diff -Nru calligra-2.4.0/debian/changelog calligra-2.4.0/debian/changelog
--- calligra-2.4.0/debian/changelog	2012-04-11 13:32:13.000000000 -0400
+++ calligra-2.4.0/debian/changelog	2012-08-04 08:57:58.000000000 -0400
@@ -1,3 +1,12 @@
+calligra (1:2.4.0-0ubuntu2.1) precise-security; urgency=high
+
+  * SECURITY UPDATE:
+  * References See patch header
+  * Add debian/patches/wv2_buffer_overflow_fix.diff to fix buffer overflow in
+    embedded copy of wv2 MS Word filter (LP: #1032934)
+
+ -- Scott Kitterman <scott@kitterman.com>  Sat, 04 Aug 2012 05:12:38 -0400
+
 calligra (1:2.4.0-0ubuntu2) precise; urgency=low
 
   * Keep calligra-map-shape package with no files, precent crashes for people
diff -Nru calligra-2.4.0/debian/patches/series calligra-2.4.0/debian/patches/series
--- calligra-2.4.0/debian/patches/series	2012-04-09 09:05:32.000000000 -0400
+++ calligra-2.4.0/debian/patches/series	2012-08-04 05:33:45.000000000 -0400
@@ -1 +1,2 @@
 kubuntu_02_x11_link.patch
+wv2_buffer_overflow_fix.diff
diff -Nru calligra-2.4.0/debian/patches/wv2_buffer_overflow_fix.diff calligra-2.4.0/debian/patches/wv2_buffer_overflow_fix.diff
--- calligra-2.4.0/debian/patches/wv2_buffer_overflow_fix.diff	1969-12-31 19:00:00.000000000 -0500
+++ calligra-2.4.0/debian/patches/wv2_buffer_overflow_fix.diff	2012-08-04 08:56:59.000000000 -0400
@@ -0,0 +1,31 @@
+Description: Fix wv2 buffer overflow
+ .
+ calligra (1:2.4.0-0ubuntu2.1) precise-security; urgency=high
+ .
+   * SECURITY UPDATE:
+   * References
+   * Fix buffer overflow in embedded copy of wv2 MS Word filter (LP: #1032934)
+ See http://media.blackhat.com/bh-us-12/Briefings/C_Miller/BH_US_12_Miller_NFC_attack_surface_WP.pdf
+ page 40 for details on the attack
+Author: Cyrille Berger Skott <cberger@cberger.net>
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1032934)
+Origin: <upstream>
+Forwarded: <not-needed>
+Reviewed-By: Scott Kitterman <scott@kitterman.com>
+Last-Update: <2012-08-04>
+
+
+--- calligra-2.4.0.orig/filters/words/msword-odf/wv2/src/styles.cpp
++++ calligra-2.4.0/filters/words/msword-odf/wv2/src/styles.cpp
+@@ -248,6 +248,11 @@ throw(InvalidFormatException)
+ #ifdef WV2_DEBUG_STYLESHEET
+         wvlog << "cbUPX: " << cbUPX << endl;
+ #endif
++        // do not overflow the allocated buffer grupx
++        if (offset + cbUPX > grupxLen) {
++            wvlog << "====> Error: grupx would overflow!" << endl;
++            return false;
++        }
+         for ( U16 j = 0; j < cbUPX; ++j ) {
+             grupx[ offset + j ] = stream->readU8();  // read the whole UPX
+ #ifdef WV2_DEBUG_STYLESHEET