Closed fiorix closed 5 years ago
Those are two VersionReq
expressions:
>= 0.10.2
< 0.10.0, >= 0.9.18
The corresponding VersionReq
s for the vulnerable versions would be:
< 0.10.2, >= 0.10.10
OR < 0.9.18
I'd double check with @seanmonstar that this is actually what was intended, but otherwise it's a valid version expression (that is why they are TOML arrays).
If you're having trouble parsing them, I'd suggest using the rustsec
crate to parse them, or otherwise a similar SemVer library in other languages capable of parsing version requirements.
The patched_versions in hyper/RUSTSEC-2017-0002.toml has a couple of ranges in the same item, and is the only file like that:
Is this intended, or is it a bug?