Hi,
the PMASA-2012-5 security advisory has been published on
http://www.phpmyadmin.net/home_page/security/PMASA-2012-5.php.
In short, a
SourceForge.net mirror server was compromised, leading to
the distribution of a doctored phpMyAdmin kit containing a backdoor.
phpMyAdmin-3.5.2.2-all-languages.zip fetched from this mirror server is
known to be affected. To our knowledge only one mirror is affected,
which appears to be taken offline already. All other
SourceForge.net
mirrors are unaffected.
phpMyAdmin security team