diff -Nru mod-wsgi-3.4/debian/changelog mod-wsgi-3.4/debian/changelog
--- mod-wsgi-3.4/debian/changelog	2014-03-23 16:35:32.000000000 +0100
+++ mod-wsgi-3.4/debian/changelog	2014-05-22 22:50:30.000000000 +0200
@@ -1,3 +1,14 @@
+mod-wsgi (3.4-4ubuntu2.1) trusty-security; urgency=medium
+
+  * SECURITY UPDATE: Fix possibility of local privilege escalation when
+    using daemon mode.
+    - Only systems running kernel versions >= 2.6 and < 3.1 are affected.
+    - LP: #1322338
+    - CVE-2014-0240
+    - debian/patches/CVE-2014-0240.patch: backport upstream commit
+
+ -- Felix Geyer <debfx@ubuntu.com>  Thu, 22 May 2014 22:32:39 +0200
+
 mod-wsgi (3.4-4ubuntu2) trusty; urgency=medium
 
   * No-change rebuild to drop Python 3.3 support.
diff -Nru mod-wsgi-3.4/debian/patches/CVE-2014-0240.patch mod-wsgi-3.4/debian/patches/CVE-2014-0240.patch
--- mod-wsgi-3.4/debian/patches/CVE-2014-0240.patch	1970-01-01 01:00:00.000000000 +0100
+++ mod-wsgi-3.4/debian/patches/CVE-2014-0240.patch	2014-05-21 22:26:00.000000000 +0200
@@ -0,0 +1,36 @@
+From d9d5fea585b23991f76532a9b07de7fcd3b649f4 Mon Sep 17 00:00:00 2001
+From: Graham Dumpleton <Graham.Dumpleton@gmail.com>
+Date: Wed, 21 May 2014 16:16:47 +1000
+Subject: [PATCH] Local privilege escalation when using daemon mode.
+ (CVE-2014-0240)
+
+---
+ mod_wsgi.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/mod_wsgi.c b/mod_wsgi.c
+index 32b2903..3ef911b 100644
+--- a/mod_wsgi.c
++++ b/mod_wsgi.c
+@@ -10756,6 +10756,19 @@ static void wsgi_setup_access(WSGIDaemonProcess *daemon)
+         ap_log_error(APLOG_MARK, WSGI_LOG_ALERT(errno), wsgi_server,
+                      "mod_wsgi (pid=%d): Unable to change to uid=%ld.",
+                      getpid(), (long)daemon->group->uid);
++
++        /*
++         * On true UNIX systems this should always succeed at
++         * this point. With certain Linux kernel versions though
++         * we can get back EAGAIN where the target user had
++         * reached their process limit. In that case will be left
++         * running as wrong user. Just exit on all failures to be
++         * safe. Don't die immediately to avoid a fork bomb.
++         */
++
++        sleep(20);
++
++        exit(-1);
+     }
+ }
+ 
+-- 
+1.9.3
diff -Nru mod-wsgi-3.4/debian/patches/series mod-wsgi-3.4/debian/patches/series
--- mod-wsgi-3.4/debian/patches/series	2013-08-10 17:07:12.000000000 +0200
+++ mod-wsgi-3.4/debian/patches/series	2014-05-22 22:32:32.000000000 +0200
@@ -1,2 +1,3 @@
 python-config.patch
 fix_crash_daemon_mode.patch
+CVE-2014-0240.patch