pithos before 0.3.5 allows overwrite of arbitrary files via symlinks.
CVE-2010-4817 (Candidate) is related to these bugs: