diff -u sylpheed-2.2.7/debian/changelog sylpheed-2.2.7/debian/changelog
--- sylpheed-2.2.7/debian/changelog
+++ sylpheed-2.2.7/debian/changelog
@@ -1,3 +1,15 @@
+sylpheed (2.2.7-1ubuntu0.1) edgy-security; urgency=low
+
+  * SECURITY UPDATE: a format string error could lead to arbitrary
+    code execution.
+  * Add 'debian/patches/06SecurityFixSA26550.diff': add format string to
+    alertpanel_error() call. Patch from upstream CVS. (Fixes LP: #136302)
+  * References
+    http://secunia.com/advisories/26550/
+    CVE-2007-2958
+
+ -- Cesare Tirabassi <cesare.tirabassi@gmail.com>  Thu, 06 Sep 2007 15:27:50 +0200
+
 sylpheed (2.2.7-1build1) edgy; urgency=low
 
   * Rebuild against libpisock.
only in patch2:
unchanged:
--- sylpheed-2.2.7.orig/debian/patches/06SecurityFixSA26550.diff
+++ sylpheed-2.2.7/debian/patches/06SecurityFixSA26550.diff
@@ -0,0 +1,12 @@
+diff -Nur sylpheed-2.2.7/build-tree/sylpheed-2.2.7/src/inc.c sylpheed-2.2.7.new/build-tree/sylpheed-2.2.7/src/inc.c
+--- sylpheed-2.2.7/src/inc.c	2006-07-25 03:40:29.000000000 +0200
++++ sylpheed-2.2.7/src/inc.c	2007-09-06 22:45:56.000000000 +0200
+@@ -1185,7 +1185,7 @@
+ 			log_warning("%s\n", log_msg);
+ 	}
+ 	if (err_msg) {
+-		alertpanel_error(err_msg);
++		alertpanel_error("%s", err_msg);
+ 		g_free(err_msg);
+ 	}
+ }