diff -u sylpheed-claws-1.0.5/debian/changelog sylpheed-claws-1.0.5/debian/changelog
--- sylpheed-claws-1.0.5/debian/changelog
+++ sylpheed-claws-1.0.5/debian/changelog
@@ -1,3 +1,14 @@
+sylpheed-claws (1.0.5-2ubuntu1) dapper-security; urgency=low
+
+  * SECURITY UPDATE: a format string error could lead to arbitrary
+    code execution.
+  * Add 'debian/patches/12security_2.10.0cvs153.patch': add format string to
+    alertpanel_error_log() call. Patch from upstream CVS. (Fixes LP: #136302)
+  * References
+    http://www.colino.net/claws-mail/getpatchset.php3?ver=2.10.0cvs153&view=src/inc.c
+
+ -- Cesare Tirabassi <cesare.tirabassi@gmail.com>  Thu, 06 Sep 2007 15:27:50 +0200
+
 sylpheed-claws (1.0.5-2) unstable; urgency=high
 
   * Security upload (Closes: #338436)
only in patch2:
unchanged:
--- sylpheed-claws-1.0.5.orig/debian/patches/12security_2.10.0cvs153.patch
+++ sylpheed-claws-1.0.5/debian/patches/12security_2.10.0cvs153.patch
@@ -0,0 +1,12 @@
+diff -Nur sylpheed-claws-1.0.5/src/inc.c sylpheed-claws-1.0.5.new/src/inc.c
+--- sylpheed-claws-1.0.5/src/inc.c	2005-06-27 13:50:13.000000000 +0200
++++ sylpheed-claws-1.0.5.new/src/inc.c	2007-09-06 15:25:42.000000000 +0200
+@@ -1180,7 +1180,7 @@
+ 			log_warning("%s\n", log_msg);
+ 	}
+ 	if (err_msg) {
+-		alertpanel_error_log(err_msg);
++		alertpanel_error_log("%s", err_msg);
+ 		g_free(err_msg);
+ 	}
+ }