Temporary Directory Insecure Permissions Local Symlink File Overwrite
Since the /tmp directory is readable by everybody on Unix, and since the patch name could be public or easy to guess, an attacker could create a symlink to a file writable by the user running hub, which would be replaced by the patch.