Version in base suite: 2.6-2+etch1
Version in overlay suite: 2.6-2+etch3

Base version: nagios2_2.6-2+etch1
Target version: nagios2_2.6-2+etch5
Base file: /org/ftp.debian.org/ftp/pool/main/n/nagios2/nagios2_2.6-2+etch1.dsc
Target file: /org/ftp.debian.org/queue/o-p-u-new/nagios2_2.6-2+etch5.dsc

 debian/patches/95_security_statuswml_SA35543.dpatch |   59 +
 debian/patches/CVE-2007-5624.dpatch                 |  394 ++++++++++++
 debian/patches/CVE-2007-5803.dpatch                 |  617 ++++++++++++++++++++
 debian/patches/CVE-2008-1360.dpatch                 |   85 ++
 nagios2-2.6/debian/changelog                        |   31 +
 nagios2-2.6/debian/patches/00list                   |    4 
 6 files changed, 1190 insertions(+)

diff -u nagios2-2.6/debian/patches/00list nagios2-2.6/debian/patches/00list
--- nagios2-2.6/debian/patches/00list
+++ nagios2-2.6/debian/patches/00list
@@ -2,0 +3,4 @@
+95_security_statuswml_SA35543.dpatch
+CVE-2007-5624.dpatch
+CVE-2007-5803.dpatch
+CVE-2008-1360.dpatch
diff -u nagios2-2.6/debian/changelog nagios2-2.6/debian/changelog
--- nagios2-2.6/debian/changelog
+++ nagios2-2.6/debian/changelog
@@ -1,3 +1,34 @@
+nagios2 (2.6-2+etch5) oldstable-security; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * Fixed a regression introduced by previous security update:
+    status.cgi segfaults when used from command line without setting the
+    'host' variable. (Closes: #545956)
+
+ -- Giuseppe Iuculano <giuseppe@iuculano.it>  Fri, 11 Sep 2009 16:37:19 +0200
+
+nagios2 (2.6-2+etch4) oldstable-security; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * Fixed multiple cross-site scripting (XSS) vulnerabilities in CGIs programs
+    (Closes: #448371, #482445)
+    Fixed: CVE-2007-5624, CVE-2007-5803, CVE-2008-1360
+
+ -- Giuseppe Iuculano <giuseppe@iuculano.it>  Fri, 04 Sep 2009 19:40:00 +0200
+
+nagios2 (2.6-2+etch3) oldstable-security; urgency=high
+
+  * Rebuild with proper distribution.
+
+ -- Nico Golde <nion@debian.org>  Thu,  2 Jul 2009 17:11:43 +0000
+
+nagios2 (2.6-2+etch2) stable-security; urgency=high
+
+  * Fix Command Injection Vulnerability in statuswml.cgi.
+    This applies for SA35543 and CVE-2009-2288.
+
+ -- Alexander Wirt <formorer@debian.org>  Tue, 30 Jun 2009 12:56:40 +0000
+
 nagios2 (2.6-2+etch1) testing-proposed-updates; urgency=low
 
   [Sean Finney]
only in patch2:
unchanged:
--- nagios2-2.6.orig/debian/patches/CVE-2007-5803.dpatch
+++ nagios2-2.6/debian/patches/CVE-2007-5803.dpatch
@@ -0,0 +1,617 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## CVE-2007-5803.dpatch by Giuseppe Iuculano <giuseppe@iuculano.it>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Fixed multiple cross-site scripting (XSS) vulnerabilities in CGI programs (Closes: #482445)
+
+@DPATCH@
+diff -urNad nagios2-2.6~/cgi/avail.c nagios2-2.6/cgi/avail.c
+--- nagios2-2.6~/cgi/avail.c	2009-09-11 15:59:13.000000000 +0200
++++ nagios2-2.6/cgi/avail.c	2009-09-11 15:59:14.000000000 +0200
+@@ -511,11 +511,11 @@
+ 			if(display_type==DISPLAY_HOSTGROUP_AVAIL)
+ 				printf("<input type='hidden' name='hostgroup' value='%s'>\n",hostgroup_name);
+ 			if(display_type==DISPLAY_HOST_AVAIL || display_type==DISPLAY_SERVICE_AVAIL)
+-				printf("<input type='hidden' name='host' value='%s'>\n",host_name);
++				printf("<input type='hidden' name='host' value='%s'>\n",url_encode(host_name));
+ 			if(display_type==DISPLAY_SERVICE_AVAIL)
+ 				printf("<input type='hidden' name='service' value='%s'>\n",svc_description);
+ 			if(display_type==DISPLAY_SERVICEGROUP_AVAIL)
+-				printf("<input type='hidden' name='servicegroup' value='%s'>\n",servicegroup_name);
++				printf("<input type='hidden' name='servicegroup' value='%s'>\n",url_encode(servicegroup_name));
+ 
+ 			printf("<input type='hidden' name='assumeinitialstates' value='%s'>\n",(assume_initial_states==TRUE)?"yes":"no");
+ 			printf("<input type='hidden' name='assumestateretention' value='%s'>\n",(assume_state_retention==TRUE)?"yes":"no");
+@@ -646,11 +646,11 @@
+ 		if(display_type==DISPLAY_HOSTGROUP_AVAIL)
+ 			printf("<input type='hidden' name='hostgroup' value='%s'>\n",hostgroup_name);
+ 		if(display_type==DISPLAY_HOST_AVAIL || display_type==DISPLAY_SERVICE_AVAIL)
+-			printf("<input type='hidden' name='host' value='%s'>\n",host_name);
++			printf("<input type='hidden' name='host' value='%s'>\n",url_encode(host_name));
+ 		if(display_type==DISPLAY_SERVICE_AVAIL)
+ 			printf("<input type='hidden' name='service' value='%s'>\n",svc_description);
+ 		if(display_type==DISPLAY_SERVICEGROUP_AVAIL)
+-			printf("<input type='hidden' name='servicegroup' value='%s'>\n",servicegroup_name);
++			printf("<input type='hidden' name='servicegroup' value='%s'>\n",url_encode(servicegroup_name));
+ 
+ 		printf("<table border=0 cellpadding=5>\n");
+ 
+diff -urNad nagios2-2.6~/cgi/cgiutils.c nagios2-2.6/cgi/cgiutils.c
+--- nagios2-2.6~/cgi/cgiutils.c	2009-09-11 15:59:13.000000000 +0200
++++ nagios2-2.6/cgi/cgiutils.c	2009-09-11 16:02:20.000000000 +0200
+@@ -128,7 +128,7 @@
+ char            *my_strtok_buffer=NULL;
+ char            *original_my_strtok_buffer=NULL;
+ 
+-char encoded_url_string[MAX_INPUT_BUFFER];
++char encoded_url_string[2][MAX_INPUT_BUFFER]; // 2 to be able use url_encode twice
+ char encoded_html_string[MAX_INPUT_BUFFER];
+ 
+ #ifdef HAVE_TZNAME
+@@ -1297,46 +1297,51 @@
+ 	int len,output_len;
+ 	int x,y;
+ 	char temp_expansion[4];
++	static int i = 0;
++	char* str = encoded_url_string[i];
++
++	if(input==NULL)
++		return '\x0';
+ 
+ 	len=(int)strlen(input);
+-	output_len=(int)sizeof(encoded_url_string);
++	output_len=(int)sizeof(encoded_url_string[0]);
+ 
+-	encoded_url_string[0]='\x0';
++	str[0]='\x0';
+ 
+ 	for(x=0,y=0;x<=len && y<output_len-1;x++){
+ 
+ 		/* end of string */
+ 		if((char)input[x]==(char)'\x0'){
+-			encoded_url_string[y]='\x0';
++			str[y]='\x0';
+ 			break;
+ 		        }
+ 
+ 		/* alpha-numeric characters and a few other characters don't get encoded */
+ 		else if(((char)input[x]>='0' && (char)input[x]<='9') || ((char)input[x]>='A' && (char)input[x]<='Z') || ((char)input[x]>=(char)'a' && (char)input[x]<=(char)'z') || (char)input[x]==(char)'.' || (char)input[x]==(char)'-' || (char)input[x]==(char)'_'){
+-			encoded_url_string[y]=input[x];
++			str[y]=input[x];
+ 			y++;
+ 		        }
+ 
+ 		/* spaces are pluses */
+ 		else if((char)input[x]<=(char)' '){
+-			encoded_url_string[y]='+';
++			str[y]='+';
+ 			y++;
+ 		        }
+ 
+ 		/* anything else gets represented by its hex value */
+ 		else{
+-			encoded_url_string[y]='\x0';
+-			if((int)strlen(encoded_url_string)<(output_len-3)){
++			str[y]='\x0';
++			if((int)strlen(str)<(output_len-3)){
+ 				sprintf(temp_expansion,"%%%02X",(unsigned int)input[x]);
+-				strcat(encoded_url_string,temp_expansion);
++				strcat(str,temp_expansion);
+ 				y+=3;
+ 			        }
+ 		        }
+ 	        }
+ 
+-	encoded_url_string[sizeof(encoded_url_string)-1]='\x0';
++	str[sizeof(encoded_url_string[0])-1]='\x0';
+ 
+-	return &encoded_url_string[0];
++	return str;
+         }
+ 
+ 
+diff -urNad nagios2-2.6~/cgi/cmd.c nagios2-2.6/cgi/cmd.c
+--- nagios2-2.6~/cgi/cmd.c	2009-09-11 15:59:13.000000000 +0200
++++ nagios2-2.6/cgi/cmd.c	2009-09-11 15:59:14.000000000 +0200
+@@ -949,10 +949,10 @@
+ 		printf("<INPUT TYPE='checkbox' NAME='persistent' CHECKED>");
