package/openvmtools: add CVE trailer in patch

Since Buildroot commit [1] the patches that fixes a security
vulnerability needs to reference the fixed vulnerability.

This patch adds the relevant information to the patch header.

[1] 1167d0ff3d docs/manual: mention CVE trailer

Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/openvmtools/0013-Properly-check-authorization-on-incoming-guestOps-re.patch

@@ -7,6 +7,7 @@ Subject: [PATCH] Properly check authorization on incoming guestOps requests
 Fix public pipe request checks.  Only a SessionRequest type should
 be accepted on the public pipe.
 
+CVE: CVE-2022-31676
 Upstream: https://github.com/vmware/open-vm-tools/blob/CVE-2022-31676.patch/1205-Properly-check-authorization-on-incoming-guestOps-re.patch
 Signed-off-by: Stefan Agner <stefan@agner.ch>
 ---

package/openvmtools/0014-CVE-2025-22247-1100-1225-VGAuth-updates.patch

@@ -19,6 +19,7 @@ The 2025 Broadcom copyright information update is not part of this
 patch set to allow the patch to be easily applied to previous
 open-vm-tools source releases.
 
+CVE: CVE-2025-22247
 Upstream: https://github.com/vmware/blob/CVE-2025-22247.patch/CVE-2025-22247-1100-1225-VGAuth-updates.patch
 Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 ---