1.27. I believe that I found a sensitive security bug in Mailman – who do I contact?

From Barry Warsaw:

 As a general rule, you can post security issues to
 mailman-security@python.org, which is a closed distribution list.

Please do not otherwise discuss sensitive security issues on any public mailing list, until such time as an official announcement has been made, including availability of a patch, etc....

Even if the issue has been publicly discussed in other forums, you should wait for the official announcements before discussing them publicly, whether on mailman-users, mailman-developers, or elsewhere.

Converted from the Mailman FAQ Wizard

This is one of many Frequently Asked Questions.