Abel Cheung's character set SQL injection vulnerability is 9 days old. I've been reading through these forums but can't find thing on it.
Is 1.3 MU affected by it, and how would one upgrade to fix it? the latest.zip file still shows $wp_version at 2.3.1.
Also, all the docs I've seen about upgrading are for 1.2.x to 1.3. Does the "Upgrade Site" script in the Site Admin menu auto-grab new versions? Or should a new latest.zip be downloaded and put in a specific directory?