diff -Nru globus-gridftp-server-control-0.43/debian/changelog globus-gridftp-server-control-0.43/debian/changelog
--- globus-gridftp-server-control-0.43/debian/changelog	2010-07-19 13:44:56.000000000 +0200
+++ globus-gridftp-server-control-0.43/debian/changelog	2012-07-21 03:35:24.000000000 +0200
@@ -1,3 +1,13 @@
+globus-gridftp-server-control (0.43-1ubuntu0.1) natty-security; urgency=low
+
+  * SECURITY UPDATE: Wrong user mapping on badly configured server
+    (LP: #1027323)
+    - debian/patches/globus-gridftp-server-control-pw195.patch: backported
+      from upstream
+    - CVE-2012-3292
+
+ -- Mattias Ellert <mattias.ellert@fysast.uu.se>  Thu, 19 Jul 2012 07:20:20 +0200
+
 globus-gridftp-server-control (0.43-1) unstable; urgency=low
 
   * Update to Globus Toolkit 5.0.2
diff -Nru globus-gridftp-server-control-0.43/debian/patches/globus-gridftp-server-control-pw195.patch globus-gridftp-server-control-0.43/debian/patches/globus-gridftp-server-control-pw195.patch
--- globus-gridftp-server-control-0.43/debian/patches/globus-gridftp-server-control-pw195.patch	1970-01-01 01:00:00.000000000 +0100
+++ globus-gridftp-server-control-0.43/debian/patches/globus-gridftp-server-control-pw195.patch	2012-05-25 19:24:24.000000000 +0200
@@ -0,0 +1,12 @@
+diff -ur globus_gridftp_server_control-2.5.orig/globus_gridftp_server_control.c globus_gridftp_server_control-2.5/globus_gridftp_server_control.c
+--- globus_gridftp_server_control-2.5.orig/globus_gridftp_server_control.c	2012-03-06 06:28:30.000000000 +0100
++++ globus_gridftp_server_control-2.5/globus_gridftp_server_control.c	2012-05-25 17:11:55.894036918 +0200
+@@ -3764,7 +3764,7 @@
+             globus_calloc(1, sizeof(globus_l_libc_cached_pwent_t));
+         rc = globus_libc_getpwuid_r(
+             uid, &pwent->pw, pwent->buffer, GSU_MAX_PW_LENGTH, &result_pw);
+-        if(rc != 0)
++        if(rc != 0 || result_pw == NULL)
+         {
+             goto error_pwent;
+         }
diff -Nru globus-gridftp-server-control-0.43/debian/patches/series globus-gridftp-server-control-0.43/debian/patches/series
--- globus-gridftp-server-control-0.43/debian/patches/series	2009-08-07 07:10:25.000000000 +0200
+++ globus-gridftp-server-control-0.43/debian/patches/series	2012-07-19 07:18:57.000000000 +0200
@@ -1,3 +1,6 @@
 # MAXPATHLENGTH should not be defined in installed headers:
 # http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=6829
 globus-gridftp-server-control.patch
+
+# Fix for CVE-2012-3292
+globus-gridftp-server-control-pw195.patch