Hi, the PMASA-2012-5 security advisory has been published on http://www.phpmyadmin.net/home_page/security/PMASA-2012-5.php.

In short, a SourceForge.net mirror server was compromised, leading to the distribution of a doctored phpMyAdmin kit containing a backdoor.

phpMyAdmin-3.5.2.2-all-languages.zip fetched from this mirror server is known to be affected. To our knowledge only one mirror is affected, which appears to be taken offline already. All other SourceForge.net mirrors are unaffected.

phpMyAdmin security team