diff -u backuppc-3.1.0/debian/changelog backuppc-3.1.0/debian/changelog
--- backuppc-3.1.0/debian/changelog
+++ backuppc-3.1.0/debian/changelog
@@ -1,3 +1,12 @@
+backuppc (3.1.0-9ubuntu1.3) lucid-security; urgency=low
+
+  * SECURITY UPDATE: XSS in CGI/RestoreFile.pm
+    - debian/patches/CVE-2011-5081.dpatch: escape share and backup number in
+      lib/BackupPC/CGI/RestoreFile.pm
+    - CVE-2011-5081
+
+ -- Jamie Strandboge <jamie@ubuntu.com>  Thu, 17 May 2012 08:06:42 -0500
+
 backuppc (3.1.0-9ubuntu1.2) lucid-security; urgency=low
 
   * SECURITY UPDATE: XSS in CGI/Browse.pm
@@ -7,7 +16,7 @@
   * SECURITY UPDATE: XSS in CGI/View.pm
     - debian/patches/CVE-2011-XXXX_view_pm.dpatch: update to verify backup
       number is numeric
-    - CVE-2011-XXXX
+    - CVE-2011-4923
 
  -- Jamie Strandboge <jamie@ubuntu.com>  Thu, 27 Oct 2011 14:41:10 -0500
 
diff -u backuppc-3.1.0/debian/patches/00list backuppc-3.1.0/debian/patches/00list
--- backuppc-3.1.0/debian/patches/00list
+++ backuppc-3.1.0/debian/patches/00list
@@ -5,0 +6 @@
+CVE-2011-5081
only in patch2:
unchanged:
--- backuppc-3.1.0.orig/debian/patches/CVE-2011-5081.dpatch
+++ backuppc-3.1.0/debian/patches/CVE-2011-5081.dpatch
@@ -0,0 +1,26 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## CVE-2011-5081.dpatch by Jamie Strandboge <jamie@ubuntu.com>
+##
+## Author: Jamie Strandboge <jamie@canonical.com>
+## Description: Fix XSS via num and share in RestoreFile.pm
+##
+
+@DPATCH@
+diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' backuppc-3.1.0~/lib/BackupPC/CGI/RestoreFile.pm backuppc-3.1.0/lib/BackupPC/CGI/RestoreFile.pm
+--- backuppc-3.1.0~/lib/BackupPC/CGI/RestoreFile.pm	2007-11-25 21:00:07.000000000 -0600
++++ backuppc-3.1.0/lib/BackupPC/CGI/RestoreFile.pm	2012-05-17 08:09:54.420029286 -0500
+@@ -154,12 +154,12 @@
+     my $a = $view->fileAttrib($num, $share, $dir);
+     if ( $dir =~ m{(^|/)\.\.(/|$)} || !defined($a) ) {
+         $dir = decode_utf8($dir);
+-        ErrorExit("Can't restore bad file ${EscHTML($dir)} ($num, $share)");
++        ErrorExit("Can't restore bad file ${EscHTML($dir)} (${EscHTML($num)}, ${EscHTML($share)})");
+     }
+     my $f = BackupPC::FileZIO->open($a->{fullPath}, 0, $a->{compress});
+     if ( !defined($f) ) {
+         my $fullPath = decode_utf8($a->{fullPath});
+-        ErrorExit("Unable to open file ${EscHTML($fullPath)} ($num, $share)");
++        ErrorExit("Unable to open file ${EscHTML($fullPath)} (${EscHTML($num)}, ${EscHTML($share)})");
+     }
+     my $data;
+     if ( !$skipHardLink && $a->{type} == BPC_FTYPE_HARDLINK ) {