Candidate: CVE-2016-6614
PublicDate: 2016-12-11 02:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6614
 http://www.phpmyadmin.net/security/PMASA-2016-37/
Description:
 An issue was discovered in phpMyAdmin involving the %u username replacement
 functionality of the SaveDir and UploadDir features. When the username
 substitution is configured, a specially-crafted user name can be used to
 circumvent restrictions to traverse the file system. All 4.6.x versions
 (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions
 (prior to 4.0.10.17) are affected.
Ubuntu-Description:
Notes:
 ratliff> Upstream notes mitigating factors
Bugs:
Priority: low
Discovered-by: Emanuel Bronshtein
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N [6.8 MEDIUM]

Patches_phpmyadmin:
 upstream: https://github.com/phpmyadmin/phpmyadmin/commit/2989e49
upstream_phpmyadmin: released (4:4.6.4+dfsg1-1)
precise_phpmyadmin: ignored (reached end-of-life)
precise/esm_phpmyadmin: DNE (precise was needed)
trusty_phpmyadmin: ignored (out of standard support)
trusty/esm_phpmyadmin: needed
vivid/stable-phone-overlay_phpmyadmin: DNE
vivid/ubuntu-core_phpmyadmin: DNE
xenial_phpmyadmin: ignored (end of standard support, was needed)
yakkety_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
zesty_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
artful_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
bionic_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
cosmic_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
disco_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
eoan_phpmyadmin: DNE
focal_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
groovy_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
hirsute_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
impish_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
jammy_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
devel_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)