mark for now CVE-2018-1000074

The used version 1.5.6-5 is defintively not related to any change in
owner_command.rb. If the code is unused in jruby then we can go ahead
and mark it as unimportant severity as not affecting the resulting
binary packages.