GHSA SYNC: 4 enhanced ruby advisories and 2 new ruby advisories

[jasnow]

GHSA SYNC: 4 enhanced ruby advisories and 2 new ruby advisories

Modified

• rubies/ruby/CVE-2017-14064.yml
• rubies/ruby/CVE-2019-16255.yml

New:

• rubies/ruby/CVE-2005-2337.yml
• rubies/ruby/CVE-2006-6303.yml
• rubies/ruby/CVE-2008-1145.yml
• rubies/ruby/CVE-2017-6181.yml

[postmodern]

Please do not add additional Note: or RELEASE NOTE comments to description:, unless they appear in the original advisory text. Any internal review comments should go under notes:.

I went ahead and deleted them. If you want to preserve them, close and re-submit the PR but with the notes under a notes: | key. If you're OK with them being deleted, I will go ahead and squash merge the PR.

[postmodern]

Also I still do not understand why an empty line sometimes appears in the middle of the related: url: list. This is the second time I've seen that in your GitHub Sync PRs. The GitHub Sync script sets that field to the GHSA references Array. If the URL was null then YAML would still add a - line. If the URL ended with a newline character, YAML would wrap the String in single quotes. Please check for random empty lines in related: url: and remove them.

[jasnow]

I accept your changes.

[jasnow]

The GitHub Sync script sets that field to the GHSA references Array. If the URL was null then YAML would still add a - line. If the URL ended with a newline character, YAML would wrap the String in single quotes. Please check for random empty lines in related: url: and remove them.

FYI: All *rubies have been manually created or modified by me. The existing script only provides rubygems advisories.