Add CVE-2018-1785{0,1}/libjsoncpp

Not convinced that they are actually security issues, the library should
not use assertions in the first place. For now tracking them as such. In
case the CVEs are either REJECTED which means we can remove the source
package tracking, or disputed, where we then can possibly downgrade
severity to unimportant. For now leaving as such.