From: Leo Famulari <leo@famulari.name>
Date: Sat, 5 Nov 2016 01:35:50 -0400
Subject: Fix CVE-2005-3150 (remotely exploitable format string bug).

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3150

Fix copied from Gentoo and FreeBSD:

https://bugs.gentoo.org/show_bug.cgi?id=107849
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=86833
https://svnweb.freebsd.org/ports/head/ftp/weex/files/patch-src__log.c?revision=143994&view=markup

---
 src/log.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/log.c b/src/log.c
index 5c06339..4174ee0 100644
--- a/src/log.c
+++ b/src/log.c
@@ -183,7 +183,7 @@ void log_flush(void)
 
 	fp=log_open();
 	for(i=0;i<max_log;i++){
-		fprintf(fp,log_str[i]);
+		fprintf(fp,"%s",log_str[i]);
 		free(log_str[i]);
 	}
 	free(log_str);
-- 
2.10.2