diff -u sylpheed-2.2.4/debian/changelog sylpheed-2.2.4/debian/changelog
--- sylpheed-2.2.4/debian/changelog
+++ sylpheed-2.2.4/debian/changelog
@@ -1,3 +1,15 @@
+sylpheed (2.2.4-1ubuntu1.1) dapper-security; urgency=low
+
+  * SECURITY UPDATE: a format string error could lead to arbitrary
+    code execution.
+  * Add 'debian/patches/06SecurityFixSA26550.diff': add format string to
+    alertpanel_error() call. Patch from upstream CVS. (Fixes LP: #136302)
+  * References
+    http://secunia.com/advisories/26550/
+    CVE-2007-2958
+
+ -- Cesare Tirabassi <cesare.tirabassi@gmail.com>  Thu, 06 Sep 2007 15:27:50 +0200
+
 sylpheed (2.2.4-1ubuntu1) dapper; urgency=low
 
   * drop the versioned depend on debhelper
only in patch2:
unchanged:
--- sylpheed-2.2.4.orig/debian/patches/06SecurityFixSA26550.diff
+++ sylpheed-2.2.4/debian/patches/06SecurityFixSA26550.diff
@@ -0,0 +1,12 @@
+diff -Nur sylpheed-2.2.4/build-tree/sylpheed-2.2.4/src/inc.c sylpheed-2.2.4.new/build-tree/sylpheed-2.2.4/src/inc.c
+--- sylpheed-2.2.4/src/inc.c	2006-03-09 07:01:45.000000000 +0100
++++ sylpheed-2.2.4/src/inc.c	2007-09-06 22:28:56.000000000 +0200
+@@ -1178,7 +1178,7 @@
+ 			log_warning("%s\n", log_msg);
+ 	}
+ 	if (err_msg) {
+-		alertpanel_error(err_msg);
++		alertpanel_error("%s", err_msg);
+ 		g_free(err_msg);
+ 	}
+ }