DSA-4604-1: Do not list CVE-2019-16723 and CVE-2019-17357

This is needed if there is no overlapping while we support two releases.
Otherwise it will look like the two CVEs applies as well for stretch. In
such cases as workaround all CVEs are listed in the DSA advisory, but
the fix is tracked explicitly via data/CVE/list.