On Tue, Jan 29, 2019 at 02:19:20AM +0100, Hilko Bengen wrote:
> * Moritz Mühlenhoff:
>
> >> CVE-2018-17019[0]:
> >> | In Bro through 2.5.5, there is a DoS in IRC protocol names command
> >> | parsing in analyzer/protocol/irc/IRC.cc.
> >
> > ping, can we get this one (and CVE-2018-16807) uploaded still in time
> > for buster?
>
> Working on 2.6.1, but I need to get broker (and a new upstream versio
> nof actor-framework) into unstable first. Working on that, too.
With buster being in full freeze, can you backport CVE-2018-17019 and
CVE-2018-16807 to 2.5.5, please?
Cheers,
Moritz
