D-Bus 1.2.32 (UNRELEASED)
==

• ...

D-Bus 1.2.30 (2012-10-04)
==

• CVE-2012-3524: Don't access environment variables while setuid (fd.o #52202)
  This change corresponds to those in D-Bus 1.6.8 and 1.4.24.

D-Bus 1.2.28 (2011-06-10)
==

• Byte-swap foreign-endian messages correctly, preventing a long-standing
  local DoS if foreign-endian messages are relayed through the dbus-daemon
  (CVE-2011-2200, fd.o #38120, Debian #629938; Simon McVittie)

• Use AC_TRY_COMPILE in configure to avoid a symlink attack in /tmp
  during compilation

D-Bus 1.2.26 (21 December 2010)
==

• Fix for CVE-2010-4352: sending messages with excessively-nested variants can
  crash the bus. The existing restriction to 64-levels of nesting previously
  only applied to the static type signature; now it also applies to dynamic
  nesting using variants. Thanks to Rémi Denis-Courmont for discoving this
  issue.
• Corrected thread problem causing some calls to hang for 25s
• Enable address reuse on TCP sockets
• Fix use of $servicename in init script