in errorlog.c there's a call to syslog
syslog(priority, buf); (Line: 113)
that can cause problems if somebody can
get formatting chars to buf (%n for example).
I think that more secure way to call syslog is syslog(priority, "%s", buf)
Thanks a lot for pointing this out. Fixed now in our current package.
Florian La Roche