diff -u sylpheed-2.3.1/debian/changelog sylpheed-2.3.1/debian/changelog
--- sylpheed-2.3.1/debian/changelog
+++ sylpheed-2.3.1/debian/changelog
@@ -1,3 +1,15 @@
+sylpheed (2.3.1-1ubuntu0.1) feisty-security; urgency=low
+
+  * SECURITY UPDATE: a format string error could lead to arbitrary
+    code execution.
+  * Add 'debian/patches/06SecurityFixSA26550.diff': add format string to
+    alertpanel_error() call. Patch from upstream CVS. (Fixes LP: #136302)
+  * References
+    http://secunia.com/advisories/26550/
+    CVE-2007-2958
+
+ -- Cesare Tirabassi <cesare.tirabassi@gmail.com>  Thu, 06 Sep 2007 15:27:50 +0200
+
 sylpheed (2.3.1-1~ubuntu1) feisty; urgency=low
 
   * Fake sync with unpublished debian version (LP: #84604, #74794, #81748)
only in patch2:
unchanged:
--- sylpheed-2.3.1.orig/debian/patches/06SecurityFixSA26550.diff
+++ sylpheed-2.3.1/debian/patches/06SecurityFixSA26550.diff
@@ -0,0 +1,12 @@
+diff -Nur sylpheed-2.3.1/build-tree/sylpheed-2.3.1/src/inc.c sylpheed-2.3.1.new/build-tree/sylpheed-2.3.1/src/inc.c
+--- sylpheed-2.3.1/src/inc.c	2007-01-12 07:14:57.000000000 +0100
++++ sylpheed-2.3.1/src/inc.c	2007-09-06 22:49:56.000000000 +0200
+@@ -1249,7 +1249,7 @@
+ 			log_warning("%s\n", log_msg);
+ 	}
+ 	if (err_msg) {
+-		alertpanel_error(err_msg);
++		alertpanel_error("%s", err_msg);
+ 		g_free(err_msg);
+ 	}
+ }