diff -Nru phpldapadmin-1.2.2/debian/changelog phpldapadmin-1.2.2/debian/changelog --- phpldapadmin-1.2.2/debian/changelog 2016-04-05 16:01:58.000000000 -0700 +++ phpldapadmin-1.2.2/debian/changelog 2017-07-01 10:26:45.000000000 -0700 @@ -1,3 +1,10 @@ +phpldapadmin (1.2.2-5.2ubuntu2.1) xenial; urgency=medium + + * Non-maintainer upload. + * Fix multiple XSS vulnerabilities (LP: #1701731). + + -- Ismail Belkacim Sat, 01 Jul 2017 10:07:31 -0700 + phpldapadmin (1.2.2-5.2ubuntu2) xenial; urgency=medium * Add run-time dependency on php-xml (LP: #1566481). diff -Nru phpldapadmin-1.2.2/debian/patches/fix-XSS-3.patch phpldapadmin-1.2.2/debian/patches/fix-XSS-3.patch --- phpldapadmin-1.2.2/debian/patches/fix-XSS-3.patch 1969-12-31 16:00:00.000000000 -0800 +++ phpldapadmin-1.2.2/debian/patches/fix-XSS-3.patch 2017-07-01 10:07:19.000000000 -0700 @@ -0,0 +1,26 @@ +Index: phpldapadmin-1.2.2/htdocs/entry_chooser.php +=================================================================== +--- phpldapadmin-1.2.2.orig/htdocs/entry_chooser.php ++++ phpldapadmin-1.2.2/htdocs/entry_chooser.php +@@ -15,9 +15,9 @@ $www['page'] = new page(); + + $request = array(); + $request['container'] = get_request('container','GET'); +-$request['form'] = get_request('form','GET'); +-$request['element'] = get_request('element','GET'); +-$request['rdn'] = get_request('rdn','GET'); ++$request['form'] = htmlspecialchars(addslashes(get_request('form','GET'))); ++$request['element'] = htmlspecialchars(addslashes(get_request('element','GET'))); ++$request['rdn'] = htmlspecialchars(addslashes(get_request('rdn','GET'))); + + echo '

%s:			%s
%s:			%s
%s:			%s

%s