diff -ur ntp-4.2.6p5/lib/isc/unix/ifiter_ioctl.c ntp-4.2.6p5.new/lib/isc/unix/ifiter_ioctl.c
--- ntp-4.2.6p5/lib/isc/unix/ifiter_ioctl.c	2010-12-25 09:40:34.000000000 +0000
+++ ntp-4.2.6p5.new/lib/isc/unix/ifiter_ioctl.c	2012-10-22 11:34:15.000000000 +0100
@@ -159,7 +159,7 @@
 				break;
 		}
 		if (iter->bufsize >= IFCONF_BUFSIZE_MAX) {
-			UNEXPECTED_ERROR(__FILE__, __LINE__,
+			UNEXPECTED_ERROR(__FILE__, __LINE__, "%s",
 					 isc_msgcat_get(isc_msgcat,
 							ISC_MSGSET_IFITERIOCTL,
 							ISC_MSG_BUFFERMAX,
diff -ur ntp-4.2.6p5/ntpd/ntp_config.c ntp-4.2.6p5.new/ntpd/ntp_config.c
--- ntp-4.2.6p5/ntpd/ntp_config.c	2012-10-22 11:43:38.000000000 +0100
+++ ntp-4.2.6p5.new/ntpd/ntp_config.c	2012-10-22 11:38:02.000000000 +0100
@@ -2334,7 +2334,7 @@
 		if ((RES_MSSNTP & flags) && !warned_signd) {
 			warned_signd = 1;
 			fprintf(stderr, "%s\n", signd_warning);
-			msyslog(LOG_WARNING, signd_warning);
+			msyslog(LOG_WARNING, "%s", signd_warning);
 		}
 	}
 }
diff -ur ntp-4.2.6p5/ntpd/ntp_control.c ntp-4.2.6p5.new/ntpd/ntp_control.c
--- ntp-4.2.6p5/ntpd/ntp_control.c	2011-12-09 02:00:53.000000000 +0000
+++ ntp-4.2.6p5.new/ntpd/ntp_control.c	2012-10-22 11:37:11.000000000 +0100
@@ -2962,7 +2962,7 @@
 			    " %s", str);
 		}
 		NLOG(NLOG_SYSEVENT)
-		    msyslog(LOG_INFO, statstr);
+		    msyslog(LOG_INFO, "%s", statstr);
 	} else {
 
 		/*
@@ -2994,7 +2994,7 @@
 			    " %s", str);
 		}
 		NLOG(NLOG_PEEREVENT)
-		    msyslog(LOG_INFO, statstr);
+		    msyslog(LOG_INFO, "%s", statstr);
 	}
 	record_proto_stats(statstr);
 #if DEBUG
diff -ur ntp-4.2.6p5/ntpd/ntpd.c ntp-4.2.6p5.new/ntpd/ntpd.c
--- ntp-4.2.6p5/ntpd/ntpd.c	2012-10-22 11:43:38.000000000 +0100
+++ ntp-4.2.6p5.new/ntpd/ntpd.c	2012-10-22 11:39:33.000000000 +0100
@@ -1242,7 +1242,7 @@
 
 	msyslog(LOG_ERR, "%s:%d: fatal error:", file, line);
 	vsnprintf(errbuf, sizeof(errbuf), format, args);
-	msyslog(LOG_ERR, errbuf);
+	msyslog(LOG_ERR, "%s", errbuf);
 	msyslog(LOG_ERR, "exiting (due to fatal error in library)");
 
 	abort();
@@ -1264,7 +1264,7 @@
 
 	msyslog(LOG_ERR, "%s:%d: unexpected error:", file, line);
 	vsnprintf(errbuf, sizeof(errbuf), format, args);
-	msyslog(LOG_ERR, errbuf);
+	msyslog(LOG_ERR, "%s", errbuf);
 
 	if (++unexpected_error_cnt == MAX_UNEXPECTED_ERRORS)
 	{