Version in base suite: 2.5.5-1
Version in overlay suite: 2.5.5-1+deb10u1

Base version: bro_2.5.5-1
Target version: bro_2.5.5-1+deb10u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/b/bro/bro_2.5.5-1.dsc
Target file: /srv/ftp-master.debian.org/ftp/pool/main/b/bro/bro_2.5.5-1+deb10u1.dsc

 changelog                                                        |    7 +
 patches/0006-Fix-potential-memory-leak-in-Kerberos-scripts.patch |   38 ++++++++++
 patches/0007-Fix-IRC-names-command-parsing.patch                 |   35 +++++++++
 patches/series                                                   |    2 
 4 files changed, 82 insertions(+)

diff: /srv/release.debian.org/tmp/IigAgRpuRz/bro-2.5.5/doc/components/binpac/README.rst: No such file or directory
diff: /srv/release.debian.org/tmp/xB41cSZLSS/bro-2.5.5/doc/components/binpac/README.rst: No such file or directory
diff: /srv/release.debian.org/tmp/IigAgRpuRz/bro-2.5.5/doc/components/bro-aux/README.rst: No such file or directory
diff: /srv/release.debian.org/tmp/xB41cSZLSS/bro-2.5.5/doc/components/bro-aux/README.rst: No such file or directory
diff: /srv/release.debian.org/tmp/IigAgRpuRz/bro-2.5.5/doc/components/bro-plugins/README.rst: No such file or directory
diff: /srv/release.debian.org/tmp/xB41cSZLSS/bro-2.5.5/doc/components/bro-plugins/README.rst: No such file or directory
diff: /srv/release.debian.org/tmp/IigAgRpuRz/bro-2.5.5/doc/components/bro-plugins/elasticsearch/README.rst: No such file or directory
diff: /srv/release.debian.org/tmp/xB41cSZLSS/bro-2.5.5/doc/components/bro-plugins/elasticsearch/README.rst: No such file or directory
diff: /srv/release.debian.org/tmp/IigAgRpuRz/bro-2.5.5/doc/components/bro-plugins/kafka/README.rst: No such file or directory
diff: /srv/release.debian.org/tmp/xB41cSZLSS/bro-2.5.5/doc/components/bro-plugins/kafka/README.rst: No such file or directory
diff: /srv/release.debian.org/tmp/IigAgRpuRz/bro-2.5.5/doc/components/bro-plugins/myricom/README.rst: No such file or directory
diff: /srv/release.debian.org/tmp/xB41cSZLSS/bro-2.5.5/doc/components/bro-plugins/myricom/README.rst: No such file or directory
diff: /srv/release.debian.org/tmp/IigAgRpuRz/bro-2.5.5/doc/components/bro-plugins/netmap/README.rst: No such file or directory
diff: /srv/release.debian.org/tmp/xB41cSZLSS/bro-2.5.5/doc/components/bro-plugins/netmap/README.rst: No such file or directory
diff: /srv/release.debian.org/tmp/IigAgRpuRz/bro-2.5.5/doc/components/bro-plugins/pf_ring/README.rst: No such file or directory
diff: /srv/release.debian.org/tmp/xB41cSZLSS/bro-2.5.5/doc/components/bro-plugins/pf_ring/README.rst: No such file or directory
diff: /srv/release.debian.org/tmp/IigAgRpuRz/bro-2.5.5/doc/components/bro-plugins/redis/README.rst: No such file or directory
diff: /srv/release.debian.org/tmp/xB41cSZLSS/bro-2.5.5/doc/components/bro-plugins/redis/README.rst: No such file or directory
diff: /srv/release.debian.org/tmp/IigAgRpuRz/bro-2.5.5/doc/components/broccoli/README.rst: No such file or directory
