fix(ubuntu): special links

[knqyf263]

Some advisories have a key other than upstream: like other and vendor as links.

$ cat retired/CVE-2019-14866
Patches_cpio:
 other: https://cement.retrofitta.se/tmp/cpio-tar.patch
 upstream: http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=7554e3e42cd72f6f8304410c47fe6f8918e9bfd7
upstream_cpio: needs-triage
precise/esm_cpio: released (2.11-7ubuntu3.3)
trusty_cpio: ignored (out of standard support)

$ cat retired/CVE-2019-2201
Patches_libjpeg-turbo:
 upstream: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/2a9e3bd7430cfda1bc812d139e0609c6aca0b884
 vendor: https://android.googlesource.com/platform/external/libjpeg-turbo/+/d3db2a2634c422286f75c4b38af98837f3d2f0ff
upstream_libjpeg-turbo: needs-triage
precise/esm_libjpeg-turbo: not-affected
trusty_libjpeg-turbo: ignored (out of standard support)
trusty/esm_libjpeg-turbo: not-affected
xenial_libjpeg-turbo: released (1.4.2-0ubuntu3.3)
bionic_libjpeg-turbo: released (1.5.2-0ubuntu5.18.04.3)
disco_libjpeg-turbo: released (2.0.1-0ubuntu2.2)
eoan_libjpeg-turbo: not-affected
devel_libjpeg-turbo: not-affected

[HeroicHitesh]

@knqyf263 I am not sure what needs to be fixed here, if you can provide more details I can try resolving this issue.
As far as I understood we need to make all branches namely upstream, other and vendor point to the latest master branch. But I can't find these different branches in this repo, so I am not sure what is needed to be done.

[knqyf263]

vuln-list parses all files including security advisories in this git repository.
https://github.com/aquasecurity/vuln-list-update/blob/master/ubuntu/ubuntu.go#L22

It extracts upstream links for reference here, but some links are listed with other, vendor, etc. We have to handle them as well.
https://github.com/aquasecurity/vuln-list-update/blob/master/ubuntu/ubuntu.go#L287-L304