Incorrect vulnerable versions for passenger vuln

[mveytsman]

This vulnerability
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/OSVDB-90738.yml
affects versions 4.0.0.beta1 and 4.0.0.beta2 ( see http://old.blog.phusion.nl/2013/03/05/phusion-passenger-4-0-beta-1-and-2-arbitrary-file-deletion-vulnerability/)

The current patched_versions and unaffected_versions don't cover that.

Is it possible to write the conditions that will capture this vuln using only patched_versions and unaffected_versions, or do we need to add a vulnerable_versions field?

(cc @postmodern I ran some test cases with bundler_audit and it fails as well).

[postmodern]

Testing with rubygems, < 4.0.0 will include 4.0.0.beta.

dep = Gem::Requirement.new('< 4.0.0')
dep.satisfied_by?(Gem::Version.new('4.0.0.beta1'))
# => true

[postmodern]

From #rubygems:

<imperator> < 4.0.0.beta

Confirmed that < 4.0.0.beta excludes 4.0.0, 4.0.0.beta, 4.0.0.rc, 4.0.0.beta.

[jasnow]

This issue was "fixed" under the OSVDB renaming PR:
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2012-6135.yml]