It was reported [1] that with a crafted file name it is possible to trigger an XSS in the error reporting page. [1]: http://www.phpmyadmin.net/home_page/security/PMASA-2014-15.php
Created phpMyAdmin tracking bugs for this issue: Affects: fedora-all [bug 1166635] Affects: epel-7 [bug 1166636]
phpMyAdmin-4.2.12-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
phpMyAdmin-4.2.12-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
phpMyAdmin-4.2.12-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
phpMyAdmin-4.2.12-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.