severity 987654 serious thanksUpping priority to serious as this is technically a violation of policy that all software in main should be self-contained to main, and I believe there is a general acceptance in Debian that such privacy breaches are not acceptable (see also #726998).
I can also confirm that I finished testing the upstream patch and it worked as expected after running "sudo mailman-web collectstatic --clear && sudo mailman-web compress".
-- Kunal
