diff --git a/ChangeLog b/ChangeLog
index 9ac647a39c..527d4b53f0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+Fri Dec  5 01:19:21 2008  Yukihiro Matsumoto  <matz@ruby-lang.org>
+
+	* pack.c (pack_pack): propagate taint status from format string to
+	  result string.
+
 Thu Dec  4 16:19:18 2008  Yukihiro Matsumoto  <matz@ruby-lang.org>
 
 	* ext/openssl/ossl_ssl.c (ossl_ssl_read_nonblock):
diff --git a/pack.c b/pack.c
index bd6546cd76..9d23062119 100644
--- a/pack.c
+++ b/pack.c
@@ -1000,6 +1000,7 @@ pack_pack(ary, fmt)
     if (associates) {
 	rb_str_associate(res, associates);
     }
+    OBJ_INFECT(res, fmt);
     return res;
 }