diff -Nru liboping-1.10.0/debian/changelog liboping-1.10.0/debian/changelog
--- liboping-1.10.0/debian/changelog	2020-07-02 21:37:07.000000000 +0000
+++ liboping-1.10.0/debian/changelog	2022-02-13 16:10:19.000000000 +0000
@@ -1,3 +1,10 @@
+liboping (1.10.0-4+rpi1) bookworm-staging; urgency=medium
+
+  * Apply patch taken from upstream pull request 61
+    to fix format-extra-args and format-security errors.
+
+ -- Peter Michael Green <plugwash@raspbian.org>  Sun, 13 Feb 2022 16:10:19 +0000
+
 liboping (1.10.0-4) unstable; urgency=high
 
   * Bump debhelper from old 12 to 13.
diff -Nru liboping-1.10.0/debian/patches/fix-format-security.patch liboping-1.10.0/debian/patches/fix-format-security.patch
--- liboping-1.10.0/debian/patches/fix-format-security.patch	1970-01-01 00:00:00.000000000 +0000
+++ liboping-1.10.0/debian/patches/fix-format-security.patch	2022-02-13 13:56:51.000000000 +0000
@@ -0,0 +1,48 @@
+commit 609559aa3b257a5eb627717d870dfce336f941ec
+Author: Sergei Trofimovich <slyich@gmail.com>
+Date:   Mon Nov 15 08:05:43 2021 +0000
+
+    src/oping.c: always use "%s"-style format for printf()-style functions
+    
+    `ncuses-6.3` added printf-style function attributes and now makes
+    it easier to catch cases when user input is used in palce of format
+    string when built with CFLAGS=-Werror=format-security:
+    
+        oping.c:1265:41: error: format not a string literal and no format arguments [-Werror=format-security]
+         1265 |                                         hist_symbols_utf8[index]);
+              |                                         ^~~~~~~~~~~~~~~~~
+    
+    Let's wrap all the missing places with "%s" format.
+
+diff --git a/src/oping.c b/src/oping.c
+index c087c80..af4a0cb 100644
+--- a/src/oping.c
++++ b/src/oping.c
+@@ -1156,7 +1156,7 @@ static int update_graph_prettyping (ping_context_t *ctx, /* {{{ */
+ 			wattron (ctx->window, COLOR_PAIR(color));
+ 
+ 		if (has_utf8())
+-			mvwprintw (ctx->window, /* y = */ y_max, /* x = */ x + 2, symbol);
++			mvwprintw (ctx->window, /* y = */ y_max, /* x = */ x + 2, "%s", symbol);
+ 		else
+ 			mvwaddch (ctx->window, /* y = */ y_max, /* x = */ x + 2, symbolc);
+ 
+@@ -1262,7 +1262,7 @@ static int update_graph_histogram (ping_context_t *ctx) /* {{{ */
+ 			mvwaddch (ctx->window, /* y = */ y_max, /* x = */ x + 2, ' ');
+ 		else if (has_utf8 ())
+ 			mvwprintw (ctx->window, /* y = */ y_max, /* x = */ x + 2,
+-					hist_symbols_utf8[index]);
++					"%s", hist_symbols_utf8[index]);
+ 		else
+ 			mvwaddch (ctx->window, /* y = */ y_max, /* x = */ x + 2,
+ 					hist_symbols_acs[index] | A_ALTCHARSET);
+@@ -1639,8 +1639,7 @@ static void update_host_hook (pingobj_iter_t *iter, /* {{{ */
+ 
+ 			HOST_PRINTF ("%zu bytes from %s (%s): icmp_seq=%u ttl=%i ",
+ 					data_len, context->host, context->addr,
+-					sequence, recv_ttl,
+-					format_qos (recv_qos, recv_qos_str, sizeof (recv_qos_str)));
++					sequence, recv_ttl);
+ 			if ((recv_qos != 0) || (opt_send_qos != 0))
+ 			{
+ 				HOST_PRINTF ("qos=%s ",
diff -Nru liboping-1.10.0/debian/patches/series liboping-1.10.0/debian/patches/series
--- liboping-1.10.0/debian/patches/series	2020-07-02 21:37:07.000000000 +0000
+++ liboping-1.10.0/debian/patches/series	2022-02-13 16:10:19.000000000 +0000
@@ -2,3 +2,4 @@
 0003-typo.patch
 cherry-pick_18ca4350_ping_host_add_Decrease_buffer_size_to_make_GCCs_truncation_check_happy.patch
 debian-changes
+fix-format-security.patch