Expand note for CVE-2018-2767

The tracking of MariaDB is not fully correct here, since the CVE was
specifically only assigned for Oracle MySQL products by its CNA
(oracle), but the context of the oss-security post facilitates the
tracking for the MariaDB products as well. Still should remain an
exception.