diff -Nru globus-gridftp-server-3.23/debian/changelog globus-gridftp-server-3.23/debian/changelog
--- globus-gridftp-server-3.23/debian/changelog	2010-07-19 13:51:52.000000000 +0200
+++ globus-gridftp-server-3.23/debian/changelog	2012-07-21 03:48:18.000000000 +0200
@@ -1,3 +1,13 @@
+globus-gridftp-server (3.23-1ubuntu0.1) natty-security; urgency=low
+
+  * SECURITY UPDATE: Wrong user mapping on badly configured server
+    (LP: #1027324)
+    - debian/patches/globus-gridftp-server-pw195.patch: backported from
+      upstream
+    - CVE-2012-3292
+
+ -- Mattias Ellert <mattias.ellert@fysast.uu.se>  Thu, 19 Jul 2012 07:07:16 +0200
+
 globus-gridftp-server (3.23-1) unstable; urgency=low
 
   * Update to Globus Toolkit 5.0.2
diff -Nru globus-gridftp-server-3.23/debian/patches/globus-gridftp-server-pw195.patch globus-gridftp-server-3.23/debian/patches/globus-gridftp-server-pw195.patch
--- globus-gridftp-server-3.23/debian/patches/globus-gridftp-server-pw195.patch	1970-01-01 01:00:00.000000000 +0100
+++ globus-gridftp-server-3.23/debian/patches/globus-gridftp-server-pw195.patch	2012-05-25 19:23:36.000000000 +0200
@@ -0,0 +1,47 @@
+diff -ur globus_gridftp_server-6.10.orig/globus_i_gfs_control.c globus_gridftp_server-6.10/globus_i_gfs_control.c
+--- globus_gridftp_server-6.10.orig/globus_i_gfs_control.c	2012-03-23 01:37:49.000000000 +0100
++++ globus_gridftp_server-6.10/globus_i_gfs_control.c	2012-05-25 17:18:32.853986132 +0200
+@@ -348,7 +348,7 @@
+                 MAXPATHLEN,
+                 &res_pwd);
+             free(hd_name);
+-            if(sc != 0)
++            if(sc != 0 || res_pwd == NULL)
+             {
+                 /* XXX expand other usernames here */
+                 result = GlobusGFSErrorGeneric(
+diff -ur globus_gridftp_server-6.10.orig/globus_i_gfs_data.c globus_gridftp_server-6.10/globus_i_gfs_data.c
+--- globus_gridftp_server-6.10.orig/globus_i_gfs_data.c	2012-03-26 22:53:59.000000000 +0200
++++ globus_gridftp_server-6.10/globus_i_gfs_data.c	2012-05-25 17:18:32.856986094 +0200
+@@ -1058,13 +1058,13 @@
+ 
+     rc = globus_libc_getpwuid_r(getuid(), &pwent_mem, pw_buffer,
+                                 pw_buflen, &pw_result);
+-    if(rc != 0)
++    if(rc != 0 || pw_result == NULL)
+     {
+         globus_free(pw_buffer);
+         return NULL;
+     }
+ 
+-    pwent = globus_l_gfs_pw_copy(&pwent_mem);
++    pwent = globus_l_gfs_pw_copy(pw_result);
+     globus_free(pw_buffer);
+ 
+     return pwent;
+@@ -1099,13 +1099,13 @@
+ 
+     rc = globus_libc_getpwnam_r(
+         (char *)name, &pwent_mem, pw_buffer, pw_buflen, &pw_result);
+-    if(rc != 0)
++    if(rc != 0 || pw_result == NULL)
+     {
+         globus_free(pw_buffer);
+         return NULL;
+     }
+ 
+-    pwent = globus_l_gfs_pw_copy(&pwent_mem);
++    pwent = globus_l_gfs_pw_copy(pw_result);
+     globus_free(pw_buffer);
+ 
+     return pwent;
diff -Nru globus-gridftp-server-3.23/debian/patches/series globus-gridftp-server-3.23/debian/patches/series
--- globus-gridftp-server-3.23/debian/patches/series	2009-11-09 04:30:37.000000000 +0100
+++ globus-gridftp-server-3.23/debian/patches/series	2012-07-19 07:06:55.000000000 +0200
@@ -13,3 +13,6 @@
 # Fix location of default config file:
 # http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=6876
 globus-gridftp-server-etc.patch
+
+# Fix for CVE-2012-3292
+globus-gridftp-server-pw195.patch