libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.
lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html
lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html
lists.opensuse.org/opensuse-updates/2016-02/msg00028.html
lists.opensuse.org/opensuse-updates/2016-02/msg00049.html
www.debian.org/security/2016/dsa-3627
www.phpmyadmin.net/home_page/security/PMASA-2016-2.php
github.com/phpmyadmin/phpmyadmin/commit/cb7748ac9cffcd1cd0f3081499cd4aafa9d1065e
github.com/phpmyadmin/phpmyadmin/commit/f20970d32c3dfdf82aef7b6c244da1f769043813