Patrick J. Volkerding

**Name of the Vulnerable Software and Affected Versions** GNU m4 versions prior to 1.4.11 **Description** The issue concerns the maketemp and mkstemp builtin functions in GNU m4, which do not quote their output when a file is created. This could allow attackers to trigger a macro expansion, potentially leading to the use of an incorrect filename. **Recommendations** For GNU m4 versions prior to 1.4.11, update to version 1.4.11 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** GNU m4 versions prior to 1.4.11 **Description** The issue is related to improper handling of filenames specified with the -F option, which might allow context-dependent attackers to execute arbitrary code. It is not clear when this issue crosses privilege boundaries. **Recommendations** For versions prior to 1.4.11, update to version 1.4.11 or later to resolve the issue.