I'm planning to update dbus to the latest release. Reading the releasenotes, I found this: Due to a security issue (CVE-2008-4311) for which a large number of system services need fixes, the dbus 1.2 stable branch has been split into two streams. The "1.2.4Xpermissive" branch originates from 1.2.4, and maintains the unintended permissive default for messages. Releases 1.2.6 and later have a default deny. It is intended that the permissive branch only be used temporarily by vendors. For more information, see this mail: http://lists.freedesktop.org/archives/dbus/2008-December/010769.html I would like to package the 1.2.4.4permissive release now. As soon as it's moved into core, I would like to add the non-permissive version to testing and see what breaks. Doing so, we can close down this security leak in dbus and have all affected services fixed.