Add CVE-2019-16892 for rubyzip (#415)

Author: jdleesmiller

gems/rubyzip/CVE-2019-16892.yml

@@ -0,0 +1,13 @@
+---
+gem: rubyzip
+cve: 2019-16892
+url: https://github.com/rubyzip/rubyzip/pull/403
+date: 2019-09-12
+title: Denial of Service in rubyzip ("zip bombs")
+description: |
+  In Rubyzip before 1.3.0, a crafted ZIP file can bypass application
+  checks on ZIP entry sizes because data about the uncompressed size
+  can be spoofed. This allows attackers to cause a denial of service
+  (disk consumption).
+patched_versions:
+  - ">= 1.3.0"