diff -u mahara-1.0.9/debian/changelog mahara-1.0.9/debian/changelog
--- mahara-1.0.9/debian/changelog
+++ mahara-1.0.9/debian/changelog
@@ -1,3 +1,10 @@
+mahara (1.0.9-2ubuntu0.4) jaunty; urgency=low
+
+  * SECURITY UPDATE: cross-site scripting vulnerabilities (LP: #390471)
+    - debian/patches/XSS_escaping.dpatch: fix from upstream
+
+ -- Francois Marier <francois@debian.org>  Mon, 22 Jun 2009 15:04:27 +1200
+
 mahara (1.0.9-2ubuntu0.3) jaunty; urgency=low
 
   * SECURITY UPDATE: cross-site scripting vulnerabilities in user profile
diff -u mahara-1.0.9/debian/patches/00list mahara-1.0.9/debian/patches/00list
--- mahara-1.0.9/debian/patches/00list
+++ mahara-1.0.9/debian/patches/00list
@@ -2,0 +3 @@
+XSS_escaping.dpatch
only in patch2:
unchanged:
--- mahara-1.0.9.orig/debian/patches/XSS_escaping.dpatch
+++ mahara-1.0.9/debian/patches/XSS_escaping.dpatch
@@ -0,0 +1,46 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## XSS_escaping.dpatch by Francois Marier <francois@debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Multiple XSS vulnerabilities
+
+@DPATCH@
+diff --git a/htdocs/artefact/file/theme/default/folder_render_self.tpl b/htdocs/artefact/file/theme/default/folder_render_self.tpl
+index 3e9427a..3f50753 100644
+--- a/htdocs/artefact/file/theme/default/folder_render_self.tpl
++++ b/htdocs/artefact/file/theme/default/folder_render_self.tpl
+@@ -18,8 +18,8 @@
+     <tbody>
+     {foreach from=$children item=child}
+       <tr class="{cycle values=r1,r0}">
+-        <td><img src="{$child->iconsrc}" border="0" alt="{$child->artefacttype|escape}"></td>
+-        <td><a href="{$WWWROOT}view/artefact.php?artefact={$child->id|escape}&amp;view={$viewid|escape}" title="{$child->hovertitle}">{$child->title}</a></td>
++        <td><img src="{$child->iconsrc|escape}" border="0" alt="{$child->artefacttype|escape}"></td>
++        <td><a href="{$WWWROOT}view/artefact.php?artefact={$child->id|escape}&amp;view={$viewid|escape}" title="{$child->hovertitle|escape}">{$child->title|escape}</a></td>
+         <td>{$child->description|escape}</td>
+         {if !$simpledisplay}<td>{$child->date}</td>{/if}
+       </tr>
+diff --git a/htdocs/artefact/resume/theme/default/artefactchooser-element.tpl b/htdocs/artefact/resume/theme/default/artefactchooser-element.tpl
+index 56f5d21..ef18052 100644
+--- a/htdocs/artefact/resume/theme/default/artefactchooser-element.tpl
++++ b/htdocs/artefact/resume/theme/default/artefactchooser-element.tpl
+@@ -5,5 +5,5 @@
+         <th><label for="{$elementname}_{$artefact->id}" title="{$artefact->title|strip_tags|substr:0:60|escape}">{str tag=$artefact->artefacttype section=artefact.resume}</label></th>
+     </tr>
+     <tr>
+-        <td>{if $artefact->description}{$artefact->description}{/if}</td>
++        <td>{$artefact->description|str_shorten}</td>
+     </tr>
+diff --git a/htdocs/theme/default/templates/view/submit.tpl b/htdocs/theme/default/templates/view/submit.tpl
+index fa24eb4..f0bd075 100644
+--- a/htdocs/theme/default/templates/view/submit.tpl
++++ b/htdocs/theme/default/templates/view/submit.tpl
+@@ -4,7 +4,7 @@
+ {include file="columnleftstart.tpl"}
+ <h2>{$heading|escape}</h2>
+ <div class="message">
+-<p>{$message}</p>
++<p>{$message|escape}</p>
+ {$form}
+ </div>
+ {include file="columnleftend.tpl"}