Hi. I just released mathopd 1.5p5 and 1.6b6.
The new version fixes a problem in internal_dump() that could be exploited to append to arbitrary files writable by the server's UID. Thanks to Carsten Eiram for pointing this out.
Internal dumps will now create files in /tmp with unpredictable filenames. As a side effect, each dump will be in a separate file.
I also fixed a compile-time warning on 64-bit platforms while I was there.