Comment 1 for bug 1837775

There are (as of today) 9 unfixed 'medium' criticality CVEs affecting bionic (many more on xenial, but none of higher severity) according to https://people.canonical.com/~ubuntu-security/cve/pkg/phpmyadmin.html

Would it be better to remove this package from existing releases altogether, if such can be done policy-wise and technically, to prevent users growing a false sense of security?