+ 		printf("</b></td></tr>\n");
+ 		printf("<tr><td CLASS='optBoxRequiredItem'>Author (Your Name):</td><td><b>");
+-		printf("<INPUT TYPE'TEXT' NAME='com_author' VALUE='%s'>",comment_author);
++		printf("<INPUT TYPE='TEXT' NAME='com_author' VALUE='%s'>",url_encode(comment_author));
+ 		printf("</b></td></tr>\n");
+ 		printf("<tr><td CLASS='optBoxRequiredItem'>Comment:</td><td><b>");
+-		printf("<INPUT TYPE='TEXT' NAME='com_data' VALUE='%s' SIZE=40>",comment_data);
++		printf("<INPUT TYPE='TEXT' NAME='com_data' VALUE='%s' SIZE=40>",url_encode(comment_data));
+ 		printf("</b></td></tr>\n");
+ 		break;
+ 		
+@@ -975,10 +975,10 @@
+ 		printf("<INPUT TYPE='checkbox' NAME='persistent' CHECKED>");
+ 		printf("</b></td></tr>\n");
+ 		printf("<tr><td CLASS='optBoxRequiredItem'>Author (Your Name):</td><td><b>");
+-		printf("<INPUT TYPE='TEXT' NAME='com_author' VALUE='%s'>",comment_author);
++		printf("<INPUT TYPE='TEXT' NAME='com_author' VALUE='%s'>",url_encode(comment_author));
+ 		printf("</b></td></tr>\n");
+ 		printf("<tr><td CLASS='optBoxRequiredItem'>Comment:</td><td><b>");
+-		printf("<INPUT TYPE='TEXT' NAME='com_data' VALUE='%s' SIZE=40>",comment_data);
++		printf("<INPUT TYPE='TEXT' NAME='com_data' VALUE='%s' SIZE=40>",url_encode(comment_data));
+ 		printf("</b></td></tr>\n");
+ 		break;
+ 
+@@ -1158,10 +1158,10 @@
+ 			printf("<INPUT TYPE='TEXT' NAME='service' VALUE='%s'>",service_desc);
+ 		        }
+ 		printf("<tr><td CLASS='optBoxRequiredItem'>Author (Your Name):</td><td><b>");
+-		printf("<INPUT TYPE='TEXT' NAME='com_author' VALUE='%s'>",comment_author);
++		printf("<INPUT TYPE='TEXT' NAME='com_author' VALUE='%s'>",url_encode(comment_author));
+ 		printf("</b></td></tr>\n");
+ 		printf("<tr><td CLASS='optBoxRequiredItem'>Comment:</td><td><b>");
+-		printf("<INPUT TYPE='TEXT' NAME='com_data' VALUE='%s' SIZE=40>",comment_data);
++		printf("<INPUT TYPE='TEXT' NAME='com_data' VALUE='%s' SIZE=40>",url_encode(comment_data));
+ 		printf("</b></td></tr>\n");
+ 
+ 		printf("<tr><td CLASS='optBoxItem'><br></td></tr>\n");
+@@ -1290,10 +1290,10 @@
+ 			printf("</b></td></tr>\n");
+ 		        }
+ 		printf("<tr><td CLASS='optBoxRequiredItem'>Author (Your Name):</td><td><b>");
+-		printf("<INPUT TYPE='TEXT' NAME='com_author' VALUE='%s'>",comment_author);
++		printf("<INPUT TYPE='TEXT' NAME='com_author' VALUE='%s'>",url_encode(comment_author));
+ 		printf("</b></td></tr>\n");
+ 		printf("<tr><td CLASS='optBoxRequiredItem'>Comment:</td><td><b>");
+-		printf("<INPUT TYPE='TEXT' NAME='com_data' VALUE='%s' SIZE=40>",comment_data);
++		printf("<INPUT TYPE='TEXT' NAME='com_data' VALUE='%s' SIZE=40>",url_encode(comment_data));
+ 		printf("</b></td></tr>\n");
+ 		time(&t);
+ 		get_time_string(&t,buffer,sizeof(buffer)-1,SHORT_DATE_TIME);
+diff -urNad nagios2-2.6~/cgi/histogram.c nagios2-2.6/cgi/histogram.c
+--- nagios2-2.6~/cgi/histogram.c	2009-09-11 15:59:13.000000000 +0200
++++ nagios2-2.6/cgi/histogram.c	2009-09-11 15:59:14.000000000 +0200
+@@ -406,9 +406,9 @@
+ 			printf("<form method=\"GET\" action=\"%s\">\n",HISTOGRAM_CGI);
+ 			printf("<input type='hidden' name='t1' value='%lu'>\n",(unsigned long)t1);
+ 			printf("<input type='hidden' name='t2' value='%lu'>\n",(unsigned long)t2);
+-			printf("<input type='hidden' name='host' value='%s'>\n",host_name);
++			printf("<input type='hidden' name='host' value='%s'>\n",url_encode(host_name));
+ 			if(display_type==DISPLAY_SERVICE_HISTOGRAM)
+-				printf("<input type='hidden' name='service' value='%s'>\n",svc_description);
++				printf("<input type='hidden' name='service' value='%s'>\n",url_encode(svc_description));
+ 
+ 
+ 			printf("<tr><td CLASS='optBoxItem' valign=top align=left>Report period:</td><td CLASS='optBoxItem' valign=top align=left>Assume state retention:</td></tr>\n");
+@@ -788,9 +788,9 @@
+ 
+ 			printf("<TABLE BORDER=0 cellpadding=5>\n");
+ 			printf("<form method=\"GET\" action=\"%s\">\n",HISTOGRAM_CGI);
+-			printf("<input type='hidden' name='host' value='%s'>\n",host_name);
++			printf("<input type='hidden' name='host' value='%s'>\n",url_encode(host_name));
+ 			if(display_type==DISPLAY_SERVICE_HISTOGRAM)
+-				printf("<input type='hidden' name='service' value='%s'>\n",svc_description);
++				printf("<input type='hidden' name='service' value='%s'>\n",url_encode(svc_description));
+ 
+ 			printf("<tr><td class='reportSelectSubTitle' align=right>Report Period:</td>\n");
+ 			printf("<td class='reportSelectItem'>\n");
+diff -urNad nagios2-2.6~/cgi/history.c nagios2-2.6/cgi/history.c
+--- nagios2-2.6~/cgi/history.c	2009-09-11 15:59:13.000000000 +0200
++++ nagios2-2.6/cgi/history.c	2009-09-11 15:59:14.000000000 +0200
+@@ -201,9 +201,9 @@
+ 
+ 		printf("<table border=0 CLASS='optBox'>\n");
+ 		printf("<form method=\"GET\" action=\"%s\">\n",HISTORY_CGI);
+-		printf("<input type='hidden' name='host' value='%s'>\n",(show_all_hosts==TRUE)?"all":host_name);
++		printf("<input type='hidden' name='host' value='%s'>\n",(show_all_hosts==TRUE)?"all":url_encode(host_name));
+ 		if(display_type==DISPLAY_SERVICES)
+-			printf("<input type='hidden' name='service' value='%s'>\n",svc_description);
++			printf("<input type='hidden' name='service' value='%s'>\n",url_encode(svc_description));
+ 		printf("<input type='hidden' name='archive' value='%d'>\n",log_archive);
+ 
+ 		printf("<tr>\n");
+diff -urNad nagios2-2.6~/cgi/notifications.c nagios2-2.6/cgi/notifications.c
+--- nagios2-2.6~/cgi/notifications.c	2009-09-11 15:59:13.000000000 +0200
++++ nagios2-2.6/cgi/notifications.c	2009-09-11 15:59:14.000000000 +0200
+@@ -212,11 +212,11 @@
+ 		printf("<table border=0 CLASS='optBox'>\n");
+ 		printf("<form method='GET' action='%s'>\n",NOTIFICATIONS_CGI);
+ 		if(query_type==FIND_SERVICE){
+-			printf("<input type='hidden' name='host' value='%s'>\n",query_host_name);
+-			printf("<input type='hidden' name='service' value='%s'>\n",query_svc_description);
++			printf("<input type='hidden' name='host' value='%s'>\n",url_encode(query_host_name));
++			printf("<input type='hidden' name='service' value='%s'>\n",url_encode(query_svc_description));
+ 	                }
+ 		else
+-			printf("<input type='hidden' name='%s' value='%s'>\n",(query_type==FIND_HOST)?"host":"contact",(query_type==FIND_HOST)?query_host_name:query_contact_name);
++			printf("<input type='hidden' name='%s' value='%s'>\n",(query_type==FIND_HOST)?"host":"contact",url_encode((query_type==FIND_HOST)?query_host_name:query_contact_name));
+ 		printf("<input type='hidden' name='archive' value='%d'>\n",log_archive);
+ 		printf("<tr>\n");
+ 		if(query_type==FIND_SERVICE)
+diff -urNad nagios2-2.6~/cgi/status.c nagios2-2.6/cgi/status.c
+--- nagios2-2.6~/cgi/status.c	2009-09-11 15:59:13.000000000 +0200
++++ nagios2-2.6/cgi/status.c	2009-09-11 15:59:14.000000000 +0200
+@@ -821,11 +821,11 @@
+ 	printf("<TH CLASS='serviceTotals'>");
+ 	printf("<A CLASS='serviceTotals' HREF='%s?",STATUS_CGI);
+ 	if(display_type==DISPLAY_HOSTS)
+-		printf("host=%s",host_name);
++		printf("host=%s",url_encode(host_name));
+ 	else if(display_type==DISPLAY_SERVICEGROUPS)
+-		printf("servicegroup=%s&style=detail",servicegroup_name);
++		printf("servicegroup=%s&style=detail",url_encode(servicegroup_name));
+ 	else
+-		printf("hostgroup=%s&style=detail",hostgroup_name);
