rubysec
diff --git a/‎advisories/_posts/2007-05-21-OSVDB-101157.md
Lines changed: 4 additions & 10 deletions b/‎advisories/_posts/2007-05-21-OSVDB-101157.md
Lines changed: 4 additions & 10 deletions
diff --git a/‎advisories/_posts/2007-06-15-OSVDB-95668.md
Lines changed: 5 additions & 9 deletions b/‎advisories/_posts/2007-06-15-OSVDB-95668.md
Lines changed: 5 additions & 9 deletions
diff --git a/‎advisories/_posts/2007-11-27-CVE-2007-6183.md
Lines changed: 4 additions & 8 deletions b/‎advisories/_posts/2007-11-27-CVE-2007-6183.md
Lines changed: 4 additions & 8 deletions
diff --git a/‎advisories/_posts/2008-08-12-CVE-2008-7311.md
Lines changed: 7 additions & 15 deletions b/‎advisories/_posts/2008-08-12-CVE-2008-7311.md
Lines changed: 7 additions & 15 deletions
diff --git a/‎advisories/_posts/2008-08-15-OSVDB-95749.md
Lines changed: 5 additions & 12 deletions b/‎advisories/_posts/2008-08-15-OSVDB-95749.md
Lines changed: 5 additions & 12 deletions
diff --git a/‎advisories/_posts/2008-09-22-CVE-2008-7310.md
Lines changed: 7 additions & 13 deletions b/‎advisories/_posts/2008-09-22-CVE-2008-7310.md
Lines changed: 7 additions & 13 deletions
diff --git a/‎advisories/_posts/2008-10-10-OSVDB-95376.md
Lines changed: 5 additions & 12 deletions b/‎advisories/_posts/2008-10-10-OSVDB-95376.md
Lines changed: 5 additions & 12 deletions
diff --git a/‎advisories/_posts/2009-12-07-CVE-2009-4123.md
Lines changed: 5 additions & 12 deletions b/‎advisories/_posts/2009-12-07-CVE-2009-4123.md
Lines changed: 5 additions & 12 deletions
diff --git a/‎advisories/_posts/2010-02-01-OSVDB-62067.md
Lines changed: 5 additions & 12 deletions b/‎advisories/_posts/2010-02-01-OSVDB-62067.md
Lines changed: 5 additions & 12 deletions
diff --git a/‎advisories/_posts/2010-08-12-OSVDB-114600.md
Lines changed: 5 additions & 8 deletions b/‎advisories/_posts/2010-08-12-OSVDB-114600.md
Lines changed: 5 additions & 8 deletions
@@ -1,6 +1,6 @@
 ---
 layout: advisory
-title: ! 'OSVDB-101157: json Gem for Ruby Data Handling Stack Buffer Overflow'
+title: 'OSVDB-101157 (json): json Gem for Ruby Data Handling Stack Buffer Overflow'
 comments: false
 categories:
 - json
@@ -10,18 +10,12 @@ advisory:
   url: http://osvdb.org/show/osvdb/101157
   title: json Gem for Ruby Data Handling Stack Buffer Overflow
   date: 2007-05-21
-  description: ! 'json Gem for Ruby contains an overflow condition that is triggered
-    as
-
+  description: |
+    json Gem for Ruby contains an overflow condition that is triggered as
     user-supplied input is not properly validated when handling specially crafted
-
     data. This may allow a remote attacker to cause a stack-based buffer
-
     overflow, resulting in a denial of service or potentially allowing the
-
     execution of arbitrary code.
-
-'
   patched_versions:
-  - ! '>= 1.1.0'
+  - ">= 1.1.0"
 ---
@@ -1,6 +1,7 @@
 ---
 layout: advisory
-title: ! 'OSVDB-95668: Builder Gem for Ruby Tag Name Handling Private Method Exposure'
+title: 'OSVDB-95668 (builder): Builder Gem for Ruby Tag Name Handling Private Method
+  Exposure'
 comments: false
 categories:
 - builder
@@ -10,16 +11,11 @@ advisory:
   url: http://osvdb.org/show/osvdb/95668
   title: Builder Gem for Ruby Tag Name Handling Private Method Exposure
   date: 2007-06-15
-  description: ! 'Builder Gem for Ruby contains a flaw in the handling of tag names.
-    The issue
-
+  description: |
+    Builder Gem for Ruby contains a flaw in the handling of tag names. The issue
     is triggered when the program reads tag names from XML data and then calls a
-
     method with that name. With a specially crafted file, a context-dependent
-
     attacker can call private methods and manipulate data.
