Index: gtkballs/src/gtkutils.c
===================================================================
--- gtkballs.orig/src/gtkutils.c	2013-12-25 13:34:32.483518040 +0100
+++ gtkballs/src/gtkutils.c	2013-12-25 13:34:32.475518001 +0100
@@ -112,14 +112,14 @@
 
 /* shows simple message box */
 void ut_simple_message_box(gchar *message) {
-  	GtkWidget *dialog = gtk_message_dialog_new(NULL, 0, GTK_MESSAGE_INFO, GTK_BUTTONS_CLOSE, message);
+  	GtkWidget *dialog = gtk_message_dialog_new(NULL, 0, GTK_MESSAGE_INFO, GTK_BUTTONS_CLOSE, "%s", message);
  	gtk_dialog_run(GTK_DIALOG(dialog));
  	gtk_widget_destroy(dialog);
 }
 
 /* shows simple message box */
 void ut_simple_message_box_with_title(gchar *message, gchar *title) {
-  	GtkWidget *dialog = gtk_message_dialog_new(NULL, 0, GTK_MESSAGE_INFO, GTK_BUTTONS_CLOSE, message);
+  	GtkWidget *dialog = gtk_message_dialog_new(NULL, 0, GTK_MESSAGE_INFO, GTK_BUTTONS_CLOSE, "%s", message);
   	gtk_window_set_title(GTK_WINDOW(dialog), title);
  	gtk_dialog_run(GTK_DIALOG(dialog));
  	gtk_widget_destroy(dialog);
Index: gtkballs/src/savegame.c
===================================================================
--- gtkballs.orig/src/savegame.c	2013-12-25 13:20:34.571421696 +0100
+++ gtkballs/src/savegame.c	2013-12-25 13:35:05.431679116 +0100
@@ -166,7 +166,7 @@
         if((f = fopen(fname, "w")) != NULL) {
                 chmod(fname, 0600);
                 /* TODO: check for errors ! */
-                fprintf(f, rules);
+                fprintf(f, "%s", rules);
                 fprintf(f, "%010d", score);
                 for(i = 0; i < rules_get_width() * rules_get_height(); i++) {
                 	fprintf(f, "%02d", board[i]);