diff -Nru phpldapadmin-1.2.2/debian/changelog phpldapadmin-1.2.2/debian/changelog
--- phpldapadmin-1.2.2/debian/changelog	2016-04-05 23:01:58.000000000 +0000
+++ phpldapadmin-1.2.2/debian/changelog	2017-09-13 16:17:42.000000000 +0000
@@ -1,3 +1,13 @@
+phpldapadmin (1.2.2-5.2ubuntu2.1) xenial-security; urgency=low
+
+  * SECURITY UPDATE: Multiple Cross-Site Scripting vulnerabilities in 
+    file htdocs/entry_chooser.php (LP: #1701731)
+    - debian/patches/fix-XSS-3.patch: sanitize user inputs in 
+      file htdocs/entry_chooser.php.
+    - CVE-2017-11107
+
+ -- Ismail Belkacim <xd4rker@gmail.com>  Fri, 07 Jul 2017 05:38:54 -0700
+
 phpldapadmin (1.2.2-5.2ubuntu2) xenial; urgency=medium
 
   * Add run-time dependency on php-xml (LP: #1566481).
diff -Nru phpldapadmin-1.2.2/debian/patches/fix-XSS-3.patch phpldapadmin-1.2.2/debian/patches/fix-XSS-3.patch
--- phpldapadmin-1.2.2/debian/patches/fix-XSS-3.patch	1970-01-01 00:00:00.000000000 +0000
+++ phpldapadmin-1.2.2/debian/patches/fix-XSS-3.patch	2017-09-13 15:43:54.000000000 +0000
@@ -0,0 +1,31 @@
+Description: Fix multiple Cross-Site Scripting vulnerabilities in file htdocs/entry_chooser.php.
+Author: Ismail Belkacim <xd4rker@gmail.com>
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1701731
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+Index: phpldapadmin-1.2.2/htdocs/entry_chooser.php
+===================================================================
+--- phpldapadmin-1.2.2.orig/htdocs/entry_chooser.php
++++ phpldapadmin-1.2.2/htdocs/entry_chooser.php
+@@ -15,9 +15,9 @@ $www['page'] = new page();
+ 
+ $request = array();
+ $request['container'] = get_request('container','GET');
+-$request['form'] = get_request('form','GET');
+-$request['element'] = get_request('element','GET');
+-$request['rdn'] = get_request('rdn','GET');
++$request['form'] = htmlspecialchars(addslashes(get_request('form','GET')));
++$request['element'] = htmlspecialchars(addslashes(get_request('element','GET')));
++$request['rdn'] = htmlspecialchars(addslashes(get_request('rdn','GET')));
+ 
+ echo '<div class="popup">';
+ printf('<h3 class="subtitle">%s</h3>',_('Entry Chooser'));
+@@ -33,7 +33,7 @@ echo '</script>';
+ echo '<table class="forminput" width="100%" border="0">';
+ if ($request['container']) {
+ 	printf('<tr><td class="heading" colspan="3">%s:</td><td>%s</td></tr>',_('Server'),$app['server']->getName());
+-	printf('<tr><td class="heading" colspan="3">%s:</td><td>%s</td></tr>',_('Looking in'),$request['container']);
++	printf('<tr><td class="heading" colspan="3">%s:</td><td>%s</td></tr>',_('Looking in'),htmlspecialchars($request['container']));
+ 	echo '<tr><td class="blank" colspan="4">&nbsp;</td></tr>';
+ }
+ 
diff -Nru phpldapadmin-1.2.2/debian/patches/series phpldapadmin-1.2.2/debian/patches/series
--- phpldapadmin-1.2.2/debian/patches/series	2014-05-02 02:28:13.000000000 +0000
+++ phpldapadmin-1.2.2/debian/patches/series	2017-09-13 15:43:54.000000000 +0000
@@ -1,3 +1,4 @@
 upstream-XSS.patch
 upstream-XSS-2.patch
 php-5.5-compat.patch
+fix-XSS-3.patch