https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2950

http://svn.php.net/viewvc?view=revision&revision=302565

--- php-5.3.3/ext/phar/stream.c.cve2950
+++ php-5.3.3/ext/phar/stream.c
@@ -470,7 +470,7 @@ static int phar_stream_flush(php_stream
 	if (stream->mode[0] == 'w' || (stream->mode[0] == 'r' && stream->mode[1] == '+')) {
 		ret = phar_flush(((phar_entry_data *)stream->abstract)->phar, 0, 0, 0, &error TSRMLS_CC);
 		if (error) {
-			php_stream_wrapper_log_error(stream->wrapper, REPORT_ERRORS TSRMLS_CC, error);
+			php_stream_wrapper_log_error(stream->wrapper, REPORT_ERRORS TSRMLS_CC, "%s", error);
 			efree(error);
 		}
 		return ret;