++		printf("hostgroup=%s&style=detail",url_encode(hostgroup_name));
+ 	printf("&servicestatustypes=%d",SERVICE_OK);
+ 	printf("&hoststatustypes=%d'>",host_status_types);
+ 	printf("Ok</A></TH>\n");
+@@ -833,11 +833,11 @@
+ 	printf("<TH CLASS='serviceTotals'>");
+ 	printf("<A CLASS='serviceTotals' HREF='%s?",STATUS_CGI);
+ 	if(display_type==DISPLAY_HOSTS)
+-		printf("host=%s",host_name);
++		printf("host=%s",url_encode(host_name));
+ 	else if(display_type==DISPLAY_SERVICEGROUPS)
+-		printf("servicegroup=%s&style=detail",servicegroup_name);
++		printf("servicegroup=%s&style=detail",url_encode(servicegroup_name));
+ 	else
+-		printf("hostgroup=%s&style=detail",hostgroup_name);
++		printf("hostgroup=%s&style=detail",url_encode(hostgroup_name));
+ 	printf("&servicestatustypes=%d",SERVICE_WARNING);
+ 	printf("&hoststatustypes=%d'>",host_status_types);
+ 	printf("Warning</A></TH>\n");
+@@ -845,11 +845,11 @@
+ 	printf("<TH CLASS='serviceTotals'>");
+ 	printf("<A CLASS='serviceTotals' HREF='%s?",STATUS_CGI);
+ 	if(display_type==DISPLAY_HOSTS)
+-		printf("host=%s",host_name);
++		printf("host=%s",url_encode(host_name));
+ 	else if(display_type==DISPLAY_SERVICEGROUPS)
+-		printf("servicegroup=%s&style=detail",servicegroup_name);
++		printf("servicegroup=%s&style=detail",url_encode(servicegroup_name));
+ 	else
+-		printf("hostgroup=%s&style=detail",hostgroup_name);
++		printf("hostgroup=%s&style=detail",url_encode(hostgroup_name));
+ 	printf("&servicestatustypes=%d",SERVICE_UNKNOWN);
+ 	printf("&hoststatustypes=%d'>",host_status_types);
+ 	printf("Unknown</A></TH>\n");
+@@ -857,11 +857,11 @@
+ 	printf("<TH CLASS='serviceTotals'>");
+ 	printf("<A CLASS='serviceTotals' HREF='%s?",STATUS_CGI);
+ 	if(display_type==DISPLAY_HOSTS)
+-		printf("host=%s",host_name);
++		printf("host=%s",url_encode(host_name));
+ 	else if(display_type==DISPLAY_SERVICEGROUPS)
+-		printf("servicegroup=%s&style=detail",servicegroup_name);
++		printf("servicegroup=%s&style=detail",url_encode(servicegroup_name));
+ 	else
+-		printf("hostgroup=%s&style=detail",hostgroup_name);
++		printf("hostgroup=%s&style=detail",url_encode(hostgroup_name));
+ 	printf("&servicestatustypes=%d",SERVICE_CRITICAL);
+ 	printf("&hoststatustypes=%d'>",host_status_types);
+ 	printf("Critical</A></TH>\n");
+@@ -869,11 +869,11 @@
+ 	printf("<TH CLASS='serviceTotals'>");
+ 	printf("<A CLASS='serviceTotals' HREF='%s?",STATUS_CGI);
+ 	if(display_type==DISPLAY_HOSTS)
+-		printf("host=%s",host_name);
++		printf("host=%s",url_encode(host_name));
+ 	else if(display_type==DISPLAY_SERVICEGROUPS)
+-		printf("servicegroup=%s&style=detail",servicegroup_name);
++		printf("servicegroup=%s&style=detail",url_encode(servicegroup_name));
+ 	else
+-		printf("hostgroup=%s&style=detail",hostgroup_name);
++		printf("hostgroup=%s&style=detail",url_encode(hostgroup_name));
+ 	printf("&servicestatustypes=%d",SERVICE_PENDING);
+ 	printf("&hoststatustypes=%d'>",host_status_types);
+ 	printf("Pending</A></TH>\n");
+@@ -910,11 +910,11 @@
+ 	printf("<TH CLASS='serviceTotals'>");
+ 	printf("<A CLASS='serviceTotals' HREF='%s?",STATUS_CGI);
+ 	if(display_type==DISPLAY_HOSTS)
+-		printf("host=%s",host_name);
++		printf("host=%s",url_encode(host_name));
+ 	else if(display_type==DISPLAY_SERVICEGROUPS)
+-		printf("servicegroup=%s&style=detail",servicegroup_name);
++		printf("servicegroup=%s&style=detail",url_encode(servicegroup_name));
+ 	else
+-		printf("hostgroup=%s&style=detail",hostgroup_name);
++		printf("hostgroup=%s&style=detail",url_encode(hostgroup_name));
+ 	printf("&servicestatustypes=%d",SERVICE_UNKNOWN|SERVICE_WARNING|SERVICE_CRITICAL);
+ 	printf("&hoststatustypes=%d'>",host_status_types);
+ 	printf("<I>All Problems</I></A></TH>\n");
+@@ -922,11 +922,11 @@
+ 	printf("<TH CLASS='serviceTotals'>");
+ 	printf("<A CLASS='serviceTotals' HREF='%s?",STATUS_CGI);
+ 	if(display_type==DISPLAY_HOSTS)
+-		printf("host=%s",host_name);
++		printf("host=%s",url_encode(host_name));
+ 	else if(display_type==DISPLAY_SERVICEGROUPS)
+-		printf("servicegroup=%s&style=detail",servicegroup_name);
++		printf("servicegroup=%s&style=detail",url_encode(servicegroup_name));
+ 	else
+-		printf("hostgroup=%s&style=detail",hostgroup_name);
++		printf("hostgroup=%s&style=detail",url_encode(hostgroup_name));
+ 	printf("&hoststatustypes=%d'>",host_status_types);
+ 	printf("<I>All Types</I></A></TH>\n");
+ 
+@@ -1035,11 +1035,11 @@
+ 	printf("<TH CLASS='hostTotals'>");
+ 	printf("<A CLASS='hostTotals' HREF='%s?",STATUS_CGI);
+ 	if(display_type==DISPLAY_HOSTS)
+-		printf("host=%s",host_name);
++		printf("host=%s",url_encode(host_name));
+ 	else if(display_type==DISPLAY_SERVICEGROUPS)
+-		printf("servicegroup=%s",servicegroup_name);
++		printf("servicegroup=%s",url_encode(servicegroup_name));
+ 	else{
+-		printf("hostgroup=%s",hostgroup_name);
++		printf("hostgroup=%s",url_encode(hostgroup_name));
+ 		if((service_status_types!=all_service_status_types) || group_style_type==STYLE_DETAIL)
+ 			printf("&style=detail");
+ 		else if(group_style_type==STYLE_HOST_DETAIL)
+@@ -1053,11 +1053,11 @@
+ 	printf("<TH CLASS='hostTotals'>");
+ 	printf("<A CLASS='hostTotals' HREF='%s?",STATUS_CGI);
+ 	if(display_type==DISPLAY_HOSTS)
+-		printf("host=%s",host_name);
++		printf("host=%s",url_encode(host_name));
+ 	else if(display_type==DISPLAY_SERVICEGROUPS)
+-		printf("servicegroup=%s",servicegroup_name);
++		printf("servicegroup=%s",url_encode(servicegroup_name));
+ 	else{
+-		printf("hostgroup=%s",hostgroup_name);
++		printf("hostgroup=%s",url_encode(hostgroup_name));
+ 		if((service_status_types!=all_service_status_types) || group_style_type==STYLE_DETAIL)
+ 			printf("&style=detail");
+ 		else if(group_style_type==STYLE_HOST_DETAIL)
+@@ -1071,11 +1071,11 @@
+ 	printf("<TH CLASS='hostTotals'>");
+ 	printf("<A CLASS='hostTotals' HREF='%s?",STATUS_CGI);
+ 	if(display_type==DISPLAY_HOSTS)
+-		printf("host=%s",host_name);
++		printf("host=%s",url_encode(host_name));
+ 	else if(display_type==DISPLAY_SERVICEGROUPS)
+-		printf("servicegroup=%s",servicegroup_name);
++		printf("servicegroup=%s",url_encode(servicegroup_name));
+ 	else{
+-		printf("hostgroup=%s",hostgroup_name);
++		printf("hostgroup=%s",url_encode(hostgroup_name));
+ 		if((service_status_types!=all_service_status_types) || group_style_type==STYLE_DETAIL)
+ 			printf("&style=detail");
+ 		else if(group_style_type==STYLE_HOST_DETAIL)
+@@ -1089,11 +1089,11 @@
+ 	printf("<TH CLASS='hostTotals'>");
+ 	printf("<A CLASS='hostTotals' HREF='%s?",STATUS_CGI);
+ 	if(display_type==DISPLAY_HOSTS)
+-		printf("host=%s",host_name);
++		printf("host=%s",url_encode(host_name));
+ 	else if(display_type==DISPLAY_SERVICEGROUPS)
+-		printf("servicegroup=%s",servicegroup_name);
++		printf("servicegroup=%s",url_encode(servicegroup_name));
+ 	else{
+-		printf("hostgroup=%s",hostgroup_name);
++		printf("hostgroup=%s",url_encode(hostgroup_name));
+ 		if((service_status_types!=all_service_status_types) || group_style_type==STYLE_DETAIL)
+ 			printf("&style=detail");
+ 		else if(group_style_type==STYLE_HOST_DETAIL)
+@@ -1132,11 +1132,11 @@
+ 	printf("<TH CLASS='hostTotals'>");
+ 	printf("<A CLASS='hostTotals' HREF='%s?",STATUS_CGI);
+ 	if(display_type==DISPLAY_HOSTS)
+-		printf("host=%s",host_name);
++		printf("host=%s",url_encode(host_name));
+ 	else if(display_type==DISPLAY_SERVICEGROUPS)
