--- automake-1.11.2/NEWS.orig	2012-07-10 05:55:08.774803866 -0700

+++ automake-1.11.2/NEWS	2012-07-10 05:55:40.618794747 -0700

@@ -90,6 +90,15 @@

   - The AM_COND_IF macro also works if the shell expression for the

     conditional is no longer valid for the condition.

+* SECURITY VULNERABILITIES!

+

+  - The recipe of the 'distcheck' no longer grants anymore temporary

+    world-wide write permissions on the extracted distdir.  Even if such

+    rights were only granted for a vanishingly small time window, the

+    implied race condition proved to be enough to allow a local attacker

+    to run arbitrary code with the privileges of the user running "make

+    distcheck".  This is CVE-2012-3386.

+

 * Long-standing bugs:

   - The order of Yacc and Lex flags is fixed to be consistent with other

--- automake-1.11.2/lib/am/distdir.am.orig	2012-07-10 05:57:02.481964158 -0700

+++ automake-1.11.2/lib/am/distdir.am	2012-07-10 05:57:54.509361759 -0700

@@ -441,7 +441,7 @@

 ## Make the new source tree read-only.  Distributions ought to work in

 ## this case.  However, make the top-level directory writable so we

 ## can make our new subdirs.

-	chmod -R a-w $(distdir); chmod a+w $(distdir)

+	chmod -R a-w $(distdir); chmod u+w $(distdir)

 	mkdir $(distdir)/_build

 	mkdir $(distdir)/_inst

 ## Undo the write access.