Subject: audit-packages bug
To: None <>
From: Cillian Sharkey <>
List: tech-pkg
Date: 06/03/2002 16:57:10
There's a bug in audit-packages, as shown by the below output:

> Package openldap-1.2.13 has a denial-of-service vulnerability, see

The vulnerability above only affects the 2.x branch of OpenLDAP. The package
name in the vulnerability list is "openldap<2.0.20" so it also matches 1.2.13.
Unfortunately, the version matching functionality of pkg_info can't handle
more complex matches such as openldap>=2,<2.0.20. So what would be the best
workaround/solution for this?