diff -u phppgadmin-4.2.1/debian/changelog phppgadmin-4.2.1/debian/changelog
--- phppgadmin-4.2.1/debian/changelog
+++ phppgadmin-4.2.1/debian/changelog
@@ -1,3 +1,12 @@
+phppgadmin (4.2.1-1.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * debian/patches/CVE-2008-5587.patch: Unset language variable before
+    determine file includes (CVE-2008-5587) (Closes: #508026)
+  * debian/apache.conf: Removing register_globals on directive
+
+ -- Giuseppe Iuculano <giuseppe@iuculano.it>  Tue, 23 Dec 2008 10:35:24 +0100
+
 phppgadmin (4.2.1-1) unstable; urgency=low
 
   * New upstream release
diff -u phppgadmin-4.2.1/debian/apache.conf phppgadmin-4.2.1/debian/apache.conf
--- phppgadmin-4.2.1/debian/apache.conf
+++ phppgadmin-4.2.1/debian/apache.conf
@@ -15,7 +15,6 @@
 <IfModule mod_php5.c>
   php_flag magic_quotes_gpc Off
   php_flag track_vars On
-  php_flag register_globals On
   php_value include_path .
 </IfModule>
 
diff -u phppgadmin-4.2.1/debian/patches/series phppgadmin-4.2.1/debian/patches/series
--- phppgadmin-4.2.1/debian/patches/series
+++ phppgadmin-4.2.1/debian/patches/series
@@ -2,0 +3 @@
+CVE-2008-5587.patch
only in patch2:
unchanged:
--- phppgadmin-4.2.1.orig/debian/patches/CVE-2008-5587.patch
+++ phppgadmin-4.2.1/debian/patches/CVE-2008-5587.patch
@@ -0,0 +1,12 @@
+Unset language variable before determine file includes
+--- a/libraries/lib.inc.php
++++ b/libraries/lib.inc.php
+@@ -95,6 +95,8 @@
+ 	}
+ 
+ 	// Determine language file to import:
++	unset($_language);
++
+ 	// 1. Check for the language from a request var
+ 	if (isset($_REQUEST['language']) && isset($appLangFiles[$_REQUEST['language']]))
+ 		$_language = $_REQUEST['language'];