[announce] Mnemo H3 (2.0.3) (final)
chuck at horde.org
Sun Dec 11 11:44:46 PST 2005
The Horde Team is pleased to announce the final release of the Mnemo Note
Manager version H3 (2.0.3).
This is a security release that fixes cross site scripting
vulnerabilities in several of the notepad name and note data
fields. None of the vulnerabilities can be exploited by
unauthenticated users; however, we strongly recommend that all users
of Mnemo 2.0.2 upgrade to 2.0.3 as soon as possible.
Many thanks to Johannes Greil of SEC Consult
(http://www.sec-consult.com/) for reporting these problems and working
with us to test the fixes.
The Mnemo Note Manager is the Horde notes/memos application. It provides
web-based notes and freeform text, similar to the PalmOS Note application an=
shared notepads. It requires the Horde Application Framework and an SQL
database for backend storage.
Major changes compared to the Mnemo version H3 (2.0.2) are:
* Close several XSS vulnerabilities with note and notepad data.
The full list of changes (from version H3 (2.0.2)) can be viewed here:
The Mnemo H3 (2.0.3) distribution is available from the following locations:
Patches against version H3 (2.0.2) are available at:
Or, for quicker access, download from your nearest mirror:
MD5 sums for the packages are as follows:
The Horde Team.
More information about the announce