300aad2
diff -up a2ps-4.14/lib/output.c.format-security a2ps-4.14/lib/output.c
35daddd
--- a2ps-4.14/lib/output.c.format-security	2007-12-29 01:58:21.000000000 +0000
35daddd
+++ a2ps-4.14/lib/output.c	2014-04-03 18:24:35.259901356 +0100
300aad2
@@ -525,7 +525,7 @@ output_file (struct output * out, a2ps_j
300aad2
 		     expand_user_string (job, FIRST_FILE (job),
300aad2
 					 (const uchar *) "Expand: requirement",
300aad2
 					 (const uchar *) token));
300aad2
-	output (dest, expansion);
300aad2
+	output (dest, "%s", expansion);
300aad2
 	continue;
300aad2
       }
300aad2
 
35daddd
diff -up a2ps-4.14/lib/parseppd.y.format-security a2ps-4.14/lib/parseppd.y
35daddd
--- a2ps-4.14/lib/parseppd.y.format-security	2007-12-29 01:58:21.000000000 +0000
35daddd
+++ a2ps-4.14/lib/parseppd.y	2014-04-03 18:24:35.259901356 +0100
35daddd
@@ -154,7 +154,7 @@ font_clause :
35daddd
 void
35daddd
 yyerror (const char *msg)
35daddd
 {
35daddd
-  error_at_line (1, 0, ppdfilename, ppdlineno, msg);
35daddd
+  error_at_line (1, 0, ppdfilename, ppdlineno, "%s", msg);
35daddd
 }
35daddd
 
35daddd
 /*
35daddd
diff -up a2ps-4.14/lib/psgen.c.format-security a2ps-4.14/lib/psgen.c
35daddd
--- a2ps-4.14/lib/psgen.c.format-security	2014-04-03 18:24:35.241901276 +0100
35daddd
+++ a2ps-4.14/lib/psgen.c	2014-04-03 18:24:35.259901356 +0100
35daddd
@@ -232,7 +232,7 @@ output_marker (a2ps_job * job, const cha
35daddd
     default:
35daddd
       *buf = '\0';
35daddd
       ps_escape_char (job, cp[i], buf);
35daddd
-      output (jdiv, (char *) buf);
35daddd
+      output (jdiv, "%s", (char *) buf);
35daddd
       break;
35daddd
     }
35daddd
   }
35daddd
diff -up a2ps-4.14/src/parsessh.y.format-security a2ps-4.14/src/parsessh.y
35daddd
--- a2ps-4.14/src/parsessh.y.format-security	2014-04-03 18:25:56.011259069 +0100
35daddd
+++ a2ps-4.14/src/parsessh.y	2014-04-03 18:26:04.725297585 +0100
35daddd
@@ -740,7 +740,7 @@ exception_def_opt:
35daddd
 void
35daddd
 yyerror (const char *msg)
35daddd
 {
35daddd
-  error_at_line (1, 0, sshfilename, sshlineno, msg);
35daddd
+  error_at_line (1, 0, sshfilename, sshlineno, "%s", msg);
35daddd
 }
35daddd
 
35daddd
 /*