Forum OpenACS Q&A: AOLserver security
It's a small bug in the the external database driver interface, which AFAIK no one using OpenACS ever uses at all. The Oracle and PostgreSQL database drivers are "internal" drivers and are not effected. In the unlikely event that you are using an "external" database driver of some sort with AOLserver, then you might want to patch that bug.
To the best of my knowledge there are no known security problems with AOLserver 3.3+ad13, at least not as used by OpenACS.