Added 4 more GHSA sync'ed advisories (#630)

* Fixed `patch_versions` number and deleted `grit` advisory as dup per PR feedback

Author: jasnow

gems/openssl/CVE-2018-16395.yml

@@ -0,0 +1,43 @@
+---
+gem: openssl
+cve: 2018-16395
+ghsa: mmrq-6999-72v8
+url: https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/
+title: Incorrect value comparison in Ruby openssl
+date: 2018-10-17
+description: |
+  An issue was discovered in the OpenSSL library in Ruby when two OpenSSL::X509::Name
+  objects are compared using ==, depending on the ordering, non-equal objects may
+  return true. When the first argument is one character longer than the second, or
+  the second argument contains a character that is one less than a character in the
+  same position of the first argument, the result of == will be true. This could be
+  leveraged to create an illegitimate certificate that may be accepted as legitimate
+  and then used in signing or encryption operations.
+cvss_v2: 7.5
+cvss_v3: 9.8
+patched_versions:
+  - ">= 2.1.2"
+related:
+  url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-16395
+    - https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/
+    - https://hackerone.com/reports/387250
+    - https://access.redhat.com/errata/RHSA-2018:3729
+    - https://access.redhat.com/errata/RHSA-2018:3730
+    - https://access.redhat.com/errata/RHSA-2018:3731
+    - https://access.redhat.com/errata/RHSA-2018:3738
+    - https://access.redhat.com/errata/RHSA-2019:1948
+    - https://access.redhat.com/errata/RHSA-2019:2565
+    - https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html
+    - https://security.netapp.com/advisory/ntap-20190221-0002/
+    - https://usn.ubuntu.com/3808-1/
+    - https://www.debian.org/security/2018/dsa-4332
+    - https://www.oracle.com/security-alerts/cpujan2020.html
+    - https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/
+    - https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/
+    - https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/
+    - https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/
+    - http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html
+    - http://www.securitytracker.com/id/1042105
+    - https://github.com/ruby/openssl/commit/f653cfa43f0f20e8c440122ea982382b6228e7f5
+    - https://github.com/advisories/GHSA-mmrq-6999-72v8

gems/passenger/CVE-2018-12027.yml

@@ -0,0 +1,27 @@
+---
+gem: passenger
+cve: 2018-12027
+ghsa: whfx-877c-5p28
+url: https://blog.phusion.nl/passenger-5-3-2
+title: Insecure Permissions in Phusion Passenger
+date: 2018-06-12
+description: |
+  "An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger
+  5.3.x before 5.3.2 causes information disclosure in the following situation: given
+  a Passenger-spawned application process that reports that it listens on a certain
+  Unix domain socket, if any of the parent directories of said socket are writable
+  by a normal user that is not the application''s user, then that non-application
+  user can swap that directory with something else, resulting in traffic being redirected
+  to a non-application user''s process through an alternative Unix domain socket."
+cvss_v2: 6.5
+cvss_v3: 8.8
+unaffected_versions:
+  - "< 5.3.0"
+patched_versions:
+  - ">= 5.3.2"
+related:
+  url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-12027
+    - https://blog.phusion.nl/passenger-5-3-2
+    - https://security.gentoo.org/glsa/201807-02
+    - https://github.com/advisories/GHSA-whfx-877c-5p28

gems/passenger/CVE-2018-12028.yml

@@ -0,0 +1,25 @@
+---
+gem: passenger
+cve: 2018-12028
+ghsa: jjhj-8gx7-x836
+url: https://blog.phusion.nl/passenger-5-3-2
+title: Incorrect Access Control in Phusion Passenger
+date: 2018-06-12
+description: |
+  An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger
+  5.3.x before 5.3.2 allows a Passenger-managed malicious application, upon spawning
+  a child process, to report an arbitrary different PID back to Passenger's process
+  manager. If the malicious application then generates an error, it would cause Passenger's
+  process manager to kill said reported arbitrary PID.
+cvss_v2: 6.8
+cvss_v3: 7.8
+unaffected_versions:
+  - "< 5.3.0"
+patched_versions:
+  - ">= 5.3.2"
+related:
+  url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-12028
+    - https://blog.phusion.nl/passenger-5-3-2
+    - https://security.gentoo.org/glsa/201807-02
+    - https://github.com/advisories/GHSA-jjhj-8gx7-x836