* SECURITY UPDATE: Cross-site scripting. * debian/patches/1001_sanitize_more.patch: - Use the Sanitize function to filter out arbitrary HTML from 'diricons' parameter (analoguous to CVE-2006-1945, which is already fixed in this version). - Sanitize MigrateStats parameter (XSS if statistics updates are enabled). [CVE-2006-2237] - Patch from upstream CVS, taken from Debian's 6.5-2 version.