Candidate: CVE-2016-6613
PublicDate: 2016-12-11 02:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6613
 http://www.phpmyadmin.net/security/PMASA-2016-36/
Description:
 An issue was discovered in phpMyAdmin. A user can specially craft a symlink
 on disk, to a file which phpMyAdmin is permitted to read but the user is
 not, which phpMyAdmin will then expose to the user. All 4.6.x versions
 (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions
 (prior to 4.0.10.17) are affected.
Ubuntu-Description:
Notes:
Bugs:
Priority: negligible
Discovered-by: Emanuel Bronshtein
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N [5.3 MEDIUM]

Patches_phpmyadmin:
 upstream: https://github.com/phpmyadmin/phpmyadmin/commit/c976baa
upstream_phpmyadmin: released (4:4.6.4+dfsg1-1)
precise_phpmyadmin: ignored (reached end-of-life)
precise/esm_phpmyadmin: DNE (precise was needed)
trusty_phpmyadmin: ignored (out of standard support)
trusty/esm_phpmyadmin: needed
vivid/stable-phone-overlay_phpmyadmin: DNE
vivid/ubuntu-core_phpmyadmin: DNE
xenial_phpmyadmin: ignored (end of standard support, was needed)
yakkety_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
zesty_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
artful_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
bionic_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
cosmic_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
disco_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
eoan_phpmyadmin: DNE
focal_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
groovy_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
hirsute_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
impish_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
jammy_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
devel_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)