CVE-2019-12401,lucene-solr: Mark as not-affected for Jessie

After investigating this issue I believe that the CVE should be reassigned to
libwoodstox-java but it does neither affect lucene-solr or the latter in Debian, so it is
not really important.
In Debian we use the system libraries. The oldest version of libwoodstox-java in
Jessie is 4.1.3. which was released in April 2012. CVE-2019-12401 probably
refers to the change in the 4.x series to disable coalescing mode by default
(it was erroneously set to true before).

Interesting article about java.xml.stream.isCoalescing can be found at

http://veithen.io/2013/10/11/broken-by-design-xlxp2.html

Otherwise there are only two other changes which may be related to the problem.
Since Buster even those are not relevant.

4.2.0 (23-Mar-2013)

New features:

* [WSTX-285], [WSTX-287]: Add ability to restrict certain size limits of parsed
XML
(updated using properties, see `ReaderConfig`)

4.2.1 (20-Mar-2014)

 [WSTX-294]: Incorrect data returned from text containing CDATA when
 IS_COALESCING property is set
 (reported by Rafal Dabrowa)

The rest of the changes do not appear to be security relevant.

In order to exploit CVE-2019-12401 and to trigger OOM an attacker must be able to post documents
to the Solr instance. If he is able to do that he can easily cause a
denial-of-service by some means or other.