CVE-2018-1000041: Add back full reference to the merge leading to fix the issue

Agreed on there is possibly only one relevant change within that series.

Furthermore mark the issue as unimporant with the following reasoning.
Although the code change would apply and be "fixed" with the update to
2.40.20-1, the issue is very specific to leaking information of Windows
username and NTLM password hash via a specially crafted SVG file
containing an UNC path on Windows.

If a issue is very specific to another OS we might have set the entry as
well to <not-affected> (Windows specific issue).

Note for (commit-)reviewers: comment if anybody disagrees on the above
assessment and severity change.