Update information for CVE-2017-12194

Only spice-gtk is affected due to spice protocol details. A client
cannot trigger thus the issue in a spice server. Viceversa though as
demostrated the issues can be caused to a client.

Details: https://bugzilla.redhat.com/show_bug.cgi?id=1240165

The test program (test-overflow.c) can be used to demostrate the
problem.

Remove unnecessary tracking of src:spice thus, if someone disagrees with
the assessment, we can add it back.