Candidate: CVE-2016-6610
PublicDate: 2016-12-11 02:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6610
 http://www.phpmyadmin.net/security/PMASA-2016-33/
Description:
 A full path disclosure vulnerability was discovered in phpMyAdmin where a
 user can trigger a particular error in the export mechanism to discover the
 full path of phpMyAdmin on the disk. All 4.6.x versions (prior to 4.6.4),
 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17)
 are affected.
Ubuntu-Description:
Notes:
Bugs:
Priority: negligible
Discovered-by: Emanuel Bronshtein
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N [4.3 MEDIUM]

Patches_phpmyadmin:
 upstream: https://github.com/phpmyadmin/phpmyadmin/commit/5b7da18
upstream_phpmyadmin: released (4:4.6.4+dfsg1-1)
precise_phpmyadmin: ignored (reached end-of-life)
precise/esm_phpmyadmin: DNE (precise was needed)
trusty_phpmyadmin: ignored (out of standard support)
trusty/esm_phpmyadmin: needed
vivid/stable-phone-overlay_phpmyadmin: DNE
vivid/ubuntu-core_phpmyadmin: DNE
xenial_phpmyadmin: ignored (end of standard support, was needed)
yakkety_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
zesty_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
artful_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
bionic_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
cosmic_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
disco_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
eoan_phpmyadmin: DNE
focal_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
groovy_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
hirsute_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
impish_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
jammy_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
devel_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)