diff -u phpldapadmin-1.1.0.5/debian/changelog phpldapadmin-1.1.0.5/debian/changelog
--- phpldapadmin-1.1.0.5/debian/changelog
+++ phpldapadmin-1.1.0.5/debian/changelog
@@ -1,3 +1,12 @@
+phpldapadmin (1.1.0.5-6ubuntu3.1) jaunty-security; urgency=low
+
+  * SECURITY UPDATE: Fixes Directory traversal vulnerability in cmd.php that
+    allows remote attackers to include and execute arbitrary local files.
+  - added debian/patches/CVE-2009-4427.dpatch: Fixes CVE-2009-4427.
+    Patch provided by Debian in Lenny (Debian Bug #561975, DSA-1965-1)
+
+ -- Brian Thomason <brian.thomason@canonical.com>  Wed, 07 Jul 2010 18:52:41 -0400
+
 phpldapadmin (1.1.0.5-6ubuntu3) jaunty; urgency=low
 
   * Adds php_value memory_limit 32M to the apache.conf (LP: #270468)
diff -u phpldapadmin-1.1.0.5/debian/patches/00list phpldapadmin-1.1.0.5/debian/patches/00list
--- phpldapadmin-1.1.0.5/debian/patches/00list
+++ phpldapadmin-1.1.0.5/debian/patches/00list
@@ -1,0 +2 @@
+CVE-2009-4427.dpatch
only in patch2:
unchanged:
--- phpldapadmin-1.1.0.5.orig/debian/patches/CVE-2009-4427.dpatch
+++ phpldapadmin-1.1.0.5/debian/patches/CVE-2009-4427.dpatch
@@ -0,0 +1,26 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## CVE-2009-4427.dpatch by Giuseppe Iuculano <iuculano@debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: CVE-2009-4427: Local file inclusion vulnerability #561975
+## DP: LP #511189
+
+@DPATCH@
+diff -urNad phpldapadmin~/htdocs/cmd.php phpldapadmin/htdocs/cmd.php
+--- phpldapadmin~/htdocs/cmd.php	2008-01-10 13:28:34.000000000 +0100
++++ phpldapadmin/htdocs/cmd.php	2010-01-06 17:39:59.000000000 +0100
+@@ -35,6 +35,14 @@
+ # Create page.
+ $www['page'] = new page($ldapserver->server_id);
+ 
++# See if we can render the command
++if (trim($www['cmd'])) {
++	# If this command has been disabled by the config.
++	if (!preg_match('/^([A-Za-z0-9-_]+)$/',$www['cmd']))
++		system_message(array('title'=>_('Command disabled by the server configuration'),
++			_('Error'),'body'=>sprintf('%s: <b>%s</b>.',_('The command could not be run'),$www['cmd']),'type'=>'error'),'index.php');
++}
++
+ if ($file)
+ 	include $file;
+