diff -u htdig-3.2.0b6/htsearch/Display.cc htdig-3.2.0b6/htsearch/Display.cc
--- htdig-3.2.0b6/htsearch/Display.cc
+++ htdig-3.2.0b6/htsearch/Display.cc
@@ -138,7 +138,7 @@
       // Must temporarily stash the message in a String, since
       // displaySyntaxError will overwrite the static temp used in form.
 
-      String s(form("No such sort method: `%s'", (const char*)config->Find("sort")));
+      String s("Invalid sort method.");
 
       displaySyntaxError(s);
       return;
diff -u htdig-3.2.0b6/debian/control htdig-3.2.0b6/debian/control
--- htdig-3.2.0b6/debian/control
+++ htdig-3.2.0b6/debian/control
@@ -1,7 +1,8 @@
 Source: htdig
 Section: web
 Priority: optional
-Maintainer: Debian QA Group <packages@qa.debian.org>
+Maintainer: Ubuntu MOTU Developers <ubuntu-motu@lists.ubuntu.com>
+XSBC-Original-Maintainer: Debian QA Group <packages@qa.debian.org>
 Build-Depends: debhelper (>= 5), zlib1g-dev, flex, bison
 Standards-Version: 3.7.2
 
diff -u htdig-3.2.0b6/debian/changelog htdig-3.2.0b6/debian/changelog
--- htdig-3.2.0b6/debian/changelog
+++ htdig-3.2.0b6/debian/changelog
@@ -1,3 +1,13 @@
+htdig (1:3.2.0b6-3ubuntu0.1) feisty-security; urgency=low
+
+  * SECURITY UPDATE: Cross-site scripting via crafted sort type. (LP: #172277)
+  * htsearch/Display.cc, libhtdig/ResultFetch.cc: Don't display the sort type
+    if it is unrecognised.
+  * References:
+    CVE-2007-6110
+
+ -- William Grant <william.grant@ubuntu.org.au>  Sat, 01 Dec 2007 18:31:46 +1100
+
 htdig (1:3.2.0b6-3) unstable; urgency=low
 
   * QA upload.
only in patch2:
unchanged:
--- htdig-3.2.0b6.orig/libhtdig/ResultFetch.cc
+++ htdig-3.2.0b6/libhtdig/ResultFetch.cc
@@ -142,7 +142,7 @@
         // Must temporarily stash the message in a String, since
         // displaySyntaxError will overwrite the static temp used in form.
 
-        String s(form("No such sort method: `%s'", (const char *) config->Find("sort")));
+        String s("Invalid search method.");
 
         displaySyntaxError(s);
         //return;