The good folks over at interconnect/it have backported the recent security updates for WordPress to the 3.5 and 3.6 branches, due to having some clients running older versions that, for whatever reason, aren’t able to upgrade at this time. They’ve included both SVN patch files and a full zip of changed files for sites not on version control.
Of course, the best course of action is to upgrade to 3.8.2 (and soon, 3.9), but if for some reason that’s not feasible for a site you maintain, these patches could save your bacon.
I was wondering if those who are not able to update their WP’s, (presumably because they’ve modified the core files) would update their installs with security patches? After all that’s almost like a complete upgrade, which would be better anyways.
Nevertheless it’s awesome that interconnect/it helps out the community!