diff --git a/ChangeLog b/ChangeLog
index 511ed6a3b4..406edf6216 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+Tue Nov 6 19:54:00 CET 2007 Jim Meyering  <meyering@redhat.com>
+
+	Avoid risk of format string abuse (also avoids gcc warnings).
+	* src/util.c (ReportError): Use a literal "%s" format string.
+	* src/remote_internal.c (server_error): Likewise.
+	* src/qemu_conf.c (qemudReportError): Likewise.
+	* acinclude.m4: Add -Wformat -Wformat-security to default
+	  list of warning flags, to warn about errors such as the
+	  above.
+
 Tue Nov  6 17:24:16 CET 2007 Daniel Veillard <veillard@redhat.com>
 
 	* src/xs_internals.c: patch from Chris Lalancette, forgot to
diff --git a/acinclude.m4 b/acinclude.m4
index 15bb7ff6c2..8ec39209a2 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -26,13 +26,13 @@ AC_DEFUN([LIBVIRT_COMPILE_WARNINGS],[
         try_compiler_flags=""
 	;;
     minimum)
-	try_compiler_flags="-Wall $common_flags"
+	try_compiler_flags="-Wall -Wformat -Wformat-security $common_flags"
 	;;
     yes)
-	try_compiler_flags="-Wall -Wmissing-prototypes $common_flags"
+	try_compiler_flags="-Wall -Wformat -Wformat-security -Wmissing-prototypes $common_flags"
 	;;
     maximum|error)
-	try_compiler_flags="-Wall -Wmissing-prototypes -Wnested-externs -Wpointer-arith"
+	try_compiler_flags="-Wall -Wformat -Wformat-security -Wmissing-prototypes -Wnested-externs -Wpointer-arith"
 	try_compiler_flags="$try_compiler_flags -Wextra -Wshadow -Wcast-align -Wwrite-strings -Waggregate-return"
 	try_compiler_flags="$try_compiler_flags -Wstrict-prototypes -Winline -Wredundant-decls -Wno-sign-compare"
 	try_compiler_flags="$try_compiler_flags $common_flags"
diff --git a/src/qemu_conf.c b/src/qemu_conf.c
index 78f46996ee..3556a9a047 100644
--- a/src/qemu_conf.c
+++ b/src/qemu_conf.c
@@ -64,7 +64,7 @@ void qemudReportError(virConnectPtr conn,
         errorMessage[0] = '\0';
     }
     __virRaiseError(conn, dom, net, VIR_FROM_QEMU, code, VIR_ERR_ERROR,
-                    NULL, NULL, NULL, -1, -1, errorMessage);
+                    NULL, NULL, NULL, -1, -1, "%s", errorMessage);
 }
 
 int qemudLoadDriverConfig(struct qemud_driver *driver,
diff --git a/src/remote_internal.c b/src/remote_internal.c
index 3af326fd3a..1420a889fc 100644
--- a/src/remote_internal.c
+++ b/src/remote_internal.c
@@ -3073,7 +3073,7 @@ server_error (virConnectPtr conn, remote_error *err)
                      err->domain, err->code, err->level,
                      str1, str2, str3,
                      err->int1, err->int2,
-                     message);
+                     "%s", message);
 }
 
 /* get_nonnull_domain and get_nonnull_network turn an on-wire
diff --git a/src/util.c b/src/util.c
index eb5785990e..c964a6355c 100644
--- a/src/util.c
+++ b/src/util.c
@@ -53,7 +53,7 @@ ReportError(virConnectPtr conn,
         errorMessage[0] = '\0';
     }
     __virRaiseError(conn, dom, net, VIR_FROM_NONE, code, VIR_ERR_ERROR,
-                    NULL, NULL, NULL, -1, -1, errorMessage);
+                    NULL, NULL, NULL, -1, -1, "%s", errorMessage);
 }
 
 static int virSetCloseExec(int fd) {