From c28b7ceb388b5b403eb92658734f8a6bba06228a Mon Sep 17 00:00:00 2001
From: Tony Arcieri <bascule@gmail.com>
Date: Sat, 25 Feb 2017 15:35:43 -0800
Subject: [PATCH] Separate "unaffected_versions" and "patched_versions"

Taking a cue from RubySec, this splits the original "versions" attribute into
separate ones for versions which were never vulnerable, and ones which include
an explicit fix for a vulnerability.
---
 README.md | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 7e32c0f..7914204 100644
--- a/README.md
+++ b/README.md
@@ -13,7 +13,12 @@ Each advisory contains information in [TOML] format:
 ```toml
 [vulnerability]
 package = "mypackage"
-versions = ["1.2.0", "1.2.3", "1.2.4", "1.2.5"]
+
+# Versions which were never vulnerable
+unaffected_versions = ["< 1.1.0"]
+
+# Versions which include fixes for this vulnerability
+patched_versions = [">= 1.2.0"]
 
 # It is strongly recommended to request a CVE, or alternatively a DWF, and
 # reference the assigned number here.