-The last fix for bnc#697638 unfortunately added executable bits to all the files
in the /var/lib/mailman/archives directory (recursively), so I
changed it to modify only the permissions of
/var/lib/mailman/archives/private directory.

-Fixed bnc#697638 - VUL-1: mailman data leak, by changing directory
owners and permissions in spec file
-This also fixes bnc#750259, cloned as bnc#754623 - mailman logrotation
errors out because of non-root directory ownership

- fixed a XSS vulnerability in confirm.py (CVE-2011-0707, bnc#671745)

- update to 2.1.14:
- Two potential XSS vulnerabilities have been identified and fixed.
- Various i18n updates
- A new feature for controlling the addition/replacement of the Sender:
header in outgoing mail has been implemented. This allows a list owner
to set include_sender_header on the list's General Options page in the
admin GUI. The default for this setting is Yes which preserves the prior
behavior of removing any pre-existing Sender: and setting it to the
list's -bounces address. Setting this to No stops Mailman from adding or
modifying the Sender: at all.
- long list of bug fixes and enhancements, see included NEWS for details

- updated patches to apply with fuzz=0