diff -r xymon-4.3.0-beta2.lucidold/debian/changelog xymon-4.3.0-beta2.lucidnew/debian/changelog
0a1,9
> xymon (4.3.0~beta2.dfsg-5ubuntu0.2) unstable; urgency=low
> 
>   * Bugfix: For the history and display macro bug Bug #1103428.
>     See https://bugs.launchpad.net/ubuntu/+source/xymon/+bug/1103428 for details.
>   * Code based on the fix by Ulric Eriksson.
>   * Removed pragma if.
> 
>  -- Lars Kollstedt <lk@man-da.de>  Tue, 29 Jan 2013 14:02:13 +0100
>  
diff -r xymon-4.3.0-beta2.lucidold/debian/patches/9-CVE-2011-1716 xymon-4.3.0-beta2.lucidnew/debian/patches/9-CVE-2011-1716
203,242d202
< Index: xymon-4.3.0~beta2.dfsg/lib/strfunc.c
< ===================================================================
< --- xymon-4.3.0~beta2.dfsg.orig/lib/strfunc.c	2009-02-26 17:14:12.000000000 +0700
< +++ xymon-4.3.0~beta2.dfsg/lib/strfunc.c	2013-01-15 10:22:27.881862885 +0700
< @@ -177,3 +177,35 @@
<  	*(buf->s+buf->used) = '\0';
<  }
<  
< +char *htmlquoted(char *s)
< +{
< +	/*
< +    	 * This routine converts a plain string into an html-quoted string
< +    	 */
< +
< +	static strbuffer_t *result = NULL;
< +	char *inp, *endp;
< +	char c;
< +
< +	if (!result) result = newstrbuffer(4096);
< +	clearstrbuffer(result);
< +
< +	inp= s;
< +	do {
< +		endp = inp + strcspn(inp, "\"&<> ");
< +		c = *endp;
< +		if (endp > inp) addtobufferraw(result, inp, endp-inp);
< +		switch (c) {
< +		  case '"': addtobuffer(result, "&quot;"); break;
< +		  case '&': addtobuffer(result, "&amp;"); break;
< +		  case '<': addtobuffer(result, "&lt;"); break;
< +		  case '>': addtobuffer(result, "&gt;"); break;
< +		  case ' ': addtobuffer(result, "&nbsp;"); break;
< +		  default: break;
< +		}
< +		inp = (c == '\0') ? NULL : endp+1;
< +	} while (inp);
< +
< +	return STRBUF(result);
< +}
< +
diff -r xymon-4.3.0-beta2.lucidold/lib/strfunc.c xymon-4.3.0-beta2.lucidnew/lib/strfunc.c
179a180,218
> char *htmlquoted(char *s)
> {
>         /*
>          * This routine converts a plain string into an html-quoted string
>          */
> 
> 	// Ulric was here: use several result buffers to overcome overwriting problem
>         static strbuffer_t *result[] = {NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL};
>         static int rn = 0;
>         static int rn_max = sizeof(result)/sizeof(*result);
> 
>         char *inp, *endp;
>         char c;
> 
>         rn++;
>         if (rn >= rn_max) rn = 0;
> 
>         if (!result[rn]) result[rn] = newstrbuffer(4096);
>         clearstrbuffer(result[rn]);
> 
>         inp = s;
>         do {
>                 endp = inp + strcspn(inp, "\"&<> ");
>                 c = *endp;
>                 if (endp > inp) addtobufferraw(result[rn], inp, endp-inp);
>                 switch (c) {
>                   case '"': addtobuffer(result[rn], "&quot;"); break;
>                   case '&': addtobuffer(result[rn], "&amp;"); break;
>                   case '<': addtobuffer(result[rn], "&lt;"); break;
>                   case '>': addtobuffer(result[rn], "&gt;"); break;
>                   case ' ': addtobuffer(result[rn], "&nbsp;"); break;
>                   default: break;
>                 }
>                 inp = (c == '\0') ? NULL : endp+1;
>         } while (inp);
> 
>         return STRBUF(result[rn]);
> }
>