rubysec
diff --git a/‎advisories/_posts/2007-05-21-OSVDB-101157.md
Lines changed: 10 additions & 4 deletions b/‎advisories/_posts/2007-05-21-OSVDB-101157.md
Lines changed: 10 additions & 4 deletions
diff --git a/‎advisories/_posts/2007-06-15-OSVDB-95668.md
Lines changed: 9 additions & 4 deletions b/‎advisories/_posts/2007-06-15-OSVDB-95668.md
Lines changed: 9 additions & 4 deletions
diff --git a/‎advisories/_posts/2007-11-27-CVE-2007-6183.md
Lines changed: 8 additions & 4 deletions b/‎advisories/_posts/2007-11-27-CVE-2007-6183.md
Lines changed: 8 additions & 4 deletions
diff --git a/‎advisories/_posts/2008-08-12-CVE-2008-7311.md
Lines changed: 15 additions & 7 deletions b/‎advisories/_posts/2008-08-12-CVE-2008-7311.md
Lines changed: 15 additions & 7 deletions
diff --git a/‎advisories/_posts/2008-08-15-OSVDB-95749.md
Lines changed: 12 additions & 5 deletions b/‎advisories/_posts/2008-08-15-OSVDB-95749.md
Lines changed: 12 additions & 5 deletions
diff --git a/‎advisories/_posts/2008-09-22-CVE-2008-7310.md
Lines changed: 13 additions & 7 deletions b/‎advisories/_posts/2008-09-22-CVE-2008-7310.md
Lines changed: 13 additions & 7 deletions
diff --git a/‎advisories/_posts/2008-10-10-OSVDB-95376.md
Lines changed: 11 additions & 4 deletions b/‎advisories/_posts/2008-10-10-OSVDB-95376.md
Lines changed: 11 additions & 4 deletions
diff --git a/‎advisories/_posts/2009-12-07-CVE-2009-4123.md
Lines changed: 11 additions & 4 deletions b/‎advisories/_posts/2009-12-07-CVE-2009-4123.md
Lines changed: 11 additions & 4 deletions
diff --git a/‎advisories/_posts/2010-02-01-OSVDB-62067.md
Lines changed: 13 additions & 6 deletions b/‎advisories/_posts/2010-02-01-OSVDB-62067.md
Lines changed: 13 additions & 6 deletions
diff --git a/‎advisories/_posts/2010-08-12-OSVDB-114600.md
Lines changed: 8 additions & 4 deletions b/‎advisories/_posts/2010-08-12-OSVDB-114600.md
Lines changed: 8 additions & 4 deletions
diff --git a/‎advisories/_posts/2010-11-02-CVE-2010-3978.md
Lines changed: 18 additions & 8 deletions b/‎advisories/_posts/2010-11-02-CVE-2010-3978.md
Lines changed: 18 additions & 8 deletions
diff --git a/‎advisories/_posts/2011-01-12-OSVDB-106954.md
Lines changed: 2 additions & 2 deletions b/‎advisories/_posts/2011-01-12-OSVDB-106954.md
Lines changed: 2 additions & 2 deletions
@@ -1,6 +1,6 @@
 ---
 layout: advisory
-title: 'OSVDB-101157: json Gem for Ruby Data Handling Stack Buffer Overflow'
+title: ! 'OSVDB-101157: json Gem for Ruby Data Handling Stack Buffer Overflow'
 comments: false
 categories:
 - json
@@ -10,12 +10,18 @@ advisory:
   url: http://osvdb.org/show/osvdb/101157
   title: json Gem for Ruby Data Handling Stack Buffer Overflow
   date: 2007-05-21
-  description: |
-    json Gem for Ruby contains an overflow condition that is triggered as
+  description: ! 'json Gem for Ruby contains an overflow condition that is triggered
+    as
+
     user-supplied input is not properly validated when handling specially crafted
+
     data. This may allow a remote attacker to cause a stack-based buffer
+
     overflow, resulting in a denial of service or potentially allowing the
+
     execution of arbitrary code.
