Common Vulnerabilities and Exposures assigned an identifier CVE-2008-1687 to the following vulnerability: The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename. References: http://www.openwall.com/lists/oss-security/2008/04/07/1 http://lists.gnu.org/archive/html/m4-announce/2008-04/msg00000.html http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.510612 http://secunia.com/advisories/29671 Upstream patch: http://git.sv.gnu.org/gitweb/?p=m4.git;a=commit;h=5345bb49077bfda9fabd048e563f9e7077fe335d
Red Hat does not consider this to be a security issue.