diff -Nru phpmyadmin-3.3.2/debian/changelog phpmyadmin-3.3.2/debian/changelog
--- phpmyadmin-3.3.2/debian/changelog	2010-04-14 10:56:38.000000000 +0200
+++ phpmyadmin-3.3.2/debian/changelog	2012-01-09 16:31:57.000000000 +0100
@@ -1,3 +1,12 @@
+phpmyadmin (4:3.3.2-1ubuntu1) lucid-security; urgency=low
+
+  * debian/patches/CVE-2010-4480.patch:
+    - CVE-2010-4480
+    - prevents remote XSS attacks via a crafted BBcode tag containing
+      "@" characters
+
+ -- Ante Karamatic <ivoks@ubuntu.com>  Mon, 09 Jan 2012 16:29:00 +0100
+
 phpmyadmin (4:3.3.2-1) unstable; urgency=medium
 
   * New upstream release (closes: #577753).
diff -Nru phpmyadmin-3.3.2/debian/patches/CVE-2010-4480.patch phpmyadmin-3.3.2/debian/patches/CVE-2010-4480.patch
--- phpmyadmin-3.3.2/debian/patches/CVE-2010-4480.patch	1970-01-01 01:00:00.000000000 +0100
+++ phpmyadmin-3.3.2/debian/patches/CVE-2010-4480.patch	2012-01-09 16:26:25.000000000 +0100
@@ -0,0 +1,197 @@
+Index: phpmyadmin-3.3.2/error.php
+===================================================================
+--- phpmyadmin-3.3.2.orig/error.php	2012-01-09 16:26:19.000000000 +0100
++++ /dev/null	1970-01-01 00:00:00.000000000 +0000
+@@ -1,86 +0,0 @@
+-<?php
+-/* vim: set expandtab sw=4 ts=4 sts=4: */
+-/**
+- * phpMyAdmin fatal error display page
+- *
+- * @version $Id$
+- * @package phpMyAdmin
+- */
+-
+-/**
+- * Input sanitizing.
+- */
+-require_once './libraries/sanitizing.lib.php';
+-
+-/* Get variables */
+-if (! empty($_REQUEST['lang']) && is_string($_REQUEST['lang'])) {
+-    $lang = htmlspecialchars($_REQUEST['lang']);
+-} else {
+-    $lang = 'en';
+-}
+-
+-if (! empty($_REQUEST['dir']) && is_string($_REQUEST['dir'])) {
+-    $dir = htmlspecialchars($_REQUEST['dir']);
+-} else {
+-    $dir = 'ltr';
+-}
+-
+-if (! empty($_REQUEST['type']) && is_string($_REQUEST['type'])) {
+-    $type = htmlspecialchars($_REQUEST['type']);
+-} else {
+-    $type = 'error';
+-}
+-
+-// force utf-8 to avoid XSS with crafted URL and utf-7 in charset parameter
+-$charset = 'utf-8';
+-
+-header('Content-Type: text/html; charset=' . $charset);
+-?>
+-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+-<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<?php echo $lang; ?>" dir="<?php echo $dir; ?>">
+-<head>
+-    <link rel="icon" href="./favicon.ico" type="image/x-icon" />
+-    <link rel="shortcut icon" href="./favicon.ico" type="image/x-icon" />
+-    <title>phpMyAdmin</title>
+-    <meta http-equiv="Content-Type" content="text/html; charset=<?php echo $charset; ?>" />
+-    <style type="text/css">
+-    <!--
+-    html {
+-        padding: 0;
+-        margin: 0;
+-    }
+-    body  {
+-        font-family: sans-serif;
+-        font-size: small;
+-        color: #000000;
+-        background-color: #F5F5F5;
+-        margin: 1em;
+-    }
+-    h1 {
+-        margin: 0;
+-        padding: 0.3em;
+-        font-size: 1.4em;
+-        font-weight: bold;
+-        color: #ffffff;
+-        background-color: #ff0000;
+-    }
+-    p {
+-        margin: 0;
+-        padding: 0.5em;
+-        border: 0.1em solid red;
+-        background-color: #ffeeee;
+-    }
+-    //-->
+-    </style>
+-</head>
+-<body>
+-<h1>phpMyAdmin - <?php echo $type; ?></h1>
+-<p><?php
+-if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) {
+-    echo PMA_sanitize(stripslashes($_REQUEST['error']));
+-} else {
+-    echo PMA_sanitize($_REQUEST['error']);
+-}
+-?></p>
+-</body>
+-</html>
+Index: phpmyadmin-3.3.2/libraries/common.inc.php
+===================================================================
+--- phpmyadmin-3.3.2.orig/libraries/common.inc.php	2012-01-09 16:26:18.000000000 +0100
