First chunk:
Security fix for SA46615
BackupPC "num" Cross-Site Scripting Vulnerability

From http://patches.ubuntu.com/b/backuppc/backuppc_3.2.1-1ubuntu2.patch

--- lib/BackupPC/CGI/View.pm.orig	Sun Apr 14 22:43:32 2013
+++ lib/BackupPC/CGI/View.pm	Tue Dec  3 22:53:53 2013
@@ -46,7 +46,7 @@ sub action
     my $compress = 0;
     my $fh;
     my $host = $In{host};
-    my $num  = $In{num};
+    my $num  = ${EscHTML($In{num})};
     my $type = $In{type};
     my $linkHosts = 0;
     my($file, $comment);
@@ -89,7 +89,7 @@ sub action
         $file = $bpc->ConfDir() . "/hosts";
         $linkHosts = 1;
     } elsif ( $type eq "docs" ) {
-        $file = $bpc->InstallDir() . "/doc/BackupPC.html";
+        $file = $bpc->InstallDir() . "/share/doc/backuppc/BackupPC.html";
     } elsif ( $host ne "" ) {
         if ( !defined($In{num}) ) {
             # get the latest LOG file