diff -Nru grilo-0.3.12/debian/changelog grilo-0.3.12/debian/changelog
--- grilo-0.3.12/debian/changelog	2020-02-16 13:42:11.000000000 +0000
+++ grilo-0.3.12/debian/changelog	2021-08-27 14:09:37.000000000 +0000
@@ -1,3 +1,12 @@
+grilo (0.3.12-1ubuntu0.1) focal-security; urgency=medium
+
+  * SECURITY UPDATE: MITM attacks
+    - debian/patches/CVE-2021-39365.patch: fix TLS cert validation
+      not being done for any network in libs/net/grl-net-wc.c.
+    - CVE-2021-39365
+
+ -- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com>  Fri, 27 Aug 2021 11:09:37 -0300
+
 grilo (0.3.12-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru grilo-0.3.12/debian/control grilo-0.3.12/debian/control
--- grilo-0.3.12/debian/control	2020-02-16 13:42:11.000000000 +0000
+++ grilo-0.3.12/debian/control	2021-08-27 14:09:37.000000000 +0000
@@ -1,7 +1,8 @@
 Source: grilo
 Section: libs
 Priority: optional
-Maintainer: Alberto Garcia <berto@igalia.com>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Alberto Garcia <berto@igalia.com>
 Build-Depends: debhelper-compat (= 12),
                dh-sequence-gir,
                meson,
diff -Nru grilo-0.3.12/debian/patches/CVE-2021-39365.patch grilo-0.3.12/debian/patches/CVE-2021-39365.patch
--- grilo-0.3.12/debian/patches/CVE-2021-39365.patch	1970-01-01 00:00:00.000000000 +0000
+++ grilo-0.3.12/debian/patches/CVE-2021-39365.patch	2021-08-27 14:09:31.000000000 +0000
@@ -0,0 +1,30 @@
+From cd2472e506dafb1bb8ae510e34ad4797f63e263e Mon Sep 17 00:00:00 2001
+From: Bastien Nocera <hadess@hadess.net>
+Date: Mon, 21 Jun 2021 15:00:14 +0200
+Subject: [PATCH] net: Fix TLS cert validation not being done for any network
+ call
+
+The default SoupSessionAsync behaviour does not perform any TLS certificate
+validation, unless the ssl-use-system-ca-file property is set to true.
+
+See https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/
+
+This mitigates CVE-2016-20011.
+
+Closes: #146
+---
+ libs/net/grl-net-wc.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+Index: grilo-0.3.13/libs/net/grl-net-wc.c
+===================================================================
+--- grilo-0.3.13.orig/libs/net/grl-net-wc.c
++++ grilo-0.3.13/libs/net/grl-net-wc.c
+@@ -314,6 +314,7 @@ grl_net_wc_init (GrlNetWc *wc)
+   wc->priv = grl_net_wc_get_instance_private (wc);
+ 
+   wc->priv->session = soup_session_async_new ();
++  g_object_set (G_OBJECT (wc->priv->session), "ssl-use-system-ca-file", TRUE, NULL);
+   wc->priv->pending = g_queue_new ();
+ 
+   set_thread_context (wc);
diff -Nru grilo-0.3.12/debian/patches/series grilo-0.3.12/debian/patches/series
--- grilo-0.3.12/debian/patches/series	1970-01-01 00:00:00.000000000 +0000
+++ grilo-0.3.12/debian/patches/series	2021-08-27 14:09:31.000000000 +0000
@@ -0,0 +1 @@
+CVE-2021-39365.patch