+-		printf("servicegroup=%s",servicegroup_name);
++		printf("servicegroup=%s",url_encode(servicegroup_name));
+ 	else{
+-		printf("hostgroup=%s",hostgroup_name);
++		printf("hostgroup=%s",url_encode(hostgroup_name));
+ 		if((service_status_types!=all_service_status_types) || group_style_type==STYLE_DETAIL)
+ 			printf("&style=detail");
+ 		else if(group_style_type==STYLE_HOST_DETAIL)
+@@ -1150,11 +1150,11 @@
+ 	printf("<TH CLASS='hostTotals'>");
+ 	printf("<A CLASS='hostTotals' HREF='%s?",STATUS_CGI);
+ 	if(display_type==DISPLAY_HOSTS)
+-		printf("host=%s",host_name);
++		printf("host=%s",url_encode(host_name));
+ 	else if(display_type==DISPLAY_SERVICEGROUPS)
+-		printf("servicegroup=%s",servicegroup_name);
++		printf("servicegroup=%s",url_encode(servicegroup_name));
+ 	else{
+-		printf("hostgroup=%s",hostgroup_name);
++		printf("hostgroup=%s",url_encode(hostgroup_name));
+ 		if((service_status_types!=all_service_status_types) || group_style_type==STYLE_DETAIL)
+ 			printf("&style=detail");
+ 		else if(group_style_type==STYLE_HOST_DETAIL)
+@@ -1261,7 +1261,7 @@
+ 		if(show_all_servicegroups==TRUE)
+ 			printf("All Service Groups");
+ 		else
+-			printf("Service Group '%s'",servicegroup_name);
++			printf("Service Group '%s'",url_encode(servicegroup_name));
+ 	        }
+ 	else{
+ 		if(show_all_hostgroups==TRUE)
+@@ -1308,11 +1308,11 @@
+ 	snprintf(temp_url,sizeof(temp_url)-1,"%s?",STATUS_CGI);
+ 	temp_url[sizeof(temp_url)-1]='\x0';
+ 	if(display_type==DISPLAY_HOSTS)
+-		snprintf(temp_buffer,sizeof(temp_buffer)-1,"host=%s",host_name);
++		snprintf(temp_buffer,sizeof(temp_buffer)-1,"host=%s",url_encode(host_name));
+ 	else if(display_type==DISPLAY_SERVICEGROUPS)
+-		snprintf(temp_buffer,sizeof(temp_buffer)-1,"servicegroup=%s&style=detail",servicegroup_name);
++		snprintf(temp_buffer,sizeof(temp_buffer)-1,"servicegroup=%s&style=detail",url_encode(servicegroup_name));
+ 	else
+-		snprintf(temp_buffer,sizeof(temp_buffer)-1,"hostgroup=%s&style=detail",hostgroup_name);
++		snprintf(temp_buffer,sizeof(temp_buffer)-1,"hostgroup=%s&style=detail",url_encode(hostgroup_name));
+ 	temp_buffer[sizeof(temp_buffer)-1]='\x0';
+ 	strncat(temp_url,temp_buffer,sizeof(temp_url)-strlen(temp_url)-1);
+ 	temp_url[sizeof(temp_url)-1]='\x0';
+@@ -1859,7 +1859,7 @@
+ 
+ 	snprintf(temp_url,sizeof(temp_url)-1,"%s?",STATUS_CGI);
+ 	temp_url[sizeof(temp_url)-1]='\x0';
+-	snprintf(temp_buffer,sizeof(temp_buffer)-1,"hostgroup=%s&style=hostdetail",hostgroup_name);
++	snprintf(temp_buffer,sizeof(temp_buffer)-1,"hostgroup=%s&style=hostdetail",url_encode(hostgroup_name));
+ 	temp_buffer[sizeof(temp_buffer)-1]='\x0';
+ 	strncat(temp_url,temp_buffer,sizeof(temp_url)-strlen(temp_url)-1);
+ 	temp_url[sizeof(temp_url)-1]='\x0';
+diff -urNad nagios2-2.6~/cgi/statusmap.c nagios2-2.6/cgi/statusmap.c
+--- nagios2-2.6~/cgi/statusmap.c	2009-09-11 15:59:13.000000000 +0200
++++ nagios2-2.6/cgi/statusmap.c	2009-09-11 15:59:14.000000000 +0200
+@@ -698,7 +698,7 @@
+ 		printf("<table border=0 CLASS='optBox'>\n");
+ 		printf("<tr><td valign=top>\n");
+ 		printf("<form method=\"POST\" action=\"%s\">\n",STATUSMAP_CGI);
+-		printf("<input type='hidden' name='host' value='%s'>\n",host_name);
++		printf("<input type='hidden' name='host' value='%s'>\n",url_encode(host_name));
+ 		printf("<input type='hidden' name='layout' value='%d'>\n",layout_method);
+ 
+ 		printf("</td><td valign=top>\n");
+diff -urNad nagios2-2.6~/cgi/statuswml.c nagios2-2.6/cgi/statuswml.c
+--- nagios2-2.6~/cgi/statuswml.c	2009-09-11 15:59:13.000000000 +0200
++++ nagios2-2.6/cgi/statuswml.c	2009-09-11 15:59:14.000000000 +0200
+@@ -648,7 +648,7 @@
+ 	printf("<card id='card1' title='Status Overview'>\n");
+ 	printf("<p align='center' mode='nowrap'>\n");
+ 
+-	printf("<b><anchor title='Status Overview'>Status Overview<go href='%s' method='post'><postfield name='hostgroup' value='%s'/><postfield name='style' value='summary'/></go></anchor></b><br/><br/>\n",STATUSWML_CGI,hostgroup_name);
++	printf("<b><anchor title='Status Overview'>Status Overview<go href='%s' method='post'><postfield name='hostgroup' value='%s'/><postfield name='style' value='summary'/></go></anchor></b><br/><br/>\n",STATUSWML_CGI,url_encode(hostgroup_name));
+ 
+ 	/* check all hostgroups */
+ 	for(temp_hostgroup=hostgroup_list;temp_hostgroup!=NULL;temp_hostgroup=temp_hostgroup->next){
+@@ -731,7 +731,7 @@
+ 	printf("<card id='card1' title='Status Summary'>\n");
+ 	printf("<p align='center' mode='nowrap'>\n");
+ 
+-	printf("<b><anchor title='Status Summary'>Status Summary<go href='%s' method='post'><postfield name='hostgroup' value='%s'/><postfield name='style' value='overview'/></go></anchor></b><br/><br/>\n",STATUSWML_CGI,hostgroup_name);
++	printf("<b><anchor title='Status Summary'>Status Summary<go href='%s' method='post'><postfield name='hostgroup' value='%s'/><postfield name='style' value='overview'/></go></anchor></b><br/><br/>\n",STATUSWML_CGI,url_encode(hostgroup_name));
+ 
+ 	/* check all hostgroups */
+ 	for(temp_hostgroup=hostgroup_list;temp_hostgroup!=NULL;temp_hostgroup=temp_hostgroup->next){
+@@ -953,7 +953,7 @@
+ 
+ 	printf("</table>\n");
+ 	printf("<br/>\n");
+-	printf("<b><anchor title='View Services'>View Services<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='style' value='servicedetail'/></go></anchor></b>\n",STATUSWML_CGI,host_name);
++	printf("<b><anchor title='View Services'>View Services<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='style' value='servicedetail'/></go></anchor></b>\n",STATUSWML_CGI,url_encode(host_name));
+ 	printf("<b><anchor title='Host Commands'>Host Commands<go href='#card2'/></anchor></b>\n");
+ 	printf("</p>\n");
+ 
+@@ -972,23 +972,23 @@
+ 		printf("<b><anchor title='Acknowledge Problem'>Acknowledge Problem<go href='#card3'/></anchor></b>\n");
+ 
+ 	if(temp_hoststatus->checks_enabled==FALSE)
+-		printf("<b><anchor title='Enable Host Checks'>Enable Host Checks<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,host_name,CMD_ENABLE_HOST_CHECK,CMDMODE_COMMIT);
++		printf("<b><anchor title='Enable Host Checks'>Enable Host Checks<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),CMD_ENABLE_HOST_CHECK,CMDMODE_COMMIT);
+ 	else
+-		printf("<b><anchor title='Disable Host Checks'>Disable Host Checks<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,host_name,CMD_DISABLE_HOST_CHECK,CMDMODE_COMMIT);
++		printf("<b><anchor title='Disable Host Checks'>Disable Host Checks<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),CMD_DISABLE_HOST_CHECK,CMDMODE_COMMIT);
+ 
+ 	if(temp_hoststatus->notifications_enabled==FALSE)
+-		printf("<b><anchor title='Enable Host Notifications'>Enable Host Notifications<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,host_name,CMD_ENABLE_HOST_NOTIFICATIONS,CMDMODE_COMMIT);
++		printf("<b><anchor title='Enable Host Notifications'>Enable Host Notifications<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),CMD_ENABLE_HOST_NOTIFICATIONS,CMDMODE_COMMIT);
+ 	else
+-		printf("<b><anchor title='Disable Host Notifications'>Disable Host Notifications<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,host_name,CMD_DISABLE_HOST_NOTIFICATIONS,CMDMODE_COMMIT);
++		printf("<b><anchor title='Disable Host Notifications'>Disable Host Notifications<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),CMD_DISABLE_HOST_NOTIFICATIONS,CMDMODE_COMMIT);
