diff -up alienarena-7.66/source/game/p_client.c.format-security alienarena-7.66/source/game/p_client.c
--- alienarena-7.66/source/game/p_client.c.format-security	2014-06-09 15:01:15.657195088 -0400
+++ alienarena-7.66/source/game/p_client.c	2014-06-09 15:00:58.184311383 -0400
@@ -2123,7 +2123,7 @@ void PutClientInServer (edict_t *ent)
 #else
 	ent->ctype = 0; //alien is default
 	sprintf(modelpath, "players/%s/human", playermodel);
-	sprintf(ent->charModel, playermodel);
+	sprintf(ent->charModel, "%s", playermodel);
 	Q2_FindFile (modelpath, &file);
 	if(file) 
 	{