--- /dev/null
+From Debian's mpg321-0.2.10.3 package:
+
+mpg321 (0.2.10.3) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team
+ * Fix format string vulnerabilities (CAN-2003-0969)
+
+ -- Matt Zimmerman <mdz@debian.org> Sun, 4 Jan 2004 11:50:39 -0800
+
+mpg321 (0.2.10.1-1.1) unstable; urgency=low
+
+ * NMU
+ * Apply patch to close fd (Closes: Bug#178948)
+
+ -- Mario Lang <mlang@debian.org> Mon, 31 Mar 2003 10:56:12 +0200
+
+diff -Nur mpg321-0.2.10/mpg321.c mpg321-0.2.10.1/mpg321.c
+--- mpg321-0.2.10/mpg321.c Sun Mar 24 06:49:20 2002
++++ mpg321-0.2.10.1/mpg321.c Sun Jan 4 20:51:13 2004
+@@ -188,7 +188,7 @@
+
+ else
+ {
+- printf(names[i]);
++ printf("%s", names[i]);
+ free(names[i]);
+ }
+ }
+@@ -203,7 +203,7 @@
+ if (!names[i]) {
+ fprintf (stderr, emptystring);
+ } else {
+- fprintf (stderr, names[i]);
++ fprintf (stderr, "%s", names[i]);
+ free (names[i]);
+ }
+ if (i%2) fprintf (stderr, "\n");
+@@ -410,12 +410,14 @@
+
+ if(fstat(fd, &stat) == -1)
+ {
++ close(fd);
+ mpg321_error(currentfile);
+ continue;
+ }
+
+ if (!S_ISREG(stat.st_mode))
+ {
++ close(fd);
+ continue;
+ }
+
+@@ -432,10 +434,12 @@
+ if((playbuf.buf = mmap(0, playbuf.length, PROT_READ, MAP_SHARED, fd, 0))
+ == MAP_FAILED)
+ {
++ close(fd);
+ mpg321_error(currentfile);
+ continue;
+ }
+
++ close(fd);
+ playbuf.frames[0] = playbuf.buf;
+
+ mad_decoder_init(&decoder, &playbuf, read_from_mmap, read_header, /*filter*/0,