Add CVE-2018-11751/puppet

For now kept it as undetermined, but it looks as per references that the
issue is fixed in 6.4.0 upstream and would affect all earlier 6.x
versions.

Needs triage to see all previous versions are affected by the issue and
then move the status from undetermined to unfixed.