[announce] Mnemo H3 (2.0.3) (final)

chuck@horde.org chuck at horde.org
Sun Dec 11 11:44:46 PST 2005

The Horde Team is pleased to announce the final release of the Mnemo Note
Manager version H3 (2.0.3).

This is a security release that fixes cross site scripting
vulnerabilities in several of the notepad name and note data
fields. None of the vulnerabilities can be exploited by
unauthenticated users; however, we strongly recommend that all users
of Mnemo 2.0.2 upgrade to 2.0.3 as soon as possible.

Many thanks to Johannes Greil of SEC Consult
(http://www.sec-consult.com/) for reporting these problems and working
with us to test the fixes.

The Mnemo Note Manager is the Horde notes/memos application.  It provides
web-based notes and freeform text, similar to the PalmOS Note application an=
shared notepads.  It requires the Horde Application Framework and an SQL
database for backend storage.

Major changes compared to the Mnemo version H3 (2.0.2) are:
    * Close several XSS vulnerabilities with note and notepad data.

The full list of changes (from version H3 (2.0.2)) can be viewed here:


The Mnemo H3 (2.0.3) distribution is available from the following locations:


Patches against version H3 (2.0.2) are available at:


Or, for quicker access, download from your nearest mirror:


MD5 sums for the packages are as follows:

    5fbc596ad7373205a5389db919c47bea  mnemo-h3-2.0.3.tar.gz
    904788efd8c6c3d962a1e63038283509  patch-mnemo-h3-2.0.2-h3-2.0.3.gz

Have fun!

The Horde Team.

More information about the announce mailing list