diff -up bar-1.10.9/args.c.format-security bar-1.10.9/args.c
--- bar-1.10.9/args.c.format-security	2014-06-12 16:01:36.990747232 -0400
+++ bar-1.10.9/args.c	2014-06-12 16:04:20.065747232 -0400
@@ -587,7 +587,7 @@ void help(FILE *out)
 			fprintf(out, "\n       ");
 			screen_used = 7;
 		}
-		fprintf(out, option_buffer);
+		fprintf(out, "%s", option_buffer);
 		screen_used += strlen(option_buffer);
 	}
 
@@ -615,7 +615,7 @@ void help(FILE *out)
 			fprintf(out, "\n       ");
 			screen_used = 7;
 		}
-		fprintf(out, option_buffer);
+		fprintf(out, "%s", option_buffer);
 		screen_used += strlen(option_buffer);
 	}
 
diff -up bar-1.10.9/display.c.format-security bar-1.10.9/display.c
--- bar-1.10.9/display.c.format-security	2007-06-06 15:07:41.000000000 -0400
+++ bar-1.10.9/display.c	2014-06-12 16:03:29.713747232 -0400
@@ -308,10 +308,10 @@ void displayAnsi(char *fg, char *bg, int
 {
 	if (d.display_ansi) {
 		if (fg != 0) {
-			fprintf(stderr, fg);
+			fprintf(stderr, "%s", fg);
 		}
 		if (bg != 0) {
-			fprintf(stderr, bg);
+			fprintf(stderr, "%s", bg);
 		}
 		if (b) {
 			fprintf(stderr, "");