security/vuxml: Mark bro < 2.6.4 as vulnerable as per:

https://raw.githubusercontent.com/zeek/zeek/3b5a9f88ece1d274edee897837e280ef751bde94/NEWS

The issue is inproper data handling of data that is either either
empty or unterminated, resulting in invalid memory access or heap
buffer over-read.

Approved by: matthew (mentor, implicit)