Debian Security Advisory DSA 847-1 - Joxean Koret discovered that the Python SVG import plugin in dia, a vector-oriented diagram editor, does not properly sanitise data read from an SVG file and is hence vulnerable to execute arbitrary Python code.
6c65844793ba31d943e00a8ab86d202a56b4e5e33bcd39c77358b0873169965e