*sigh* What happens when the mistake-finders make their own mistakes? While there is a fix in log_attempt() in misc.c that's relevant to format strings and syslog, there's only one usage of log_attempt, with a username that's obtained from the password file, so there's no real vulnerable code path. - Steve