diff -u globus-gridftp-server-3.17/debian/changelog globus-gridftp-server-3.17/debian/changelog
--- globus-gridftp-server-3.17/debian/changelog
+++ globus-gridftp-server-3.17/debian/changelog
@@ -1,3 +1,13 @@
+globus-gridftp-server (3.17-2ubuntu0.1) lucid-security; urgency=low
+
+  * SECURITY UPDATE: Wrong user mapping on badly configured server
+    (LP: #1027324)
+    - debian/patches/globus-gridftp-server-pw195.patch: backported from
+      upstream
+    - CVE-2012-3292
+
+ -- Mattias Ellert <mattias.ellert@fysast.uu.se>  Thu, 19 Jul 2012 16:28:47 +0200
+
 globus-gridftp-server (3.17-2) unstable; urgency=low
 
   * Fix location of default config file
diff -u globus-gridftp-server-3.17/debian/patches/series globus-gridftp-server-3.17/debian/patches/series
--- globus-gridftp-server-3.17/debian/patches/series
+++ globus-gridftp-server-3.17/debian/patches/series
@@ -15,0 +16,3 @@
+
+# Fix for CVE-2012-3292
+globus-gridftp-server-pw195.patch
only in patch2:
unchanged:
--- globus-gridftp-server-3.17.orig/debian/patches/globus-gridftp-server-pw195.patch
+++ globus-gridftp-server-3.17/debian/patches/globus-gridftp-server-pw195.patch
@@ -0,0 +1,47 @@
+diff -ur globus_gridftp_server-6.10.orig/globus_i_gfs_control.c globus_gridftp_server-6.10/globus_i_gfs_control.c
+--- globus_gridftp_server-6.10.orig/globus_i_gfs_control.c	2012-03-23 01:37:49.000000000 +0100
++++ globus_gridftp_server-6.10/globus_i_gfs_control.c	2012-05-25 17:18:32.853986132 +0200
+@@ -348,7 +348,7 @@
+                 MAXPATHLEN,
+                 &res_pwd);
+             free(hd_name);
+-            if(sc != 0)
++            if(sc != 0 || res_pwd == NULL)
+             {
+                 /* XXX expand other usernames here */
+                 result = GlobusGFSErrorGeneric(
+diff -ur globus_gridftp_server-6.10.orig/globus_i_gfs_data.c globus_gridftp_server-6.10/globus_i_gfs_data.c
+--- globus_gridftp_server-6.10.orig/globus_i_gfs_data.c	2012-03-26 22:53:59.000000000 +0200
++++ globus_gridftp_server-6.10/globus_i_gfs_data.c	2012-05-25 17:18:32.856986094 +0200
+@@ -1058,13 +1058,13 @@
+ 
+     rc = globus_libc_getpwuid_r(getuid(), &pwent_mem, pw_buffer,
+                                 pw_buflen, &pw_result);
+-    if(rc != 0)
++    if(rc != 0 || pw_result == NULL)
+     {
+         globus_free(pw_buffer);
+         return NULL;
+     }
+ 
+-    pwent = globus_l_gfs_pw_copy(&pwent_mem);
++    pwent = globus_l_gfs_pw_copy(pw_result);
+     globus_free(pw_buffer);
+ 
+     return pwent;
+@@ -1099,13 +1099,13 @@
+ 
+     rc = globus_libc_getpwnam_r(
+         (char *)name, &pwent_mem, pw_buffer, pw_buflen, &pw_result);
+-    if(rc != 0)
++    if(rc != 0 || pw_result == NULL)
+     {
+         globus_free(pw_buffer);
+         return NULL;
+     }
+ 
+-    pwent = globus_l_gfs_pw_copy(&pwent_mem);
++    pwent = globus_l_gfs_pw_copy(pw_result);
+     globus_free(pw_buffer);
+ 
+     return pwent;