Adjust version constraints on CVE-2024-28103 and CVE-2024-32464

[colszowka]

Both 28103 as well as 32464 have a patched version requirement that is too strict - the newly released 7.1.4 isn't covered as a fixed version by the included constraints.

By my understanding both should get a ~> 7.1.4 as an additional patched version

[postmodern]

Closed by 35b6894. Using >= 7.1.3.4 is simpler than ~> 7.1.3.4 and >= 7.2.0.beta2.

[colszowka]

Ah yes, typical case of the german proverb "Brett vorm Kopf" (plank in front of the head), that's of course better :) Thanks for the quick turnaround @postmodern !

[clemens]

Closed by 35b6894. Using >= 7.1.3.4 is simpler than ~> 7.1.3.4 and >= 7.2.0.beta2.

I thought about this option as well yesterday, but my assumption was that the >= 7.2.0.beta2 probably was intentional and I assumed that it meant that beta1 still had the vulnerability. If that is the case, then the 2 aren't equivalent and 7.2.0.beta1 would now incorrectly NOT yield a warning.

[postmodern]

@colszowka @clemens see also 9a88f50. I later realized that >= 7.2.0.beta2 was mentioned in the GHSA advisories, but not the original advisories.