This patch was created from pre-release code from Apache OpenOffice 3.4. If you already have an build tree based on OpenOffice.org, the minimal set of changes to patch this vulnerability can be found as the diff from r1230438 in our Subversion repository: https://svn.apache.org/repos/asf/incubator/ooo/trunk To create the patched library as a drop-in replacement for its OpenOffice.org 3.3 counterpart apply the change above into the Apache OpenOffice initial code import (r1162288). Alternatively, if you do not already have a build tree to patch, you can checkout a current 3.4 dev snapshot build. By using a current dev snapshot you ensure greater stability of the build. A list of current dev snapshots are listed here: https://cwiki.apache.org/confluence/display/OOOUSERS/AOO+3.4+Unofficial+Developer+Snapshots For example, at the time of this note, the current dev snapshot is based on r1299571. The Building Guide is here: http://wiki.services.openoffice.org/wiki/Documentation/Building_Guide Questions on building the patch can be sent to our public dev list at ooo-dev@incubator.apache.org