http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1893 "WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to "publish a previously saved post."" http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1897 "SQL injection vulnerability in xmlrpc.php in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable." All active FE releases have 2.1.3-RC2 which seems affected. 2.1.3 final is said to fix these issues.
New packages built (2.1.3 final)