security/vuxml: Mark bro < 2.6.3 as vulnerable as per:

https://raw.githubusercontent.com/zeek/zeek/1d874e5548a58b3b8fd2a342fe4aa0944e779809/NEWS

The issues are a null pointer dereference in the RPC analysis code
and a signed integer overflow in BinPAC-generated parser code.

Approved by: matthew (mentor, implicit)