Listserv Vulnerability

The ISC reports a vulnerability in Listserv software. NGSSoftware says they will disclose the details of the vulnerability in June. The upgrade is available now.
Here’s the problem are people back on 1.8 effected? What is the vulnerability? If it is in the web site, fine, we dont expose that to the internet. But if the problem accessible via smtp, then there is a problem we need to deal with now.
You see, limited disclosure really doesn’t help when a product is a pain to upgrade like listserv.