Index: wp-admin/admin-functions.php
===================================================================
--- wp-admin/admin-functions.php	(revision 3856)
+++ wp-admin/admin-functions.php	(working copy)
@@ -1883,11 +1883,11 @@
 	// Move the file to the uploads dir
 	$new_file = $uploads['path'] . "/$filename";
 	if ( false === @ move_uploaded_file($file['tmp_name'], $new_file) )
-		die(printf(__('The uploaded file could not be moved to %s.'), $file['path']));
+		die(printf(__('The uploaded file could not be moved to %s.'), $uploads['path']));
 
 	// Set correct file permissions
 	$stat = stat(dirname($new_file));
-	$perms = $stat['mode'] & 0000666;
+	$perms = $stat['mode'] & 0664; // never executable, never world-writable
 	@ chmod($new_file, $perms);
 
 	// Compute the URL