python: add missing CVE tag to patches

(From OE-Core rev: 67f9e9045ab91a9df15876ad73e44ff98f11bf59)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

meta/recipes-devtools/python/python/0001-2.7-bpo-34623-Use-XML_SetHashSalt-in-_elementtree-GH.patch

@@ -19,9 +19,7 @@ Co-authored-by: Christian Heimes <christian@python.org>
 https://bugs.python.org/issue34623
 
 Upstream-Status: Backport
-
-Fix CVE-2018-14647
-
+CVE: CVE-2018-14647
 Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
 ---
  Include/pyexpat.h                                                  | 4 +++-

meta/recipes-devtools/python/python/0001-closes-bpo-34540-Convert-shutil._call_external_zip-t.patch

@@ -5,9 +5,7 @@ Subject: [PATCH] closes bpo-34540: Convert shutil._call_external_zip to use
  subprocess rather than distutils.spawn. (GH-8985)
 
 Upstream-Status: Backport
-
-Fix CVE-2018-1000802
-
+CVE: CVE-2018-1000802
 Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
 ---
  Lib/shutil.py                                            | 16 ++++++++++------