icu checker does not detect modern versions of icu

[terriko]

It looks like the version strings in ICU have changed so newer version numbers (e.g. 50.2) aren't being detected correctly. This probably means we need to add a signature in the icu checker (don't delete the old ones, they work for older versions still, we need to add an additional signature)

For beginners looking at this bug... the icu checker can be found here:
https://github.com/intel/cve-bin-tool/blob/master/cve_bin_tool/checkers/icu.py

Here's an example of a file that should likely be detected correctly as icu 60.3:
http://mirror.centos.org/centos/8/BaseOS/x86_64/os/Packages/libicu-60.3-2.el8_1.i686.rpm

If you run this file right now, you'll see the following:

(venv3.8) [terri@cedar cve-bin-tool]$ python -m cve_bin_tool.cli -r icu ~/Downloads/libicu-60.3-2.el8_1.i686.rpm 
[15:31:01] INFO     cve_bin_tool.CVEDB - Using cached CVE data (<24h old). cvedb.py:253
                    Use -u now to update immediately.                                  
           INFO     cve_bin_tool.CVEDB - There are 153866 CVE entries in   cvedb.py:277
                    the database                                                       
[15:31:02] INFO     cve_bin_tool.VersionScanner - Checkers: icu   version_scanner.py:86
[15:31:03] INFO     cve_bin_tool.VersionScanner - /home/terri/Do version_scanner.py:162
                    wnloads/libicu-60.3-2.el8_1.i686.rpm                               
                    contains /usr/lib/libicuuc.so.60.3 is icu                          
                    6011                                                               
[15:31:04] INFO     cve_bin_tool.VersionScanner - /home/terri/Do version_scanner.py:162
                    wnloads/libicu-60.3-2.el8_1.i686.rpm                               
                    contains /usr/lib/libicutu.so.60.3 is icu                          
                    6016                                                               
           INFO     cve_bin_tool.VersionScanner - /home/terri/Do version_scanner.py:162
                    wnloads/libicu-60.3-2.el8_1.i686.rpm                               
                    contains /usr/lib/libicutest.so.60.3 is icu                        
                    6013                                                               
[15:31:05] INFO     cve_bin_tool.VersionScanner - /home/terri/Do version_scanner.py:162
                    wnloads/libicu-60.3-2.el8_1.i686.rpm                               
                    contains /usr/lib/libicuio.so.60.3 is icu                          
                    6020                                                               
           INFO     cve_bin_tool.VersionScanner - /home/terri/Do version_scanner.py:162
                    wnloads/libicu-60.3-2.el8_1.i686.rpm                               
                    contains /usr/lib/libicui18n.so.60.3 is icu                        
                    6015                                                               
[15:31:06] WARNING  cve_bin_tool.VersionScanner - icu was        version_scanner.py:154
                    detected with version UNKNOWN in file /home/                       
                    terri/Downloads/libicu-60.3-2.el8_1.i686.rpm                       
                     contains /usr/lib/libicudata.so.60.3                              
           INFO     cve_bin_tool -                                           cli.py:331
           INFO     cve_bin_tool - Overall CVE summary:                      cli.py:332
           INFO     cve_bin_tool - There are 0 products with known CVEs      cli.py:333
                    detected

So you'll probably need to do a bit of digging to make sure you get the correct version string since none of those is showing as 60.3.

[terriko]

Moving this to 3.0 milestone because we've got a request for an early 2.2 release and this isn't in progress.

[terriko]

@peb-peb -- if you get a chance, tihs the the checker I mentioned that needs some new signatures for new versions. If you get any good results with your script for this one, please submit it as a separate PR so we can merge it faster.