The recipe of the 'distcheck' target granted temporary
world-write permissions on the extracted distdir. This introduced
a locally exploitable race condition for those who run "make distcheck"
with a non-restrictive umask (e.g., 022) in a directory that was
accessible by others. A successful exploit would result in arbitrary
code execution with the privileges of the user running "make distcheck".
It is important to stress that this vulnerability impacts not only
the Automake package itself, but all packages with Automake-generated
makefiles. For an effective fix it is necessary to regenerate the
Makefile.in files with a fixed Automake version.