CVE-2009-0315 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0315): Untrusted search path vulnerability in the Python module in xchat allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
I am not sure whether this bug is being tracked upstream. Please see the blocker for details and a patch example.
ping, net-irc
xchat went away some time ago.