--- ooo-build/patches/src680/starcalc-file-format-parser-2.2.diff.0238 2007-03-30 21:58:57.000000000 +0200 +++ ooo-build/patches/src680/starcalc-file-format-parser-2.2.diff 2007-03-30 21:58:57.000000000 +0200 @@ -0,0 +1,28 @@ +Index: sc/source/filter/starcalc/scflt.cxx +=================================================================== +RCS file: /cvs/sc/sc/source/filter/starcalc/scflt.cxx,v +retrieving revision 1.16 +retrieving revision 1.16.84.1 +diff -u -p -u -p -r1.16 -r1.16.84.1 +--- sc/source/filter/starcalc/scflt.cxx 5 Oct 2006 16:21:16 -0000 1.16 ++++ sc/source/filter/starcalc/scflt.cxx 10 Jan 2007 14:31:00 -0000 1.16.84.1 +@@ -1770,12 +1770,13 @@ void Sc10Import::LoadCol(SCCOL Col, SCTA + rStream >> NoteLen; + if (NoteLen != 0) + { +- sal_Char Note[4096]; +- rStream.Read(Note, NoteLen); +- Note[NoteLen] = 0; +- String aText( SC10TOSTRING(Note)); +- ScPostIt aNote(aText, pDoc); ++ sal_Char* pNote = new sal_Char[NoteLen+1]; ++ rStream.Read(pNote, NoteLen); ++ pNote[NoteLen] = 0; ++ String aText( SC10TOSTRING(pNote)); ++ ScPostIt aNote(aText, pDoc); + pDoc->SetNote(Col, static_cast<SCROW> (Row), Tab, aNote ); ++ delete [] pNote; + } + } + pPrgrsBar->Progress(); + --- ooo-build/patches/src680/apply.0238 2007-03-29 14:48:29.000000000 +0200 +++ ooo-build/patches/src680/apply 2007-03-30 22:02:43.000000000 +0200 @@ -432,6 +432,10 @@ # silly leaks around the place leak-sal-file.diff, i#49510, michael +# Critical vulnerability in OpenOffice StarCalc file format parser, CVE-2007-0238 +# (MDV#29975, n#241652) +# +starcalc-file-format-parser-2.2.diff [ QuickStarter ] # External splash screen implementation / 2nd time accelerator