diff -uNr cvs-1.12.13.1.orig//lib/vasnprintf.c cvs-1.12.13.1/lib/vasnprintf.c
--- cvs-1.12.13.1.orig//lib/vasnprintf.c	2006-01-25 13:53:38.000000000 +0100
+++ cvs-1.12.13.1/lib/vasnprintf.c	2010-02-16 17:54:00.000000000 +0100
@@ -560,9 +560,21 @@
 		  }
 		*p = dp->conversion;
 #if USE_SNPRINTF
-		p[1] = '%';
-		p[2] = 'n';
-		p[3] = '\0';
+#if !(__GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 3))
+              p[1] = '%';
+              p[2] = 'n';
+              p[3] = '\0';
+#else
+              /* On glibc2 systems from glibc >= 2.3 - probably also older
+                 ones - we know that snprintf's returns value conforms to
+                 ISO C 99: the gl_SNPRINTF_DIRECTIVE_N test passes.
+                 Therefore we can avoid using %n in this situation.
+                 On glibc2 systems from 2004-10-18 or newer, the use of %n
+                 in format strings in writable memory may crash the program
+                 (if compiled with _FORTIFY_SOURCE=2), so we should avoid it
+                 in this situation.  */
+              p[1] = '\0';
+#endif
 #else
 		p[1] = '\0';
 #endif