Finally, got a chance to look at this and confirm what the others have been saying. The simplest way would be to add an affected version line to the DSA. But that may complicate other systems. That being said, I could just parse from the security tracker unless there is another list somewhere that more simply maintains to DSA id->package->affected version. I'd like to close this out, so let me know if we are just going to go with the parsing solution. Thanks.
-- Nicholas Luedtke Linux for HP Helion OpenStack, Hewlett-Packard
