Updated advisory posts against rubysec/ruby-advisory-db@01befbb

Author: jasnow

advisories/_posts/2013-02-25-OSVDB-114854.md

@@ -32,4 +32,5 @@ advisory:
     - https://security.snyk.io/vuln/SNYK-RUBY-ACTIVERECORDJDBCADAPTER-20076
     - https://my.diffend.io/gems/activerecord-jdbc-adapter/1.2.5/1.2.8
     - http://osvdb.org/show/osvdb/114854
+    - https://advisories.gitlab.com/pkg/gem/activerecord-jdbc-adapter/OSVDB-2013-02-25
 ---

advisories/_posts/2014-09-29-OSVDB-112347.md

@@ -0,0 +1,26 @@
+---
+layout: advisory
+title: 'OSVDB-112347 (activejob): Active Job - Object injection security vulnerability
+  if Global IDs'
+comments: false
+categories:
+- activejob
+advisory:
+  gem: activejob
+  osvdb: 112347
+  url: https://advisories.gitlab.com/pkg/gem/activejob/OSVDB-112347
+  title: Active Job - Object injection security vulnerability if Global IDs
+  date: 2014-09-29
+  description: |
+    * In release post: "Active Job vulnerability:
+      We also fixed an Active Job bug that allowed String
+      arguments to be deserialized as if they were Global IDs,
+      an object injection security vulnerability.
+  patched_versions:
+  - ">= 4.2.0.beta2"
+  related:
+    url:
+    - https://rubyonrails.org/2014/9/29/Rails-4-2-0-beta2-has-been-released
+    - https://advisories.gitlab.com/pkg/gem/activejob/OSVDB-112347
+  notes: "- No CVE, GHSA, or CVSS values\n"
+---

advisories/_posts/2016-12-21-CVE-2016-10522.md

@@ -24,6 +24,9 @@ advisory:
   - ">= 1.1.1"
   related:
     url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2016-10522
     - https://www.sourceclear.com/registry/security/cross-site-request-forgery-csrf-/ruby/sid-3173
     - https://github.com/sferik/rails_admin/commit/b13e879eb93b661204e9fb5e55f7afa4f397537a
+    - https://advisories.gitlab.com/pkg/gem/rails_admin/SRCCLR-SID-3173
+    - https://github.com/advisories/GHSA-pxqr-8v54-m2hj
 ---