If you use the popular PEAR PHP extension or have within the last 6 months, there is a possibility that a backdoor could have been introduced depending on how you installed the extension.
"... this does *not* affect the PEAR installer package itself... it affects the go-pear.phar executable that you would use to initially install the PEAR installer. Using the `pear` command to install various PEAR package is *not* affected."
There is still a lot of questions and PEAR PHP are in the process of investigating the full extent of what happened. Please check the references below for the latest updates.