CVE-2008-1688

CVE-2008-1688 affects GNU m4 up to version 1.4.10, with the issue arising from how filenames are handled when using -F. The vulnerability is described as allowing context-dependent attackers to execute arbitrary code due to improper filename handling in the code paths related to maketemp/mkstemp ...

CVE-2008-1687

The CVE-2008-1687 issue affects GNU m4 up to version 1.4.10; the maketemp and mkstemp builtins do not quote their output when creating a file, which can let an attacker trigger a macro expansion and cause the program to use an incorrect filename. The root cause is unquoted output during file crea...