Updated mailman packages are available for Debian 7 LTS

Package : mailman
Version : 1:2.1.15-1+deb7u2
CVE ID : CVE-2016-6893
Debian Bug : 835970

It was discovered that there was a CSRF vulnerability in mailman, a
web-based mailing list manager, which could allow an attacker to obtain
a user's password.

For Debian 7 "Wheezy", this issue has been fixed in mailman version
1:2.1.15-1+deb7u2.

We recommend that you upgrade your mailman packages.