diff -up tcp_wrappers_7.6/eval.c.patch4 tcp_wrappers_7.6/eval.c
--- tcp_wrappers_7.6/eval.c.patch4	1995-01-30 19:51:46.000000000 +0100
+++ tcp_wrappers_7.6/eval.c	2008-08-29 09:45:12.000000000 +0200
@@ -111,7 +111,7 @@ struct request_info *request;
 	return (hostinfo);
 #endif
     if (STR_NE(eval_user(request), unknown)) {
-	sprintf(both, "%s@%s", request->user, hostinfo);
+	snprintf(both, sizeof(both), "%s@%s", request->user, hostinfo);
 	return (both);
     } else {
 	return (hostinfo);
@@ -128,7 +128,7 @@ struct request_info *request;
     char   *daemon = eval_daemon(request);
 
     if (STR_NE(host, unknown)) {
-	sprintf(both, "%s@%s", daemon, host);
+	snprintf(both, sizeof(both), "%s@%s", daemon, host);
 	return (both);
     } else {
 	return (daemon);
diff -up tcp_wrappers_7.6/tcpd.c.patch4 tcp_wrappers_7.6/tcpd.c
--- tcp_wrappers_7.6/tcpd.c.patch4	1996-02-11 17:01:33.000000000 +0100
+++ tcp_wrappers_7.6/tcpd.c	2008-08-29 09:45:12.000000000 +0200
@@ -60,10 +60,10 @@ char  **argv;
      */
 
     if (argv[0][0] == '/') {
-	strcpy(path, argv[0]);
+	strncpy(path, argv[0], sizeof(path));
 	argv[0] = strrchr(argv[0], '/') + 1;
     } else {
-	sprintf(path, "%s/%s", REAL_DAEMON_DIR, argv[0]);
+	snprintf(path, sizeof(path), "%s/%s", REAL_DAEMON_DIR, argv[0]);
     }
 
     /*