[announce] Mnemo H3 (2.0.3) (final)

chuck@horde.org chuck at horde.org
Sun Dec 11 11:44:46 PST 2005


The Horde Team is pleased to announce the final release of the Mnemo Note
Manager version H3 (2.0.3).

This is a security release that fixes cross site scripting
vulnerabilities in several of the notepad name and note data
fields. None of the vulnerabilities can be exploited by
unauthenticated users; however, we strongly recommend that all users
of Mnemo 2.0.2 upgrade to 2.0.3 as soon as possible.

Many thanks to Johannes Greil of SEC Consult
(http://www.sec-consult.com/) for reporting these problems and working
with us to test the fixes.

The Mnemo Note Manager is the Horde notes/memos application.  It provides
web-based notes and freeform text, similar to the PalmOS Note application an=
d
shared notepads.  It requires the Horde Application Framework and an SQL
database for backend storage.

Major changes compared to the Mnemo version H3 (2.0.2) are:
    * Close several XSS vulnerabilities with note and notepad data.

The full list of changes (from version H3 (2.0.2)) can be viewed here:

http://cvs.horde.org/diff.php/mnemo/docs/CHANGES?r1=3D1.63.2.16&r2=3D1.63.2.=
17.2.2&ty=3Dh

The Mnemo H3 (2.0.3) distribution is available from the following locations:

    ftp://ftp.horde.org/pub/mnemo/mnemo-h3-2.0.3.tar.gz
    http://ftp.horde.org/pub/mnemo/mnemo-h3-2.0.3.tar.gz

Patches against version H3 (2.0.2) are available at:

    ftp://ftp.horde.org/pub/mnemo/patches/patch-mnemo-h3-2.0.2-h3-2.0.3.gz
    http://ftp.horde.org/pub/mnemo/patches/patch-mnemo-h3-2.0.2-h3-2.0.3.gz

Or, for quicker access, download from your nearest mirror:

    http://www.horde.org/mirrors.php

MD5 sums for the packages are as follows:

    5fbc596ad7373205a5389db919c47bea  mnemo-h3-2.0.3.tar.gz
    904788efd8c6c3d962a1e63038283509  patch-mnemo-h3-2.0.2-h3-2.0.3.gz

Have fun!

The Horde Team.


More information about the announce mailing list