Add Ruby CVE 2018-16395 (#358) (#359)

https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/

Author: transoceanic2000

rubies/ruby/CVE-2018-16395.yml

@@ -0,0 +1,35 @@
+---
+engine: ruby
+cve: 2018-16395
+url: https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/
+title: Incorrect equality check in OpenSSL::X509::Name
+date: 2018-10-17
+description: |
+  The equality check of `OpenSSL::X509::Name` is not correctly in openssl
+  extension library bundled with Ruby.
+
+  An instance of `OpenSSL::X509::Name` contains entities such as `CN`, `C`
+  and so on. Some two instances of `OpenSSL::X509::Name` are equal only when
+  all entities are exactly equal. However, there is a bug that the equality
+  check is not correct if the value of an entity of the argument (right-hand
+  side) starts with the value of the receiver (left-hand side). So, if a
+  malicious X.509 certificate is passed to compare with an existing
+  certificate, there is a possibility to be judged incorrectly that they are
+  equal.
+
+  It is strongly recommended for Ruby users to upgrade your Ruby installation
+  or take one of the following workarounds as soon as possible.
+
+  `openssl` gem 2.1.2 or later includes the fix for the vulnerability, so
+  upgrade `openssl` gem to the latest version if you are using Ruby 2.4 or
+  later series.
+
+  `gem install openssl -v ">= 2.1.2"`
+  
+  However, in Ruby 2.3 series, you cannot override bundled version of openssl
+  with `openssl` gem. Please upgrade your Ruby installation to the latest
+  version.
+patched_versions:
+  - "~> 2.3.8"
+  - "~> 2.4.5"
+  - "~> 2.5.2"