This seems to be FORTIFY_SOURCE compiler flag. Debian sets level 2, but just level 1 triggers it.
The code uses sprintf to concatenate strings which is "undefined" behaviour, the offending code is flagged by enabling all compiler warnings when building pgn.cc
This explains why it wasn't caught in development. I've sent patch to Antonio which fixes it, but he should probably be skeptical as I've not done C/C++ for years, and haven't fixed related warning elsewhere. If we are using C++ we should probably consider using C++ output features, and definitely enabling all warnings and including FORTIFY_SOURCE level 2 as this is how the distros roll.
