> I agree, however, that the version numbering may be obscure - we should
> perhaps change the vulnerability list to reflect the first version which is
> safe, rather than the last vulnerable version, to make it obvious what's
> going on.

> i.e. pine<4.21nb1, rather than pine<=4.21

agreed, at least when a fixed package exists in pkgsrc; the message
can then say "Versions of the pine package older than 4.21nb1 have a ..."

					- Bill