On the front page of your web site, you call the security flaw which was recently discovered a "cross site scripting vulnerability". It seems you are deliberately playing down the seriousness of this security flaw. Secunia labels it "System access From remote" and "The vulnerability can be further exploited by users who are allowed to upload image files to execute arbitrary PHP code." It seems to me that is rather more serious than just "cross site scripting".
Given the seriousness of the security flaw which was discovered, shouldn't you guys have released a new proper version of coppermine yesterday or the day before, and not just expect people to patch? By not releasing a new proper version, sysadmins can't tell their users to just upgrade to the latest version of coppermine, because your latest version (1.4.3) is vulnerable.
Also: The so-called "patch" you have outlined only work on version 1.4.3 and not older versions like 1.3.3. Perhaps you should post some info on the various versions of coppermine and their security status? Which is safe to use and which is not.
As Tarique described it: "This is a nasty one".