++++ phpmyadmin-3.3.2/libraries/common.inc.php	2012-01-09 16:24:52.000000000 +0100
+@@ -325,7 +325,6 @@
+     'db_printview.php',
+     'db_search.php',
+     //'Documentation.html',
+-    //'error.php',
+     'export.php',
+     'import.php',
+     //'index.php',
+Index: phpmyadmin-3.3.2/libraries/core.lib.php
+===================================================================
+--- phpmyadmin-3.3.2.orig/libraries/core.lib.php	2012-01-09 16:26:19.000000000 +0100
++++ phpmyadmin-3.3.2/libraries/core.lib.php	2012-01-09 16:24:52.000000000 +0100
+@@ -261,21 +261,18 @@
+     $error_message = strtr($error_message, array('<br />' => '[br]'));
+ 
+     // Displays the error message
+-    // (do not use &amp; for parameters sent by header)
+-    $query_params = array(
+-        'lang'  => $GLOBALS['available_languages'][$GLOBALS['lang']][2],
+-        'dir'   => $GLOBALS['text_dir'],
+-        'type'  => $GLOBALS['strError'],
+-        'error' => $error_message,
+-    );
+-    header('Location: ' . (defined('PMA_SETUP') ? '../' : '') . 'error.php?'
+-            . http_build_query($query_params, null, '&'));
++    $lang = $GLOBALS['available_languages'][$GLOBALS['lang']][1];
++    $dir = $GLOBALS['text_dir'];
++    $type = $error_header;
++    $error = $error_message;
+ 
+     // on fatal errors it cannot hurt to always delete the current session
+     if (isset($GLOBALS['session_name']) && isset($_COOKIE[$GLOBALS['session_name']])) {
+         PMA_removeCookie($GLOBALS['session_name']);
+     }
+ 
++    require('./libraries/error.inc.php');
++
+     exit;
+ }
+ 
+Index: phpmyadmin-3.3.2/libraries/error.inc.php
+===================================================================
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
++++ phpmyadmin-3.3.2/libraries/error.inc.php	2012-01-09 16:24:52.000000000 +0100
+@@ -0,0 +1,57 @@
++<?php
++/* vim: set expandtab sw=4 ts=4 sts=4: */
++/**
++ * phpMyAdmin fatal error display page
++ *
++ * @package phpMyAdmin
++ */
++
++if (! defined('PHPMYADMIN')) {
++    exit;
++}
++
++header('Content-Type: text/html; charset=utf-8');
++?>
++<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
++<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<?php echo $lang; ?>" dir="<?php echo $dir; ?>">
++<head>
++    <link rel="icon" href="./favicon.ico" type="image/x-icon" />
++    <link rel="shortcut icon" href="./favicon.ico" type="image/x-icon" />
++    <title>phpMyAdmin</title>
++    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
++    <style type="text/css">
++    <!--
++    html {
++        padding: 0;
++        margin: 0;
++    }
++    body  {
++        font-family: sans-serif;
++        font-size: small;
++        color: #000000;
++        background-color: #F5F5F5;
++        margin: 1em;
++    }
++    h1 {
++        margin: 0;
++        padding: 0.3em;
++        font-size: 1.4em;
++        font-weight: bold;
++        color: #ffffff;
++        background-color: #ff0000;
++    }
++    p {
++        margin: 0;
++        padding: 0.5em;
++        border: 0.1em solid red;
++        background-color: #ffeeee;
++    }
++    //-->
++    </style>
++</head>
++<body>
++<h1>phpMyAdmin - <?php echo $error_header; ?></h1>
++<p><?php echo PMA_sanitize($error_message); ?></p>
++</body>
++</html>
++
diff -Nru phpmyadmin-3.3.2/debian/patches/series phpmyadmin-3.3.2/debian/patches/series
--- phpmyadmin-3.3.2/debian/patches/series	2010-04-14 10:31:35.000000000 +0200
+++ phpmyadmin-3.3.2/debian/patches/series	2012-01-09 16:26:39.000000000 +0100
@@ -1,3 +1,4 @@
 mootools.patch
 debian.patch
 doc.patch
+CVE-2010-4480.patch