[announce] Mnemo H3 (2.0.3) (final)
chuck@horde.org
chuck at horde.org
Sun Dec 11 11:44:46 PST 2005
The Horde Team is pleased to announce the final release of the Mnemo Note
Manager version H3 (2.0.3).
This is a security release that fixes cross site scripting
vulnerabilities in several of the notepad name and note data
fields. None of the vulnerabilities can be exploited by
unauthenticated users; however, we strongly recommend that all users
of Mnemo 2.0.2 upgrade to 2.0.3 as soon as possible.
Many thanks to Johannes Greil of SEC Consult
(http://www.sec-consult.com/) for reporting these problems and working
with us to test the fixes.
The Mnemo Note Manager is the Horde notes/memos application. It provides
web-based notes and freeform text, similar to the PalmOS Note application an=
d
shared notepads. It requires the Horde Application Framework and an SQL
database for backend storage.
Major changes compared to the Mnemo version H3 (2.0.2) are:
* Close several XSS vulnerabilities with note and notepad data.
The full list of changes (from version H3 (2.0.2)) can be viewed here:
http://cvs.horde.org/diff.php/mnemo/docs/CHANGES?r1=3D1.63.2.16&r2=3D1.63.2.=
17.2.2&ty=3Dh
The Mnemo H3 (2.0.3) distribution is available from the following locations:
ftp://ftp.horde.org/pub/mnemo/mnemo-h3-2.0.3.tar.gz
http://ftp.horde.org/pub/mnemo/mnemo-h3-2.0.3.tar.gz
Patches against version H3 (2.0.2) are available at:
ftp://ftp.horde.org/pub/mnemo/patches/patch-mnemo-h3-2.0.2-h3-2.0.3.gz
http://ftp.horde.org/pub/mnemo/patches/patch-mnemo-h3-2.0.2-h3-2.0.3.gz
Or, for quicker access, download from your nearest mirror:
http://www.horde.org/mirrors.php
MD5 sums for the packages are as follows:
5fbc596ad7373205a5389db919c47bea mnemo-h3-2.0.3.tar.gz
904788efd8c6c3d962a1e63038283509 patch-mnemo-h3-2.0.2-h3-2.0.3.gz
Have fun!
The Horde Team.
More information about the announce
mailing list