Mark CVE-2017-18222 as unfixed and follow kernel-sec

It might be possible to get a 'incomplete fix' CVE, but the original
commit is just far from complete from the real solution. Ben Hutchings
proposed a proper patch in

https://patchwork.ozlabs.org/patch/885547/