diff --git a/missing-format-string.patch b/missing-format-string.patch
new file mode 100644
index 0000000..b0aa758
--- /dev/null
+++ b/missing-format-string.patch
@@ -0,0 +1,11 @@
+diff -up vinagre-0.4/src/vinagre-utils.c.missing-format-string vinagre-0.4/src/vinagre-utils.c
+--- vinagre-0.4/src/vinagre-utils.c.missing-format-string	2008-12-05 15:48:49.000000000 -0500
++++ vinagre-0.4/src/vinagre-utils.c	2008-12-05 15:49:00.000000000 -0500
+@@ -63,6 +63,7 @@ vinagre_utils_show_error (const gchar *m
+ 			      GTK_DIALOG_MODAL | GTK_DIALOG_DESTROY_WITH_PARENT,
+ 			      GTK_MESSAGE_ERROR,
+ 			      GTK_BUTTONS_CLOSE,
++                              "%s",
+ 			      message);
+ 
+   g_signal_connect_swapped (d,
diff --git a/vinagre.spec b/vinagre.spec
index c257c0b..3758d55 100644
--- a/vinagre.spec
+++ b/vinagre.spec
@@ -1,6 +1,6 @@
 Name:		vinagre
 Version:	0.4
-Release:	1%{?dist}
+Release:	2%{?dist}
 Summary:	VNC client for the GNOME desktop
 
 Group:		Applications/System
@@ -23,11 +23,14 @@ BuildRequires:	gnome-keyring-devel
 BuildRequires:	perl(XML::Parser) gettext intltool
 BuildRequires:	desktop-file-utils
 
+Patch0: missing-format-string.patch
+
 %description
 Vinagre is a VNC client for the GNOME desktop environment.
 
 %prep
 %setup -q
+%patch0 -p1 -b .missing-format-string
 
 %build
 %configure --enable-avahi=yes
@@ -80,6 +83,9 @@ fi
 %doc README NEWS COPYING AUTHORS
 
 %changelog
+* Fri Dec  5 2008 Matthias Clasen <mclasen@redhat.com> - 0.4-2
+- Fix an insecure string handling issue
+
 * Tue Apr 01 2008 - Bastien Nocera <bnocera@redhat.com> - 0.4-1
 - Update to 0.4 (#428213)