diff: /srv/release.debian.org/tmp/xB41cSZLSS/bro-2.5.5/doc/components/broccoli/README.rst: No such file or directory
diff: /srv/release.debian.org/tmp/IigAgRpuRz/bro-2.5.5/doc/components/broccoli/broccoli-manual.rst: No such file or directory
diff: /srv/release.debian.org/tmp/xB41cSZLSS/bro-2.5.5/doc/components/broccoli/broccoli-manual.rst: No such file or directory
diff: /srv/release.debian.org/tmp/IigAgRpuRz/bro-2.5.5/doc/components/broccoli-python/README.rst: No such file or directory
diff: /srv/release.debian.org/tmp/xB41cSZLSS/bro-2.5.5/doc/components/broccoli-python/README.rst: No such file or directory
diff: /srv/release.debian.org/tmp/IigAgRpuRz/bro-2.5.5/doc/components/broccoli-ruby/README.rst: No such file or directory
diff: /srv/release.debian.org/tmp/xB41cSZLSS/bro-2.5.5/doc/components/broccoli-ruby/README.rst: No such file or directory
diff: /srv/release.debian.org/tmp/IigAgRpuRz/bro-2.5.5/doc/components/broctl/README.rst: No such file or directory
diff: /srv/release.debian.org/tmp/xB41cSZLSS/bro-2.5.5/doc/components/broctl/README.rst: No such file or directory
diff: /srv/release.debian.org/tmp/IigAgRpuRz/bro-2.5.5/doc/components/broker/README.rst: No such file or directory
diff: /srv/release.debian.org/tmp/xB41cSZLSS/bro-2.5.5/doc/components/broker/README.rst: No such file or directory
diff: /srv/release.debian.org/tmp/IigAgRpuRz/bro-2.5.5/doc/components/broker/broker-manual.rst: No such file or directory
diff: /srv/release.debian.org/tmp/xB41cSZLSS/bro-2.5.5/doc/components/broker/broker-manual.rst: No such file or directory
diff: /srv/release.debian.org/tmp/IigAgRpuRz/bro-2.5.5/doc/components/btest/README.rst: No such file or directory
diff: /srv/release.debian.org/tmp/xB41cSZLSS/bro-2.5.5/doc/components/btest/README.rst: No such file or directory
diff: /srv/release.debian.org/tmp/IigAgRpuRz/bro-2.5.5/doc/components/capstats/README.rst: No such file or directory
diff: /srv/release.debian.org/tmp/xB41cSZLSS/bro-2.5.5/doc/components/capstats/README.rst: No such file or directory
diff: /srv/release.debian.org/tmp/IigAgRpuRz/bro-2.5.5/doc/components/pysubnettree/README.rst: No such file or directory
diff: /srv/release.debian.org/tmp/xB41cSZLSS/bro-2.5.5/doc/components/pysubnettree/README.rst: No such file or directory
diff: /srv/release.debian.org/tmp/IigAgRpuRz/bro-2.5.5/doc/components/trace-summary/README.rst: No such file or directory
diff: /srv/release.debian.org/tmp/xB41cSZLSS/bro-2.5.5/doc/components/trace-summary/README.rst: No such file or directory
diff: /srv/release.debian.org/tmp/IigAgRpuRz/bro-2.5.5/doc/install/CHANGES-binpac.txt: No such file or directory
diff: /srv/release.debian.org/tmp/xB41cSZLSS/bro-2.5.5/doc/install/CHANGES-binpac.txt: No such file or directory
diff: /srv/release.debian.org/tmp/IigAgRpuRz/bro-2.5.5/doc/install/CHANGES-bro-aux.txt: No such file or directory
diff: /srv/release.debian.org/tmp/xB41cSZLSS/bro-2.5.5/doc/install/CHANGES-bro-aux.txt: No such file or directory
