This package has been requested to
be removed. This means that, when this request gets
processed by an ftp-master, this package will no longer be in
unstable, and will automatically be removed from testing too
afterwards. If for some reason you want keep this package in
unstable, please discuss so in the bug. Please see bug number #978539 for more information.
CVE-2017-1000458: Bro before Bro v2.5.2 is vulnerable to an out of bounds write in the ContentLine analyzer allowing remote attackers to cause a denial of service (crash) and possibly other exploitation.
CVE-2018-16807: In Bro through 2.5.5, there is a memory leak potentially leading to DoS in scripts/base/protocols/krb/main.bro in the Kerberos protocol parser.
CVE-2018-17019: In Bro through 2.5.5, there is a DoS in IRC protocol names command parsing in analyzer/protocol/irc/IRC.cc.
CVE-2019-12175: In Zeek Network Security Monitor (formerly known as Bro) before 2.6.2, a NULL pointer dereference in the Kerberos (aka KRB) protocol parser leads to DoS because a case-type index is mishandled.
CVE-2019-12175: In Zeek Network Security Monitor (formerly known as Bro) before 2.6.2, a NULL pointer dereference in the Kerberos (aka KRB) protocol parser leads to DoS because a case-type index is mishandled.
Please fix it.
Standards version of the package is outdated.
wishlist
The package should be updated to follow the last version of Debian Policy
(Standards-Version 4.5.1 instead of
4.3.0).
![[bug history graph]](https://qa.debian.org/data/bts/graphs/b/bro.png){kind=link}