patch vulnerable not handling 4 digit version properly

[chrismo]

CVE-2016-4658 came out, saying >= 1.7.1 is patched, but this tool is only bumping 1.6.8 to 1.6.8.1

[chrismo]

Not really a bug, turns out. It's another common constraint keeping it from getting to 1.7.1. BUT what may be a bug, is that it does an inadequate update, rather than just not updating at all.

[chrismo]

It should perhaps error out or something.