+
+'
   patched_versions:
-  - ">= 1.1.0"
+  - ! '>= 1.1.0'
 ---
@@ -1,6 +1,6 @@
 ---
 layout: advisory
-title: 'OSVDB-95668: Builder Gem for Ruby Tag Name Handling Private Method Exposure'
+title: ! 'OSVDB-95668: Builder Gem for Ruby Tag Name Handling Private Method Exposure'
 comments: false
 categories:
 - builder
@@ -10,11 +10,16 @@ advisory:
   url: http://osvdb.org/show/osvdb/95668
   title: Builder Gem for Ruby Tag Name Handling Private Method Exposure
   date: 2007-06-15
-  description: |
-    Builder Gem for Ruby contains a flaw in the handling of tag names. The issue
+  description: ! 'Builder Gem for Ruby contains a flaw in the handling of tag names.
+    The issue
+
     is triggered when the program reads tag names from XML data and then calls a
+
     method with that name. With a specially crafted file, a context-dependent
+
     attacker can call private methods and manipulate data.
+
+'
   patched_versions:
-  - ">= 2.1.2"
+  - ! '>= 2.1.2'
 ---
@@ -1,6 +1,6 @@
 ---
 layout: advisory
-title: 'CVE-2007-6183: Ruby-GNOME2 gtk/src/rbgtkmessagedialog.c Gtk::MessageDialog.new()
+title: ! 'CVE-2007-6183: Ruby-GNOME2 gtk/src/rbgtkmessagedialog.c Gtk::MessageDialog.new()
   Function Format String'
 comments: false
 categories:
@@ -13,12 +13,16 @@ advisory:
   title: Ruby-GNOME2 gtk/src/rbgtkmessagedialog.c Gtk::MessageDialog.new() Function
     Format String
   date: 2007-11-27
-  description: |
-    Format string vulnerability in the mdiag_initialize function in
+  description: ! 'Format string vulnerability in the mdiag_initialize function in
+
     gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and
+
     SVN versions before 20071127, allows context-dependent attackers to execute
+
     arbitrary code via format string specifiers in the message parameter.
+
+'
   cvss_v2: 6.8
   patched_versions:
-  - "> 0.16.0"
+  - ! '> 0.16.0'
 ---
@@ -1,8 +1,11 @@
 ---
 layout: advisory
-title: |
-  CVE-2008-7311: Spree Hardcoded config.action_controller_session Hash Value Cryptographic
+title: ! 'CVE-2008-7311: Spree Hardcoded config.action_controller_session Hash Value
+  Cryptographic
+
   Protection Weakness
+
+'
 comments: false
 categories:
 - spree
@@ -11,15 +14,20 @@ advisory:
   cve: 2008-7311
   osvdb: 81506
   url: https://spreecommerce.com/blog/security-vulernability-session-cookie-store
-  title: |
-    Spree Hardcoded config.action_controller_session Hash Value Cryptographic
+  title: ! 'Spree Hardcoded config.action_controller_session Hash Value Cryptographic
+
     Protection Weakness
+
+'
   date: 2008-08-12
-  description: |
-    Spree contains a hardcoded flaw related to the
+  description: ! 'Spree contains a hardcoded flaw related to the
+
     config.action_controller_session hash value. This may allow an attacker to
+
     more easily bypass cryptographic protection.
+
+'
   cvss_v2: 5.0
   patched_versions:
-  - ">= 0.3.0"
+  - ! '>= 0.3.0'
 ---
@@ -1,6 +1,6 @@
 ---
 layout: advisory
-title: 'OSVDB-95749: activeresource Gem for Ruby lib/active_resource/connection.rb
+title: ! 'OSVDB-95749: activeresource Gem for Ruby lib/active_resource/connection.rb
   request Function Multiple Variable Format String'
 comments: false
 categories:
@@ -12,13 +12,20 @@ advisory:
   title: activeresource Gem for Ruby lib/active_resource/connection.rb request Function
     Multiple Variable Format String
   date: 2008-08-15
-  description: |
-    activeresource contains a format string flaw in the request function of
+  description: ! 'activeresource contains a format string flaw in the request function
+    of
+
     lib/active_resource/connection.rb. The issue is triggered as format string
+
     specifiers (e.g. %s and %x) are not properly sanitized in user-supplied input
-    when passed via the 'result.code' and 'result.message' variables. This may
+
+    when passed via the ''result.code'' and ''result.message'' variables. This may
+
     allow a remote attacker to cause a denial of service or potentially execute
+
     arbitrary code.
