This updates fixes multiple (local) denial of services discovered by Alban
Crequy and Simon McVittie.
- CVE-2014-3477
Fix a denial of service (failure to obtain bus name) in
newly-activated system services that not all users are allowed to
access.
- CVE-2014-3638
Reduce maximum number of pending replies per connection to avoid
algorithmic complexity denial of service.
- CVE-2014-3639
The daemon now limits the number of unauthenticated connection slots
so that malicious processes cannot prevent new connections to the
system bus.
For Debian 6 Squeeze, these issues have been fixed in dbus version 1.2.24-4+squeeze3