Index: wp-admin/includes/update.php
===================================================================
--- wp-admin/includes/update.php	(revision 6350)
+++ wp-admin/includes/update.php	(working copy)
@@ -14,7 +14,7 @@
 	break;
 
 	case 'upgrade' :
-		return sprintf( '| <strong>'.__( 'Your WordPress %s is out of date. <a href="%s">Please update</a>.' ).'</strong>', $GLOBALS['wp_version'], $cur->url );
+		return sprintf( '| <strong>'.__( 'Your WordPress %s is out of date. <a href="%s">Please update</a>.' ).'</strong>', $GLOBALS['wp_version'], htmlspecialchars( $cur->url, ENT_QUOTES ) );
 	break;
 
 	case 'latest' :
@@ -32,7 +32,7 @@
 		return false;
 
 	if ( current_user_can('manage_options') )
-		$msg = sprintf( __('A new version of WordPress is available! <a href="%s">Please update now</a>.'), $cur->url );
+		$msg = sprintf( __('A new version of WordPress is available! <a href="%s">Please update now</a>.'), htmlspecialchars( $cur->url, ENT_QUOTES ) );
 	else
 		$msg = __('A new version of WordPress is available! Please notify the site administrator.');
 
@@ -113,8 +113,17 @@
 
 	$r = $current->response[ $file ];
 
+	$plugins_allowedtags = array('a' => array('href' => array(),'title' => array()),'abbr' => array('title' => array()),'acronym' => array('title' => array()),'code' => array(),'em' => array(),'strong' => array());
+
 	echo "<tr><td colspan='5' class='plugin-update'>";
-	printf( __('There is a new version of %s available. <a href="%s">Download version %s here</a>.'), $plugin_data['Name'], $r->url, $r->new_version );
+
+	printf(
+		__('There is a new version of %s available. <a href="%s">Download version %s here</a>.'),
+		wp_kses( $plugin_data['Name'], $plugins_allowedtags ),
+		htmlspecialchars( $r->url, ENT_QUOTES ),
+		htmlspecialchars( wp_kses( $r->new_version, $plugins_allowedtags ) )
+	);
+
 	echo "</td></tr>";
 }
 add_action( 'after_plugin_row', 'wp_plugin_update_row' );