+
+'
   patched_versions:
-  - ">= 2.2.0"
+  - ! '>= 2.2.0'
 ---
@@ -1,7 +1,9 @@
 ---
 layout: advisory
-title: |
-  CVE-2008-7310: Spree Hash Restriction Weakness URL Parsing Order State Value Manipulation
+title: ! 'CVE-2008-7310: Spree Hash Restriction Weakness URL Parsing Order State Value
+  Manipulation
+
+'
 comments: false
 categories:
 - spree
@@ -10,13 +12,17 @@ advisory:
   cve: 2008-7310
   osvdb: 81505
   url: https://spreecommerce.com/blog/security-vulnerability-mass-assignment
-  title: |
-    Spree Hash Restriction Weakness URL Parsing Order State Value Manipulation
+  title: ! 'Spree Hash Restriction Weakness URL Parsing Order State Value Manipulation
+
+'
   date: 2008-09-22
-  description: |
-    Spree contains a hash restriction weakness that occurs when parsing a
+  description: ! 'Spree contains a hash restriction weakness that occurs when parsing
+    a
+
     modified URL. This may allow an attacker to manipulate order state values.
+
+'
   cvss_v2: 5.0
   patched_versions:
-  - ">= 0.3.0"
+  - ! '>= 0.3.0'
 ---
@@ -1,6 +1,6 @@
 ---
 layout: advisory
-title: 'OSVDB-95376: Oracle "enhanced" ActiveRecord Gem for Ruby :limit / :offset
+title: ! 'OSVDB-95376: Oracle "enhanced" ActiveRecord Gem for Ruby :limit / :offset
   SQL Injection'
 comments: false
 categories:
@@ -11,13 +11,20 @@ advisory:
   url: http://osvdb.org/show/osvdb/95376
   title: Oracle "enhanced" ActiveRecord Gem for Ruby :limit / :offset SQL Injection
   date: 2008-10-10
-  description: |
-    Oracle "enhanced" ActiveRecord Gem for Ruby contains a flaw that may allow an
+  description: ! 'Oracle "enhanced" ActiveRecord Gem for Ruby contains a flaw that
+    may allow an
+
     attacker to carry out an SQL injection attack. The issue is due to the
+
     program not properly sanitizing user-supplied input related to the :limit and
+
     :offset functions. This may allow an attacker to inject or manipulate SQL
+
     queries in the back-end database, allowing for the manipulation or disclosure
+
     of arbitrary data.
+
+'
   patched_versions:
-  - ">= 1.1.8"
+  - ! '>= 1.1.8'
 ---
@@ -1,6 +1,6 @@
 ---
 layout: advisory
-title: 'CVE-2009-4123: jruby-openssl Gem for JRuby fails to do proper certificate
+title: ! 'CVE-2009-4123: jruby-openssl Gem for JRuby fails to do proper certificate
   validation'
 comments: false
 categories:
@@ -12,13 +12,20 @@ advisory:
   url: http://jruby.org/2009/12/07/vulnerability-in-jruby-openssl
   title: jruby-openssl Gem for JRuby fails to do proper certificate validation
   date: 2009-12-07
-  description: |
-    A security problem involving peer certificate verification was found where
+  description: ! 'A security problem involving peer certificate verification was found
+    where
+
     failed verification silently did nothing, making affected applications
+
     vulnerable to attackers. Attackers could lead a client application to believe
+
     that a secure connection to a rogue SSL server is legitimate. Attackers could
+
     also penetrate client-validated SSL server applications with a dummy
+
     certificate.
