Add CVE-2019-9674 and mark it as unimportant

The reason for that is upstream seem not to be planning a code fix,
rather the documentation was improved to cover these aspects.