Common Vulnerabilities and Exposures assigned an identifier CVE-2008-1688 to the following vulnerability: Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames specified with the -F option. NOTE: it is not clear when this issue crosses privilege boundaries. References: http://www.openwall.com/lists/oss-security/2008/04/07/1 http://lists.gnu.org/archive/html/m4-announce/2008-04/msg00000.html http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.510612 http://secunia.com/advisories/29671 Upstream patch: http://git.sv.gnu.org/gitweb/?p=m4.git;a=commit;h=035998112737e52cb229e342913ef404e5a51040
Red Hat does not consider this to be a security issue.