Copied from
ubuntu lucid in
Private PPA for Ubuntu Security Team
by Ubuntu Archive Robot
Changelog
dbus (1.2.16-2ubuntu4.8) lucid-security; urgency=medium
* SECURITY UPDATE: denial of service via large number of pending replies
- debian/patches/CVE-2014-3638.patch: reduce max_replies_per_connection
to 128 in bus/config-parser.c.
- CVE-2014-3638
* SECURITY UPDATE: denial of service via incomplete connections
- debian/patches/CVE-2014-3639.patch: reduce auth_timeout in
bus/config-parser.c, stop listening on DBusServer sockets when
reaching max_incomplete_connections in bus/bus.*, bus/connection.*,
dbus/dbus-server-protected.h, dbus/dbus-server.c, dbus/dbus-watch.*.
- CVE-2014-3639
-- Marc Deslauriers <email address hidden> Wed, 17 Sep 2014 12:27:46 -0400