It was reported that certain binaries provided by the llvm package had an insecure RPATH (/tmp/) entry: http://www.linuxsecurity.com/content/view/160596?rdf This could lead to arbitrary code execution with the privileges of the user running the affected binaries. This issue did not affect any llvm or mingw-llvm packages in Fedora or EPEL, as the packages are built in /buildir/, not /tmp/. CVE request: http://seclists.org/oss-sec/2013/q4/525
CVE-2013-7171 was assigned to this issue: http://seclists.org/oss-sec/2013/q4/527