incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tora - Takamichi Akiyama <t...@openoffice.org>
Subject PNG Security Vulnerability fixed in 3.3.0
Date Fri, 16 Dec 2011 23:38:28 GMT
Hi,

Does anyone have any information on this?

CVE-2010-4253
Security Vulnerability in OpenOffice.org related to PNG file processing
http://www.openoffice.org/security/cves/CVE-2010-4253.html

That has been already fixed in 3.3.0, but not in 3.2.1.

One globally operating company in Japan has made use of 3.2.1 and they 
are planning to spread it over their branches and local companies under 
their wing worldwide, more than 200 thousand PCs, all told.

Multiple options are under evaluation:
(a) Security Patch (this email's topic)
  - Installing the official release of OpenOffice.org 3.2.1
  - Replacing one or a few .dll files with bug-fixed ones
(b) Switch to LibreOffice
(c) Something else

Why not 3.3.0? They say 3.2.1 is conceptually stabler than 3.3.0 since 
3.2.1 is a minor, bug-fixed version while 3.3.0 is a major version.

Thanks in advance,
Tora

Mime
View raw message