Update entry for CVE-2017-11552

Further analysis has shown that the isuse has its roots in mpg321 itself
rather than libmad. Mark CVE as unimportant to indicate the nonissue.

Additionally MITRE was notified about the possibly wrong underlying
problem, so they can decide if the CVE should be assigned to src:mpg321.