diff --git a/community/unarj/APKBUILD b/community/unarj/APKBUILD
index a8b43db4e65..b61aac08baf 100644
--- a/community/unarj/APKBUILD
+++ b/community/unarj/APKBUILD
@@ -1,14 +1,16 @@
 # Maintainer: Leonardo Arena <rnalrd@alpinelinux.org>
 pkgname=unarj
 pkgver=2.65
-pkgrel=1
+pkgrel=2
 pkgdesc="Extracting, testing and  viewing the contents of archives created with the ARJ archiver"
 options="!check" # No testsuite
 url="http://www.arjsoftware.com"
 arch="all"
 license="custom"
 source="https://src.fedoraproject.org/repo/pkgs/unarj/unarj-$pkgver.tar.gz/c6fe45db1741f97155c7def322aa74aa/unarj-$pkgver.tar.gz
-	time64.patch"
+	format-security.patch
+	time64.patch
+	"
 
 build() {
 	make
@@ -18,5 +20,8 @@ package() {
 	install -D -m755 unarj $pkgdir/usr/bin/unarj
 }
 
-sha512sums="747bdc940fcb8ac28207a90cec8011deb93fe26064a44c94de44d7dfc82cb1cc6db2d1a648af3626283fc4f5d608ec312900455827fd1b7835ccfb89e71a7ac7  unarj-2.65.tar.gz
-5c699162ef6c1d66e9b25dd0eb9b1684211622c09665b467751a7cb599dba4b1e888818a89fb846574adc858ea962ec114e65f08e62e7d21d28f282ee797b330  time64.patch"
+sha512sums="
+747bdc940fcb8ac28207a90cec8011deb93fe26064a44c94de44d7dfc82cb1cc6db2d1a648af3626283fc4f5d608ec312900455827fd1b7835ccfb89e71a7ac7  unarj-2.65.tar.gz
+42f18ea719ab908694b3105e90c0d9c8567fba7c76c98c5cbaf1cd482d0e0c3bca121b4b768967ca3dfb33314246a670eeda2badd21eb9c39e080ddd9ce6cf1f  format-security.patch
+5c699162ef6c1d66e9b25dd0eb9b1684211622c09665b467751a7cb599dba4b1e888818a89fb846574adc858ea962ec114e65f08e62e7d21d28f282ee797b330  time64.patch
+"
diff --git a/community/unarj/format-security.patch b/community/unarj/format-security.patch
new file mode 100644
index 00000000000..0d1bf984370
--- /dev/null
+++ b/community/unarj/format-security.patch
@@ -0,0 +1,66 @@
+diff --git a/unarj.c b/unarj.c
+index 406e48a..0515396 100644
+--- a/unarj.c
++++ b/unarj.c
+@@ -692,7 +692,7 @@ check_flags()
+     }
+     if ((arj_flags & GARBLE_FLAG) != 0)
+     {
+-        printf(M_ENCRYPT);
++        printf("%s", M_ENCRYPT);
+         printf(M_SKIPPED, filename);
+         skip();
+         return -1;
+@@ -756,7 +756,7 @@ extract()
+     }
+     printf(M_EXTRACT, name);
+     if (host_os != OS && file_type == BINARY_TYPE)
+-        printf(M_DIFFHOST);
++        printf("%s", M_DIFFHOST);
+     printf("  ");
+ 
+     crc = CRC_MASK;
+@@ -772,10 +772,10 @@ extract()
+     set_ftime_mode(name, time_stamp, file_mode, (uint) host_os);
+ 
+     if ((crc ^ CRC_MASK) == file_crc)
+-        printf(M_CRCOK);
++        printf("%s", M_CRCOK);
+     else
+     {
+-        printf(M_CRCERROR);
++        printf("%s", M_CRCERROR);
+         error_count++;
+     }
+     return 1;
+@@ -801,10 +801,10 @@ test()
+         decode_f();
+ 
+     if ((crc ^ CRC_MASK) == file_crc)
+-        printf(M_CRCOK);
++        printf("%s", M_CRCOK);
+     else
+     {
+-        printf(M_CRCERROR);
++        printf("%s", M_CRCERROR);
+         error_count++;
+     }
+     return 1;
+@@ -951,7 +951,7 @@ help()
+     int i;
+ 
+     for (i = 0; M_USAGE[i] != NULL; i++)
+-        printf(M_USAGE[i]);
++        printf("%s", M_USAGE[i]);
+ }
+ 
+ int
+@@ -966,7 +966,7 @@ char *argv[];
+     argc = ccommand(&argv);
+ #endif
+ 
+-    printf(M_VERSION);
++    printf("%s", M_VERSION);
+ 
+     if (argc == 1)
+     {