It was reported that certain binaries provided by the llvm package had an insecure RPATH (/tmp/) entry:
This could lead to arbitrary code execution with the privileges of the user running the affected binaries.
This issue did not affect any llvm or mingw-llvm packages in Fedora or EPEL, as the packages are built in /buildir/, not /tmp/.
CVE request: http://seclists.org/oss-sec/2013/q4/525
CVE-2013-7171 was assigned to this issue: http://seclists.org/oss-sec/2013/q4/527