CVE-2016-2042

Priority
Description
phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote
attackers to obtain sensitive information via a crafted request to (1)
libraries/phpseclib/Crypt/AES.php or (2)
libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an
error message.
Notes
Package
Upstream:released (4:4.5.4-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4:4.5.4-1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (4:4.5.4-1)
Ubuntu 19.04 (Disco Dingo):not-affected (4:4.5.4-1)
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):not-affected (4:4.5.4-1)
Patches:
Upstream:https://github.com/phpmyadmin/phpmyadmin/commit/3b96f3600651163b8c1d9b6ff7ebd0b142412993 (4.4)
Upstream:https://github.com/phpmyadmin/phpmyadmin/commit/5a3de108f26e4b0dddadddbe8ccdb1dd5526771f (4.5)
More Information

Updated: 2019-12-11 06:14:32 UTC (commit 0faf5fc8751871109f865711f0c277151ab57e18)