diff: /srv/release.debian.org/tmp/IigAgRpuRz/bro-2.5.5/doc/install/CHANGES-broccoli-python.txt: No such file or directory
diff: /srv/release.debian.org/tmp/xB41cSZLSS/bro-2.5.5/doc/install/CHANGES-broccoli-python.txt: No such file or directory
diff: /srv/release.debian.org/tmp/IigAgRpuRz/bro-2.5.5/doc/install/CHANGES-broccoli-ruby.txt: No such file or directory
diff: /srv/release.debian.org/tmp/xB41cSZLSS/bro-2.5.5/doc/install/CHANGES-broccoli-ruby.txt: No such file or directory
diff: /srv/release.debian.org/tmp/IigAgRpuRz/bro-2.5.5/doc/install/CHANGES-broccoli.txt: No such file or directory
diff: /srv/release.debian.org/tmp/xB41cSZLSS/bro-2.5.5/doc/install/CHANGES-broccoli.txt: No such file or directory
diff: /srv/release.debian.org/tmp/IigAgRpuRz/bro-2.5.5/doc/install/CHANGES-broctl.txt: No such file or directory
diff: /srv/release.debian.org/tmp/xB41cSZLSS/bro-2.5.5/doc/install/CHANGES-broctl.txt: No such file or directory
diff: /srv/release.debian.org/tmp/IigAgRpuRz/bro-2.5.5/doc/install/CHANGES-btest.txt: No such file or directory
diff: /srv/release.debian.org/tmp/xB41cSZLSS/bro-2.5.5/doc/install/CHANGES-btest.txt: No such file or directory
diff: /srv/release.debian.org/tmp/IigAgRpuRz/bro-2.5.5/doc/install/CHANGES-capstats.txt: No such file or directory
diff: /srv/release.debian.org/tmp/xB41cSZLSS/bro-2.5.5/doc/install/CHANGES-capstats.txt: No such file or directory
diff: /srv/release.debian.org/tmp/IigAgRpuRz/bro-2.5.5/doc/install/CHANGES-pysubnettree.txt: No such file or directory
diff: /srv/release.debian.org/tmp/xB41cSZLSS/bro-2.5.5/doc/install/CHANGES-pysubnettree.txt: No such file or directory
diff: /srv/release.debian.org/tmp/IigAgRpuRz/bro-2.5.5/doc/install/CHANGES-trace-summary.txt: No such file or directory
diff: /srv/release.debian.org/tmp/xB41cSZLSS/bro-2.5.5/doc/install/CHANGES-trace-summary.txt: No such file or directory
diff -Nru bro-2.5.5/debian/changelog bro-2.5.5/debian/changelog
--- bro-2.5.5/debian/changelog	2018-09-05 14:05:40.000000000 +0000
+++ bro-2.5.5/debian/changelog	2019-06-25 19:26:53.000000000 +0000
@@ -1,3 +1,10 @@
+bro (2.5.5-1+deb10u1) buster-security; urgency=medium
+
+  * Add patches for CVE-2018-16807, CVE-2018-17019 (Closes: #908614,
+    #908779)
+
+ -- Hilko Bengen <bengen@debian.org>  Tue, 25 Jun 2019 21:26:53 +0200
+
 bro (2.5.5-1) unstable; urgency=medium
 
   * New upstream version 2.5.5
diff -Nru bro-2.5.5/debian/patches/0006-Fix-potential-memory-leak-in-Kerberos-scripts.patch bro-2.5.5/debian/patches/0006-Fix-potential-memory-leak-in-Kerberos-scripts.patch
--- bro-2.5.5/debian/patches/0006-Fix-potential-memory-leak-in-Kerberos-scripts.patch	1970-01-01 00:00:00.000000000 +0000
+++ bro-2.5.5/debian/patches/0006-Fix-potential-memory-leak-in-Kerberos-scripts.patch	2019-06-25 19:26:53.000000000 +0000
@@ -0,0 +1,38 @@
+From: Jon Siwek <jsiwek@corelight.com>
+Date: Mon, 10 Sep 2018 18:06:07 -0500
+Subject: Fix potential memory leak in Kerberos scripts
+
+Reported by Maksim Shudrak.
