Steve Kemp from the Debian Security Audit project discovered that pinball, a pinball simulator, can be tricked into loading level plugins from user-controlled directories without dropping privileges.
The old stable distribution (woody) does not contain this package.
For the stable distribution (sarge) this problem has been fixed in version 0.3.1-3sarge1.
For the unstable distribution (sid) this problem has been fixed in version 0.3.1-6.
We recommend that you upgrade your pinball package.