--- ooo-build/patches/src680/starcalc-file-format-parser-2.2.diff.0238	2007-03-30 21:58:57.000000000 +0200
+++ ooo-build/patches/src680/starcalc-file-format-parser-2.2.diff	2007-03-30 21:58:57.000000000 +0200
@@ -0,0 +1,28 @@
+Index: sc/source/filter/starcalc/scflt.cxx
+===================================================================
+RCS file: /cvs/sc/sc/source/filter/starcalc/scflt.cxx,v
+retrieving revision 1.16
+retrieving revision 1.16.84.1
+diff -u -p -u -p -r1.16 -r1.16.84.1
+--- sc/source/filter/starcalc/scflt.cxx	5 Oct 2006 16:21:16 -0000	1.16
++++ sc/source/filter/starcalc/scflt.cxx	10 Jan 2007 14:31:00 -0000	1.16.84.1
+@@ -1770,12 +1770,13 @@ void Sc10Import::LoadCol(SCCOL Col, SCTA
+ 			rStream >> NoteLen;
+ 			if (NoteLen != 0)
+ 			{
+-				sal_Char Note[4096];
+-				rStream.Read(Note, NoteLen);
+-				Note[NoteLen] = 0;
+-			        String aText( SC10TOSTRING(Note));
+-			        ScPostIt aNote(aText, pDoc);
++				sal_Char* pNote = new sal_Char[NoteLen+1];
++				rStream.Read(pNote, NoteLen);
++				pNote[NoteLen] = 0;
++				String aText( SC10TOSTRING(pNote));
++				ScPostIt aNote(aText, pDoc);
+ 				pDoc->SetNote(Col, static_cast<SCROW> (Row), Tab, aNote );
++				delete [] pNote;
+ 			}
+ 		}
+ 		pPrgrsBar->Progress();
+
--- ooo-build/patches/src680/apply.0238	2007-03-29 14:48:29.000000000 +0200
+++ ooo-build/patches/src680/apply	2007-03-30 22:02:43.000000000 +0200
@@ -432,6 +432,10 @@
 # silly leaks around the place
 leak-sal-file.diff, i#49510, michael
 
+# Critical vulnerability in OpenOffice StarCalc file format parser, CVE-2007-0238
+# (MDV#29975, n#241652)
+#
+starcalc-file-format-parser-2.2.diff
 
 [ QuickStarter ]
 # External splash screen implementation / 2nd time accelerator