whoopsie-daisy before 0.1.26: Root user can remove arbitrary files
CVE-2012-0945 (Candidate) is related to these bugs: