xine allows local users to overwrite arbitrary files via a symlink attack on a bug report email that is generated by the (1) xine-bugreport or (2) xine-check scripts.
https://exchange.xforce.ibmcloud.com/vulnerabilities/15564
http://www.securityfocus.com/bid/9939
http://www.debian.org/security/2004/dsa-477