On Tue, Jan 29, 2019 at 02:19:20AM +0100, Hilko Bengen wrote: > * Moritz Mühlenhoff: > > >> CVE-2018-17019: > >> | In Bro through 2.5.5, there is a DoS in IRC protocol names command > >> | parsing in analyzer/protocol/irc/IRC.cc. > > > > ping, can we get this one (and CVE-2018-16807) uploaded still in time > > for buster? > > Working on 2.6.1, but I need to get broker (and a new upstream versio > nof actor-framework) into unstable first. Working on that, too.
With buster being in full freeze, can you backport CVE-2018-17019 and CVE-2018-16807 to 2.5.5, please? Cheers, Moritz