1
Candidate: CVE-2016-9852
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9852
5
https://www.phpmyadmin.net/security/PMASA-2016-63/
7
An issue was discovered in phpMyAdmin. By calling some scripts that are
8
part of phpMyAdmin in an unexpected way, it is possible to trigger
9
phpMyAdmin to display a PHP error message which contains the full path of
10
the directory where phpMyAdmin is installed. During an execution timeout in
11
the export functionality, the errors containing the full path of the
12
directory of phpMyAdmin are written to the export file. All 4.6.x versions
13
(prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This
14
CVE is for the curl wrapper issue.
19
Discovered-by: Emanuel Bronshtein
23
upstream_phpmyadmin: released (4:4.6.5.1-1)
24
precise_phpmyadmin: ignored (reached end-of-life)
25
precise/esm_phpmyadmin: DNE (precise was needs-triage)
26
trusty_phpmyadmin: needs-triage
27
vivid/stable-phone-overlay_phpmyadmin: DNE
28
vivid/ubuntu-core_phpmyadmin: DNE
29
xenial_phpmyadmin: needed
30
yakkety_phpmyadmin: ignored (reached end-of-life)
31
zesty_phpmyadmin: not-affected (4:4.6.5.1-1)
32
artful_phpmyadmin: not-affected (4:4.6.5.1-1)
33
bionic_phpmyadmin: not-affected (4:4.6.5.1-1)
34
devel_phpmyadmin: not-affected (4:4.6.5.1-1)