Version information from details is missing in the search result

[prabhu]

While constructing the Vulnerability Occurrence the code is using the cpe uri instead of the version list from the original Vulnerability.

https://github.com/AppThreat/vulnerability-db/blob/6775575cc5e7b11885f7af2d44b5540ad15a17f6/vdb/lib/utils.py#L370

This is causing some weird search behaviour as demonstrated below:

> vdb --search "spring-data-jpa:*" 

INFO [2020-03-20 11:03:42,741] Vulnerability database loaded from /Users/prabhu/Library/Application Support/vdb/data.vdb
+---------------+-----------+---------+------------+---------+---------------------------------------------------------------------------------------+
| Id            | Package   | CWE     | Severity   |   Score | Description                                                                           |
+===============+===========+=========+============+=========+=======================================================================================+
| CVE-2019-3802 | <*        | UNKNOWN | MEDIUM     |       5 | Moderate severity vulnerability that affects org.springframework.data:spring-data-jpa |
+---------------+-----------+---------+------------+---------+---------------------------------------------------------------------------------------+
| CVE-2019-3797 | <1.11.20  | UNKNOWN | LOW        |       2 | Low severity vulnerability that affects org.springframework.data:spring-data-jpa      |
+---------------+-----------+---------+------------+---------+---------------------------------------------------------------------------------------+

Notice the <* for the first result. This should instead show comma separated list of all versions mentioned in the original report along with the version passed by the caller.

[prabhu]

This is fixed with 1.2.0. I have also improved version include and exclude logic. There is some more work required to make it accurate, for instance, improving the complex utils.version_compare