From the announcement: Release notes for 4.16.4 ======================== (Security Patch) - exo-open : Only execute local .desktop files
Cool. A non-public CVE that you can only find in commit history. https://gitlab.xfce.org/xfce/exo/-/commit/c71c04ff5882b2866a0d8506fb460d4ef796de9f https://gitlab.xfce.org/xfce/exo/-/commit/cc047717c3b5efded2cc7bd419c41a3d1f1e48b6 Thank you for filing!
Cleanup done.
Thanks!