Add fixed version for CVE-2017-12447/gdk-pixbuf

Whilest the CVE-2017-12447 issue is not the same as the CVE-2015-7552
("Heap-based buffer overflow in the gdk_pixbuf_flip function") issue,
the jessie-security upload back in 2016 as uploaded as 2.31.1-2+deb8u5
did contain additional patches.

* bmp: Reject impossible palette size

correspond respectively to the later assigned CVE-2017-12447 issue,
fixed upstream by commit
https://gitlab.gnome.org/GNOME/gdk-pixbuf/commit/b7bf6fbfb310fceba2d35d4de143b8d5ffdad990
.