-
-'
   patched_versions:
-  - ! '>= 2.1.2'
+  - ">= 2.1.2"
 ---
@@ -1,6 +1,6 @@
 ---
 layout: advisory
-title: ! 'CVE-2007-6183: Ruby-GNOME2 gtk/src/rbgtkmessagedialog.c Gtk::MessageDialog.new()
+title: 'CVE-2007-6183 (gtk2): Ruby-GNOME2 gtk/src/rbgtkmessagedialog.c Gtk::MessageDialog.new()
   Function Format String'
 comments: false
 categories:
@@ -13,16 +13,12 @@ advisory:
   title: Ruby-GNOME2 gtk/src/rbgtkmessagedialog.c Gtk::MessageDialog.new() Function
     Format String
   date: 2007-11-27
-  description: ! 'Format string vulnerability in the mdiag_initialize function in
-
+  description: |
+    Format string vulnerability in the mdiag_initialize function in
     gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and
-
     SVN versions before 20071127, allows context-dependent attackers to execute
-
     arbitrary code via format string specifiers in the message parameter.
-
-'
   cvss_v2: 6.8
   patched_versions:
-  - ! '> 0.16.0'
+  - "> 0.16.0"
 ---
@@ -1,11 +1,8 @@
 ---
 layout: advisory
-title: ! 'CVE-2008-7311: Spree Hardcoded config.action_controller_session Hash Value
-  Cryptographic
-
+title: |
+  CVE-2008-7311 (spree): Spree Hardcoded config.action_controller_session Hash Value Cryptographic
   Protection Weakness
-
-'
 comments: false
 categories:
 - spree
@@ -14,20 +11,15 @@ advisory:
   cve: 2008-7311
   osvdb: 81506
   url: https://spreecommerce.com/blog/security-vulernability-session-cookie-store
-  title: ! 'Spree Hardcoded config.action_controller_session Hash Value Cryptographic
-
+  title: |
+    Spree Hardcoded config.action_controller_session Hash Value Cryptographic
     Protection Weakness
-
-'
   date: 2008-08-12
-  description: ! 'Spree contains a hardcoded flaw related to the
-
+  description: |
+    Spree contains a hardcoded flaw related to the
     config.action_controller_session hash value. This may allow an attacker to
-
     more easily bypass cryptographic protection.
-
-'
   cvss_v2: 5.0
   patched_versions:
-  - ! '>= 0.3.0'
+  - ">= 0.3.0"
 ---
@@ -1,6 +1,6 @@
 ---
 layout: advisory
-title: ! 'OSVDB-95749: activeresource Gem for Ruby lib/active_resource/connection.rb
+title: 'OSVDB-95749 (activeresource): activeresource Gem for Ruby lib/active_resource/connection.rb
   request Function Multiple Variable Format String'
 comments: false
 categories:
@@ -12,20 +12,13 @@ advisory:
   title: activeresource Gem for Ruby lib/active_resource/connection.rb request Function
     Multiple Variable Format String
   date: 2008-08-15
-  description: ! 'activeresource contains a format string flaw in the request function
-    of
-
+  description: |
+    activeresource contains a format string flaw in the request function of
     lib/active_resource/connection.rb. The issue is triggered as format string
-
     specifiers (e.g. %s and %x) are not properly sanitized in user-supplied input
-
-    when passed via the ''result.code'' and ''result.message'' variables. This may
-
+    when passed via the 'result.code' and 'result.message' variables. This may
     allow a remote attacker to cause a denial of service or potentially execute
-
     arbitrary code.
-
-'
   patched_versions:
-  - ! '>= 2.2.0'
+  - ">= 2.2.0"
 ---
@@ -1,9 +1,7 @@
 ---
 layout: advisory
-title: ! 'CVE-2008-7310: Spree Hash Restriction Weakness URL Parsing Order State Value
-  Manipulation
-
-'
+title: |
+  CVE-2008-7310 (spree): Spree Hash Restriction Weakness URL Parsing Order State Value Manipulation
 comments: false
 categories:
 - spree
@@ -12,17 +10,13 @@ advisory:
   cve: 2008-7310
   osvdb: 81505
   url: https://spreecommerce.com/blog/security-vulnerability-mass-assignment
-  title: ! 'Spree Hash Restriction Weakness URL Parsing Order State Value Manipulation
-
-'
+  title: |
+    Spree Hash Restriction Weakness URL Parsing Order State Value Manipulation
   date: 2008-09-22
-  description: ! 'Spree contains a hash restriction weakness that occurs when parsing
-    a
-
+  description: |
+    Spree contains a hash restriction weakness that occurs when parsing a
     modified URL. This may allow an attacker to manipulate order state values.
