* SECURITY VULNERABILITIES!
- - The recipe of the 'distcheck' no longer grants anymore temporary
- world-wide write permissions on the extracted distdir. Even if such
- rights were only granted for a vanishingly small time window, the
- implied race condition proved to be enough to allow a local attacker
- to run arbitrary code with the privileges of the user running "make
- distcheck". This is CVE-2012-3386.
+ - The 'distcheck' recipe no longer grants temporary world-write
+ permissions on the extracted distdir. Even if such rights were
+ only granted for a vanishingly small time window, the implied
+ race condition proved to be enough to allow a local attacker
+ to run arbitrary code with the privileges of the user running
+ "make distcheck". This is CVE-2012-3386.
* Long-standing bugs: