Bro 2.6.3 release (security update)

A security patch release, Bro v2.6.3, is now available for

Bro v2.6.3 addresses the following Denial of Service

* Null pointer dereference in the RPC analysis code. RPC
  analyzers (e.g. MOUNT or NFS) are not enabled in the default

* Signed integer overflow in BinPAC-generated parser code. The
  result of this is Undefined Behavior with respect to the array
  bounds checking conditions that BinPAC generates, so it's
  unpredictable what an optimizing compiler may actually do
  under the assumption that signed integer overlows should never
  happen. The specific symptom which lead to finding this issue
  was with the PE analyzer causing out-of-memory crashes due to
  large allocations that were otherwise prevented when the array
  bounds checking logic was changed to prevent any possible
  signed integer overlow.