https://sources.debian.org/data/main/p/plib/1.8.5-8/debian/patches/04_CVE-2011-4620.diff

--- a/src/util/ulError.cxx
+++ b/src/util/ulError.cxx
@@ -39,7 +39,7 @@
 {
   va_list argp;
   va_start ( argp, fmt ) ;
-  vsprintf ( _ulErrorBuffer, fmt, argp ) ;
+  vsnprintf ( _ulErrorBuffer, sizeof(_ulErrorBuffer), fmt, argp ) ;
   va_end ( argp ) ;
  
   if ( _ulErrorCB )