+ 
+ 
+-	printf("<b><anchor title='Enable All Service Checks'>Enable All Service Checks<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,host_name,CMD_ENABLE_HOST_SVC_CHECKS,CMDMODE_COMMIT);
++	printf("<b><anchor title='Enable All Service Checks'>Enable All Service Checks<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),CMD_ENABLE_HOST_SVC_CHECKS,CMDMODE_COMMIT);
+ 
+-	printf("<b><anchor title='Disable All Service Checks'>Disable All Service Checks<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,host_name,CMD_DISABLE_HOST_SVC_CHECKS,CMDMODE_COMMIT);
++	printf("<b><anchor title='Disable All Service Checks'>Disable All Service Checks<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),CMD_DISABLE_HOST_SVC_CHECKS,CMDMODE_COMMIT);
+ 
+-	printf("<b><anchor title='Enable All Service Notifications'>Enable All Service Notifications<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,host_name,CMD_ENABLE_HOST_SVC_NOTIFICATIONS,CMDMODE_COMMIT);
++	printf("<b><anchor title='Enable All Service Notifications'>Enable All Service Notifications<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),CMD_ENABLE_HOST_SVC_NOTIFICATIONS,CMDMODE_COMMIT);
+ 
+-	printf("<b><anchor title='Disable All Service Notifications'>Disable All Service Notifications<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,host_name,CMD_DISABLE_HOST_SVC_NOTIFICATIONS,CMDMODE_COMMIT);
++	printf("<b><anchor title='Disable All Service Notifications'>Disable All Service Notifications<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),CMD_DISABLE_HOST_SVC_NOTIFICATIONS,CMDMODE_COMMIT);
+ 
+ 	printf("</p>\n");
+ 
+@@ -1008,7 +1008,7 @@
+ 	printf("<input name='comment'/>\n");
+ 
+ 	printf("<do type='accept'>\n");
+-	printf("<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='com_author' value='$(name)'/><postfield name='com_data' value='$(comment)'/><postfield name='persistent' value=''/><postfield name='send_notification' value=''/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go>\n",COMMAND_CGI,host_name,CMD_ACKNOWLEDGE_HOST_PROBLEM,CMDMODE_COMMIT);
++	printf("<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='com_author' value='$(name)'/><postfield name='com_data' value='$(comment)'/><postfield name='persistent' value=''/><postfield name='send_notification' value=''/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go>\n",COMMAND_CGI,url_encode(host_name),CMD_ACKNOWLEDGE_HOST_PROBLEM,CMDMODE_COMMIT);
+ 	printf("</do>\n");
+ 
+ 	printf("</p>\n");
+@@ -1028,7 +1028,7 @@
+ 	/**** MAIN SCREEN (CARD 1) ****/
+ 	printf("<card id='card1' title='Host Services'>\n");
+ 	printf("<p align='center' mode='nowrap'>\n");
+-	printf("<b>Host <anchor title='%s'>'%s'<go href='%s' method='post'><postfield name='host' value='%s'/></go></anchor> Services</b><br/>\n",host_name,host_name,STATUSWML_CGI,host_name);
++	printf("<b>Host <anchor title='%s'>'%s'<go href='%s' method='post'><postfield name='host' value='%s'/></go></anchor> Services</b><br/>\n",url_encode(host_name),host_name,STATUSWML_CGI,url_encode(host_name));
+ 
+ 	printf("<table columns='2' align='LL'>\n");
+ 
+@@ -1169,7 +1169,7 @@
+ 
+ 	printf("</table>\n");
+ 	printf("<br/>\n");
+-	printf("<b><anchor title='View Host'>View Host<go href='%s' method='post'><postfield name='host' value='%s'/></go></anchor></b>\n",STATUSWML_CGI,host_name);
++	printf("<b><anchor title='View Host'>View Host<go href='%s' method='post'><postfield name='host' value='%s'/></go></anchor></b>\n",STATUSWML_CGI,url_encode(host_name));
+ 	printf("<b><anchor title='Service Commands'>Svc. Commands<go href='#card2'/></anchor></b>\n");
+ 	printf("</p>\n");
+ 
+@@ -1185,16 +1185,16 @@
+ 		printf("<b><anchor title='Acknowledge Problem'>Acknowledge Problem<go href='#card3'/></anchor></b>\n");
+ 
+ 	if(temp_servicestatus->checks_enabled==FALSE)
+-		printf("<b><anchor title='Enable Checks'>Enable Checks<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='service' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,host_name,service_desc,CMD_ENABLE_SVC_CHECK,CMDMODE_COMMIT);
++		printf("<b><anchor title='Enable Checks'>Enable Checks<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='service' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),url_encode(service_desc),CMD_ENABLE_SVC_CHECK,CMDMODE_COMMIT);
+ 	else{
+-		printf("<b><anchor title='Disable Checks'>Disable Checks<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='service' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,host_name,service_desc,CMD_DISABLE_SVC_CHECK,CMDMODE_COMMIT);
+-		printf("<b><anchor title='Schedule Immediate Check'>Schedule Immediate Check<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='service' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,host_name,service_desc,CMD_SCHEDULE_SVC_CHECK,CMDMODE_COMMIT);
++		printf("<b><anchor title='Disable Checks'>Disable Checks<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='service' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),url_encode(service_desc),CMD_DISABLE_SVC_CHECK,CMDMODE_COMMIT);
++		printf("<b><anchor title='Schedule Immediate Check'>Schedule Immediate Check<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='service' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),url_encode(service_desc),CMD_SCHEDULE_SVC_CHECK,CMDMODE_COMMIT);
+ 	        }
+ 
+ 	if(temp_servicestatus->notifications_enabled==FALSE)
+-		printf("<b><anchor title='Enable Notifications'>Enable Notifications<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='service' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,host_name,service_desc,CMD_ENABLE_SVC_NOTIFICATIONS,CMDMODE_COMMIT);
++		printf("<b><anchor title='Enable Notifications'>Enable Notifications<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='service' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),url_encode(service_desc),CMD_ENABLE_SVC_NOTIFICATIONS,CMDMODE_COMMIT);
+ 	else
+-		printf("<b><anchor title='Disable Notifications'>Disable Notifications<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='service' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,host_name,service_desc,CMD_DISABLE_SVC_NOTIFICATIONS,CMDMODE_COMMIT);
++		printf("<b><anchor title='Disable Notifications'>Disable Notifications<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='service' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),url_encode(service_desc),CMD_DISABLE_SVC_NOTIFICATIONS,CMDMODE_COMMIT);
+ 
+ 	printf("</p>\n");
+ 
+@@ -1214,7 +1214,7 @@
+ 	printf("<input name='comment'/>\n");
+ 
+ 	printf("<do type='accept'>\n");
+-	printf("<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='service' value='%s'/><postfield name='com_author' value='$(name)'/><postfield name='com_data' value='$(comment)'/><postfield name='persistent' value=''/><postfield name='send_notification' value=''/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go>\n",COMMAND_CGI,host_name,service_desc,CMD_ACKNOWLEDGE_SVC_PROBLEM,CMDMODE_COMMIT);
++	printf("<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='service' value='%s'/><postfield name='com_author' value='$(name)'/><postfield name='com_data' value='$(comment)'/><postfield name='persistent' value=''/><postfield name='send_notification' value=''/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go>\n",COMMAND_CGI,url_encode(host_name),url_encode(service_desc),CMD_ACKNOWLEDGE_SVC_PROBLEM,CMDMODE_COMMIT);
