This security update fixes problems in the XMLRPC interface where
ACLs where not checked correctly sometimes, making it possible to access
information that should not have been accessible.

This only affects users who have enabled the XMLRPC interface (default
is off).

This update also includes a fix that caused errors in the general ACL
checking function under certain conditions. No exploits are known for
this problem though.