Add CVE-2016-6811/hadoop

Confirmed with MITRE that the CVE is correct. Originally the CVE was
asked to be rejected by the respective CNA. The CVE got now assigned
from the CNA pool. REJECT is not a permanent state, cf.
https://cve.mitre.org/news/archives/2017/news.html#July272017_REMINDER:_REJECT_Is_Not_Always_a_Permanent_State_for_a_CVE_ID_Begins_July_27_2017
, so this is actually allowed to do by a CNA.