vuln.xml r383968 issue with ruby20 port r396436

[Terry Kennedy]

  [I am sending this directly in the belief that it may be affecting
other ruby20 users as well as myself; if you prefer I open a PR in-
stead of emailing you directly, just let me know.]

  I am experiencing some odd behavior with "pkg audit" and the ruby20
port. I had version 2.0.0.645,1 of the port installed and "pkg audit"
did not complain about it. However, the port was recently updated to
2.0.0.647,1 and portupgrade refuses to install that version, claiming
it is affected by CVE-2015-1855.

  I have "DEFAULT_VERSIONS+=ruby=2.0" in /etc/make.conf as directed
in an UPDATING entry of some time ago.

  This would seem to be the opposite of the desired effect, as both
the vuln.xml cite and the Ruby news here:
https://www.ruby-lang.org/en/news/2015/08/18/ruby-2-0-0-p647-released/
claim that 645 is vulnerable and 647 isn't.

  I tried to see what was going on, in the hope of submitting a patch
instead of just reporting the issue, but became mired in the complex-
ity of the ruby meta-port, bsd.ruby.mk, etc.

	Thanks,
        Terry Kennedy             http://www.tmk.com
        terry at tmk.com             New York, NY USA