pkg/39396: pkg-vulnerabilities: should list awstats 6.7nb1 not 6.9

[lists-netbsd%cappella.us@localhost]

>Number:         39396
>Category:       pkg
>Synopsis:       pkg-vulnerabilities: should list awstats 6.7nb1 not 6.9
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Sat Aug 23 19:45:00 +0000 2008
>Originator:     MrC
>Release:        4.0RC1
>Organization:
>Environment:
NetBSD glacier.mikecappella.com 4.0_RC1 NetBSD 4.0_RC1 (GENERIC.MP) #0: Sat Sep 
 1 15:50:48 PDT 2007  
builds@wb42:/home/builds/ab/netbsd-4-0-RC1/i386/200709011431Z-obj/home/builds/ab/netbsd-4-0-RC1/src/sys/arch/i386/compile/GENERIC.MP
 i386
>Description:
pkg-vulnerabilities lists:

awstats<6.9             cross-site-scripting    
http://secunia.com/advisories/31519/

but fix is applied in 6.7nb1:

http://mail-index.netbsd.org/pkgsrc-changes/2008/08/21/msg009593.html
Log Message:
Fix XSS (http://secunia.com/advisories/31519/).  Bump PKGREVISION.


Fails to build:

===> Checking for vulnerabilities in awstats-6.7nb1
Package awstats-6.7nb1 has a cross-site-scripting vulnerability, see: 
http://secunia.com/advisories/31519/
ERROR: Define ALLOW_VULNERABLE_PACKAGES in mk.conf or IGNORE_URLS in 
audit-packages.conf(5) if this package is absolutely essential.
*** Error code 1
>How-To-Repeat:
Try to build/install awstats:

$ make install

===> Checking for vulnerabilities in awstats-6.7nb1
Package awstats-6.7nb1 has a cross-site-scripting vulnerability, see: 
http://secunia.com/advisories/31519/
ERROR: Define ALLOW_VULNERABLE_PACKAGES in mk.conf or IGNORE_URLS in 
audit-packages.conf(5) if this package is absolutely essential.
*** Error code 1
>Fix:
Change awstats version from 6.9 to 6.7nb1 in pkg-vulnerabilities.