Update severity for CVE-2019-1292{8,9}qemu

As mentioned in the notes already, this is basically a non-issue or with
very negligible security impact since QEMU's -qmp interface is meant to
be used by trusted users. To quote the rationale from the MITRE CVE
description:

        If one is able to access this interface via a tcp socket open to
        the internet, then it is an insecure configuration issue.