xmille crashes with sigsegv when a large save filename is specified, due to overflow of a stack buffer of size 80. This will lead to overwrite of the saved return address and allow arbitrary code execution.
this error occurs in save.c

save() {
 
        reg char        *sp;
        reg int         outf;
        reg Time        *tp;
        char            buf[80];            -> fixed size stack buffer
        Time            tme;
        Stat            junk;
 
        tp = &tme;
        if (Fromfile && getyn("Same file? "))             -> unsafe strcpy
                strcpy(buf, Fromfile);
        else {
                strcpy (buf, GetpromptedInput ("file: ")); -> unsafe strcpy
                sp = buf + strlen (buf);
        }

additionally there are some other places in the code where strcpy is being used possibly unsafely.
Also there seem to be some format string bugs due to passing of unsafe format strings to the function Error() in ui.c
For example giving a savefile name of %n will crash xmille with a SIGSEGV and may allow overwriting of arbitrary locations in the stack to modify program execution flow.

However in my gentoo box xmille isn't suid nor setgid games, so the bugs aren't critical.