diff -u gnatsweb-4.00/debian/control gnatsweb-4.00/debian/control
--- gnatsweb-4.00/debian/control
+++ gnatsweb-4.00/debian/control
@@ -1,7 +1,7 @@
 Source: gnatsweb
 Section: devel
 Priority: extra
-Maintainer: Chad Walstrom <chewie@debian.org>
+Maintainer: Ubuntu MOTU Developers <ubuntu-motu@lists.ubuntu.com>
 Build-Depends-Indep: debhelper
 Standards-Version: 3.6.1
 
diff -u gnatsweb-4.00/debian/changelog gnatsweb-4.00/debian/changelog
--- gnatsweb-4.00/debian/changelog
+++ gnatsweb-4.00/debian/changelog
@@ -1,3 +1,20 @@
+gnatsweb (4.00-1ubuntu0.6.06) dapper-security; urgency=low
+
+  * SECURITY UPDATE:
+   + gnatsweb.pl (LP: #191196)
+    - Fixed missing escaping of the database parameter which leads
+      to a cross-site scripting vulnerability (XSS) via this
+      parameter (CVE-2007-2808) (Closes: # 427156).
+
+   + debian/control
+    - Switch Maintainer to Ubuntu MOTU Developers
+
+  * References:
+   + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2808
+   + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=427156
+
+ -- Emanuele Gentili <emgent@emanuele-gentili.com>  Fri, 29 Feb 2008 03:17:07 +0100
+
 gnatsweb (4.00-1) unstable; urgency=low
 
   * New upstream release.
only in patch2:
unchanged:
--- gnatsweb-4.00.orig/gnatsweb.pl
+++ gnatsweb-4.00/gnatsweb.pl
@@ -3981,6 +3981,19 @@
         if defined($val);
 }
 
+sub set_pref_esc
+{
+  my($pref_name, $pref_hashref, $cval_hashref) = @_;
+  my $val = $q->param($pref_name) || ($pref_name eq "password" ?
+              uncamouflage($$cval_hashref{$pref_name}) :
+              $$cval_hashref{$pref_name}
+      );
+
+  $$pref_hashref{$pref_name} = $q->escapeHTML($val)
+        if defined($val);
+}
+
+
 # init_prefs -
 #     Initialize global_prefs and db_prefs from cookies and params.
 #
@@ -4008,10 +4021,10 @@
   }
 
   %global_prefs = ();
-  set_pref('database', \%global_prefs, \%cvals);
-  set_pref('email', \%global_prefs, \%cvals);
-  set_pref($ORIGINATOR_FIELD, \%global_prefs, \%cvals);
-  set_pref($SUBMITTER_ID_FIELD, \%global_prefs, \%cvals);
+  set_pref_esc('database', \%global_prefs, \%cvals);
+  set_pref_esc('email', \%global_prefs, \%cvals);
+  set_pref_esc($ORIGINATOR_FIELD, \%global_prefs, \%cvals);
+  set_pref_esc($SUBMITTER_ID_FIELD, \%global_prefs, \%cvals);
 
   # columns is treated differently because it's an array which is stored
   # in the cookie as a joined string.
@@ -4041,7 +4054,7 @@
    %cvals = $q->cookie("gnatsweb-db-$database");
   }
   %db_prefs = ();
-  set_pref('user', \%db_prefs, \%cvals);
+  set_pref_esc('user', \%db_prefs, \%cvals);
   set_pref('password', \%db_prefs, \%cvals);
 
   # Debug.