+ 	printf("</do>\n");
+ 
+ 	printf("</p>\n");
+diff -urNad nagios2-2.6~/cgi/trends.c nagios2-2.6/cgi/trends.c
+--- nagios2-2.6~/cgi/trends.c	2009-09-11 15:59:13.000000000 +0200
++++ nagios2-2.6/cgi/trends.c	2009-09-11 15:59:14.000000000 +0200
+@@ -451,9 +451,9 @@
+ 				printf("<input type='hidden' name='nomap' value=''>\n");
+ 			printf("<input type='hidden' name='t1' value='%lu'>\n",(unsigned long)t1);
+ 			printf("<input type='hidden' name='t2' value='%lu'>\n",(unsigned long)t2);
+-			printf("<input type='hidden' name='host' value='%s'>\n",host_name);
++			printf("<input type='hidden' name='host' value='%s'>\n",url_encode(host_name));
+ 			if(display_type==DISPLAY_SERVICE_TRENDS)
+-				printf("<input type='hidden' name='service' value='%s'>\n",svc_description);
++				printf("<input type='hidden' name='service' value='%s'>\n",url_encode(svc_description));
+ 
+ 			printf("<input type='hidden' name='assumeinitialstates' value='%s'>\n",(assume_initial_states==TRUE)?"yes":"no");
+ 			printf("<input type='hidden' name='assumestateretention' value='%s'>\n",(assume_state_retention==TRUE)?"yes":"no");
+@@ -897,9 +897,9 @@
+ 
+ 			printf("<TABLE BORDER=0 CELLPADDING=5>\n");
+ 			printf("<form method=\"GET\" action=\"%s\">\n",TRENDS_CGI);
+-			printf("<input type='hidden' name='host' value='%s'>\n",host_name);
++			printf("<input type='hidden' name='host' value='%s'>\n",url_encode(host_name));
+ 			if(display_type==DISPLAY_SERVICE_TRENDS)
+-				printf("<input type='hidden' name='service' value='%s'>\n",svc_description);
++				printf("<input type='hidden' name='service' value='%s'>\n",url_encode(svc_description));
+ 
+ 			printf("<tr><td class='reportSelectSubTitle' align=right>Report period:</td>\n");
+ 			printf("<td class='reportSelectItem'>\n");
only in patch2:
unchanged:
--- nagios2-2.6.orig/debian/patches/CVE-2007-5624.dpatch
+++ nagios2-2.6/debian/patches/CVE-2007-5624.dpatch
@@ -0,0 +1,394 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## CVE-2007-5624.dpatch by Giuseppe Iuculano <giuseppe@iuculano.it>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Fix potential cross-site scripting in the CGIs (Closes: #448371)
+##     Fixes: CVE-2007-5624
+
+@DPATCH@
+diff -urNad nagios2-2.6~/cgi/avail.c nagios2-2.6/cgi/avail.c
+--- nagios2-2.6~/cgi/avail.c	2006-04-06 00:33:32.000000000 +0200
++++ nagios2-2.6/cgi/avail.c	2009-09-04 17:30:36.000000000 +0200
+@@ -1157,6 +1157,7 @@
+ 				hostgroup_name="";
+ 			else
+ 				strcpy(hostgroup_name,variables[x]);
++			strip_html_brackets(hostgroup_name);
+ 			display_type=DISPLAY_HOSTGROUP_AVAIL;
+ 			show_all_hostgroups=(strcmp(hostgroup_name,"all"))?FALSE:TRUE;
+ 		        }
+@@ -1174,6 +1175,7 @@
+ 				servicegroup_name="";
+ 			else
+ 				strcpy(servicegroup_name,variables[x]);
++			strip_html_brackets(servicegroup_name);
+ 			display_type=DISPLAY_SERVICEGROUP_AVAIL;
+ 			show_all_servicegroups=(strcmp(servicegroup_name,"all"))?FALSE:TRUE;
+ 		        }
+@@ -1191,6 +1193,7 @@
+ 				host_name="";
+ 			else
+ 				strcpy(host_name,variables[x]);
++			strip_html_brackets(host_name);
+ 			display_type=DISPLAY_HOST_AVAIL;
+ 			show_all_hosts=(strcmp(host_name,"all"))?FALSE:TRUE;
+ 		        }
+@@ -1208,6 +1211,7 @@
+ 				svc_description="";
+ 			else
+ 				strcpy(svc_description,variables[x]);
++			strip_html_brackets(svc_description);
+ 			display_type=DISPLAY_SERVICE_AVAIL;
+ 			show_all_services=(strcmp(svc_description,"all"))?FALSE:TRUE;
+ 		        }
+diff -urNad nagios2-2.6~/cgi/cgiutils.c nagios2-2.6/cgi/cgiutils.c
+--- nagios2-2.6~/cgi/cgiutils.c	2006-11-13 19:40:34.000000000 +0100
++++ nagios2-2.6/cgi/cgiutils.c	2009-09-04 17:30:36.000000000 +0200
+@@ -1394,6 +1394,29 @@
+ 
+ 
+ 
++/* strip > and < from string */
++void strip_html_brackets(char *buffer){
++	register int x;
++	register int y;
++	register int z;
++
++	if(buffer==NULL || buffer[0]=='\x0')
++		return;
++
++	/* remove all occurances in string */
++	z=(int)strlen(buffer);
++	for(x=0,y=0;x<z;x++){
++		if(buffer[x]=='<' || buffer[x]=='>')
++			continue;
++		buffer[y++]=buffer[x];
++	        }
++	buffer[y++]='\x0';
++
++	return;
++	}
++
++
++
+ /* determines the log file we should use (from current time) */
+ void get_log_archive_to_use(int archive,char *buffer,int buffer_length){
+ 	struct tm *t;
+diff -urNad nagios2-2.6~/cgi/cmd.c nagios2-2.6/cgi/cmd.c
+--- nagios2-2.6~/cgi/cmd.c	2006-05-19 16:25:03.000000000 +0200
++++ nagios2-2.6/cgi/cmd.c	2009-09-04 17:30:36.000000000 +0200
+@@ -380,6 +380,7 @@
+ 				comment_author="";
+ 			else
+ 				strcpy(comment_author,variables[x]);
++			strip_html_brackets(comment_author);
+ 			}
+ 
+ 		/* we found the comment data */
+@@ -395,6 +396,7 @@
+ 				comment_data="";
+ 			else
+ 				strcpy(comment_data,variables[x]);
++			strip_html_brackets(comment_data);
+ 			}
+ 
+ 		/* we found the host name */
+@@ -410,6 +412,7 @@
+ 				host_name="";
+ 			else
+ 				strcpy(host_name,variables[x]);
++			strip_html_brackets(host_name);
+ 			}
+ 
+ 		/* we found the hostgroup name */
+@@ -425,6 +428,7 @@
+ 				hostgroup_name="";
+ 			else
+ 				strcpy(hostgroup_name,variables[x]);
++			strip_html_brackets(hostgroup_name);
+ 			}
+ 
+ 		/* we found the service name */
+@@ -440,6 +444,7 @@
+ 				service_desc="";
+ 			else
+ 				strcpy(service_desc,variables[x]);
++			strip_html_brackets(service_desc);
+ 			}
+ 
+ 		/* we found the servicegroup name */
+@@ -455,6 +460,7 @@
+ 				servicegroup_name="";
+ 			else
+ 				strcpy(servicegroup_name,variables[x]);
++			strip_html_brackets(servicegroup_name);
+ 			}
+ 
+ 		/* we got the persistence option for a comment */
+diff -urNad nagios2-2.6~/cgi/extinfo.c nagios2-2.6/cgi/extinfo.c
+--- nagios2-2.6~/cgi/extinfo.c	2006-10-09 17:59:02.000000000 +0200
++++ nagios2-2.6/cgi/extinfo.c	2009-09-04 17:30:36.000000000 +0200
+@@ -604,6 +604,7 @@
+ 			host_name=strdup(variables[x]);
+ 			if(host_name==NULL)
+ 				host_name="";
++			strip_html_brackets(host_name);
+ 			}
+ 
+ 		/* we found the hostgroup name */
+@@ -617,6 +618,7 @@
+ 			hostgroup_name=strdup(variables[x]);
+ 			if(hostgroup_name==NULL)
+ 				hostgroup_name="";
++			strip_html_brackets(hostgroup_name);
+ 			}
+ 
+ 		/* we found the service name */
+@@ -630,6 +632,7 @@
+ 			service_desc=strdup(variables[x]);
+ 			if(service_desc==NULL)
+ 				service_desc="";
++			strip_html_brackets(service_desc);
+ 			}
+ 
+ 		/* we found the servicegroup name */
+@@ -643,6 +646,7 @@
+ 			servicegroup_name=strdup(variables[x]);
+ 			if(servicegroup_name==NULL)
+ 				servicegroup_name="";
++			strip_html_brackets(servicegroup_name);
+ 			}
+ 
+ 		/* we found the sort type argument */
+diff -urNad nagios2-2.6~/cgi/histogram.c nagios2-2.6/cgi/histogram.c
+--- nagios2-2.6~/cgi/histogram.c	2006-03-21 22:31:46.000000000 +0100
++++ nagios2-2.6/cgi/histogram.c	2009-09-04 17:30:36.000000000 +0200
+@@ -1086,6 +1086,7 @@
+ 				host_name="";
+ 			else
+ 				strcpy(host_name,variables[x]);
++			strip_html_brackets(host_name);
+ 
+ 			display_type=DISPLAY_HOST_HISTOGRAM;
+ 		        }
+@@ -1103,6 +1104,7 @@
+ 				svc_description="";
+ 			else
+ 				strcpy(svc_description,variables[x]);
