Add "CVE:" tag to current patches in OE-core

The currnet patches in OE-core doesn't have the "CVE:"
tag, now part of the policy of the patches.

This is patch add this tag to several patches. There might
be patches that I miss; the tag can be added in the future.

(From OE-Core rev: 065ebeb3e15311d0d45385e15bf557b1c95b1669)

Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch

@@ -1,4 +1,5 @@
 Upstream-Status: Backport [ The patch is rsync-2.6.9 specific ]
+CVE: CVE-2007-4091
 
 The patch is from https://issues.rpath.com/browse/RPL-1647 and is used to
 address http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091

meta/recipes-devtools/rsync/rsync-3.1.1/0001-Complain-if-an-inc-recursive-path-is-not-right-for-i.patch

@@ -6,6 +6,7 @@ Subject: [PATCH] Complain if an inc-recursive path is not right for its dir.
  trasnfer path.
 
 Upstream-Status: BackPort
+CVE: CVE-2014-9512
 
 Fix the CVE-2014-9512, rsync 3.1.1 allows remote attackers to write to arbitrary
 files via a symlink attack on a file in the synchronization path.

meta/recipes-devtools/rsync/rsync-3.1.1/rsync.git-eac858085.patch

@@ -5,6 +5,7 @@ Subject: [PATCH 1/1] Add compat flag to allow proper seed checksum order.
  Fixes the equivalent of librsync's CVE-2014-8242 issue.
 
 Upstream-Status: Backport
+CVE: CVE-2014-8242
 
 Signed-off-by: Roy Li <rongqing.li@windriver.com>
 ---