Rails vulnerabilities actually affect its components

[mveytsman]

Some of the rails vulnerabilities actually affect rails components that can be used outside of rails. For instance, CVE-2013-0156 is a vulnerability with action_pack which can be used with any Rack application, not just rails.

What's the best way to re-categorize these?

[postmodern]

Good point. Yes we should map the advisories to the specific gems (ex: json). We should also email OSVDB with corrections about which specific gem users should upgrade.