Hello! CVE-2016-6664 (and duplicate CVE-2016-5617) do not gravely affect MariaDB because:
"CVE-2016-6664 is NOT exploitable by itself. Shell access must first be obtained through a vulnerability like CVE-2016-6663. Because CVE-2016-6663 has been fixed and is no longer exploitable, we’ve determined that CVE-2016-6664 is not critical on its own and doesn’t warrant an immediate fix to be released. A fix will be included in the next upcoming maintenance releases of MariaDB Server 5.5, 10.0 and 10.1." (from https://mariadb.com/kb/en/mariadb/security/)