Debian Security Advisory 1328-1 - Steve Kemp from the Debian Security Audit project discovered that unicon-imc2, a Chinese input method library, makes unsafe use of an environmental variable, which may be exploited to execute arbitrary code.
1de76c67e02089cdd4d2d3522f0048f660098f79fcd6ef7ecd90dc32e7a3f43c