mark CVE-2019-2435 ignored in jessie

same as stretch.

Oracle is not willing to provide more details, and given the information
we have there is not much we can do apart from

1. upgrading to 8.0.14 which I guess is out of the question here
2. spend two weeks reverse-engineering the 8.0.14 release to extract
   information about the vulnerability and backport a highly hypothetical
   patch