A vulnerability has been discovered and corrected in phpmyadmin:

libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9,
4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid
language values in unknown-language error responses that contain
a CSRF token and may be sent with HTTP compression, which makes it
easier for remote attackers to conduct a BREACH attack and determine
this token via a series of crafted requests (CVE-2015-2206).

This upgrade provides the latest phpmyadmin version (4.2.13.2) to
address this vulnerability.

Additionally, the phpseclib package has been upgraded to the 0.3.10
version.