Debian Security Advisory 1102-1 - Steve Kemp from the Debian Security Audit project discovered that pinball, a pinball simulator, can be tricked into loading level plugins from user-controlled directories without dropping privileges.
d71066c86798b30c24f5675f615a795a5fbdaaa5cf3fa7a86a19717324d08dca