WordPress.org has released WordPress 2.6.5 version everyone should upgrade their blog with latest version and which makes your site secure and about this matter official blog site posted in details. Given below:
The security issue is an XSS exploit discovered by Jeremias Reith that fortunately only affects IP-based virtual servers running on Apache 2.x. If you are interested only in the security fix, copy wp-includes/feed.php and wp-includes/version.php from the 2.6.5 release package.
2.6.5 contains three other small fixes in addition to the XSS fix. The first prevents accidentally saving post meta information to a revision. The second prevents XML-RPC from fetching incorrect post types. The third adds some user ID sanitization during bulk delete requests. For a list of changed files, consult the full changeset between 2.6.3 and 2.6.5.
Note that, their is no version 2.6.4. You will get 2.6.3 and 2.6.5 versions and the 2.6.4 which is a fake version and you should avoid it.You can get details informations from The Register & Westi’s blog site.