++			strip_html_brackets(svc_description);
+ 
+ 			display_type=DISPLAY_SERVICE_HISTOGRAM;
+ 		        }
+diff -urNad nagios2-2.6~/cgi/history.c nagios2-2.6/cgi/history.c
+--- nagios2-2.6~/cgi/history.c	2006-03-21 22:31:46.000000000 +0100
++++ nagios2-2.6/cgi/history.c	2009-09-04 17:30:36.000000000 +0200
+@@ -379,6 +379,7 @@
+ 				host_name="";
+ 			else
+ 				strcpy(host_name,variables[x]);
++			strip_html_brackets(host_name);
+ 
+ 			display_type=DISPLAY_HOSTS;
+ 
+@@ -401,6 +402,7 @@
+ 				svc_description="";
+ 			else
+ 				strcpy(svc_description,variables[x]);
++			strip_html_brackets(svc_description);
+ 
+ 			display_type=DISPLAY_SERVICES;
+ 		        }
+diff -urNad nagios2-2.6~/cgi/notifications.c nagios2-2.6/cgi/notifications.c
+--- nagios2-2.6~/cgi/notifications.c	2006-10-09 17:59:02.000000000 +0200
++++ nagios2-2.6/cgi/notifications.c	2009-09-04 17:30:36.000000000 +0200
+@@ -371,6 +371,7 @@
+ 			query_host_name=strdup(variables[x]);
+ 			if(query_host_name==NULL)
+ 				query_host_name="";
++			strip_html_brackets(query_host_name);
+ 			if(!strcmp(query_host_name,"all"))
+ 				find_all=TRUE;
+ 			else
+@@ -390,6 +391,8 @@
+ 
+ 			if(query_contact_name==NULL)
+ 				query_contact_name="";
++			strip_html_brackets(query_contact_name);
++
+ 			if(!strcmp(query_contact_name,"all"))
+ 				find_all=TRUE;
+ 			else
+@@ -408,6 +411,7 @@
+ 			query_svc_description=strdup(variables[x]);
+ 			if(query_svc_description==NULL)
+ 				query_svc_description="";
++			strip_html_brackets(query_svc_description);
+ 		        }
+ 	
+ 		/* we found the notification type argument */
+diff -urNad nagios2-2.6~/cgi/status.c nagios2-2.6/cgi/status.c
+--- nagios2-2.6~/cgi/status.c	2006-10-09 17:59:02.000000000 +0200
++++ nagios2-2.6/cgi/status.c	2009-09-04 17:30:36.000000000 +0200
+@@ -572,6 +572,7 @@
+ 			        }
+ 
+ 			hostgroup_name=strdup(variables[x]);
++			strip_html_brackets(hostgroup_name);
+ 
+ 			if(hostgroup_name!=NULL && !strcmp(hostgroup_name,"all"))
+ 				show_all_hostgroups=TRUE;
+@@ -589,6 +590,7 @@
+ 			        }
+ 
+ 			servicegroup_name=strdup(variables[x]);
++			strip_html_brackets(servicegroup_name);
+ 
+ 			if(servicegroup_name!=NULL && !strcmp(servicegroup_name,"all"))
+ 				show_all_servicegroups=TRUE;
+@@ -606,6 +608,7 @@
+ 			        }
+ 
+ 			host_name=strdup(variables[x]);
++			strip_html_brackets(host_name);
+ 
+ 			if(host_name!=NULL && !strcmp(host_name,"all"))
+ 				show_all_hosts=TRUE;
+@@ -730,6 +733,7 @@
+                                 break;
+                                 }
+                         service_filter=strdup(variables[x]);
++			strip_html_brackets(service_filter);
+                         }
+ 	        }
+ 
+diff -urNad nagios2-2.6~/cgi/statusmap.c nagios2-2.6/cgi/statusmap.c
+--- nagios2-2.6~/cgi/statusmap.c	2006-03-21 22:31:46.000000000 +0100
++++ nagios2-2.6/cgi/statusmap.c	2009-09-04 17:30:36.000000000 +0200
+@@ -412,6 +412,7 @@
+ 				host_name="all";
+ 			else
+ 				strcpy(host_name,variables[x]);
++			strip_html_brackets(host_name);
+ 
+ 			if(!strcmp(host_name,"all"))
+ 				show_all_hosts=TRUE;
+@@ -570,6 +571,7 @@
+ 				break;
+ 			        }
+ 
++			strip_html_brackets(variables[x]);
+ 			add_layer(variables[x]);
+ 		        }
+ 	        }
+diff -urNad nagios2-2.6~/cgi/statuswml.c nagios2-2.6/cgi/statuswml.c
+--- nagios2-2.6~/cgi/statuswml.c	2009-09-04 17:30:36.000000000 +0200
++++ nagios2-2.6/cgi/statuswml.c	2009-09-04 17:30:36.000000000 +0200
+@@ -248,6 +248,7 @@
+ 				hostgroup_name="";
+ 			else
+ 				strcpy(hostgroup_name,variables[x]);
++			strip_html_brackets(hostgroup_name);
+ 
+ 			if(!strcmp(hostgroup_name,"all"))
+ 				show_all_hostgroups=TRUE;
+@@ -269,6 +270,7 @@
+ 				host_name="";
+ 			else
+ 				strcpy(host_name,variables[x]);
++			strip_html_brackets(host_name);
+ 		        }
+ 
+ 		/* we found the service argument */
+@@ -285,6 +287,7 @@
+ 				service_desc="";
+ 			else
+ 				strcpy(service_desc,variables[x]);
++			strip_html_brackets(service_desc);
+ 		        }
+ 
+ 
+@@ -326,6 +329,7 @@
+ 				ping_address="";
+ 			else
+ 				strcpy(ping_address,variables[x]);
++			strip_html_brackets(ping_address);
+ 		        }
+ 
+ 		/* we found the traceroute argument */
+@@ -342,6 +346,7 @@
+ 				traceroute_address="";
+ 			else
+ 				strcpy(traceroute_address,variables[x]);
++			strip_html_brackets(traceroute_address);
+ 		        }
+ 
+ 	        }
+diff -urNad nagios2-2.6~/cgi/statuswrl.c nagios2-2.6/cgi/statuswrl.c
+--- nagios2-2.6~/cgi/statuswrl.c	2006-03-27 17:38:06.000000000 +0200
++++ nagios2-2.6/cgi/statuswrl.c	2009-09-04 17:30:36.000000000 +0200
+@@ -239,6 +239,7 @@
+ 				host_name="all";
+ 			else
+ 				strcpy(host_name,variables[x]);
++			strip_html_brackets(host_name);
+ 
+ 			if(!strcmp(host_name,"all"))
+ 				show_all_hosts=TRUE;
+diff -urNad nagios2-2.6~/cgi/summary.c nagios2-2.6/cgi/summary.c
+--- nagios2-2.6~/cgi/summary.c	2006-03-21 22:31:46.000000000 +0100
++++ nagios2-2.6/cgi/summary.c	2009-09-04 17:30:36.000000000 +0200
+@@ -1135,6 +1135,7 @@
+ 				target_hostgroup_name="";
+ 			else
+ 				strcpy(target_hostgroup_name,variables[x]);
++			strip_html_brackets(target_hostgroup_name);
+ 
+ 			if(!strcmp(target_hostgroup_name,"all"))
+ 				show_all_hostgroups=TRUE;
+@@ -1157,6 +1158,7 @@
+ 				target_servicegroup_name="";
+ 			else
+ 				strcpy(target_servicegroup_name,variables[x]);
++			strip_html_brackets(target_servicegroup_name);
+ 
+ 			if(!strcmp(target_servicegroup_name,"all"))
+ 				show_all_servicegroups=TRUE;
+@@ -1179,6 +1181,7 @@
+ 				target_host_name="";
+ 			else
+ 				strcpy(target_host_name,variables[x]);
++			strip_html_brackets(target_host_name);
+ 
+ 			if(!strcmp(target_host_name,"all"))
+ 				show_all_hosts=TRUE;
+diff -urNad nagios2-2.6~/cgi/trends.c nagios2-2.6/cgi/trends.c
+--- nagios2-2.6~/cgi/trends.c	2006-03-21 22:31:47.000000000 +0100
++++ nagios2-2.6/cgi/trends.c	2009-09-04 17:30:36.000000000 +0200
+@@ -1207,6 +1207,7 @@
+ 				host_name="";
+ 			else
+ 				strcpy(host_name,variables[x]);
++			strip_html_brackets(host_name);
+ 
+ 			display_type=DISPLAY_HOST_TRENDS;
+ 		        }
+@@ -1224,6 +1225,7 @@
+ 				svc_description="";
+ 			else
+ 				strcpy(svc_description,variables[x]);
++			strip_html_brackets(svc_description);
+ 
+ 			display_type=DISPLAY_SERVICE_TRENDS;
+ 		        }
+diff -urNad nagios2-2.6~/include/cgiutils.h.in nagios2-2.6/include/cgiutils.h.in
+--- nagios2-2.6~/include/cgiutils.h.in	2006-01-20 18:34:53.000000000 +0100
++++ nagios2-2.6/include/cgiutils.h.in	2009-09-04 17:30:36.000000000 +0200
+@@ -471,6 +471,8 @@
+ char * url_encode(char *);		        		/* encodes a string in proper URL format */
+ char * html_encode(char *);					/* encodes a string in HTML format (for what the user sees) */
+ 
++void strip_html_brackets(char *); 
++
+ void get_time_breakdown(unsigned long,int *,int *,int *,int *);	/* given total seconds, get days, hours, minutes, seconds */
+ 
+ void get_log_archive_to_use(int,char *,int);			/* determines the name of the log archive to use */
only in patch2:
unchanged:
--- nagios2-2.6.orig/debian/patches/CVE-2008-1360.dpatch
+++ nagios2-2.6/debian/patches/CVE-2008-1360.dpatch
@@ -0,0 +1,85 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## CVE-2008-1360.dpatch by Giuseppe Iuculano <giuseppe@iuculano.it>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Fixed cross-site scripting (XSS) vulnerability
