diff -u gallery2-2.0.2/MANIFEST gallery2-2.0.2/MANIFEST
--- gallery2-2.0.2/MANIFEST
+++ gallery2-2.0.2/MANIFEST
@@ -14,7 +14,7 @@
 install/config.php-template	3033210608	721129143	6035	6183
 install/images/background.png	2766840926	2766840926	23329	23329
 install/images/g2Logo_install_head.png	3946127092	3946127092	13743	13743
-install/index.php	4169987673	1660096995	8750	9053
+install/index.php	251114461	2366062316	8772	9076
 install/locale/bg_BG/LC_MESSAGES/gallery2_install.mo	3778975357	3778975357	34018	34018
 install/locale/cs_CZ/LC_MESSAGES/gallery2_install.mo	190642582	190642582	46972	46972
 install/locale/de_DE/LC_MESSAGES/gallery2_install.mo	3387898369	3387898369	50922	50922
@@ -247,7 +247,7 @@
 upgrade/UpgradeStep.class	1641610611	3407736305	2415	2524
 upgrade/images/background.png	2766840926	2766840926	23329	23329
 upgrade/images/g2Logo_upgrade_head.png	1726989153	1726989153	16605	16605
-upgrade/index.php	3429534763	852794500	7197	7439
+upgrade/index.php	2802174292	3982328943	7219	7462
 upgrade/locale/bg_BG/LC_MESSAGES/gallery2_upgrade.mo	1161926918	1161926918	14717	14717
 upgrade/locale/cs_CZ/LC_MESSAGES/gallery2_upgrade.mo	389313267	389313267	21105	21105
 upgrade/locale/de_DE/LC_MESSAGES/gallery2_upgrade.mo	2438012454	2438012454	22754	22754
diff -u gallery2-2.0.2/debian/changelog gallery2-2.0.2/debian/changelog
--- gallery2-2.0.2/debian/changelog
+++ gallery2-2.0.2/debian/changelog
@@ -1,3 +1,14 @@
+gallery2 (2.0.2-1ubuntu0.1) dapper-security; urgency=low
+
+  * SECURITY UPDATE: Fix a PHP local inclusion exploit.
+    - add sane initialization of $stepOrder array in both
+      install/index.php and upgrade/index.php.
+  * References: http://gallery.menalto.com/2.0.4_and_2.1_rc_2a_update
+  * Closes: lp#35528.
+  * Update MANIFEST file to match checksums of both changed files.
+
+ -- Stefan Potyra <sistpoty@ubuntu.com>  Sun,  7 Jan 2007 06:53:48 +0100
+
 gallery2 (2.0.2-1) unstable; urgency=high
 
   * New upstream release (Closes: #341270)
only in patch2:
unchanged:
--- gallery2-2.0.2.orig/install/index.php
+++ gallery2-2.0.2/install/index.php
@@ -55,6 +55,7 @@
 }
 
 /* Our install steps, in order */
+$stepOrder = array();
 $stepOrder[] = 'Welcome';
 $stepOrder[] = 'Authenticate';
 $stepOrder[] = 'SystemChecks';
only in patch2:
unchanged:
--- gallery2-2.0.2.orig/upgrade/index.php
+++ gallery2-2.0.2/upgrade/index.php
@@ -55,6 +55,7 @@
 $error = false;
 
 /* Our install steps, in order */
+$stepOrder = array();
 $stepOrder[] = 'Welcome';
 $stepOrder[] = 'Authenticate';
 $stepOrder[] = 'SystemChecks';