Update information on CVE-2018-17282/exiv2

Upstream commit

https://github.com/Exiv2/exiv2/commit/afb98cbc6e288dc8ea75f3394a347fb9b37abc55

tries to allocate correct amount of memory for the ICC profile, but does
not perform a NULL check on "pos->count()*pos->typeSize()".

It might be sensible to check if pos->count() can posssibly be NULL,
then the issue, or a variant of it might be present in 0.26-1 as well
(in experimental), but not in the 0.25 based version in unstable.