Add reference to upstream commit for CVE-2018-17937/gpsd

Upstream project is not very transparent here to mention which are the
needed fixes. The issue is both present in gpsd and microjson and
correlating both projects and the information from
https://ics-cert.us-cert.gov/advisories/ICSA-18-310-01 leads to
http://git.savannah.nongnu.org/cgit/gpsd.git/commit/?id=7646cbd04055a50b157312ba6b376e88bd398c19