+
+'
   patched_versions:
-  - ">= 0.6"
+  - ! '>= 0.6'
 ---
@@ -1,7 +1,7 @@
 ---
 layout: advisory
-title: 'OSVDB-62067: bcrypt-ruby Gem for Ruby incorrect encoding of non US-ASCII characters
-  (JRuby only)'
+title: ! 'OSVDB-62067: bcrypt-ruby Gem for Ruby incorrect encoding of non US-ASCII
+  characters (JRuby only)'
 comments: false
 categories:
 - bcrypt
@@ -13,14 +13,21 @@ advisory:
   title: bcrypt-ruby Gem for Ruby incorrect encoding of non US-ASCII characters (JRuby
     only)
   date: 2010-02-01
-  description: |
-    bcrypt-ruby Gem for Ruby suffered from a bug related to character
+  description: ! 'bcrypt-ruby Gem for Ruby suffered from a bug related to character
+
     encoding that substantially reduced the entropy of hashed passwords
+
     containing non US-ASCII characters. An incorrect encoding step
-    transparently replaced such characters by '?' prior to hashing. In the
+
+    transparently replaced such characters by ''?'' prior to hashing. In the
+
     worst case of a password consisting solely of non-US-ASCII characters,
+
     this would cause its hash to be equivalent to all other such passwords
+
     of the same length. This issue only affects the JRuby implementation.
+
+'
   patched_versions:
-  - ">= 2.1.4"
+  - ! '>= 2.1.4'
 ---
@@ -1,6 +1,6 @@
 ---
 layout: advisory
-title: 'OSVDB-114600: curb Gem for Ruby Empty http_put Body Handling Remote DoS'
+title: ! 'OSVDB-114600: curb Gem for Ruby Empty http_put Body Handling Remote DoS'
 comments: false
 categories:
 - curb
@@ -10,10 +10,14 @@ advisory:
   url: http://osvdb.org/show/osvdb/114600
   title: curb Gem for Ruby Empty http_put Body Handling Remote DoS
   date: 2010-08-12
-  description: |
-    curb Gem for Ruby contains a flaw that is triggered when handling an empty
+  description: ! 'curb Gem for Ruby contains a flaw that is triggered when handling
+    an empty
+
     http_put body. This may allow a remote attacker to crash an application
+
     linked against the library.
+
+'
   patched_versions:
-  - ">= 0.7.8"
+  - ! '>= 0.7.8'
 ---
@@ -1,8 +1,11 @@
 ---
 layout: advisory
-title: |
-  CVE-2010-3978: Spree Multiple Script JSON Request Validation Weakness Remote Information
+title: ! 'CVE-2010-3978: Spree Multiple Script JSON Request Validation Weakness Remote
+  Information
+
   Disclosure
+
+'
 comments: false
 categories:
 - spree
@@ -11,18 +14,25 @@ advisory:
   cve: 2010-3978
   osvdb: 69098
   url: https://spreecommerce.com/blog/json-hijacking-vulnerability
-  title: |
-    Spree Multiple Script JSON Request Validation Weakness Remote Information
+  title: ! 'Spree Multiple Script JSON Request Validation Weakness Remote Information
+
     Disclosure
+
+'
   date: 2010-11-02
-  description: |
-    Spree contains a flaw that may lead to an unauthorized information
+  description: ! 'Spree contains a flaw that may lead to an unauthorized information
+
     disclosure. The issue is triggered when the application exchanges data using
+
     the JSON service without validating requests, which will disclose sensitive
+
     user and order information to a context-dependent attacker when a logged-in
+
     user visits a crafted website.
+
+'
   cvss_v2: 5.0
   patched_versions:
-  - "~> 0.11.2"
-  - ">= 0.30.0"
+  - ~> 0.11.2
+  - ! '>= 0.30.0'
 ---
@@ -1,7 +1,7 @@
 ---
 layout: advisory
-title: 'OSVDB-106954: quick_magick Gem for Ruby QuickMagick::Image.read Function Crafted
-  String Handling Remote Command Injection'
+title: ! 'OSVDB-106954: quick_magick Gem for Ruby QuickMagick::Image.read Function
+  Crafted String Handling Remote Command Injection'
 comments: false
 categories:
 - quick_magick