diff --git a/CVE-2019-9854.patch b/CVE-2019-9854.patch
new file mode 100644
index 0000000..65ec0ae
--- /dev/null
+++ b/CVE-2019-9854.patch
@@ -0,0 +1,34 @@
+Description: - an absolute uri is invalid input
+             - improve check for absolute URI
+Authors: - Caolán McNamara <caolanm@redhat.com>
+         - Stephan Bergmann <sbergman@redhat.com>
+
+diff --git a/scripting/source/pyprov/pythonscript.py b/scripting/source/pyprov/pythonscript.py
+index 316c5012c..c46565949 100644
+--- a/scripting/source/pyprov/pythonscript.py
++++ b/scripting/source/pyprov/pythonscript.py
+@@ -237,6 +237,11 @@ class MyUriHelper:
+                 log.debug( message )
+                 raise RuntimeException( message )
+ 
++            if not xFileUri.hasRelativePath():
++                message = "pythonscript: an absolute uri is invalid '" + sFileUri+ "'"
++                log.debug( message )
++                raise RuntimeException( message )
++
+             # absolute path to the .py file
+             xAbsScriptUri = self.m_uriRefFac.makeAbsolute(xBaseUri, xFileUri, True, RETAIN)
+             sAbsScriptUri = xAbsScriptUri.getUriReference()
+diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx
+index a508aea86..3ec10565b 100644
+--- a/sfx2/source/doc/objmisc.cxx
++++ b/sfx2/source/doc/objmisc.cxx
+@@ -1371,7 +1371,7 @@ bool SfxObjectShell::UnTrustedScript(const OUString& rScriptURL)
+     do
+     {
+         OUString aToken = sScript.getToken(0, '/', nIndex);
+-        if (aToken.startsWithIgnoreAsciiCase("LibreLogo"))
++        if (aToken.startsWithIgnoreAsciiCase("LibreLogo") || aToken.indexOf('~') != -1)
+         {
+             return true;
+         }
diff --git a/libreoffice.spec b/libreoffice.spec
index 511ac18..48c8a6d 100644
--- a/libreoffice.spec
+++ b/libreoffice.spec
@@ -42,7 +42,7 @@ Summary:	Office suite
 Name:		libreoffice
 Epoch:		1
 Version:	6.0.7
-Release:	4
+Release:	8
 License:	(MPLv1.1 or LGPLv3+) and LGPLv3 and LGPLv2+ and BSD and (MPLv1.1 or GPLv2 or LGPLv2 or Netscape) and Public Domain and ASL 2.0 and Artistic
 Group:		Office
 Url:		http://www.libreoffice.org
@@ -101,6 +101,7 @@ Patch105:	libreoffice-5.4.3.1-breeze-fallback-theme.patch
 Patch110:	CVE-2019-9848.patch
 Patch111:	CVE-2019-9849.patch
 Patch112:	CVE-2019-9850_1_2.patch
+Patch113:	CVE-2019-9854.patch
 
 BuildRequires:	bison
 BuildRequires:	bsh