diff --git a/CHANGES b/CHANGES
index 0aa2ec9a3a..50cfab3c0c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,10 @@
 
+2.4-266 | 2016-02-01 12:36:30 -0800
+
+  * Add testcase for CVE-2015-3194. (Johanna Amann)
+
+  * Fix portability issue with use of mktemp. (Daniel Thayer)
+
 2.4-260 | 2016-01-28 08:05:27 -0800
 
   * Correct irc_privmsg_message event handling bug. (Mark Taylor)
diff --git a/VERSION b/VERSION
index 37fe0fc712..9f39dc8449 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.4-260
+2.4-266
diff --git a/aux/btest b/aux/btest
index 71a1e3efc4..92deefbc5e 160000
--- a/aux/btest
+++ b/aux/btest
@@ -1 +1 @@
-Subproject commit 71a1e3efc437aa9f981be71affa1c4615e8d98a5
+Subproject commit 92deefbc5ea8218dc98117fb115af79a5b247c70
diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.cve-2015-3194/ssl.log b/testing/btest/Baseline/scripts.base.protocols.ssl.cve-2015-3194/ssl.log
new file mode 100644
index 0000000000..d01b484a71
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.ssl.cve-2015-3194/ssl.log
@@ -0,0 +1,10 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	ssl
+#open	2016-01-19-22-45-44
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	curve	server_name	resumed	last_alert	next_protocol	established	cert_chain_fuids	client_cert_chain_fuids	subject	issuer	client_subject	client_issuer	validation_status
+#types	time	string	addr	port	addr	port	string	string	string	string	bool	string	string	bool	vector[string]	vector[string]	string	string	string	string	string
+1449265638.475275	CXWv6p3arKYeMETxOg	192.168.6.74	52122	104.236.167.107	4433	TLSv12	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384	secp256r1	-	F	-	-	T	Fvv5qY2DMGQY2MYQ03	(empty)	CN=bro.org,L=Berkeley,ST=CA,C=US	CN=Visa eCommerce Root,OU=Visa International Service Association,O=VISA,C=US	-	-	certificate signature failure
+#close	2016-01-19-22-45-44
diff --git a/testing/btest/Traces/tls/CVE-2015-3194.pcap b/testing/btest/Traces/tls/CVE-2015-3194.pcap
new file mode 100644
index 0000000000..c4a69bcc91
Binary files /dev/null and b/testing/btest/Traces/tls/CVE-2015-3194.pcap differ
diff --git a/testing/btest/scripts/base/protocols/ssl/cve-2015-3194.test b/testing/btest/scripts/base/protocols/ssl/cve-2015-3194.test
new file mode 100644
index 0000000000..d2aa7b536f
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/ssl/cve-2015-3194.test
@@ -0,0 +1,6 @@
+# This tests if Bro does not crash when exposed to CVE-2015-3194
+
+# @TEST-EXEC: bro -r $TRACES/tls/CVE-2015-3194.pcap %INPUT
+# @TEST-EXEC: btest-diff ssl.log
+
+@load protocols/ssl/validate-certs.bro