Add CVE-2019-1292{8,9}/qemu

Mark the issue as no-dsa, as "The QEMU machine protocol (QMP) should not
be exposed to unprivileged users, and is only intended for
administrative control of QEMU instances.". Given that there might be an
argument to actually mark those as <ignored> ore consider it at
negligible security impact. To be on safe side mark it for now only as
no-dsa.