$OpenBSD: SECURITY,v 1.5 1999/01/13 21:37:54 turan Exp $

Note: in ${WRKDIR}/rfc1524.c the function mutt_adv_mktemp
uses mktemp, but the resulting name is used much later in
a procedure that does an open with O_CREAT | O_EXCL.  If the
open fails an error is reported and the user can try again.
If the open succeeds the fd is used in fdopen to get a FILE.
No security hole that I saw.

If the mktemp is replaced with mkstemp the open will fail as
the named file will exist.  In order to use mkstemp the interface
to several functions will have to change so the fd returned by
mkstemp is eventually passed to the function that currently does
the open.

Remember s/mktemp/mkstemp/g does NOT work as the two functions have
different semantics.

${WRKDIR}/rfc1524.c:  two calls to mktemp.  -turan