is a Python-based mailing list server with an extensive web interface.
Florian Weimer has discovered a cross-site scripting vulnerability in the error messages that are produced by Mailman.
By enticing a user to visiting a specially-crafted URL, an attacker can execute arbitrary script code running in the context of the victim's browser.
There is no known workaround at this time.
All Mailman users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-mail/mailman-2.1.5-r3"