Release 2.5.3.

CHANGES

@@ -1,4 +1,11 @@
 
+2.5.3 | 2018-02-13 09:35:56 -0800
+
+  * Release 2.5.3. (Johanna Amann)
+
+	* Patch in Binpac submodule that fixes an integer overflow
+	  (Philippe Antoine/Catena cyber).
+
 2.5.2 | 2017-10-16 13:37:47 -0700
 
   * Release 2.5.2
@@ -6,7 +13,7 @@
   * Patch OOB write in content-line analyzer.
 
     A combination of packets can trigger an out of bound write of '0' byte
-    in the content-line analyzer. Addresses BIT-1856.
+    in the content-line analyzer. Addresses BIT-1856/CVE-2017-1000458.
     (Frank Meier/Johanna Amann)
 
 2.5.1 | 2017-06-26 15:55:45 -0700

NEWS

@@ -4,13 +4,22 @@ release. For an exhaustive list of changes, see the ``CHANGES`` file
 (note that submodules, such as BroControl and Broccoli, come with
 their own ``CHANGES``.)
 
+Bro 2.5.3
+=========
+
+Bro 2.5.3 fixes a security issue in Binpac generated code. In some cases
+the code generated by binpac could leat to an integer overflow which can
+lead to out of bound reads and allow a remote attacker to crash Bro; there
+is also a possibility that this can be exploited in other ways.
+
 Bro 2.5.2
 =========
 
 Bro 2.5.2 fixes a security issue in the ContentLine analyzer. In rare cases
 a bug in the ContentLine analyzer can lead to an out of bound write of a single
 byte. This allows a remote attacker to crash Bro; there also is a possibility
-this can be exploited in other ways.
+this can be exploited in other ways. CVE-2017-1000458 has been assigned to this
+issue.
 
 Bro 2.5.1
 =========

VERSION

@@ -1 +1 @@
-2.5.2
+2.5.3

aux/binpac

@@ -1 +1 @@
-Subproject commit 27356ae52ff9ff639b53a7325ea3262e1a13b704
+Subproject commit 2632263eab3a74ee1a5b94b79a10dbfb7950f761