-
-'
   cvss_v2: 5.0
   patched_versions:
-  - ! '>= 0.3.0'
+  - ">= 0.3.0"
 ---
@@ -1,7 +1,7 @@
 ---
 layout: advisory
-title: ! 'OSVDB-95376: Oracle "enhanced" ActiveRecord Gem for Ruby :limit / :offset
-  SQL Injection'
+title: 'OSVDB-95376 (activerecord-oracle_enhanced-adapter): Oracle "enhanced" ActiveRecord
+  Gem for Ruby :limit / :offset SQL Injection'
 comments: false
 categories:
 - activerecord-oracle_enhanced-adapter
@@ -11,20 +11,13 @@ advisory:
   url: http://osvdb.org/show/osvdb/95376
   title: Oracle "enhanced" ActiveRecord Gem for Ruby :limit / :offset SQL Injection
   date: 2008-10-10
-  description: ! 'Oracle "enhanced" ActiveRecord Gem for Ruby contains a flaw that
-    may allow an
-
+  description: |
+    Oracle "enhanced" ActiveRecord Gem for Ruby contains a flaw that may allow an
     attacker to carry out an SQL injection attack. The issue is due to the
-
     program not properly sanitizing user-supplied input related to the :limit and
-
     :offset functions. This may allow an attacker to inject or manipulate SQL
-
     queries in the back-end database, allowing for the manipulation or disclosure
-
     of arbitrary data.
-
-'
   patched_versions:
-  - ! '>= 1.1.8'
+  - ">= 1.1.8"
 ---
@@ -1,7 +1,7 @@
 ---
 layout: advisory
-title: ! 'CVE-2009-4123: jruby-openssl Gem for JRuby fails to do proper certificate
-  validation'
+title: 'CVE-2009-4123 (jruby-openssl): jruby-openssl Gem for JRuby fails to do proper
+  certificate validation'
 comments: false
 categories:
 - jruby-openssl
@@ -12,20 +12,13 @@ advisory:
   url: http://jruby.org/2009/12/07/vulnerability-in-jruby-openssl
   title: jruby-openssl Gem for JRuby fails to do proper certificate validation
   date: 2009-12-07
-  description: ! 'A security problem involving peer certificate verification was found
-    where
-
+  description: |
+    A security problem involving peer certificate verification was found where
     failed verification silently did nothing, making affected applications
-
     vulnerable to attackers. Attackers could lead a client application to believe
-
     that a secure connection to a rogue SSL server is legitimate. Attackers could
-
     also penetrate client-validated SSL server applications with a dummy
-
     certificate.
-
-'
   patched_versions:
-  - ! '>= 0.6'
+  - ">= 0.6"
 ---
@@ -1,6 +1,6 @@
 ---
 layout: advisory
-title: ! 'OSVDB-62067: bcrypt-ruby Gem for Ruby incorrect encoding of non US-ASCII
+title: 'OSVDB-62067 (bcrypt): bcrypt-ruby Gem for Ruby incorrect encoding of non US-ASCII
   characters (JRuby only)'
 comments: false
 categories:
@@ -13,21 +13,14 @@ advisory:
   title: bcrypt-ruby Gem for Ruby incorrect encoding of non US-ASCII characters (JRuby
     only)
   date: 2010-02-01
-  description: ! 'bcrypt-ruby Gem for Ruby suffered from a bug related to character
-
+  description: |
+    bcrypt-ruby Gem for Ruby suffered from a bug related to character
     encoding that substantially reduced the entropy of hashed passwords
-
     containing non US-ASCII characters. An incorrect encoding step
-
-    transparently replaced such characters by ''?'' prior to hashing. In the
-
+    transparently replaced such characters by '?' prior to hashing. In the
     worst case of a password consisting solely of non-US-ASCII characters,
-
     this would cause its hash to be equivalent to all other such passwords
-
     of the same length. This issue only affects the JRuby implementation.
-
-'
   patched_versions:
-  - ! '>= 2.1.4'
+  - ">= 2.1.4"
 ---
@@ -1,6 +1,7 @@
 ---
 layout: advisory
-title: ! 'OSVDB-114600: curb Gem for Ruby Empty http_put Body Handling Remote DoS'
+title: 'OSVDB-114600 (curb): curb Gem for Ruby Empty http_put Body Handling Remote
+  DoS'
 comments: false
 categories:
 - curb
@@ -10,14 +11,10 @@ advisory:
   url: http://osvdb.org/show/osvdb/114600
   title: curb Gem for Ruby Empty http_put Body Handling Remote DoS
   date: 2010-08-12
-  description: ! 'curb Gem for Ruby contains a flaw that is triggered when handling
-    an empty
-
+  description: |
+    curb Gem for Ruby contains a flaw that is triggered when handling an empty
     http_put body. This may allow a remote attacker to crash an application
-
     linked against the library.
-
-'
   patched_versions:
-  - ! '>= 0.7.8'
+  - ">= 0.7.8"
 ---