There's a bug in audit-packages, as shown by the below output:

> Package openldap-1.2.13 has a denial-of-service vulnerability, see
> http://www.openldap.org/lists/openldap-announce/200201/msg00002.html

The vulnerability above only affects the 2.x branch of OpenLDAP. The package
name in the vulnerability list is "openldap<2.0.20" so it also matches 1.2.13.
Unfortunately, the version matching functionality of pkg_info can't handle
more complex matches such as openldap>=2,<2.0.20. So what would be the best
workaround/solution for this?

-- 
Cillian