Candidate: CVE-2016-9848
PublicDate: 2016-12-11 02:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9848
 https://www.phpmyadmin.net/security/PMASA-2016-59/
Description:
 An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) shows PHP
 information including values of HttpOnly cookies. All 4.6.x versions (prior
 to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to
 4.0.10.18) are affected.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Emanuel Bronshtein
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N [5.3 MEDIUM]

Patches_phpmyadmin:
upstream_phpmyadmin: released (4:4.6.5.1-1)
precise_phpmyadmin: ignored (reached end-of-life)
precise/esm_phpmyadmin: DNE (precise was needs-triage)
trusty_phpmyadmin: ignored (out of standard support)
trusty/esm_phpmyadmin: needed
vivid/stable-phone-overlay_phpmyadmin: DNE
vivid/ubuntu-core_phpmyadmin: DNE
xenial_phpmyadmin: ignored (end of standard support, was needed)
yakkety_phpmyadmin: ignored (reached end-of-life)
zesty_phpmyadmin: not-affected (4:4.6.5.1-1)
artful_phpmyadmin: not-affected (4:4.6.5.1-1)
bionic_phpmyadmin: not-affected (4:4.6.5.1-1)
cosmic_phpmyadmin: not-affected (4:4.6.5.1-1)
disco_phpmyadmin: not-affected (4:4.6.5.1-1)
eoan_phpmyadmin: DNE
focal_phpmyadmin: not-affected (4:4.6.5.1-1)
groovy_phpmyadmin: not-affected (4:4.6.5.1-1)
hirsute_phpmyadmin: not-affected (4:4.6.5.1-1)
impish_phpmyadmin: not-affected (4:4.6.5.1-1)
jammy_phpmyadmin: not-affected (4:4.6.5.1-1)
devel_phpmyadmin: not-affected (4:4.6.5.1-1)