the PMASA-2012-5 security advisory has been published on
In short, a SourceForge.net mirror server was compromised, leading to
the distribution of a doctored phpMyAdmin kit containing a backdoor.
phpMyAdmin-220.127.116.11-all-languages.zip fetched from this mirror server is
known to be affected. To our knowledge only one mirror is affected,
which appears to be taken offline already. All other SourceForge.net
mirrors are unaffected.
phpMyAdmin security team
Welcome to the first release candidate for phpMyAdmin 3.5.3, a bugfix
release. phpMyAdmin no longer contains the Highcharts library (which
caused a licensing problem).
Details will appear on http://phpmyadmin.net. In a hurry? you can visit
http://sourceforge.net/projects/phpmyadmin to download.
Marc Delisle, for the team