Vulnerability ranges not parsed and appended correctly

[timoles]

I haven't confirmed it, but I think currently there are false-negatives due to the version detection.

If there are multiple version ranges vulnerable (e.g. `Vulnerable Versions: 6.0-6.1 and 7.0-7.1), it will just overwrite the max and min version until it went through the array (Loop starting at line 134)

After everything is overwritten it will then append the vulnerability in Line 157. (with the most recent processed vuln range)

https://github.com/whoot/Typo3Scan/blob/0aee5daa318c4b9d79fa2ed6bebac61a88d3f75d/lib/update.py#L130-L157

[whoot]

I think there is a misunderstanding in what the code does. Keeping your example: Vulnerable Versions: 6.0-6.1 and 7.0-7.1

1. Replace ' and' with a comma -> 6.0-6.1, 7.0-7.1
2. Create array by splitting the string at comma -> ['6.0-6.1', '7.0-7.1']
3. Now iterate through this array.
4. Start with ['6.0-6.1'] 4.1 use regex to identify version numbers -> version[0] = 6.0; version[1] = 6.1 4.2 if the regex result is empty (len == 0), there is something wrong with the version info/grepping 4.3 If the array does only contain 1 version info (e.g. Vulnerable Versions: 6.0), make 6.0.0 for min and max version 4.4 none of the above matched. So parse versions and check which one is bigger 4.5 add Advisory, vuln, component, 6.0.0, 6.1.0, cve to the database
5. Start again, but now use ['7.0-7.1']