The security fixes just keep on coming from the WordPress Team … I guess we should be happy that they actually publish them rather quick but two fixes in as many weeks is going to have a lot of people retrieving patches.
The update repairs a problem with the XML-RCP remote publishing features and also a problem where users can get elevated rights to modify or delete posts.
This is the feature that allows you to publish by email. This option is turned off by default and you can check your settings by going to your General/Writing settings in your dashboard.
It is suggested that you install this patch whether or not you make use of the remote publishing features.
The files that are changed include:
wp-includes/version.php xmlrpc.php readme.html wp-admin/includes/update-core.php
You can view the changes to the code here