new mailman < 2.1.31 content injection vulnerability

similar to CVE-2018-13796 (not sure if they'll reuse that no. so
not including in Security: tags below)

https://bugs.launchpad.net/mailman/+bug/1873722

Security: 88760f4d-8ef7-11ea-a66d-4b2ef158be83