Debian Linux Security Advisory 4494-1 - Dominik Penner discovered that KConfig, the KDE configuration settings framework, supported a feature to define shell command execution in .desktop files. If a user is provided with a malformed .desktop file (e.g. if it's embedded into a downloaded archive and it gets opened in a file browser) arbitrary commands could get executed. This update removes this feature.
cffdf8b2f8be70b1d490457cf9c87e48056edad5fc1ecd56c620082e3c680957