Hi I have asked if this warrants a CVE and if one can be assigned. If so I will then update it here. Here is the temporary entry in the security-tracker:
https://security-tracker.debian.org/tracker/TEMP-0654341-9198B9 p.s.: A user might be tricked also to save the open file and loose data, by overwriting the file in current directory by the content found in the /tmp file. Regards, Salvatore
signature.asc
Description: Digital signature