Ubuntu Security Notice 4700-1 - Alexandre D'Hondt discovered that PyXDG did not properly sanitize input. An attacker could exploit this with a crafted .menu file to execute arbitrary code.
f1f938b76cd293dbac877e577715cef0ee97d86d1517e9fea22bbc0ac63bea8f