From: Ole Streicher <olebole@debian.org>
Date: Mon, 11 Dec 2017 10:26:01 +0100
Subject: Fix format security errors

---
 src/xml.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/xml.c b/src/xml.c
index 8cc872c..1fd6029 100644
--- a/src/xml.c
+++ b/src/xml.c
@@ -566,7 +566,7 @@ int	write_xmlconfigparam(FILE *file, char *name, char *unit,
       n = *(key[i].nlistptr);
       if (n)
         {
-        sprintf(value, ((char **)key[i].ptr)[0]);
+        sprintf(value, "%s", ((char **)key[i].ptr)[0]);
         fprintf(file, "   <PARAM name=\"%s\" datatype=\"char\""
                 " arraysize=\"*\" ucd=\"%s\" value=\"%s",
                 name, ucd, value);
@@ -583,7 +583,7 @@ int	write_xmlconfigparam(FILE *file, char *name, char *unit,
                 name, ucd);
       break;
     case P_KEY:
-      sprintf(value, key[i].keylist[*((int *)key[i].ptr)]);
+      sprintf(value, "%s", key[i].keylist[*((int *)key[i].ptr)]);
       fprintf(file, "   <PARAM name=\"%s\" datatype=\"char\" arraysize=\"*\""
         " ucd=\"%s\" value=\"%s\"/>\n",
         name, ucd, value);
@@ -592,13 +592,13 @@ int	write_xmlconfigparam(FILE *file, char *name, char *unit,
       n = *(key[i].nlistptr);
       if (n)
         {
-        sprintf(value, key[i].keylist[((int *)key[i].ptr)[0]]);
+        sprintf(value, "%s", key[i].keylist[((int *)key[i].ptr)[0]]);
         fprintf(file, "   <PARAM name=\"%s\" datatype=\"char\""
                 " arraysize=\"*\" ucd=\"%s\" value=\"%s",
                 name, ucd, value);
         for (j=1; j<n; j++)
           {
-          sprintf(value, key[i].keylist[((int *)key[i].ptr)[j]]);
+          sprintf(value, "%s", key[i].keylist[((int *)key[i].ptr)[j]]);
           fprintf(file, ",%s", value);
           }
         fprintf(file, "\"/>\n");