Document vulnerability of devel/xmltooling
security/shibboleth2-sp depends on the xmltooling port
Security: CVE-2018-0486