diff -u pidgin-otr-3.2.0/otr-plugin.c pidgin-otr-3.2.0/otr-plugin.c
--- pidgin-otr-3.2.0/otr-plugin.c
+++ pidgin-otr-3.2.0/otr-plugin.c
@@ -296,7 +296,7 @@
 
 static void log_message_cb(void *opdata, const char *message)
 {
-    purple_debug_info("otr", message);
+    purple_debug_info("otr", "%s", message);
 }
 
 static int max_message_size_cb(void *opdata, ConnContext *context)
diff -u pidgin-otr-3.2.0/debian/changelog pidgin-otr-3.2.0/debian/changelog
--- pidgin-otr-3.2.0/debian/changelog
+++ pidgin-otr-3.2.0/debian/changelog
@@ -1,3 +1,11 @@
+pidgin-otr (3.2.0-5ubuntu0.12.04.1) precise; urgency=low
+
+  * SECURITY UPDATE: format string vulnerability (LP: #1000363)
+    - otr-plugin.c: patch from upstream
+    - CVE-2012-2369
+
+ -- Felix Geyer <debfx@ubuntu.com>  Wed, 16 May 2012 20:59:11 +0200
+
 pidgin-otr (3.2.0-5) unstable; urgency=low
 
   * Fix key generation to use /dev/urandom with more recent libgcrypt