fix: correct affected versions in CVE-2024-4006

[MaineK00n]

🗣 Description

The versions indicated by GitLab's Release and the version actually described in ADP Container are different. ADP content is only 16.7.0 and 16.10,16.11. Fix this so that the correct version is eligible.

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1 where personal access scopes were not honored by GraphQL subscriptions. This is a medium severity issue (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N, 4.3). It is now mitigated in the latest release and is assigned CVE-2024-4006.

https://about.gitlab.com/releases/2024/04/24/patch-release-gitlab-16-11-1-released/

[jwoytek-cisa]

@MaineK00n thanks for the report. I'm going to merge this but be aware that changes may be overwritten once the upstream data changes push out.