diff --git a/ctags-5.8-format-security.patch b/ctags-5.8-format-security.patch
new file mode 100644
index 0000000..ccd3986
--- /dev/null
+++ b/ctags-5.8-format-security.patch
@@ -0,0 +1,12 @@
+diff -Naur ctags-5.8.orig/lregex.c ctags-5.8/lregex.c
+--- ctags-5.8.orig/lregex.c	2007-09-10 04:36:48.000000000 +0200
++++ ctags-5.8/lregex.c	2014-04-14 21:09:17.716000000 +0200
+@@ -408,7 +408,7 @@
+ 		const char* regexfile = parameter + 1;
+ 		FILE* const fp = fopen (regexfile, "r");
+ 		if (fp == NULL)
+-			error (WARNING | PERROR, regexfile);
++			error (WARNING | PERROR, "%s", regexfile);
+ 		else
+ 		{
+ 			vString* const regex = vStringNew ();
diff --git a/ctags.spec b/ctags.spec
index 403e30e..5ad5a52 100644
--- a/ctags.spec
+++ b/ctags.spec
@@ -1,7 +1,7 @@
 Summary: A C programming language indexing and/or cross-reference tool
 Name: ctags
 Version: 5.8
-Release: 12%{?dist}
+Release: 13%{?dist}
 License: GPLv2+ and LGPLv2+ and Public Domain
 Group: Development/Tools
 URL: http://ctags.sourceforge.net/
@@ -12,6 +12,7 @@ Patch2: ctags-5.8-css.patch
 Patch3: ctags-5.8-ocaml-crash.patch
 Patch4: ctags-5.8-cssparse.patch
 Patch5: ctags-5.8-memmove.patch
+Patch6: ctags-5.8-format-security.patch
 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 %description
@@ -51,6 +52,7 @@ Note: some command line options is not compatible with GNU etags.
 %patch3 -p1 -b .ocaml-crash
 %patch4 -p1 -b .cssparse-crash
 %patch5 -p1 -b .memmove
+%patch6 -p1 -b .fmt-sec
 
 %build
 %configure
@@ -93,6 +95,9 @@ rm -rf %{buildroot}
 %{_mandir}/man1/etags.%{name}.1*
 
 %changelog
+* Mon Apr 14 2014 Jaromir Capik <jcapik@redhat.com> - 5.8-13
+- Fixing format-security flaws (#1037028)
+
 * Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 5.8-12
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild