Subject: audit-packages bug
To: None <firstname.lastname@example.org>
From: Cillian Sharkey <cns@RedBrick.dcu.ie>
Date: 06/03/2002 16:57:10
There's a bug in audit-packages, as shown by the below output:
> Package openldap-1.2.13 has a denial-of-service vulnerability, see
The vulnerability above only affects the 2.x branch of OpenLDAP. The package
name in the vulnerability list is "openldap<2.0.20" so it also matches 1.2.13.
Unfortunately, the version matching functionality of pkg_info can't handle
more complex matches such as openldap>=2,<2.0.20. So what would be the best
workaround/solution for this?