Mark CVE-2018-6764/libvirt as no-dsa

Confirmed that the issue is at least present from v1.3.1 onwards, but
not entirely clear if present as well earlier (The commit in 1.3.1 only
was about icnluding hostname in the initial logmessage, but the hostname
getting is already present before that commit).

To be on safe side regarding affected status, mark it rather no-dsa (and
thus still marked affected), rather with a potentially wrong
argument/reasoning on not-affected.

Cf. comments from Guido in https://bugs.debian.org/889839 for details on
the no-dsa argument.