Hi,For those who are hosting their packages on SourceForge, please check your packages against the checksums and PGP signature (if there are any).
the PMASA-2012-5 security advisory has been published on
home_page/security/PMASA-2012- 5.php .
In short, a SourceForge.net mirror server was compromised, leading to
the distribution of a doctored phpMyAdmin kit containing a backdoor.
languages.zip fetched from this mirror server is
known to be affected. To our knowledge only one mirror is affected,
which appears to be taken offline already. All other SourceForge.net
mirrors are unaffected.
phpMyAdmin security team
Thanks to Tencent Security Response Center who notifies Marc about this issue.