reported by @kwwall in this comment

Is there a way that this new version notation for dependency and vulnerability ranges can be made to work for back-ported vulnerability patching like Red Hat and other Linux vendors often do? We get a lot of FPs in SCA tools because they don't recognized back-ported patches.

Say you have a range of vulnerable versions from 3.0 to 5.4, and that a patch fix the vulnerability in 5.5 is backported to 3.5 and 4.5, I would like to have a simpler way to obtain a new range looking like this: from 3.0 to before 3.5, from 4.0 to before 4.5, from 5.0 to 5.4