diff --git a/CHANGELOG b/CHANGELOG
index 4119e0d90..494256bd8 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,9 @@
 # Nmap Changelog ($Id$); -*-text-*-
 
+o Fixed broken XML output in the case of timed-out hosts; the
+  enclosing host element was missing. The fix was suggested by Rémi
+  Mollon.
+
 o [NSE] Added ftp-vuln-cve2010-4221 script, which checks if the ProFTPD
   server is vulnerable to the Telnet IAC stack overflow vulnerability
   (CVE-2010-4221). [Djalal]
diff --git a/nmap.cc b/nmap.cc
index c26a718e1..c761906d1 100644
--- a/nmap.cc
+++ b/nmap.cc
@@ -1920,7 +1920,13 @@ int nmap_main(int argc, char *argv[]) {
       currenths = Targets[targetno];
       /* Now I can do the output and such for each host */
       if (currenths->timedOut(NULL)) {
+        xml_open_start_tag("host");
+        xml_attribute("starttime", "%lu", (unsigned long) currenths->StartTime());
+        xml_attribute("endtime", "%lu", (unsigned long) currenths->EndTime());
+        xml_close_start_tag();
         write_host_header(currenths);
+        xml_end_tag(); /* host */
+        xml_newline();
         log_write(LOG_PLAIN,"Skipping host %s due to host timeout\n",
             currenths->NameIP(hostname, sizeof(hostname)));
         log_write(LOG_MACHINE,"Host: %s (%s)\tStatus: Timeout",