"Insecurely-structured calls to syslog() found in certain versions of
Stunnel (prior to version 3.9) pass user-supplied data to the syslog()
function in such a way that maliciously embedded format specifiers in
this data can cause the process to overwrite sections of its own
memory with arbitrary data." Full details at SecurityFocus.
December 21, 2000