http://www.php.net/
http://news.netcraft.com/archives/2005/07/04/php_blogging_apps_vulnerable_to_xmlrpc_exploits.html

The issue isn't just pear; a lot of common php apps - Tikiwiki; PostNuke; Drupal; b2evolution etc, which ship with their own versions of the xmlrpc(s).inc files.

Affected programs will need updating. The fix I'm using, is to grep all xmlrpc*.inc files for eval('$m->addParam(' . $_xh[$parser]['params'][$i]. ");"); and then overwrite the effected xmlrpc.inc and xmlrpcs.inc files with the updated ones, across the board.

--HV

More investigation found that --with-xmlrpc is not effected