+
+@DPATCH@
+diff -urNad nagios2-2.6~/cgi/extinfo.c nagios2-2.6/cgi/extinfo.c
+--- nagios2-2.6~/cgi/extinfo.c	2009-09-04 18:17:44.000000000 +0200
++++ nagios2-2.6/cgi/extinfo.c	2009-09-04 18:17:45.000000000 +0200
+@@ -999,7 +999,7 @@
+ 
+ 		printf("<TR><TD CLASS='dataVar'>Host Status:</td><td CLASS='dataVal'><DIV CLASS='%s'>&nbsp;&nbsp;%s&nbsp;&nbsp;%s&nbsp;&nbsp;</DIV></td></tr>\n",bg_class,state_string,(temp_hoststatus->problem_has_been_acknowledged==TRUE)?"(Has been acknowledged)":"");
+ 
+-		printf("<TR><TD CLASS='dataVar'>Status Information:</td><td CLASS='dataVal'>%s</td></tr>\n",(temp_hoststatus->plugin_output==NULL)?"":temp_hoststatus->plugin_output);
++		printf("<TR><TD CLASS='dataVar'>Status Information:</td><td CLASS='dataVal'>%s</td></tr>\n",(temp_hoststatus->plugin_output==NULL)?"":html_encode(temp_hoststatus->plugin_output));
+ 
+ 		printf("<TR><TD CLASS='dataVar'>Performance Data:</td><td CLASS='dataVal'>%s</td></tr>\n",(temp_hoststatus->perf_data==NULL)?"":temp_hoststatus->perf_data);
+ 
+@@ -1309,7 +1309,7 @@
+ 			}
+ 		printf("<TR><TD CLASS='dataVar'>Current Status:</TD><TD CLASS='dataVal'><DIV CLASS='%s'>&nbsp;&nbsp;%s&nbsp;&nbsp;%s&nbsp;&nbsp;</DIV></TD></TR>\n",bg_class,state_string,(temp_svcstatus->problem_has_been_acknowledged==TRUE)?"(Has been acknowledged)":"");
+ 
+-		printf("<TR><TD CLASS='dataVar'>Status Information:</TD><TD CLASS='dataVal'>%s</TD></TR>\n",(temp_svcstatus->plugin_output==NULL)?"":temp_svcstatus->plugin_output);
++		printf("<TR><TD CLASS='dataVar'>Status Information:</TD><TD CLASS='dataVal'>%s</TD></TR>\n",(temp_svcstatus->plugin_output==NULL)?"":html_encode(temp_svcstatus->plugin_output));
+ 
+ 		printf("<TR><TD CLASS='dataVar'>Performance Data:</td><td CLASS='dataVal'>%s</td></tr>\n",(temp_svcstatus->perf_data==NULL)?"":temp_svcstatus->perf_data);
+ 
+diff -urNad nagios2-2.6~/cgi/history.c nagios2-2.6/cgi/history.c
+--- nagios2-2.6~/cgi/history.c	2009-09-04 18:17:45.000000000 +0200
++++ nagios2-2.6/cgi/history.c	2009-09-04 18:17:45.000000000 +0200
+@@ -903,7 +903,7 @@
+ 
+ 				if(display_frills==TRUE)
+ 					printf("<img align='left' src='%s%s' alt='%s' title='%s'>",url_images_path,image,image_alt,image_alt);
+-				printf("[%s] %s<br clear='all'>\n",date_time,temp_buffer);
++				printf("[%s] %s<br clear='all'>\n",date_time,html_encode(temp_buffer));
+ 				found_line=TRUE;
+ 			        }
+ 		        }
+diff -urNad nagios2-2.6~/cgi/notifications.c nagios2-2.6/cgi/notifications.c
+--- nagios2-2.6~/cgi/notifications.c	2009-09-04 18:17:45.000000000 +0200
++++ nagios2-2.6/cgi/notifications.c	2009-09-04 18:17:45.000000000 +0200
+@@ -718,7 +718,7 @@
+ 				printf("<td CLASS='notifications%s'>%s</td>\n",(odd)?"Even":"Odd",date_time);
+ 				printf("<td CLASS='notifications%s'><a href='%s?type=contacts#%s'>%s</a></td>\n",(odd)?"Even":"Odd",CONFIG_CGI,url_encode(contact_name),contact_name);
+ 				printf("<td CLASS='notifications%s'><a href='%s?type=commands#%s'>%s</a></td>\n",(odd)?"Even":"Odd",CONFIG_CGI,url_encode(method_name),method_name);
+-				printf("<td CLASS='notifications%s'>%s</td>\n",(odd)?"Even":"Odd",temp_buffer);
++				printf("<td CLASS='notifications%s'>%s</td>\n",(odd)?"Even":"Odd",html_encode(temp_buffer));
+ 				printf("</tr>\n");
+ 			        }
+ 		        }
+diff -urNad nagios2-2.6~/cgi/showlog.c nagios2-2.6/cgi/showlog.c
+--- nagios2-2.6~/cgi/showlog.c	2006-03-21 22:31:46.000000000 +0100
++++ nagios2-2.6/cgi/showlog.c	2009-09-04 18:17:45.000000000 +0200
+@@ -513,7 +513,7 @@
+ 			
+ 			if(display_frills==TRUE)
+ 				printf("<img align='left' src='%s%s' alt='%s' title='%s'>",url_images_path,image,image_alt,image_alt);
+-			printf("[%s] %s<br clear='all'>\n",date_time,(temp_buffer==NULL)?"":temp_buffer);
++			printf("[%s] %s<br clear='all'>\n",date_time,(temp_buffer==NULL)?"":html_encode(temp_buffer));
+ 		        }
+ 
+ 		printf("</DIV></P>\n");
+diff -urNad nagios2-2.6~/cgi/status.c nagios2-2.6/cgi/status.c
+--- nagios2-2.6~/cgi/status.c	2009-09-04 18:17:45.000000000 +0200
++++ nagios2-2.6/cgi/status.c	2009-09-04 18:17:45.000000000 +0200
+@@ -1733,7 +1733,7 @@
+ 			printf("<TD CLASS='status%s' nowrap>%s</TD>\n",status_bg_class,date_time);
+ 			printf("<TD CLASS='status%s' nowrap>%s</TD>\n",status_bg_class,state_duration);
+ 			printf("<TD CLASS='status%s'>%d/%d</TD>\n",status_bg_class,temp_status->current_attempt,temp_status->max_attempts);
+-			printf("<TD CLASS='status%s'>%s&nbsp;</TD>\n",status_bg_class,(temp_status->plugin_output==NULL)?"":temp_status->plugin_output);
++			printf("<TD CLASS='status%s'>%s&nbsp;</TD>\n",status_bg_class,(temp_status->plugin_output==NULL)?"":html_encode(temp_status->plugin_output));
+ 
+ 			printf("</TR>\n");
+ 
+@@ -2117,7 +2117,7 @@
+ 			printf("<TD CLASS='status%s'>%s</TD>\n",status_class,status);
+ 			printf("<TD CLASS='status%s' nowrap>%s</TD>\n",status_bg_class,date_time);
+ 			printf("<TD CLASS='status%s' nowrap>%s</TD>\n",status_bg_class,state_duration);
+-			printf("<TD CLASS='status%s'>%s&nbsp;</TD>\n",status_bg_class,(temp_status->plugin_output==NULL)?"":temp_status->plugin_output);
++			printf("<TD CLASS='status%s'>%s&nbsp;</TD>\n",status_bg_class,(temp_status->plugin_output==NULL)?"":html_encode(temp_status->plugin_output));
+ 
+ 			printf("</TR>\n");
+ 		        }
only in patch2:
unchanged:
--- nagios2-2.6.orig/debian/patches/95_security_statuswml_SA35543.dpatch
+++ nagios2-2.6/debian/patches/95_security_statuswml_SA35543.dpatch
@@ -0,0 +1,59 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 95_security_statuswml_SA35543.dpatch by Alexander Wirt <formorer@debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+@DPATCH@
+diff -urNad nagios3-3.0.6~/cgi/statuswml.c nagios3-3.0.6/cgi/statuswml.c
+--- nagios3-3.0.6~/cgi/statuswml.c	2008-11-30 19:13:11.000000000 +0100
++++ nagios3-3.0.6/cgi/statuswml.c	2009-06-29 13:54:28.000000000 +0200
+@@ -67,6 +67,8 @@
+ void document_header(void);
+ void document_footer(void);
+ int process_cgivars(void);
++int validate_arguments(void);
++int is_valid_hostip(char *hostip);
+ 
+ int display_type=DISPLAY_INDEX;
+ int hostgroup_style=DISPLAY_HOSTGROUP_SUMMARY;
+@@ -108,6 +110,13 @@
+ 
+ 	document_header();
+ 
++	/* validate arguments in URL */
++	result=validate_arguments();
++	if(result==ERROR){
++		document_footer();
++		return ERROR;
++	        }
++	
+ 	/* read the CGI configuration file */
+ 	result=read_cgi_config_file(get_cgi_config_location());
+ 	if(result==ERROR){
+@@ -334,7 +343,25 @@
+ 	return error;
+         }
+ 
++int validate_arguments(void){
++	int result=OK;
++	if((strcmp(ping_address,"")) && !is_valid_hostip(ping_address)) {
++		printf("<p>Invalid host name/ip</p>\n");
++		result=ERROR;
++		}
++	if(strcmp(traceroute_address,"") && !is_valid_hostip(traceroute_address)){
++		printf("<p>Invalid host name/ip</p>\n");
++		result=ERROR;
++		}
++	return result;
++	}
+ 
++int is_valid_hostip(char *hostip) {
++	char *valid_domain_chars="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-";
++	if(strcmp(hostip,"") && strlen(hostip)==strspn(hostip,valid_domain_chars) && hostip[0] != '-' && hostip[strlen(hostip)-1] != '-')
++		return TRUE;
++	return FALSE;
++	}
+ 
+ /* main intro screen */
+ void display_index(void){