diff --git a/ChangeLog b/ChangeLog
index 512b61cac..fb6875c69 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+2011-04-01  Colin Watson  <cjwatson@ubuntu.com>
+
+	Store the loopback device as data on loopback grub_disk structures,
+	rather than the file it points to.  This fixes use of freed memory
+	if an existing loopback device is replaced.
+
+	* grub-core/disk/loopback.c (grub_loopback_open): Store dev in
+	disk->data, not dev->file.
+	(grub_loopback_read): Adjust file assignment to match.
+	Fixes Ubuntu bug #742967.
+
 2011-04-01  Colin Watson  <cjwatson@ubuntu.com>
 
 	* grub-core/disk/loopback.c (grub_cmd_loopback): Fix a memory leak
diff --git a/grub-core/disk/loopback.c b/grub-core/disk/loopback.c
index 02e6c164f..939043f01 100644
--- a/grub-core/disk/loopback.c
+++ b/grub-core/disk/loopback.c
@@ -162,7 +162,7 @@ grub_loopback_open (const char *name, grub_disk_t disk)
     disk->total_sectors = GRUB_DISK_SIZE_UNKNOWN;
   disk->id = (unsigned long) dev;
 
-  disk->data = dev->file;
+  disk->data = dev;
 
   return 0;
 }
@@ -171,7 +171,7 @@ static grub_err_t
 grub_loopback_read (grub_disk_t disk, grub_disk_addr_t sector,
 		    grub_size_t size, char *buf)
 {
-  grub_file_t file = (grub_file_t) disk->data;
+  grub_file_t file = ((struct grub_loopback *) disk->data)->file;
   grub_off_t pos;
 
   grub_file_seek (file, sector << GRUB_DISK_SECTOR_BITS);