webmin -- insecure temporary file creation at installation time

The Webmin developers documented a security issue in the
release notes for version 1.160:

Fixed a security hole in the maketemp.pl script, used
to create the /tmp/.webmin directory at install time. If
an un-trusted user creates this directory before Webmin
is installed, he could create in it a symbolic link
pointing to a critical file on the system, which would be
overwritten when Webmin writes to the link filename.