Comment 20 for bug 136302

Yes I have many references :D

first reference: my knowledge about formatstring vulns in general. Putting an unsanitized string into a formatting function can be triggerd to execute arbitrary code or reveal memory information which subverts Ubuntus VA. Here you can read a good tutorial about it: http://doc.bughunter.net/format-string/exploit-fs.html .
second reference: the secunia advisorie telling that it is vulnerable http://secunia.com/advisories/26550/
third reference: the sylpheed author telling that it is vulnerable http://sylpheed.sraoss.jp/en/news.html
fourth reference: the codechange by the author in 2.4.5 (which was just a securityfix release) in inc.c, sanitizing the input into alertpanel_error by changing the corresponding code into: alertpanel_error("%s", err_msg);

But now I'm a bit afraid: what did you patch in claws because there the error was exaclty the same and you seem not to recognize it or have a clue about? Are you sure you patched the right code?