Debian Security Advisory 1465-1 - Felipe Sateler discovered that apt-listchanges, a package change history notification tool, used unsafe paths when importing its python libraries. This could allow the execution of arbitrary shell commands if the root user executed the command in a directory which other local users may write to.
7b1d9ccc36f604c9dcd6edd3d81ef938f40c3ece916837e63d8aa18f4bac6476