Add references for CVE-2018-1404{0,1,2}/twitter-bootstrap3 issues

CVE-2018-14041 got explicitly fixed in the 3.4.0 version upstream, cf.
as well as further reference https://snyk.io/vuln/npm:bootstrap:20160627
.

CVE-2018-14040 and CVE-2018-14042 are mentioning only the 4.x series and
we need to actually investigate if it affects src:twitter-bootsrap3 as
well up to the version in unstable.