The recipe of the 'distcheck' target granted temporary
world-write permissions on the extracted distdir. This introduced
a locally exploitable race condition for those who run "make
distcheck" with a non-restrictive umask (e.g., 022) in a directory
that was accessible by others. A successful exploit would result
in arbitrary code execution with the privileges of the user
running "make distcheck".
It is important to stress that this vulnerability impacts not only
the Automake package itself, but all packages with
Automake-generated makefiles. For an effective fix it is necessary
to regenerate the Makefile.in files with a fixed Automake
version.