Updated mailman packages are available for Debian 7 LTS
Package : mailman
Version : 1:2.1.15-1+deb7u2
CVE ID : CVE-2016-6893
Debian Bug : 835970
It was discovered that there was a CSRF vulnerability in mailman, a
web-based mailing list manager, which could allow an attacker to obtain
a user's password.
For Debian 7 "Wheezy", this issue has been fixed in mailman version
1:2.1.15-1+deb7u2.
We recommend that you upgrade your mailman packages.