Am 12/17/2011 12:38 AM, schrieb tora - Takamichi Akiyama:
It seems nobody has answered so far.
Does anyone have any information on this? CVE-2010-4253 Security Vulnerability in OpenOffice.org related to PNG file processing http://www.openoffice.org/security/cves/CVE-2010-4253.html That has been already fixed in 3.3.0, but not in 3.2.1. One globally operating company in Japan has made use of 3.2.1 and they are planning to spread it over their branches and local companies under their wing worldwide, more than 200 thousand PCs, all told. Multiple options are under evaluation: (a) Security Patch (this email's topic) - Installing the official release of OpenOffice.org 3.2.1 - Replacing one or a few .dll files with bug-fixed ones
*IMHO* to create a patch or update for OpenOffice.org and to guarantee the binary compatibility, you need to use the original environment for developing, builing, testing.
This environment is gone and cannot be brought back. Therefore this is not a possibility. The new way is to fix any new issue within the context of Apache OpenOffice.
But I'm not a developer, so I can only guess that it's right what I've said.
(b) Switch to LibreOffice (c) Something else Why not 3.3.0? They say 3.2.1 is conceptually stabler than 3.3.0 since 3.2.1 is a minor, bug-fixed version while 3.3.0 is a major version.
In theory yes. But have they really tried this out? Have they proved for themselves that 3.2.1 is better for their business? If not and 3.3.0 is surprisingly better than first thought, then the answer could be very easy. ;-)
Marcus