+
+---
+
+Stripped files:
+ testing/btest/Traces/krb/optional-service-name.pcap
+ testing/btest/core/leaks/krb-service-name.test
+
+---
+
+diff --git a/scripts/base/protocols/krb/main.bro b/scripts/base/protocols/krb/main.bro
+index 02abced..9621378 100644
+--- a/scripts/base/protocols/krb/main.bro
++++ b/scripts/base/protocols/krb/main.bro
+@@ -140,7 +140,8 @@ event krb_as_request(c: connection, msg: KDC_Request) &priority=5
+ 
+ 	c$krb$request_type = "AS";
+ 	c$krb$client       = fmt("%s/%s", msg?$client_name ? msg$client_name : "", msg$service_realm);
+-	c$krb$service      = msg$service_name;
++	if ( msg?$service_name )
++		c$krb$service      = msg$service_name;
+ 
+ 	if ( msg?$from )
+ 		c$krb$from = msg$from;
+@@ -183,7 +184,8 @@ event krb_tgs_request(c: connection, msg: KDC_Request) &priority=5
+ 		return;
+ 
+ 	c$krb$request_type = "TGS";
+-	c$krb$service = msg$service_name;
++	if ( msg?$service_name )
++		c$krb$service = msg$service_name;
+ 	if ( msg?$from ) 
+ 		c$krb$from = msg$from;
+ 	c$krb$till = msg$till;
diff -Nru bro-2.5.5/debian/patches/0007-Fix-IRC-names-command-parsing.patch bro-2.5.5/debian/patches/0007-Fix-IRC-names-command-parsing.patch
--- bro-2.5.5/debian/patches/0007-Fix-IRC-names-command-parsing.patch	1970-01-01 00:00:00.000000000 +0000
+++ bro-2.5.5/debian/patches/0007-Fix-IRC-names-command-parsing.patch	2019-06-25 19:24:57.000000000 +0000
@@ -0,0 +1,35 @@
+From: Jon Siwek <jsiwek@corelight.com>
+Date: Wed, 12 Sep 2018 19:47:57 -0500
+Subject: Fix IRC names command parsing
+
+---
+
+Stripped files:
+ testing/btest/Traces/irc-353.pcap
+ testing/btest/scripts/base/protocols/irc/names-weird.bro
+ testing/btest/Baseline/scripts.base.protocols.irc.names-weird/weird.log
+
+---
+
+diff --git a/src/analyzer/protocol/irc/IRC.cc b/src/analyzer/protocol/irc/IRC.cc
+index a26045f..de8846c 100644
+--- a/src/analyzer/protocol/irc/IRC.cc
++++ b/src/analyzer/protocol/irc/IRC.cc
+@@ -252,14 +252,15 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
+ 			{
+ 			vector<string> parts = SplitWords(params, ' ');
+ 
+-			// Remove nick name.
+-			parts.erase(parts.begin());
+-			if ( parts.size() < 2 )
++			if ( parts.size() < 3 )
+ 				{
+ 				Weird("irc_invalid_names_line");
+ 				return;
+ 				}
+ 
++			// Remove nick name.
++			parts.erase(parts.begin());
++
+ 			string type = parts[0];
+ 			string channel = parts[1];
diff -Nru bro-2.5.5/debian/patches/series bro-2.5.5/debian/patches/series
--- bro-2.5.5/debian/patches/series	2018-06-17 10:44:48.000000000 +0000
+++ bro-2.5.5/debian/patches/series	2019-05-10 22:56:50.000000000 +0000
@@ -3,3 +3,5 @@
 0003-Fix-btest-paths.patch
 0004-Port-most-of-bro-to-OpenSSL-1.1.patch
 0005-Disable-OCSP-features-that-can-t-yet-be-ported-to-Op.patch
+0006-Fix-potential-memory-leak-in-Kerberos-scripts.patch
+0007-Fix-IRC-names-command-parsing.patch