phpPgAdmin 3.5.4 has now been released to fix the language file inclusion vulnerability. Along with a few other tiny bug fixes, this release is now recommended for ALL 3.x series users.
Details on the vulnerability are here:
This post has been migrated from a previous version of the PostgreSQL website. We apologise for any formatting issues caused by the migration.