Looking at the affected versions in comment #1, assuming the stable/liberty backport will appear in a 4.2.5 point release and the stable/mitaka backport in a 5.1.2 point release (and noting that 4.3.0 is in the stable/mitaka series) I think this becomes:
Also, the impact description goes into deeper technical detail than the VMT usually would. Rule of thumb is that an impact description should contain enough detail for a user/deployer to determine whether their configuration is affected such that they should upgrade, and to be able to sufficiently disambiguate the current reported vulnerability from future similar vulnerabilities.
Looking at the affected versions in comment #1, assuming the stable/liberty backport will appear in a 4.2.5 point release and the stable/mitaka backport in a 5.1.2 point release (and noting that 4.3.0 is in the stable/mitaka series) I think this becomes:
Affects: >=2014.2, >=4.0.0 <=4.2.4, >=4.3.0 <=5.1.1
Also, the impact description goes into deeper technical detail than the VMT usually would. Rule of thumb is that an impact description should contain enough detail for a user/deployer to determine whether their configuration is affected such that they should upgrade, and to be able to sufficiently disambiguate the current reported vulnerability from future similar vulnerabilities.